b065431e0e4a9d1df3ef1499e6bcd906e55f1ae6a54eedc432bf109fda47e96f

Resubmissions

04-10-2024 23:27

241004-3fkbnawhla 8

Analysis

max time kernel
344s
max time network
346s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04-10-2024 23:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OperaSetup(1).exe
Size

2.1MB
MD5

ffba7611d41ee7fc0962820f90eff8c8
SHA1

5baec0528f45f6a449ad7690742c013a0ec810b0
SHA256

b065431e0e4a9d1df3ef1499e6bcd906e55f1ae6a54eedc432bf109fda47e96f
SHA512

4104157bd99335c9496b144e64c34fc56bbe5917e3350e4e58a0ea9fbb1fece10fc7f423097cc1186b68c22a74466731094723c673e5d1af8c58fe113647e08c
SSDEEP

49152:9VAbwYuCT+Ny/7wNIYNY3jfXQmaXekd+WDVk5yIxAW5:bAZZT+NE2IYOTPloec+WsTAW5

Score

8^/10

steam defense_evasion discovery motw persistence phishing privilege_escalation spyware stealer

Malware Config

Signatures

Downloads MZ/PE file
Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.

Query Registry
T1012

System Information Discovery
T1082

Processes:

Detection (2tv).exe

description ioc process

Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate Detection (2tv).exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	Detection (2tv).exe

Executes dropped EXE 64 IoCs

Processes:

setup.exesetup.exesetup.exesetup.exesetup.exeAssistant_114.0.5282.21_Setup.exe_sfx.exeassistant_installer.exeassistant_installer.exeDetection (2tv).exeSteamSetup.exesteamservice.exesteam.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exegldriverquery64.exesteamwebhelper.exesteamwebhelper.exegldriverquery.exevulkandriverquery64.exevulkandriverquery.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamerrorreporter64.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamservice.exeVC_redist.x86.exeVC_redist.x86.exeVC_redist.x64.exeVC_redist.x64.exeAmong Us.exe

pid	process
460	setup.exe
2080	setup.exe
1104	setup.exe
228	setup.exe
2352	setup.exe
4692	Assistant_114.0.5282.21_Setup.exe_sfx.exe
1148	assistant_installer.exe
1048	assistant_installer.exe
4872	Detection (2tv).exe
5132	SteamSetup.exe
6372	steamservice.exe
6716	steam.exe
6060	steam.exe
6692	steamwebhelper.exe
5340	steamwebhelper.exe
904	steamwebhelper.exe
11864	steamwebhelper.exe
12020	gldriverquery64.exe
12076	steamwebhelper.exe
12132	steamwebhelper.exe
12360	gldriverquery.exe
12408	vulkandriverquery64.exe
12476	vulkandriverquery.exe
3144	steamwebhelper.exe
1104	steamwebhelper.exe
26960	steamwebhelper.exe
26652	steamwebhelper.exe
24980	steamwebhelper.exe
24336	steamerrorreporter64.exe
24308	steamwebhelper.exe
24256	steamwebhelper.exe
22856	steamwebhelper.exe
22832	steamwebhelper.exe
22728	steamwebhelper.exe
21112	steamwebhelper.exe
21044	steamwebhelper.exe
20988	steamwebhelper.exe
6228	steamwebhelper.exe
5180	steamwebhelper.exe
4920	steamwebhelper.exe
2776	steamwebhelper.exe
1492	steamwebhelper.exe
1360	steamwebhelper.exe
6268	steamwebhelper.exe
7396	steamwebhelper.exe
7504	steamwebhelper.exe
7848	steamwebhelper.exe
9228	steamwebhelper.exe
10156	steamwebhelper.exe
10756	steamwebhelper.exe
11092	steamwebhelper.exe
5576	steamwebhelper.exe
12556	steamwebhelper.exe
28028	steamwebhelper.exe
27992	steamwebhelper.exe
27084	steamwebhelper.exe
23812	steamwebhelper.exe
20836	steamwebhelper.exe
20668	steamservice.exe
20596	VC_redist.x86.exe
20572	VC_redist.x86.exe
20208	VC_redist.x64.exe
20180	VC_redist.x64.exe
19824	Among Us.exe

Loads dropped DLL 64 IoCs

Processes:

setup.exesetup.exesetup.exesetup.exesetup.exeassistant_installer.exeassistant_installer.exeSteamSetup.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exe

pid	process
460	setup.exe
2080	setup.exe
1104	setup.exe
228	setup.exe
2352	setup.exe
1148	assistant_installer.exe
1148	assistant_installer.exe
1048	assistant_installer.exe
1048	assistant_installer.exe
5132	SteamSetup.exe
5132	SteamSetup.exe
5132	SteamSetup.exe
5132	SteamSetup.exe
5132	SteamSetup.exe
5132	SteamSetup.exe
5132	SteamSetup.exe
5132	SteamSetup.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
5340	steamwebhelper.exe
5340	steamwebhelper.exe
5340	steamwebhelper.exe
6060	steam.exe
904	steamwebhelper.exe
904	steamwebhelper.exe
904	steamwebhelper.exe
904	steamwebhelper.exe
904	steamwebhelper.exe
904	steamwebhelper.exe
904	steamwebhelper.exe
6060	steam.exe
11864	steamwebhelper.exe
11864	steamwebhelper.exe
11864	steamwebhelper.exe
6060	steam.exe
12076	steamwebhelper.exe
12076	steamwebhelper.exe
12076	steamwebhelper.exe
12132	steamwebhelper.exe
12132	steamwebhelper.exe
12132	steamwebhelper.exe
12132	steamwebhelper.exe
6060	steam.exe
3144	steamwebhelper.exe
3144	steamwebhelper.exe
3144	steamwebhelper.exe
3144	steamwebhelper.exe
1104	steamwebhelper.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

SteamSetup.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Drops desktop.ini file(s) 1 IoCs

Processes:

svchost.exe

description ioc process

File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini svchost.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Enumerates connected drives 3 TTPs 5 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

setup.exesetup.exeDetection (2tv).exe

description	ioc	process
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\F:	Detection (2tv).exe

Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

218 api.ipify.org
189 api.ipify.org
Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
phishing motw

Processes:

flow ioc

462 https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html
Network Service Discovery 1 TTPs 1 IoCs
Attempt to gather information on host's network.
discovery

Network Service Discovery
T1046

Processes:

GameBarPresenceWriter.exe

pid process

19400 GameBarPresenceWriter.exe
Detected potential entity reuse from brand STEAM.
phishing steam

flow	ioc
218	api.ipify.org
189	api.ipify.org

flow	ioc
462	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

pid	process
19400	GameBarPresenceWriter.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

steam.exeAmong Us.exe

description	pid	process	target process
PID 6060 set thread context of 19824	6060	steam.exe	Among Us.exe
PID 19824 set thread context of 19784	19824	Among Us.exe	UnityCrashHandler32.exe

Drops file in Program Files directory 64 IoCs

Processes:

steam.exesteam.exeSteamSetup.exe

description	ioc	process
File created	C:\Program Files (x86)\Steam\appcache\librarycache\674940_library_hero_blur.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_050_menu_0310.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_r4.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\steam_controller_thai.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\logs\shader_log.txt	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\libraries\libraries~4f371177a.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0334.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\library.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\styles\steam.styles_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_color_button_circle_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_ltrackpad_down_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0402.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_lstick_down.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\layout\gamespage_details_achievements.layout_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\18010_header.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\ppa_japanese.htm_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\api-ms-win-core-namedpipe-l1-1-0.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\package\steam_client_win32.installed	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_r_down_md.png_	steam.exe
File opened for modification	C:\Program Files (x86)\Steam\steamapps\downloading\945360\Among Us_Data\level7	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\steamxboxutil.exe_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_r_touch_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_touchpad_swipe_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_020_ammo_0051.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0333.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_050_menu_0160.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\layout\ugcdownloadpanel.layout_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\id.pak_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\special_blank.png_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\949230_library_header.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_color_button_square.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_l2_half_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\minithrobber12.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_button_r_arrow_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt	SteamSetup.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_r5_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_dpad_touch_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_l_up_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_ltrackpad_left.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_outlined_button_a.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0329.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\avatarBorderOffline.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\css\chunk~2dcc5aaf7.css_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\icon_chat_activity.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_090_media_0210.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_romanian-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_swipe_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0325.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_button_steam_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_dpad_left_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_dpad_down_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox_p3_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\InviteFriendResultSubPanel_failure.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\layout\layoutdebugdialog_details.layout_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_050_menu_0303.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_dpad_down_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\Receipt_PayPal_UseOtherFundingSource.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_110_social_0060.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\steam_controller_romanian.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_button_x.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_r2_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_outlined_button_x.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\dualshock_4_greek.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steampops_thai-json.js_	steam.exe

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

Processes:

chrome.exechrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Detection (2tv).exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	chrome.exe

Access Token Manipulation: Create Process with Token 1 TTPs 1 IoCs
defense_evasion privilege_escalation

Create Process with Token
T1134.002

Processes:

steamservice.exe

pid process

20668 steamservice.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
20668	steamservice.exe

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

Processes:

netsh.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 24 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

setup.exesetup.exesteam.exegldriverquery.exeVC_redist.x86.exeVC_redist.x86.execmd.exesetup.exesetup.exeassistant_installer.exesteamservice.exevulkandriverquery.exeVC_redist.x64.exeOperaSetup(1).exeVC_redist.x64.exesteamservice.exeAssistant_114.0.5282.21_Setup.exe_sfx.exeassistant_installer.exeSteamSetup.exesteam.execmd.exeAmong Us.exeGameOverlayUI.exesetup.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaSetup(1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Assistant_114.0.5282.21_Setup.exe_sfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Among Us.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GameOverlayUI.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Detection (2tv).exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Detection (2tv).exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	Detection (2tv).exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	Detection (2tv).exe

Checks processor information in registry 2 TTPs 22 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

steam.exesteam.exeAmong Us.exesvchost.exeDetection (2tv).exesteamwebhelper.exesteamwebhelper.exeGameOverlayUI.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Among Us.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	Detection (2tv).exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Among Us.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Detection (2tv).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform ID	Detection (2tv).exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	GameOverlayUI.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Among Us.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Among Us.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	GameOverlayUI.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Detection (2tv).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Detection (2tv).exe

Enumerates system info in registry 2 TTPs 8 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exeDetection (2tv).exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\bios	Detection (2tv).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVendor	Detection (2tv).exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\	Detection (2tv).exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Detection (2tv).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardVersion	Detection (2tv).exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133725581054095026"	chrome.exe

Modifies registry class 64 IoCs

Processes:

steamservice.exesteam.exeAmong Us.exesvchost.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\steam\ = "URL:steam protocol"	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\amongus\URL Protocol	Among Us.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\amongus\shell	Among Us.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\steamlink\URL Protocol	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\amongus\ = "URL:amongus Protocol"	Among Us.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\steamlink\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\steam\URL Protocol	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\amongus\shell\open\command	Among Us.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\amongus\DefaultIcon\ = "\"C:\\Program Files (x86)\\Steam\\steamapps\\common\\Among Us\\Among Us.exe\",-1"	Among Us.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\steam	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\steam\Shell\Open\Command	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\amongus\DefaultIcon	Among Us.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\steam\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\amongus	Among Us.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\steam	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\steamlink\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\steamlink\DefaultIcon	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\steamlink\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\steamlink\URL Protocol	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\steam\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-970747758-134341002-3585657277-1000\{589B42C8-4F8C-44CC-A427-73A6FAD93A1C}	svchost.exe

Modifies system certificate store 2 TTPs 14 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

setup.exesteam.exesteam.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	setup.exe

NTFS ADS 2 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Detection (2tv).exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exeDetection (2tv).exeSteamSetup.exechrome.exesteam.exe

pid	process
3880	chrome.exe
3880	chrome.exe
4872	Detection (2tv).exe
4872	Detection (2tv).exe
4872	Detection (2tv).exe
4872	Detection (2tv).exe
3880	chrome.exe
3880	chrome.exe
5132	SteamSetup.exe
5132	SteamSetup.exe
5132	SteamSetup.exe
5132	SteamSetup.exe
5132	SteamSetup.exe
5132	SteamSetup.exe
5132	SteamSetup.exe
5132	SteamSetup.exe
5132	SteamSetup.exe
5132	SteamSetup.exe
5132	SteamSetup.exe
5132	SteamSetup.exe
5132	SteamSetup.exe
5132	SteamSetup.exe
5132	SteamSetup.exe
5132	SteamSetup.exe
5132	SteamSetup.exe
5132	SteamSetup.exe
5132	SteamSetup.exe
5132	SteamSetup.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe
6060	steam.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

steam.exeAmong Us.exe

pid process

6060 steam.exe
19824 Among Us.exe

pid	process
6060	steam.exe
19824	Among Us.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

chrome.exe

pid	process
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exesteamwebhelper.exe

pid	process
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exesteamwebhelper.exesteam.exesteamwebhelper.exe

pid	process
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6060	steam.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6060	steam.exe
6060	steam.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
6692	steamwebhelper.exe
22856	steamwebhelper.exe
22856	steamwebhelper.exe
22856	steamwebhelper.exe
22856	steamwebhelper.exe
22856	steamwebhelper.exe
22856	steamwebhelper.exe
22856	steamwebhelper.exe
22856	steamwebhelper.exe
22856	steamwebhelper.exe
22856	steamwebhelper.exe
22856	steamwebhelper.exe
22856	steamwebhelper.exe
22856	steamwebhelper.exe
22856	steamwebhelper.exe
22856	steamwebhelper.exe
22856	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 14 IoCs

Processes:

setup.exeDetection (2tv).exeSteamSetup.exesteamservice.exesteam.exesteamservice.exeVC_redist.x86.exeVC_redist.x86.exeVC_redist.x64.exeVC_redist.x64.exeAmong Us.exeOpenWith.exe

pid	process
460	setup.exe
4872	Detection (2tv).exe
4872	Detection (2tv).exe
4872	Detection (2tv).exe
5132	SteamSetup.exe
6372	steamservice.exe
6060	steam.exe
20668	steamservice.exe
20596	VC_redist.x86.exe
20572	VC_redist.x86.exe
20208	VC_redist.x64.exe
20180	VC_redist.x64.exe
19824	Among Us.exe
19316	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

OperaSetup(1).exesetup.exesetup.exeassistant_installer.exechrome.exe

description	pid	process	target process
PID 4660 wrote to memory of 460	4660	OperaSetup(1).exe	setup.exe
PID 4660 wrote to memory of 460	4660	OperaSetup(1).exe	setup.exe
PID 4660 wrote to memory of 460	4660	OperaSetup(1).exe	setup.exe
PID 460 wrote to memory of 2080	460	setup.exe	setup.exe
PID 460 wrote to memory of 2080	460	setup.exe	setup.exe
PID 460 wrote to memory of 2080	460	setup.exe	setup.exe
PID 460 wrote to memory of 1104	460	setup.exe	setup.exe
PID 460 wrote to memory of 1104	460	setup.exe	setup.exe
PID 460 wrote to memory of 1104	460	setup.exe	setup.exe
PID 460 wrote to memory of 228	460	setup.exe	setup.exe
PID 460 wrote to memory of 228	460	setup.exe	setup.exe
PID 460 wrote to memory of 228	460	setup.exe	setup.exe
PID 228 wrote to memory of 2352	228	setup.exe	setup.exe
PID 228 wrote to memory of 2352	228	setup.exe	setup.exe
PID 228 wrote to memory of 2352	228	setup.exe	setup.exe
PID 460 wrote to memory of 4692	460	setup.exe	Assistant_114.0.5282.21_Setup.exe_sfx.exe
PID 460 wrote to memory of 4692	460	setup.exe	Assistant_114.0.5282.21_Setup.exe_sfx.exe
PID 460 wrote to memory of 4692	460	setup.exe	Assistant_114.0.5282.21_Setup.exe_sfx.exe
PID 460 wrote to memory of 1148	460	setup.exe	assistant_installer.exe
PID 460 wrote to memory of 1148	460	setup.exe	assistant_installer.exe
PID 460 wrote to memory of 1148	460	setup.exe	assistant_installer.exe
PID 1148 wrote to memory of 1048	1148	assistant_installer.exe	assistant_installer.exe
PID 1148 wrote to memory of 1048	1148	assistant_installer.exe	assistant_installer.exe
PID 1148 wrote to memory of 1048	1148	assistant_installer.exe	assistant_installer.exe
PID 3880 wrote to memory of 2196	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2196	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4336	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4336	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4336	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4336	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4336	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4336	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4336	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4336	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4336	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4336	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4336	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4336	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4336	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4336	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4336	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4336	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4336	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4336	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4336	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4336	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4336	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4336	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4336	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4336	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4336	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4336	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4336	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4336	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4336	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4336	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 720	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 720	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2820	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2820	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2820	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2820	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2820	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2820	3880	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\OperaSetup(1).exe
"C:\Users\Admin\AppData\Local\Temp\OperaSetup(1).exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4660

C:\Users\Admin\AppData\Local\Temp\7zS4320BD38\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS4320BD38\setup.exe --server-tracking-blob=ZThiM2RhODI1ZDg2MWYzZmNiODVhOTZkYmYyNzU5MjFlN2Y3ZDYxNTQ5NmE5NGFlZTRkMmI0YTA0MTk1Zjc2ZTp7ImNvdW50cnkiOiJERSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPWFkbWF2ZW4mdXRtX21lZGl1bT1hcGImdXRtX2NhbXBhaWduPXBvcHVwJnV0bV9jb250ZW50PTk1MDIzMCZ1dG1faWQ9NjQyNTMyNzQ2MTQ5OTI4MDkiLCJ0aW1lc3RhbXAiOiIxNzI4MDgzMDg4LjI5MzAiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMzEuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMzEuMCIsInV0bSI6eyJjYW1wYWlnbiI6InBvcHVwIiwiY29udGVudCI6Ijk1MDIzMCIsImlkIjoiNjQyNTMyNzQ2MTQ5OTI4MDkiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJhZG1hdmVuIn0sInV1aWQiOiJhNjk5YWU2Yy0yMzk4LTRhMGYtOWU3MS1jMTJhYjkwZmQyOTYifQ==
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:460

C:\Users\Admin\AppData\Local\Temp\7zS4320BD38\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS4320BD38\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.21 --initial-client-data=0x338,0x33c,0x340,0x310,0x344,0x745e69d4,0x745e69e0,0x745e69ec
3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2080

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1104

C:\Users\Admin\AppData\Local\Temp\7zS4320BD38\setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4320BD38\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=460 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20241004232752" --session-guid=9adf684e-6e3b-4813-bed2-c4c0253d55dc --server-tracking-blob=NjQ4ZmE3NTdkNTg0NjM1YzVjM2MzNTE4MjFiZTI5MmIwMjY4NTczNDEzMzI3NmJmYzBiZjA1NGY3MDY3MjRjZTp7ImNvdW50cnkiOiJERSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPWFkbWF2ZW4mdXRtX21lZGl1bT1hcGImdXRtX2NhbXBhaWduPXBvcHVwJnV0bV9jb250ZW50PTk1MDIzMCZ1dG1faWQ9NjQyNTMyNzQ2MTQ5OTI4MDkiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMSIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MjgwODMwODguMjkzMCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEzMS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEzMS4wIiwidXRtIjp7ImNhbXBhaWduIjoicG9wdXAiLCJjb250ZW50IjoiOTUwMjMwIiwiaWQiOiI2NDI1MzI3NDYxNDk5MjgwOSIsIm1lZGl1bSI6ImFwYiIsInNvdXJjZSI6ImFkbWF2ZW4ifSwidXVpZCI6ImE2OTlhZTZjLTIzOTgtNGEwZi05ZTcxLWMxMmFiOTBmZDI5NiJ9 --desktopshortcut=1 --wait-for-package --initial-proc-handle=9C09000000000000
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:228

C:\Users\Admin\AppData\Local\Temp\7zS4320BD38\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS4320BD38\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.21 --initial-client-data=0x328,0x32c,0x330,0x304,0x334,0x722569d4,0x722569e0,0x722569ec
4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2352

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410042327521\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410042327521\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe"
3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4692

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410042327521\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410042327521\assistant\assistant_installer.exe" --version
3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1148

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410042327521\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410042327521\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.21 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x4e17a0,0x4e17ac,0x4e17b8
4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f7b4cc40,0x7ff9f7b4cc4c,0x7ff9f7b4cc58
2⤵
PID:2196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1880,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1840 /prefetch:2
2⤵
PID:4336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2168,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1452 /prefetch:3
2⤵
PID:720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2252 /prefetch:8
2⤵
PID:2820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:4112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3324 /prefetch:1
2⤵
PID:1520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4428,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4448 /prefetch:1
2⤵
PID:764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4612,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4588 /prefetch:8
2⤵
PID:4656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4616,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4600 /prefetch:8
2⤵
PID:3548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4764,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4776 /prefetch:8
2⤵
PID:3248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4848,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4812 /prefetch:8
2⤵
PID:3868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4936,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4868 /prefetch:1
2⤵
PID:976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4928,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3256 /prefetch:1
2⤵
PID:4644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3456,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4940 /prefetch:1
2⤵
PID:4464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3468,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4896 /prefetch:1
2⤵
PID:1852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4780,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4932 /prefetch:1
2⤵
PID:3560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5472,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5480 /prefetch:1
2⤵
PID:4532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5432,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5436 /prefetch:1
2⤵
PID:3208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5716,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5724 /prefetch:1
2⤵
PID:4480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5856,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5692 /prefetch:1
2⤵
PID:2300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6016,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6032 /prefetch:1
2⤵
PID:1380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6176,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6164 /prefetch:1
2⤵
PID:4292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6424,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6356 /prefetch:1
2⤵
PID:3656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6464,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6508 /prefetch:1
2⤵
PID:32

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6884,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6888 /prefetch:1
2⤵
PID:4844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6776,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6688 /prefetch:1
2⤵
PID:3804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6880,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6936 /prefetch:1
2⤵
PID:3016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6952,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7064 /prefetch:1
2⤵
PID:5148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6956,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7200 /prefetch:1
2⤵
PID:5268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7468,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7504 /prefetch:1
2⤵
PID:5404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6780,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7252 /prefetch:1
2⤵
PID:5672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6180,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7080 /prefetch:1
2⤵
PID:5940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=7092,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6208 /prefetch:8
2⤵
PID:5976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6460,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6520 /prefetch:1
2⤵
PID:5400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7068,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6904 /prefetch:1
2⤵
PID:5456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7120,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6236 /prefetch:1
2⤵
PID:5464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=6312,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6328 /prefetch:1
2⤵
PID:5472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7732,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6380 /prefetch:1
2⤵
PID:5480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7740,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7096 /prefetch:1
2⤵
PID:5496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=7804,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7828 /prefetch:1
2⤵
PID:1508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=7984,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7908 /prefetch:1
2⤵
PID:5668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=8112,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8072 /prefetch:1
2⤵
PID:5812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=8248,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8264 /prefetch:1
2⤵
PID:5752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=8416,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8288 /prefetch:1
2⤵
PID:5844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=8576,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8588 /prefetch:1
2⤵
PID:5308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=8596,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8132 /prefetch:1
2⤵
PID:4292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=8292,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8844 /prefetch:1
2⤵
PID:6052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=8976,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8992 /prefetch:1
2⤵
PID:5236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=8868,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8880 /prefetch:1
2⤵
PID:3432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=9112,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9132 /prefetch:1
2⤵
PID:5512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=7604,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7748 /prefetch:1
2⤵
PID:5564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=9052,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9372 /prefetch:1
2⤵
PID:5268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=7760,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6360 /prefetch:1
2⤵
PID:5320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=8220,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5584 /prefetch:1
2⤵
PID:5152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=8012,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5560 /prefetch:1
2⤵
PID:5200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=8208,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4832 /prefetch:1
2⤵
PID:5292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=8216,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8840 /prefetch:1
2⤵
PID:5364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=8016,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9524 /prefetch:1
2⤵
PID:5560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=9316,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9672 /prefetch:1
2⤵
PID:3524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=7748,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9032 /prefetch:1
2⤵
PID:5916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=9532,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9856 /prefetch:1
2⤵
PID:6052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=8316,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9848 /prefetch:1
2⤵
PID:5592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=10100,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9688 /prefetch:1
2⤵
PID:6236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=8852,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7000 /prefetch:1
2⤵
PID:6288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=7032,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7484 /prefetch:1
2⤵
PID:6296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=8828,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7752 /prefetch:1
2⤵
PID:6396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=7044,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10364 /prefetch:1
2⤵
PID:6404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=10512,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7532 /prefetch:8
2⤵
PID:6556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=9824,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10552 /prefetch:8
2⤵
PID:6564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5948,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5912 /prefetch:8
2⤵
PID:4424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5960,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4388 /prefetch:8
2⤵
PID:6508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=8884,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5964 /prefetch:8
2⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
PID:6676

C:\Users\Admin\Downloads\Detection (2tv).exe
"C:\Users\Admin\Downloads\Detection (2tv).exe"
2⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Enumerates connected drives
- Checks SCSI registry key(s)
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4872

C:\Windows\SYSTEM32\netsh.exe
netsh.exe wlan show interfaces
3⤵
- Event Triggered Execution: Netsh Helper DLL
PID:5368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=7340,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6864 /prefetch:1
2⤵
PID:6888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=9276,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6708 /prefetch:1
2⤵
PID:6040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=3112,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8396 /prefetch:1
2⤵
PID:5504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=7136,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4880 /prefetch:1
2⤵
PID:6948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=9524,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4660 /prefetch:1
2⤵
PID:5132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=7600,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4460 /prefetch:1
2⤵
PID:1812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=6060,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5140 /prefetch:1
2⤵
PID:4584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=7596,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7236 /prefetch:1
2⤵
PID:4860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=8892,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5272 /prefetch:1
2⤵
PID:4116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=4800,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10780 /prefetch:1
2⤵
PID:7024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --field-trial-handle=10804,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10912 /prefetch:1
2⤵
PID:7032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --field-trial-handle=7764,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10936 /prefetch:1
2⤵
PID:7036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --field-trial-handle=11072,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11096 /prefetch:1
2⤵
PID:7052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --field-trial-handle=5832,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11104 /prefetch:1
2⤵
PID:7056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --field-trial-handle=5824,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5724 /prefetch:1
2⤵
PID:7064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --field-trial-handle=6588,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8684 /prefetch:1
2⤵
PID:7072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --field-trial-handle=9180,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9152 /prefetch:1
2⤵
PID:7080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --field-trial-handle=7376,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5460 /prefetch:1
2⤵
PID:6664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --field-trial-handle=9184,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8060 /prefetch:1
2⤵
PID:5920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --field-trial-handle=5652,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8956 /prefetch:1
2⤵
PID:6756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --field-trial-handle=8780,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8788 /prefetch:1
2⤵
PID:3560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --field-trial-handle=10256,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10320 /prefetch:1
2⤵
PID:5880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --field-trial-handle=8372,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8328 /prefetch:1
2⤵
PID:5356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --field-trial-handle=8308,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8992 /prefetch:1
2⤵
PID:6780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --field-trial-handle=7560,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10224 /prefetch:1
2⤵
PID:6224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --field-trial-handle=7608,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5380 /prefetch:1
2⤵
PID:5940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --field-trial-handle=8628,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5372 /prefetch:1
2⤵
PID:3720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --field-trial-handle=10948,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10992 /prefetch:1
2⤵
PID:6776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --field-trial-handle=10996,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8948 /prefetch:1
2⤵
PID:1156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --field-trial-handle=9200,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10924 /prefetch:1
2⤵
PID:5432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --field-trial-handle=7964,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7104 /prefetch:1
2⤵
PID:6348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --field-trial-handle=9228,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7916 /prefetch:1
2⤵
PID:948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --field-trial-handle=11244,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9212 /prefetch:1
2⤵
PID:6472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --field-trial-handle=7192,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9224 /prefetch:1
2⤵
PID:1264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --field-trial-handle=8480,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5836 /prefetch:1
2⤵
PID:1740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --field-trial-handle=8412,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7852 /prefetch:1
2⤵
PID:2980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --field-trial-handle=10312,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9120 /prefetch:1
2⤵
PID:2628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --field-trial-handle=9372,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6540 /prefetch:1
2⤵
PID:544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --field-trial-handle=11108,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11196 /prefetch:1
2⤵
PID:3540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --field-trial-handle=10696,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9128 /prefetch:1
2⤵
PID:7008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --field-trial-handle=10484,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10472 /prefetch:1
2⤵
PID:5536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --field-trial-handle=4980,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9140 /prefetch:1
2⤵
PID:5176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --field-trial-handle=7932,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7548 /prefetch:1
2⤵
PID:5608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --field-trial-handle=7576,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9176 /prefetch:1
2⤵
PID:5320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --field-trial-handle=10396,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8476 /prefetch:1
2⤵
PID:2264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --field-trial-handle=6684,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8088 /prefetch:1
2⤵
PID:5800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8672,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10832 /prefetch:8
2⤵
PID:2792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10776,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5928 /prefetch:8
2⤵
PID:5304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --field-trial-handle=7404,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10872 /prefetch:1
2⤵
PID:244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --field-trial-handle=7400,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10400 /prefetch:1
2⤵
PID:848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --field-trial-handle=3480,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8896 /prefetch:1
2⤵
PID:4476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --field-trial-handle=5268,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7504 /prefetch:1
2⤵
PID:2864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --field-trial-handle=9784,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7836 /prefetch:1
2⤵
PID:6432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --field-trial-handle=10764,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9772 /prefetch:1
2⤵
PID:580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --field-trial-handle=10444,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9844 /prefetch:1
2⤵
PID:6456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --field-trial-handle=9908,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9896 /prefetch:1
2⤵
PID:5500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --field-trial-handle=10084,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9732 /prefetch:1
2⤵
PID:5308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --field-trial-handle=9348,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8440 /prefetch:1
2⤵
PID:4492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --field-trial-handle=9712,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10988 /prefetch:1
2⤵
PID:5320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5740,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5736 /prefetch:8
2⤵
PID:5956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4824,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5204 /prefetch:8
2⤵
PID:6016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5212,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10412 /prefetch:8
2⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
PID:5164

C:\Users\Admin\Downloads\SteamSetup.exe
"C:\Users\Admin\Downloads\SteamSetup.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5132

C:\Program Files (x86)\Steam\bin\steamservice.exe
"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=10304,i,11880335540281966772,588976339107320735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10324 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1200

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2940

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2124

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004CC
1⤵
PID:6092

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies system certificate store
PID:6716

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:6060

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=6060" "-buildid=1726604483" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-userdatadir=C:\Users\Admin\AppData\Local\Steam\cefdata" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6692

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1726604483 --initial-client-data=0x344,0x348,0x34c,0x320,0x350,0x7ff9f68eee38,0x7ff9f68eee48,0x7ff9f68eee58
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5340

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1664 --field-trial-handle=1712,i,3269821486579660840,12381633070728665939,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:904

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2148 --field-trial-handle=1712,i,3269821486579660840,12381633070728665939,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:11864

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2464 --field-trial-handle=1712,i,3269821486579660840,12381633070728665939,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:12076

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --first-renderer-process --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1712,i,3269821486579660840,12381633070728665939,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:12132

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3480 --field-trial-handle=1712,i,3269821486579660840,12381633070728665939,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3144

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3652 --field-trial-handle=1712,i,3269821486579660840,12381633070728665939,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1104

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=3844 --field-trial-handle=1712,i,3269821486579660840,12381633070728665939,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
4⤵
- Executes dropped EXE
PID:26960

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=3688 --field-trial-handle=1712,i,3269821486579660840,12381633070728665939,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
4⤵
- Executes dropped EXE
PID:26652

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=4060 --field-trial-handle=1712,i,3269821486579660840,12381633070728665939,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
4⤵
- Executes dropped EXE
PID:24980

C:\Program Files (x86)\Steam\steamerrorreporter64.exe
C:\Program Files (x86)\Steam\steamerrorreporter64.exe -pid=6692
4⤵
- Executes dropped EXE
PID:24336

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=3688 --field-trial-handle=1712,i,3269821486579660840,12381633070728665939,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
4⤵
- Executes dropped EXE
PID:24308

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=3812 --field-trial-handle=1712,i,3269821486579660840,12381633070728665939,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
4⤵
- Executes dropped EXE
PID:24256

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
.\bin\gldriverquery64.exe
3⤵
- Executes dropped EXE
PID:12020

C:\Program Files (x86)\Steam\bin\gldriverquery.exe
.\bin\gldriverquery.exe
3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:12360

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
.\bin\vulkandriverquery64.exe
3⤵
- Executes dropped EXE
PID:12408

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
.\bin\vulkandriverquery.exe
3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:12476

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=6060" "-buildid=1726604483" "-steamid=76561198841419303" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=1" "-userdatadir=C:\Users\Admin\AppData\Local\Steam\cefdata" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal"
3⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of SendNotifyMessage
PID:22856

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1726604483 --initial-client-data=0x348,0x34c,0x350,0x328,0x354,0x7ff9f68eee38,0x7ff9f68eee48,0x7ff9f68eee58
4⤵
- Executes dropped EXE
PID:22832

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841419303 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1660 --field-trial-handle=1724,i,5839155821108214066,9581137299596649271,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
4⤵
- Executes dropped EXE
PID:22728

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841419303 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2204 --field-trial-handle=1724,i,5839155821108214066,9581137299596649271,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
4⤵
- Executes dropped EXE
PID:21112

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841419303 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2268 --field-trial-handle=1724,i,5839155821108214066,9581137299596649271,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
4⤵
- Executes dropped EXE
PID:21044

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841419303 --first-renderer-process --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=1724,i,5839155821108214066,9581137299596649271,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
4⤵
- Executes dropped EXE
PID:20988

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841419303 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3460 --field-trial-handle=1724,i,5839155821108214066,9581137299596649271,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
4⤵
- Executes dropped EXE
PID:6228

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841419303 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3808 --field-trial-handle=1724,i,5839155821108214066,9581137299596649271,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
4⤵
- Executes dropped EXE
PID:5180

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841419303 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=3800 --field-trial-handle=1724,i,5839155821108214066,9581137299596649271,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
4⤵
- Executes dropped EXE
PID:4920

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841419303 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=4052 --field-trial-handle=1724,i,5839155821108214066,9581137299596649271,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
4⤵
- Executes dropped EXE
PID:2776

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841419303 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=3064 --field-trial-handle=1724,i,5839155821108214066,9581137299596649271,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
4⤵
- Executes dropped EXE
PID:1492

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841419303 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1736 --field-trial-handle=1724,i,5839155821108214066,9581137299596649271,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
4⤵
- Executes dropped EXE
PID:1360

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841419303 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4064 --field-trial-handle=1724,i,5839155821108214066,9581137299596649271,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
4⤵
- Executes dropped EXE
PID:6268

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841419303 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4084 --field-trial-handle=1724,i,5839155821108214066,9581137299596649271,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
4⤵
- Executes dropped EXE
PID:7396

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841419303 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4288 --field-trial-handle=1724,i,5839155821108214066,9581137299596649271,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
4⤵
- Executes dropped EXE
PID:7504

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841419303 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3716 --field-trial-handle=1724,i,5839155821108214066,9581137299596649271,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
4⤵
- Executes dropped EXE
PID:7848

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841419303 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3892 --field-trial-handle=1724,i,5839155821108214066,9581137299596649271,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
4⤵
- Executes dropped EXE
PID:9228

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841419303 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4088 --field-trial-handle=1724,i,5839155821108214066,9581137299596649271,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
4⤵
- Executes dropped EXE
PID:10156

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841419303 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3920 --field-trial-handle=1724,i,5839155821108214066,9581137299596649271,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
4⤵
- Executes dropped EXE
PID:10756

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841419303 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3740 --field-trial-handle=1724,i,5839155821108214066,9581137299596649271,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
4⤵
- Executes dropped EXE
PID:11092

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841419303 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4500 --field-trial-handle=1724,i,5839155821108214066,9581137299596649271,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
4⤵
- Executes dropped EXE
PID:5576

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841419303 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3740 --field-trial-handle=1724,i,5839155821108214066,9581137299596649271,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
4⤵
- Executes dropped EXE
PID:12556

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841419303 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4420 --field-trial-handle=1724,i,5839155821108214066,9581137299596649271,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
4⤵
- Executes dropped EXE
PID:28028

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841419303 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4408 --field-trial-handle=1724,i,5839155821108214066,9581137299596649271,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
4⤵
- Executes dropped EXE
PID:27992

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841419303 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2608 --field-trial-handle=1724,i,5839155821108214066,9581137299596649271,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
4⤵
- Executes dropped EXE
PID:27084

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841419303 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=4356 --field-trial-handle=1724,i,5839155821108214066,9581137299596649271,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
4⤵
- Executes dropped EXE
PID:23812

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841419303 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3852 --field-trial-handle=1724,i,5839155821108214066,9581137299596649271,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
4⤵
- Executes dropped EXE
PID:20836

C:\Program Files (x86)\Common Files\Steam\steamservice.exe
"C:\Program Files (x86)\Common Files\Steam\steamservice.exe" /installscript "C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\runasadmin.vdf" 945360
3⤵
- Executes dropped EXE
- Access Token Manipulation: Create Process with Token
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:20668

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\Microsoft Visual C++ 2019 x86.cmd" "
4⤵
- System Location Discovery: System Language Discovery
PID:20616

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x86.exe
"C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\\VC_redist.x86.exe" /q /norestart
5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:20596

C:\Windows\Temp\{264A2DF9-E07D-4C36-80BA-535D3505A8CC}\.cr\VC_redist.x86.exe
"C:\Windows\Temp\{264A2DF9-E07D-4C36-80BA-535D3505A8CC}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x86.exe" -burn.filehandle.attached=596 -burn.filehandle.self=604 /q /norestart
6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:20572

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\Microsoft Visual C++ 2019 x64.cmd" "
4⤵
- System Location Discovery: System Language Discovery
PID:20224

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x64.exe
"C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\\VC_redist.x64.exe" /q /norestart
5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:20208

C:\Windows\Temp\{381D2D30-25B9-483D-A172-AD5E0CFDD691}\.cr\VC_redist.x64.exe
"C:\Windows\Temp\{381D2D30-25B9-483D-A172-AD5E0CFDD691}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x64.exe" -burn.filehandle.attached=604 -burn.filehandle.self=612 /q /norestart
6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:20180

C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe
"C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:19824

C:\Program Files (x86)\Steam\steamapps\common\Among Us\UnityCrashHandler32.exe
"C:\Program Files (x86)\Steam\steamapps\common\Among Us\UnityCrashHandler32.exe" --attach 19824 13701120
4⤵
PID:19784

C:\Program Files (x86)\Steam\GameOverlayUI.exe
"C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 19824 -steampid 6060 -manuallyclearframes 0 -gameid 945360
3⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:19388

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
- Network Service Discovery
PID:19400

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:19316

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:18776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Access Token Manipulation

T1134

Create Process with Token

T1134.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Access Token Manipulation

T1134

Create Process with Token

T1134.002

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\appcache\librarycache\1113280_icon.jpg

Filesize
638B

MD5
7ecdaf8a54ec52b20640a88527512903

SHA1
3133a4d748ad3be61fe9db759339cd5de73339b5

SHA256
7bd8b75aec0a4d4a377f3ca3a023fd8b7c5fc7dc6a2a66d17f8cdfe5b731ab0c

SHA512
60ae2031eed0c38264f0d8db22a9b6efeb3f80c791e916e15a1730853162d56e0da014dbd93a5479bae4f3bdd5705ca89be70c90574a524abd1c276ed5c55a2d

Download Submit
C:\Program Files (x86)\Steam\appcache\librarycache\271590_header.jpg

Filesize
62KB

MD5
8a20934b8659b90e863e02f7808dfbf3

SHA1
45d43b9967df2a31a30b90046e2cb28ed74dfe66

SHA256
e1ee8ed03ef2926d224e331a1bc61711822bbe7261cf847624089c1e95207a9a

SHA512
70ac05c87ad6a0daa190360a312eb895ae00648e423aead1bc42bf75b3a66cc04e5694919bb193b524d5d553fb981e0e0d751fe060a5083b78e5bb0c86b19515

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
21KB

MD5
ff92c9cea29117dd0cdd484da610bfbc

SHA1
ac89372185bea0637c25aac24c126518fa2bc2c5

SHA256
6c8fe8f3dad7ea6e9ae5408b67b39907de1bc8238733004c0a9ff5aa6c6f87df

SHA512
9d491ae69ae596ed414f5fb7b0f7bc8f0f688468a4b032ee10250a0a83de8ec32ec1908a05f4dde505ba953a21318fa995fd7dce67d69712b25b8e769295b675

Download Submit
C:\Program Files (x86)\Steam\dumps\metadata

Filesize
346B

MD5
fe11ce31b5ed8109993bd85572190395

SHA1
78e4f04bff90d9915171c9595c70e92f4938cdfe

SHA256
9677c8b0b3660c1c75152c098c6e8d3d2fea72ec6e8bec15fc7bf73d6cdc4a82

SHA512
b976e12e412bc8b85125bff1b1eb0a63dfc7f823e51a3544b1e2b11d3161c11cde3a962ea4de4640da27c98c71986e1be7ffa5d73a56f0998e6f273c650b131f

Download Submit
C:\Program Files (x86)\Steam\dumps\metadata

Filesize
664B

MD5
17630c29eb75667672ce85f75ef6a0b6

SHA1
1a6d3de7168b903e07e962ff22ba316e9a7a8929

SHA256
7774822e7156a8fc1213bb2441b5eb82358e6f5f9ad2b32e008faa661b8786e1

SHA512
a996a5cf708e6377cc3c7b00c3e06c53a5e7a591dcb88050065c156184555b0e7b19b3cd648657e4a663da747d74a0758e71506ed039e33415e2a7edb5165a16

Download Submit
C:\Program Files (x86)\Steam\dumps\reports\3a352145-b172-43ff-9308-3b3000768b70.dmp

Filesize
304KB

MD5
ff24165825dbd781abafbabb79c24763

SHA1
e9f805ffd95146aa3a8d1846fc7adb59623d59f4

SHA256
a78cf2f215e2e6fee98f336dccd919836f68c531d0e41cb460916f1fc199bea0

SHA512
f211a972b04bf42a9c561ab9988f0b50bacf423630587d30f9365408a28190bc102767739084c73499682085ed39a89bb744a52615ca08bfcc82c6d8f2fddc07

Download Submit
C:\Program Files (x86)\Steam\dumps\reports\48e96a1d-95dc-4488-9d31-f65847c2fd84.dmp

Filesize
306KB

MD5
0298d39132003269dcfb581ddacbb9e4

SHA1
b26fbd2aad890066a49a2ad9aa0793a6447faf31

SHA256
4bf4e09ae92daa2cbb08caadaa2d8a869bcbf3dff00d29da4d131a3b6e225f70

SHA512
780be5082dbda1d3132537b7918f3d40266a88ea2a43a8179b02489089f5ed1f6f44e0054a3e8fa1bca5cdd83d7c3dee6ff0390e22dc78ccd1fa9a78cf049e2d

Download Submit
C:\Program Files (x86)\Steam\dumps\reports\a3c1bb7d-acf5-4622-996c-9709c2c36c8a.dmp

Filesize
302KB

MD5
dc866f36350110d7edce0a3b2a2ae59e

SHA1
ac9b1ae5d0c77b3ae6d2f6498b654eae0f6c3d16

SHA256
fc384a3fd2eb02131d543024b19cffb739164669d16bdbc91d775d536608e270

SHA512
efdcb2ed709c6354d4bf54c2cb17f1a17d7901710b34b4cadd5a1650740d26792cfd0f507fd79d8a12193c1ab8594c63664d7f88ed8f2764a93d1637c605734d

Download Submit
C:\Program Files (x86)\Steam\dumps\reports\da7230a1-98a9-4e90-844b-8719e760eccb.dmp

Filesize
304KB

MD5
2ed3d35d96e1b06f2d443265fbe3ac37

SHA1
423c2c3d1a0c05a18de23a34a00c5fd7a8a32b00

SHA256
d483f1dd8038f83827fff9d411b0f7a0266f965f9ea2574a9c6cec6eb13c38bc

SHA512
5b90baa573e1ba26a2d97f005254b27d215fa33876207b8bc41e36b7a8235c42b2fe4b953ef78c6ba3867614854a7404ae563dbd7194234d4ec0056b352e9a49

Download Submit
C:\Program Files (x86)\Steam\dumps\reports\df7c025d-e045-4e04-86e2-9b49ba5a1a44.dmp

Filesize
1.1MB

MD5
2dabe4446fa4d4f39618c75c3fe93f99

SHA1
0299331fcab101a06f77b8f9041f6969c86e050c

SHA256
99887b4623b4933ae75cfbdfd86567e87953be7fccbf91cc58b7d3f8fbb53c25

SHA512
797f01878ebe9e086c23108a5658b50f2dd637eeda1b4e68631199701b36751a1e5ed468e10496d961e9724f121c12ef48a697a165bd236cbb4a8f77d2cfee86

Download Submit
C:\Program Files (x86)\Steam\dumps\reports\f684e9ba-6e0b-454d-ae78-89b03baf0515.dmp

Filesize
965KB

MD5
5c087e41f36ed1ce7ec84df4eeb1c40e

SHA1
2a397afc888046948eb8ecfce569cd793ec81747

SHA256
97f57fb778c0a462e2731048d6063d6ab46be19a85da15ca038ce7f8844e2d22

SHA512
8d8baee96efaf3c4d288f809ea62365b52ba163bb6adcf88406ceaf8e098f927f0fddc40fa7be5c3e169e4e087560a0f8ed897ae5e0c41dc925440313b9fa55a

Download Submit
C:\Program Files (x86)\Steam\dumps\settings.dat

Filesize
56B

MD5
dedd3a7a86e53c8b80455f6c55415850

SHA1
bbb587b4a15d604f36f6daa9307eaa711c7c5acf

SHA256
dede735d3216128bfc04bf42e00d571365d5ef5d87480a116cf55cb0cad1fb69

SHA512
ec0c5000315dde7d2b012798ec93c900463e223ded347eab44e66d9dc83087a9af28f80b7f961e6858738ca669414aba3e7afce3e87176221fac848a702aa44b

Download Submit
C:\Program Files (x86)\Steam\dumps\settings.dat

Filesize
56B

MD5
f7e864d1428f5f20651c020bbbecffdf

SHA1
e8fe7fa429f1a571c3f5f14444dc7bdbc9b10ed9

SHA256
e3d29244dc1053dab8d2b01a77b2b7bdaaf6e6e2b96c3e71c08119131775b126

SHA512
59f75b20bbb6a11f66ec9df04a97f5f1f8d719e0612e3bb0d32da093fe078769df34a7b1e91aa764212b09688e9f77209582f9302a549d488602ef72a0e6fe4c

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files (x86)\Steam\resource\filter_banned_english_cached.txt

Filesize
1KB

MD5
009ca439b8e68dbdb83850d51b07c736

SHA1
b8dd1986d15aef3dcba09c954577c780b549c582

SHA256
4bfbbfd0114ee78d7795835c64aae6dc6b525547748c5dd1150d7d1ff8757c43

SHA512
25e90b8b737b30879ec9073457cc7b30bdc46ed71b8885ce14f9c1946476d65c6bbdd0ddc19bb09c406cd9439837aec5c8ad007dbb5a4378842e1634429b093e

Download Submit
C:\Program Files (x86)\Steam\resource\filter_banned_english_cached_timestamp.txt

Filesize
29B

MD5
daf3a02bcfceeda81ceb80f8cd9a0165

SHA1
559142cec9557bc93445faa018aacf5ed02ea82e

SHA256
b27bff478733aed2916258f0d32d5b786d991b406b71690be6ae0c1d5271f764

SHA512
4cfc10368119fb2f536babba3444696ee7b00e1937cd3b0440492a96e836eddd2e1dc49ac45757e59b800ecec8d46e2e0f469e7426656b6d307b8f26c976b23c

Download Submit
C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached.txt

Filesize
2KB

MD5
0b8f38d6f219adb6af9a46e34c8b55c5

SHA1
abfb7eea3e2073ef536ef4c020b79dce54028174

SHA256
c6cced2a542c64817209699a48ba5c17f32ad47a5bb799d395d707f665378de8

SHA512
4a4dcd5efb3433f23848b7bcc18a430f05107985e48f280874f0058eac863b3ddac9f849ab55271f619c026a6282387f553f1ec25e16eba7cb68c850f314beea

Download Submit
C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached_timestamp.txt

Filesize
29B

MD5
faed192b8cb3ea28a005c8364034b595

SHA1
bcac83965f0bb0433547c26058e0c3629d9cdcb6

SHA256
3f0efd4bda96ad1cb1fdc0308d2987dee58a00180cd7c54e1f0821fb642937f3

SHA512
26f055db8ee82fb6927024366b432ecf01a360b049bbfb1d73233784b393b26e3d93f17b65353c93eb7b32ab55530d90e208e3f5397a835b9e0a66568c209484

Download Submit
C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe

Filesize
626KB

MD5
254321c6fdf0b1de79aff77fa6ad825e

SHA1
1b48f9688e4703dba7b127c2bf4f40cabf341247

SHA256
2587aa207e251d7e35937e11e2cf3426ba933a0a36c4cc8b7289933678bd26df

SHA512
7625fc3b6a47d31abcb3142bbb7d03d21d5d52fbc71db337f5f29c137b3a5d20dd708c66b89ff930edf03bd290680c3b7ffe99e0496498236bfe0747ecdcdc90

Download Submit
C:\Program Files (x86)\Steam\steamapps\common\Among Us\UnityCrashHandler32.exe

Filesize
1.0MB

MD5
1d86b9f29cc0cbd8cdb4a2ab1df34322

SHA1
c83eafc94e5b4d599f73579f7c40d687054b394d

SHA256
e42d3f5979cf8946f1a71ab79c948cb3a4560ca58ac157f794c71d73c48cfa96

SHA512
8337503cf551f22177b36fd9d492034a87c15b6b305ec256b7ffc1112e67485f3e280d6fedba1fadd6add19eae3f5fdd96131cc792a51976c95c2290f4ec7f87

Download Submit
C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\Microsoft Visual C++ 2019 x64.cmd

Filesize
121B

MD5
1c39b0799c57e7d2e97ba432faefc85f

SHA1
8b5029489d50b8b93ef9864dd056bd035d98d591

SHA256
c39c8d1d2065c790e39ec9dbd242d64340774e12db6ef90dbe2933106b46864a

SHA512
ddfe19d501bdc713d85dc1ba96bfb2a14ea01661b5115e1374fc80c83d5d6ab6fffb2375ca5e0121725a3f6d853fe7ba72cf6791cdab699a3171bdd288d05948

Download Submit
C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\Microsoft Visual C++ 2019 x86.cmd

Filesize
121B

MD5
a8d147a22093c77cdf20d663748877c6

SHA1
7fe518339330ec20fc78352beb841e7a7b070b87

SHA256
8098ebcc001ca152aec47352e9b7d8f086512519cc430a8ec9c82f67fa9c29a5

SHA512
642676197b92ea837d475ccf2754217d1ed0bba7985cbd72202eb9b27541b08093c37dd3217b8946182bfd6b8a7f4f54357f294fc32d1449279390aa65a169d2

Download Submit
C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x64.exe

Filesize
14.2MB

MD5
ba584d9886d6eaee8daa852a0605dd00

SHA1
1effe7db3f42d670a1352c5c9b451c4db3e57ab5

SHA256
c2d74d9b85d0030eaa134679a2392268baa773185c5a21657390e43f8b518f69

SHA512
3076aa5583c2ee719f9755fb6aefc1f01f37a33491a7d336c39f9ad303e671574498a0dc16b64e3744098c86ac43ccb916557a4866caf1a5f4b1f5ec68446d47

Download Submit
C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x86.exe

Filesize
13.7MB

MD5
fedc87470a950d6c723e6538c5f27817

SHA1
17674fcc6cf3a2ffdc391bdcde082aa936e37a89

SHA256
5c7dfa4fd52809813cf9350c4e5807434d78a0bb1fd0d61c85e02b41646a5780

SHA512
17d286311f8aee8866fb7dfbb12fc28fe98e57a460c086fd30bce421c1cd8c0549d92ba5a90c4557eb263ad29a0655da9022603979079022a414c0c5805cf9a1

Download Submit
C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\installscript.vdf

Filesize
907B

MD5
694f8b0b8b20547d4af535951021e82a

SHA1
398db427a34a04738b8215202cb6ad24f54336e3

SHA256
331dcc846361ec44f1c7d1c0c080a5e7abddfcae454e5c1a3d779a89adb13446

SHA512
a43366eddfbcbfbffefd34cc7eec4f1d4a17bd441f45574275bc26154cef7023eec0c47f09847674c9cbbd1354bf7920f0635bd8936e55ae2da1ca928597a05a

Download Submit
C:\Program Files (x86)\Steam\steamapps\downloading\945360\Among Us_Data\il2cpp_data\etc\mono\2.0\DefaultWsdlHelpGenerator.aspx

Filesize
59KB

MD5
f7be9f1841ff92f9d4040aed832e0c79

SHA1
b3e4b508aab3cf201c06892713b43ddb0c43b7ae

SHA256
751861040b69ea63a3827507b7c8da9c7f549dc181c1c8af4b7ca78cc97d710a

SHA512
380e97f7c17ee0fdf6177ed65f6e30de662a33a8a727d9f1874e9f26bd573434c3dedd655b47a21b998d32aaa72a0566df37e901fd6c618854039d5e0cbef3f5

Download Submit
C:\Program Files (x86)\Steam\steamapps\downloading\945360\Among Us_Data\il2cpp_data\etc\mono\4.0\web.config

Filesize
18KB

MD5
b127480ee9f0b8dab6a3f73ad79dd332

SHA1
7d776d730cbd253564713f36573dd8366782788c

SHA256
f1a6416eeedd9d040387fd85dcf7d6e074b6644c6829d08be220ff9fc32efb31

SHA512
00ddca43ad38127cf71477810c46617fc2ccdc33f197e26ba761151107eff701fec2caa51e43575fb5b4fbc11f640f525ba70b6b3e97811cecabc63773492401

Download Submit
C:\Program Files (x86)\Steam\steamapps\downloading\945360\Among Us_Data\il2cpp_data\etc\mono\4.5\Browsers\Compat.browser

Filesize
1KB

MD5
0d831c1264b5b32a39fa347de368fe48

SHA1
187dff516f9448e63ea5078190b3347922c4b3eb

SHA256
8a1082057ac5681dcd4e9c227ed7fb8eb42ac1618963b5de3b65739dd77e2741

SHA512
4b7549eda1f8ed2c4533d056b62ca5030445393f9c6003e5ee47301ff7f44b4bd5022b74d54f571aa890b6e4593c6eded1a881500ac5ba2a720dc0ff280300af

Download Submit
C:\Program Files (x86)\Steam\steamapps\downloading\945360\Among Us_Data\il2cpp_data\etc\mono\4.5\settings.map

Filesize
2KB

MD5
ba17ade8a8e3ee221377534c8136f617

SHA1
8e17e2aec423a8e6fb43e8cbe6215040217bb8a3

SHA256
ce1db1ad8a9512073164e3eccdc193f7eda036e1a9733caec4635de21b2865c8

SHA512
c18bcbcbd4b9a20a72b1a934d70db1eafef047f34f3ba2c6357d8e3afed07ecaab861e5571ceb58c22d4d3e5ebb34b51e366a0553c3153fbc263d1d80472e297

Download Submit
C:\Program Files (x86)\Steam\userdata\881153575\7\remote\sharedconfig.vdf

Filesize
164B

MD5
8351057188d919e7227369f342029ac6

SHA1
882ae5d2132d6becba3c7fb8f93d44df10357382

SHA256
b73fecfa7f885978b8240417e77c2e8185c38a1b50017133125c03d22a8e3d46

SHA512
e7fa1f165b88043771fa7d7df6f218e09266bd0d5f51401b4efa47d6bef8fb109e3d0114996e52535d39957e7af37a21ef0e9da3dd6fab2910103194e432309f

Download Submit
C:\Program Files (x86)\Steam\userdata\881153575\7\remote\sharedconfig.vdf

Filesize
230B

MD5
070c9c8bc16c4c87052864d3eab4ca70

SHA1
a47430b01aec3b1a5c48357714deefbb4c137f3d

SHA256
12b1aba7aaa231f6822498064f9575e76d52a5769c73f1ac0a4be53659a9125e

SHA512
b59d5424d36e53e446fa49f59d98ce552b8613b2f5f279115f0c1e43a669a93a5556bb81d7365ad99862b7eeb5bb3e78a9d3a1b06a2d89eebc1ea168c3bdba6f

Download Submit
C:\Program Files (x86)\Steam\userdata\881153575\config\librarycache\236390.json

Filesize
13KB

MD5
3b15074b1cf87c84b22d49a0ab653d72

SHA1
f34ee4e175bec50251d4fbdb4e3b7fbcd7859902

SHA256
a5917dbe32c5ecb04f7507f379e0366b7be22ddd6e4beac6b6318bef9296ffe0

SHA512
0add504b0db89c8c79ab872daad0e68754096830a2df93f663aeb4c03deb069bd1b7a69c45b5ebf9038ae85b4125a032fe5d0d9c6fdba63622236bcf875c2178

Download Submit
C:\Program Files (x86)\Steam\userdata\881153575\config\librarycache\381210.json

Filesize
10KB

MD5
17ec1e0cb2debe786d9c4a6127b6d668

SHA1
768d2a88cadadf7b451cb4e1159c2a9fba644c0b

SHA256
873e5c5fcd8a6c63b9dd5adad4351c7f9609f3def9203dea3285f2ae565fd4c3

SHA512
ffdabd4d61dc8018cd1c79098408f7c70d3a70fcbbce925560481b3f78972cea17f2abfff81e07e90f194f7d10ceb833caccab85e7feccbb20ae4fe87f798204

Download Submit
C:\Program Files (x86)\Steam\userdata\881153575\config\librarycache\477160.json

Filesize
126B

MD5
5216ef382c2d09e344ae46f2c073acab

SHA1
91040770b2b51d00e6b7c32a37315eef249a55bd

SHA256
2200afe5bd5dccc0cfe9d34b29eedc49014dd673e5b9b2d1797e3f52a14b5617

SHA512
0a5bc2a98fec77d33e0aca0934d547746883d5ce2b6cfe23e36dc9afe5fbd51dfe12d955213cd0123b4ca004e225182bea6722d0870ea65ba5a808756e893f7a

Download Submit
C:\Program Files (x86)\Steam\userdata\881153575\config\librarycache\477160.json

Filesize
11KB

MD5
8c74e5d54d07cf7e8fe56211c9dd3983

SHA1
28b65514c97527b0a7a949b538225b70b6829ab4

SHA256
3457f4ca18d1cf0efffd2f7244a45ae81909c5724f1d1334134ccdcc61f87af0

SHA512
8b1f0233d42623e66bfb8667ab6f47277a6be495ccca55900338c94078e8aebbbb836c8cc9da7f1d3cd5b9a4ab3a8b0016cc346e209da621eeec28c7e6a9babb

Download Submit
C:\Program Files (x86)\Steam\userdata\881153575\config\librarycache\730.json

Filesize
5KB

MD5
e08d306bf35e8b26dde097c314e59c40

SHA1
3693bdc6dbdf78b4cebb5c96c0ae0efcb77cc8b1

SHA256
c0d7a612c9e5b48b7148b57af690673310739a7d95da8f029c6b54538dfd15f3

SHA512
861259d8c24a734a5d48c14b211df6bc7c62458ec3e4f3da3ce7ac8649f7dc55a792d9b974b97c799e55ebe8a84259061c5caae43769d314f2937d3016a12ee1

Download Submit
C:\Program Files (x86)\Steam\userdata\881153575\config\librarycache\945360.json

Filesize
13KB

MD5
95245fa4fce9bacbacdc8b2a7859184c

SHA1
ffc9a894a8757b9f021d51e055f3c7f45ae62ef4

SHA256
459726f09ba0420ddd85b9ea0c409ac5144f50964de9ac05a0eed6c1704f3d2e

SHA512
aa155df300fc35d860aa36f75044eda99bc1f94c19360a2b8bafff43465902bfc0876b8220eb1404226a241e2c9757aa54b5bf2aeb3379dbdcddcbf5e7b74846

Download Submit
C:\Program Files (x86)\Steam\userdata\881153575\config\librarycache\949230.json

Filesize
9KB

MD5
afdf6856d3acf7c65ed8ce1292cc8c48

SHA1
1446c1e4dcb7b5fdbfd86b5b3475f7d13d1d3cb6

SHA256
e3e3fe1ae05b79809618454aa0543d576c515fb87f5a65226d21823bd371bfee

SHA512
49418a20c72f9c48166823d37791e3d05690ada5618c37b232c6e528bee7e7192b01f2bd044c8a5f258cee4aba6ee119ce30a392ef33615536d9defbca95bce6

Download Submit
C:\Program Files (x86)\Steam\userdata\881153575\config\localconfig.vdf.async6060.tmp

Filesize
33KB

MD5
b4e01f1173add69d303ebbfbd8200847

SHA1
fe018f38d48273caeed3335581b525543ac4b167

SHA256
fd03fcc20095d0bd5dab4c29af21fb45b0cba222fbabe955ba8eddf1b47af319

SHA512
a22cdfddb185db5b127770d1b39913cd881aa5541f6b605c614a9258f25aeb31850b6c25d58dabdbc3d2b7a97e000334bb9d84f10bc70d126c34249a53c705d9

Download Submit
C:\Program Files (x86)\Steam\userdata\881153575\config\localconfig.vdf.async6060.tmp

Filesize
33KB

MD5
d8557fae0567d7faa69f3b57e48d5680

SHA1
5e005eac81349ff618936c1e34a68a585db67958

SHA256
a23ddfab55fdc01e7324e1edf758ffcfb4376b7796207ff237f5457a448ffdfb

SHA512
0e8dce6295f651ef3b258814e0b694b983ca35dc64bd80365608f475b937d3d9c4360e4e3fa5655e95628d968f54f3023200ed51a06ea35bc1b1764c1c97ac30

Download Submit
C:\Users\Admin\AppData\LocalLow\Innersloth\Among Us\Sentry\C763C68F1FFCBCBE9486DBC44FD01B0F0EC2B4DA\1728084787_928__1235094056.envelope

Filesize
377B

MD5
b3deabbb7ff05bcaa1e59bed6504cfe4

SHA1
cefe5d9a60ba369f6efc866221c71a11730d76b7

SHA256
38b2c4a7c96280336fb873244754c0760d96429cc19eab0aedff9ad30da252d2

SHA512
0ee99b198f963e726b1d197bb39785b114a2402058cc3dcd7fe6346e56bd14b4af0c4267c67b4f6e567df4893298bb631bf793cb5e66d865be17ebe9b52e7d1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Unity\Innersloth_Among Us\8f1f35ae8ec9d1eb0eb556dbc2ece9d8\be916a8392442ed88003ee8bef47df25\__info

Filesize
23B

MD5
c78f9f095b970577edb9c46d79cd8e6d

SHA1
b0d6f4a78788d43ed161c25fa4338cc36c908e66

SHA256
96debcb9098e9856d680bd1e8a27e962c6b3452c0523cdf41e1cedf9a7f42f20

SHA512
af33d63a0ffdb61636ecabec88605fbee21e332d2acbdcb26f1f0797d07ca770268fe370d3606917f31938273adc20615078385bf086c3f591b154980a07ab9f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\a45939543b39e283\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
6c08c7265cd2c202c34375953a8023a6

SHA1
abbcf8afc97db571531f5bf077e64a0f91478227

SHA256
932ea5fb3dfa5a11d84571ba3a6a3b0a6d9fc09139a712575630a05747a3f003

SHA512
3bbdd8785d7160be593dc71fc942c859b35f0246e1613595f9b072f59b42484ca533303791ddb4f88c08c901d2d7dfe37da6328038964044129e52d4abeeb2bd

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\a45939543b39e283\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\a45939543b39e283\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
992B

MD5
3656c8107cfb9a5f6a49ce5a9edda7e7

SHA1
0ee5f3726b1905d690bac6e6568f192e2f4be839

SHA256
cbcf4a5c89ac857aac046629963a9ea6929e828e307268b94936051395db2c7d

SHA512
be7c6b416cd2d3e718c60cb3419d32badf241838020f2b9b5c916497ed1deb1e93e841746c6ff860f18be3aec149b7237c3e60b4a97daf012d984a96fb41891d

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\6895cca4-4c85-4457-858c-96f6e6425674.tmp

Filesize
213KB

MD5
5391590c90a9a532094b6f4756e4795c

SHA1
e1c0ef7545e294acbd43092b707982d2440e4593

SHA256
aa278b255fc087f07bc17421880f219c316a7d8f89d4a2a8e9277fdf14de6219

SHA512
aa107f42f49383e6c5601a4cf71817e23736809f25a6b8d3c5622ced41f847eb806269efd183bc3d8180c2f7528ba49c0e9be53e8de4267612ce2f351a1d97f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4a27aed1318bff076470c77808959a0b

SHA1
8743e37f1f0f7c3ed0795dadbc4fea0c9abe0397

SHA256
49220fd2828fd5cde45c43bf3cffa070b3072e633e2474ddc43caad660cfc7e5

SHA512
2b1f93a6e825c48e5b2cea230bb68adf98a78bd95b12e1e97725de9caa7082313fe06673353b02ce610f3acd4b649d71c74ec59dfeb1c81ce289e7c541385fef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
24KB

MD5
9c700e17e974d4ab2dfde82f6451dbbb

SHA1
d5b85e82e10c2d96b36316670c76b8a0112bf246

SHA256
3ec0462dbcae8561ca0465558845da248d434dc6205cbde99c47ae3be2ac99c0

SHA512
1428b7401d281ad3d635eb007e45b6e5798be6b029f270874af2312627c496407ec7440df4a3028f3cd6c1ec587b0805425ae5de4bcb04b90d942145e26966fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
102KB

MD5
962f0a53099aef4a6c38e939b21212ee

SHA1
3ddc122881dcb5f8bfcd271af3082377408cec9e

SHA256
9c6730625730f1d26501155be050d86847009c422f1a8875dcc63e7ed8831de3

SHA512
a928c150e6a00c889bcc1d79c8e96c254a9b5d24ccae7dd112a91a59560b2ec07254a5bd7d065cf38ba55cc2f85010dd1f9fc2de458b62809147edadcfb476fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
49KB

MD5
d8789993f7b700a9737b35cfa44c67db

SHA1
56d665d90ecae9481bf6be5542330f8e2012f8fe

SHA256
cb3ae5f7ff43db6893d17a710c4cafa7e8fe784cc43782c0bd61eef134f9079b

SHA512
34ce69ae1a62941e13e8caf36bda6924cd3c961599ab84ffe860cd160d2d876f6245de941dfc59871975ae179718442dd0fff4bfc54845e20a647a527392b062

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
79KB

MD5
d2a8e49a23eb8e73611e275105029cb8

SHA1
bc2d0c52f4876f3bd83631c394934e53e3052dce

SHA256
7c89611f5f64cccdb063a151c2bee2699802426e2f13edaccfc80564e0859fe1

SHA512
e4a912cbf4cb13f01e7ba9ea4a1498648bb065aa2add53e21f5166cd4f7fd04ebc681a0d462a766c43fd30d44fb59b03d8f49df492f1937c8c391738e42114df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
32KB

MD5
9651cde3721865990c4e155df7caad53

SHA1
6836ef68cc552d90a9722cc4a6d8aa6e64f5cb14

SHA256
b3dfc30ab2ba0fc12c83ed249171756cfd8f5912a331402f3bdf63262d84bd89

SHA512
466cf5d15f22e519ed11045c8b63270bb8682cf9dbc966a426b28da791ebd33be10a77c4e176463d58045139d63db4ec83d29abaf24630e8cb81599986c4389a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
149KB

MD5
5ee744b45a0b750b00065a7b599b4c31

SHA1
5afa5d067c151144b9b1d6a9956f9f5bcebf39b8

SHA256
94b2e7cc9d12c51a05c83858fa59a828462acf00aa715ad47e24eda5bcb629ed

SHA512
f0d00a873003f39fb9b29527843b4c191e2083b5d5a5aab2bf69d1a6c057df846610a29302fb81655f3308a96191ee82ebc201609e1cf193a89929491fb7c678

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
28KB

MD5
5b9c8980823dac139da68f41e2947303

SHA1
2d950568a2e5bca5dd7fed1a5944394dae8e99f1

SHA256
bec8ca4b8be0f5c6f14a8df4872644789819e1cd3c1d11bd448a2ce291716257

SHA512
f819cf34f62a899898c045978d32fcc87e141d963f5c1dbcdc7c17d0809a4f3cb989dc09a328434940b49a99cc2f76a21ad38f34bae107ab174a1f3c2d720616

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
16KB

MD5
89a574ff00e6b0ec61d995d059ce6e65

SHA1
aea09e96808ab77165ffa712eaa58b8f056d0bb6

SHA256
e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44

SHA512
30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
16KB

MD5
cfa2ab4f9278c82c01d2320d480258fe

SHA1
ba1468b2006b74fe48be560d3e87f181e8d8ba77

SHA256
d64d90cc9fa9be071a5e067a068d8afda2819b6e9926560dd0f8c2aaabeca22e

SHA512
4016e27b20442a84ea9550501eded854f84c632eeced46b594bcd4fc388de8e6a3fbfe3c1c4dbd05f870a2379034893bfd6fd73ac39ef4a85cbf280ab8d44979

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
111KB

MD5
f1b71a513cb67d16a606725e77805fb1

SHA1
d00e355cac054aa3fb48e9c38768129bbcfe7b28

SHA256
fd4be5ed90c6c7581fb9b6957d82f14d146d57199ae28b56ef3acf57d0e87391

SHA512
8ec6bf83b6dd5779b41d04674c2e1a300c3388a49ca141b59861ac665bee0dc1492e0a2ff49567faba98fb4c14f5434a64f44f267c4c5fa967dcb74b5ed58f53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
65KB

MD5
8a42ba5472aa4afa3d3ac12f31d47408

SHA1
2add574424ac47c1e83b0b7fae5d040c46ac38a7

SHA256
759bfec59bce5ddea7751b7f93408074a8c27cb2c387b08b6b9f4aa111266ec4

SHA512
3e1081a6e1c29f6dae28ab997c551a6d107d4f4b7e0981a19ba81a30a4e420dee1791321dca8f4b500c9e7e4a41c5e5c75013a72e5a5cde3f7e6c50393eb10b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
37KB

MD5
d11a2cdc7a6e1a44706f15ea5491acbe

SHA1
b78faefbe9399984c9a798fc296741d19f3dbe33

SHA256
7972f8c8a0493265e561969ff65c2f0d46324095bff64739bb5fdee854e84833

SHA512
fc0e79ed1e9b709aae7ba763061d3e62255b1916b28c0a110b4b668dfe5014c3f77cfe7be585bfc8cc6e8d4da021a0c99cd85f2b2a42b8563b5566385c7a31ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
102KB

MD5
4e3b6af6455d4d44be1c63a654bc5079

SHA1
ae1a035747a25df844cc71ac860a9f5ce7251a23

SHA256
384976c29cbd3f199acb925161865e81fc50cc9cd8248546af5014ad9e59c4d6

SHA512
ce82325dc69ea00e02681ea1d1bd1364e1cf64b23f87faef6bf63169c8b26ef79042ab16e2390a8eb21093da4b0c59eb42b05ac782c2d503f4af493e86bbd076

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

Filesize
153KB

MD5
2ad061133db4bc02284aa42037bfff66

SHA1
dcaf828ce826520bd4e82043b4c4f8f828de31bb

SHA256
4485c76c8d1d3072941173c86d8efbcc4a05a6118fcdae89808d7891e08da98e

SHA512
ec162716749dbf7242dc2f5f17304d0773c7ae62d08fbf8d249ac484d9646ef124208e29f9cd5b84c50f3c2062b313f378265d000798ea18308d4f0e18c280ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

Filesize
69KB

MD5
b7c11abf7c963045c53be30e7c9c137b

SHA1
0d3c261424af2ff0138cbab305a04bf5e86517da

SHA256
557abea1f03940f0be98f3c1614099a372341ceca2742d52b747bfa7d5f3b78a

SHA512
d5464abc5d1d37058ff65658a1ee93dfbfe15b380f3459a98eaebac9587bc3c86cbc791f100ca089bb2add06f4e2cdaa62f8f5231e78c09e9c2f105522f9d858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043

Filesize
39KB

MD5
cccfdcfeb5c4c7702442ec7ce6b83a0e

SHA1
f72d61d584d1d1889a46a4f94bb32b62e726e1dc

SHA256
94a508d7288d588710f819c4f8a657bd59f105fe715fcc6b93656573b1911113

SHA512
f3880d050ccfe4f1d64b86124038ef1bcd741e44f0ae8d4583b3037430c53fc0c455076c1727fa83a36b1bd244a3cb3f1d1076bb3388c21507b161851ea608f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000049

Filesize
74KB

MD5
9712f0b4f2c801fe61fb09fda743a265

SHA1
f605d00ff9778635c2a5be5ff13a4acac811f545

SHA256
379ff69c13601591ba34cecbd54baddfc6db85979f4ca33bfd511aa1c6f41d0a

SHA512
c7ab6c630e756f38341c800adfdcb7e06350229a347ef7918b1f8c84056e16129cd5da95cb4f4537b2f567ba66e84a2f2aa83a4d06e0617b62e346acf96436eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004b

Filesize
80KB

MD5
d6b2d81fc52e85a699793659e50b923b

SHA1
96fa36b64ce35fe03deedf2d337c6947323a6241

SHA256
565e1cb4ff99579155fdcd8a2cc9f9be6c9dd93bf4368749563d3ba982d629ed

SHA512
6c2fbe8bed36c01db6db81c88f4d2a73e83bf1d10f19fd3fd8077279e9ca3c177e8b358b3590865a587b4aaf64c15797ed8b7345abaf9a427572c3c0f64f4379

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004c

Filesize
34KB

MD5
c1db52e299077620db205674392fff44

SHA1
da4ee2d9ced3f2cbfd9e481501282b54bfa821a5

SHA256
9872fb131b7555b056108b7f9b8baba78bd1bbd594db1171cdc0d5a463ae18c4

SHA512
0448ac5d57867f395f847b3eb4c7992a84191d3e7bbee72bcb6e70a57bbef2a7a5abc5e00be33a4d37ec9867fd555382cec2bda71a02d9f3802c76f6365f230d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004f

Filesize
82KB

MD5
b50939ac5a143867d0f8f377bd4c6de7

SHA1
c15fa362abcda8739be8a2803ee79e93250e2d1e

SHA256
b2ec155d2b47935ec5fa4afbd5e9d0fec2baccf1213e96a823690ca14949b54d

SHA512
c1affd332617f4fb70338afbdf5691f301378ba4fb4e8e13d5445966fe72801dfd16c7737ff92592aac5d5e842592dd0eddd6325ccfff7b076cac0e397a70a69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000050

Filesize
167KB

MD5
0b5d2a2773f6fc49b3cede66148d0f13

SHA1
016394677ad9e598c4370635b82fcb2b2c36e568

SHA256
c6cb686f68e30f3b4543da98a15bad5ebd7de0ab2f2de3330b2e8307329be1eb

SHA512
6ca7b7a0c58db9c1e1c82da6d47febc583ee61bbdff4a07e1d17f535d02f09f0eb26f1ab50e559009b752fdcaac66658484eba8560d6e77812b5c831b7abd5db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000051

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052

Filesize
36KB

MD5
c52631787c8c087cfb6f854e043d2ba9

SHA1
fdb4aab81277fa927fc0b75629040f0db1482cb3

SHA256
0141305fe5d54ccb49b2db5f289f708db5586c6bf122d239fdfb035f94d81827

SHA512
3e554453f10b6cdfe864ebb9321c0d7c996d55c6ffd2873e143d0cc3f6ae41b0bb5ea61dcbba293e3f6ddf4869472a516cf33b020be88640c237079cefb6caa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000056

Filesize
22KB

MD5
36e656cae3cfb3e617ed1f4501d07551

SHA1
880fa9ea30714bfee95c5b239017be0cd1c4fd7a

SHA256
b4c89ad35d1588dc44655b481770fe56ba3bb02d19a3fe0ca9432b6908576bb9

SHA512
8d0d0bbfe76311cf51ba0400c5cb54d9e5f7a9d5636652eba0a2deb1f4cc454a34a0c502a68adc4519e168ec8781d1ec08e912e622811fff0af352d3cccdfa37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000057

Filesize
20KB

MD5
f730bff0cf8edaeb2843488eb25f2871

SHA1
f911d18a07b3dac9b6cbb8562e4589fb034bc31c

SHA256
e21091eeb35a537a27bdef9bfa0952083e2cc4bf8fd622b8bb5d4757f0eac12f

SHA512
6f5b0a66135b227f36cbbf4f0a2c5af95887a92ad4b59937cd1168d35fefa8860b2a08364f60f788b52c19b49bef3282edc70ec63d7b5b29a8d6909d3aea0e60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000058

Filesize
495KB

MD5
db6647f7f1ba5a5872342cb529fb509d

SHA1
8a58b95f14894f392c2cfd73fc7c13358f9620e9

SHA256
c7a41a3cee7fb1d0979670920609fced29d852b1f37bbf8b6ca8652c708f1372

SHA512
fac0e5b8d39249341c616b9f01f622f73dfdddba87628ca016a5135e03b8bb8cf7b1ddda14d1ac975c979660e28fb3786e7484e84add142c1170f93710e333e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005a

Filesize
568KB

MD5
3fc94aa831f934c92915515ce66a80e8

SHA1
e6191da4b7cd45d464796c07480f87e0aa029c4f

SHA256
01b52da724ea160db075f97d91377636cd0e971c02df40580dff44078453c29e

SHA512
ebe76b9bf49f6d486a8e4d8fd5b98f25635dffc0e4530f017faa8747aa0f54042b5fbb46e9b1133c6aa77407b72f2db34d80cbf9f1114f94461b0a18088b8f05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005b

Filesize
489KB

MD5
f23111c6e6b6eaf1e9dbf2bc4c55890d

SHA1
1cc289cdfa99b7d6101e1f0e31a05ffeff8072d2

SHA256
bf946760f094d5d62cb7e155ea30f75be48a8f7d4315bf0b74eacd65996ebde3

SHA512
0b27e6c4340f9a613493ba5bfd422f806013a4c2fe1b9b873f53fb9e8bf620324efb01c53c021e653325dbc1bf876482355236a5376500a7032ea90ab046e555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005c

Filesize
65KB

MD5
1a38a196aed218970b430600015adee4

SHA1
999fb1478ee4319edc45f777365ec560c47f42d3

SHA256
a583e32d6f92a936d51ed821421577c392a0bc1ce476978b30c8e8da3b72c487

SHA512
9ec0d9edb6102916edc3b7743beeeea535982c8fe88358a8b918ebd00dd18f1a57a55dc27124b0e3ee22041346545db7b06bbd17dfa48831c5d9fda71c6df576

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005d

Filesize
370KB

MD5
bf2125645c1c3bdcbaf59f094db44408

SHA1
de8220395fa162d53c846ac85004fca0d740b177

SHA256
7a5115db500da50f485ed2fbb32e33a3478d6a2df6f04ecd668aeaf11890d25a

SHA512
66739d6a6f3eed7055469b51c77b091282566e3936881c5500475bd7860573bac84aa2c387f84aa18a172b06f9f816f557a4423a0828d2e9252107244f2ee337

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005e

Filesize
568KB

MD5
541817575e22eba06e40f9f37b855219

SHA1
77172ae50f2dd99257af0887a946afa9f72bd934

SHA256
5364ef10d2d20e1d8e671367874657679afcbf2f90dd95033e55e1e36fb8c3ea

SHA512
05c2b0ba424d8ac6b109fa2e79e70f9907dcf46540fac2984534b6464f5ec2d84d78b5bcff771014737a7ca7082efe4d8085cb821e56f2dd19eddc14353ba545

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005f

Filesize
603KB

MD5
23c5ad55300666a07303f1cc877c2a8c

SHA1
70643fbdcfb3df15985eae986f5a9083c919e07e

SHA256
31f274336fa2cbdd7377af68438d4dda7d39e0fc42adef66886308e27dd0b0d2

SHA512
e72b237649177f6fd65539e7e7f90db147a63a9b8fe953a48f69e726c8632f94350ed2ca1520fc0e1e6ab0dfcecabb99f9430a14a002128a881f0ec662f8476e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000060

Filesize
455KB

MD5
ced543d0d70d8e4658a8003c4babfe56

SHA1
2def94818866f74e7ab26347c1274de578414571

SHA256
2780891599665faa6bf0bbba61a84f6dc867754659abd50115ad2a789daa5feb

SHA512
30bae3a974c5a07dfd0e378fde31b3115063779c3c8d097cdab9dc912cbd2fd268152ad1d7fc48711328534d29673c6cfbfc73abbef20dad6b76955a73207620

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000061

Filesize
52KB

MD5
e19d2616e76865c28c96b5992d4a72be

SHA1
5a4d595c91bb943854d577d11089b92d02c5dc5c

SHA256
3f82091341303f989f1939f6d30e010029582b0752fa71bde6850a9a955b194c

SHA512
f25b88237bb386de6f6e127090425607f3902ceee33bd54357c44a277e6e508c95998847111b2794693b2465bad194a0681f0bbac03467e0291e4c252fbdbf36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000062

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006f

Filesize
50KB

MD5
7e197cbd26cc5fdeae418b3b606d8433

SHA1
734fd5cb4ce1a6f9bf512a610a369cc64dc9bb78

SHA256
c8b55db746ee41e23a02c46973225d994e1b8c9bb673639ff4722ddb0a4bbd7f

SHA512
9d96f39be27a93092bb9dd9236cfaf21c1d09a55e013870c64decb1e37eebb3582f57bd6fdcbf249de10ec7944168222199409fa2b6aa52812369f7b4e165c5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000070

Filesize
22KB

MD5
c4726977ebda235a164225a4b4a8fc3b

SHA1
9b49754d7dd5f29d9018a6a6e60d1babbaa98c68

SHA256
d42ec3d4bdb6273f88e1b2b58998064e59007d1389883dcaa1f7a29fc8140690

SHA512
5fefbac2dbf06c9a855734d2e557f21f401c870291f6076fb84e3164592209a6132d314b7bf0aa3fe5983a8091fc8e94e3234ae92e7f34e91a4088672ccc37a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d3

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
4afc68c7433d23028a547794589fd50e

SHA1
65a83600688d44e2741050f2c1581155cd8e02a4

SHA256
1daa61c78212b46bbb01b373d5ad1c863fb94f050943fd0ba2e8078a7ddc8513

SHA512
31c98a114cca207e8e1f286bcfaaf2a89c9f121955adf3318a5fcfa8846fce410a984fce85a8f11e7da4e780705e0b724c1a63fbb0ca784582c6f08c2e7b0fda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
99df37ab213fdf8b6c85cb54c2806452

SHA1
e30bd86157786a9b035bd63ff3c29c9a6142ea91

SHA256
f69f6dfe841f54389b9791a16a3f4bc26f9ce051239527631d77cf31581129af

SHA512
a472dfa337d0e1d1cf6af1d2ad4e6353963cbfebf3d16406f844dec2953d5209d84feaa2537513da4f983c6e52b8d13b07795edb0d66a75aa71389c502c8a786

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
54286ea47ccea86dc9e561ba96ba4c5f

SHA1
b815d0fb6b2b6eaaa69a25666b8e8debb1f1ee9d

SHA256
7e8b755477a2f4dffd67c1f847fec1ad7695ee641d2fbb71226d0b68a8d24fa8

SHA512
6e40a6ec0c7cef28e26f47220dc6e619220e9822c0aed9866b973ea169369c2a5d6f126f373d14012c7f96fbcc0bc2bfa18c0560cf3fce1b5c7906813c5d06c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.systemrequirementslab.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.systemrequirementslab.com_0.indexeddb.leveldb\LOG.old

Filesize
739B

MD5
b761f9224935a978a218c08739e39a86

SHA1
1af0ad2fcabf5b679d93b1af740df10c9749e9af

SHA256
d42d945fcfde43b9501535793b41a8077fc5d269d5c8a072ccf9224ca62aa110

SHA512
cbdf609333e684b1d0a0ad6cadc8600f6a7e0ba364cffc8f9be7d243274facd732d2b71d217eddaf01268e950beb918ee9ec6c5f42311266db13092e46bc3d39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.systemrequirementslab.com_0.indexeddb.leveldb\LOG.old~RFe59b9b1.TMP

Filesize
540B

MD5
83f0782dc99b06b36f602056b36379a9

SHA1
2a9b573cdfb367b975cfffa8ecfce5dcfc118119

SHA256
0ea96be3107ab2630566bf2064c433fe193f6e01c298dbc59b1c318bacfa4aa1

SHA512
9cdec3d651a8804ad4c2e54851a2698b46b3fc51cd4e6016a0adcca2372321cbde63401e6716d4558b9a75159397b7924db1c698eb8688f21ab402e3b287169e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
51KB

MD5
bd7c3c3161d4959078dd6b53ba91f691

SHA1
45d65575124cfe6af66d6884b74921efdaa1d969

SHA256
c95a6975b76dd757967c12403585a6f44821033e35d22a808fdf1bbad8de397d

SHA512
dc6e0502daac3fd25cc0c0f285738fc907e87e52ba1381020d3d6e6463d82c16adafdd3550a6e9719be5f1521b2ec1d7856e813b6075e28244cf87a3fc09271d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
45KB

MD5
402f9246d80fdd05dcf5990d7b29fe32

SHA1
7b07faedb71d7570f0d195a8604c04f12526c256

SHA256
86d2d4865af9a4d6207b07ee5c6a04ed32292a714df0463de2b32665fc7b4fa7

SHA512
43721f7f342a1b3f2ac948b738724129d25adb064c91818a1a6dc6ab1e459d69d2b7fffe005cd12f0e31dc5200376275289ef5ac4727dbb5abb2b5836d3be0f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
b20f2bbf300e11ba8de4dc73bc8822ff

SHA1
1af05b4d4a71cfd994c0919311a8d92fa254e0da

SHA256
182a4097750e1b62fbeb9518cd253a10bcbec59ff51a81f823fbf7d7a8552b03

SHA512
18abe5599530b9354e249090a3c60a0daffb5fafac2d5886e2a03aa0df716fb1e0f614b0ff8d2bb99bc3ff4d89783940e0e8d2b7adda49e8f2b6b6a1807dc0c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
ec0914a6a1c45c4f1999095e77942131

SHA1
5e463b75ce5305cdc06f6c04c274af24d51604b8

SHA256
5abdcced270ad206bf992286e14606a7d316cecd573f1e4393c32c0d51b278db

SHA512
30c47b6bc5acd87f869d80e876f7dab55e43970daef8b960b262dc4ee554d3b0caffa230777cee3c74a39930be6dee8a5a42d2fa8560c1afd4874381919324a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
ff7e4e25e9cf96c2668e8b9ed67171c4

SHA1
282a647b4763d72e1f6957679fe61570f65bd3a5

SHA256
d6790c87f567bf6768eaf98cd6d12027b92429849de265f59efa93009700c574

SHA512
8f3da0c7fbfb5168679985d80bc06395e5c910ef38438ec85bfb0d211cab63e1daae0de9e1449989877e5696c35077d40fb1aaa4a8953ff717e18796fe7a1a66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
a8b83b5952a5fc9ac93403c95d7b2971

SHA1
b63a315e04e2cab8c6f0ad11b51c937a50663447

SHA256
b51d856e498aa19f647830422d325e421c3726e390f7c90a622dbb9874685e1d

SHA512
cf60b9870894ee503b83709b82be48f0f22f5b7caa58761373bbe13cb62ce37e6e322bfd9ee5bbff403fab9c2f74750c973e438e9d68f4a01e0d428fdd2b836f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
c985dc820be8941db27c6bed8b0b50ba

SHA1
ca978b241f2e4757253aa8bb23013254246b1907

SHA256
de5809da3b736ae73082e4062205ca756ddeb55ae51c959633a84a01dd50733d

SHA512
09383835a0174a616db56e27f058cf16d61316cb7345cecf7b9ddd7c059f1e92df6a58555a326576585b4c9ac9b5ce8cea5ce97620e448d78709d964543b8811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f0ae13b8028b9b61171855a5e281c0e7

SHA1
3728bf84bff8acb92098228c372d27a1ad5bb864

SHA256
c2b7dd7d205a40bc38bae44fb9372605c3fe0dab367cac964801d9be300cb019

SHA512
bcd28370109240828dc7c8f1637edd12bc22cdc5342ef2453156058ecf8a1e6a0dbcfa6f9081f565d99089faef4e3d302fde4f6b1fd2737bb29144a532791889

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
6eb0db8888dda1a9d84a59d4395a3d54

SHA1
3a32dec9230e9c3cf91f83400b6f2098035740ae

SHA256
a542cd56ce630d701917f37758041c99fd4fd19b2a1a64ef83ee27dc83f2680e

SHA512
34e4186c918bed37b4a1907a10968e2fc25c3dff9c6d4281ed55bd105e11f0e031e1e1e692cf1edbd6fe47802df491b3e78fe9ab3b57224b480618bdf562eb2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ac992f739583cc1281e80cac6bf90e96

SHA1
67e365bdb9450064c53578b069bb52af2b180678

SHA256
af2e787a4f57e4540bb00942a03c71072cc07f14bbf89804e54c29e7438c5eb0

SHA512
4e6352d4c85aa58770e799c5db1e5ab867424e47dfabc733d1c12b6b25b2f3bbf833e2cd4f4995864b08fae3d2a895d184e327ce2c4f32f1ed0cce7e81ad6ac2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
47c46332c6270425f5dfbec08f16392e

SHA1
1f72149b9fbd3aaee84a617da85a73b300c8473a

SHA256
1d5b43749c2fcfd58fc59e5c42bb9c88ee5c13cdbc616dc4c9a57000919d44e0

SHA512
24a907eef0f3e2dd87e0e17cab84bdcc804bc83d0681acc8ced2884513ff1329ea3729819146f7e9403d8a443e55113dd1590899143f92c7e4ac817f05bb0573

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bf7b55f3f1666bf3abf67b5bb50b5ca7

SHA1
ad424671596a1bb860f2e1d919426eca13b54cd0

SHA256
9e4264e170de86fca2c028a5633905214731156143d53fa0baa40de2b5a67b3e

SHA512
bf76cd2a1fd20e486ba832b37f6aaaecd4abb3264d53ef8eedbf8e1668160fda43511d7d4ec3fbc6b9c2b37fb756cef339943251b4c75cbcd4c7bd1886589ead

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e1f7ffd2d153a681142862b1863d0215

SHA1
cd49b1e916f9fd380f2e23f84091e106c2dc43d6

SHA256
f70838321c35f0fe9eba547f2569e5b345048d81e7ac5eda0e3e76fae97f8fbe

SHA512
065141c514c92e1670d77b80f54ba4e9a1521e0f09b5e197b4e920ef53bdef5e6f8becb6d619ce87ddf34ef5da017a174a19d15561555a4bc992f6e6cf6be79d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bf635182c78d58ca9d8fb8fd1e12fba6

SHA1
7b17c0a4d9c7e6b6ef2cd60903b950ba7d3065c2

SHA256
dc8519478a697322b74a0805ee29b3f7b3c6c7debe49e0730be451217ae3f56e

SHA512
a7e1a5b5b30ccc600753991d016b8e076e28713d3b1a6f06e723b48bc22b949261b97a06c0818557dbd686622228578afff62fc36a0b0be956c3e95696785960

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e880017ed06e847cdad584129b923514

SHA1
a2d6b7f0631f6d2c2a6ab146a2a6422308711f2f

SHA256
ced1a34ae54fe5c85f4776fb1d7b197252cebca5dc96abce64bacfc60df3d25a

SHA512
7e83e778ae77fb79f709af848be5b2ccb88b5ad28ba446ef5155d9c910f60bd23040ecdbc878cabd1d2cf31e076ff9519c28d0ca3436c594d96ec490cf1d26e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d1de929f6158cb66be6b32f7068fc886

SHA1
a63bffb99063273d6267b85ea12c205d092a6648

SHA256
0970efe396d6f29918bdbdcfd53e31f4a0dc8c93a3d78c6e5fe3be543b98ab8b

SHA512
8b32398d3f33bdcc859f6a5f81bfbb07046f57f704c22b81c891578458046481abe0ef2867372d7cc841af242e2d726f2e87864f2d5ba7c00119a3cc3553b1d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aadd5f40eb6bdd9190a564d20008f018

SHA1
c532fd69f314d22323a477e7f7ad9b17ab4a90ce

SHA256
c58c5862224b8a45f6a74e2c91f37152efbe2eedddf22badc50f8b4eb583f8d8

SHA512
2612fdc31b61a7fe5f6042335f1c1b8dc13f8f63bee2642da133ce6088cd72bbd6babe21fc353c3ad04a0bc9a0ccae89422fc30bfd770072f99706c6a7af70a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
283569b99c5c9611807a8f8e57e9610c

SHA1
90c2bdfc35094ce0123d6132575bfe9dcded5b49

SHA256
971d4e34fe2c50b406c5db01fcb014d920a082933f315d8618f370e959a898be

SHA512
dfc71e0fadaddde414f5829a1c306fad3b39d9861e44d128b2070a02e6ebe3ef23e1e0ed2b8f5d771ccb6c216abdb4f1567162c70cdc1c77cf5184afd80f3354

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d333b793f63382c21b789c9b83527eed

SHA1
865e22a9ae69427c6a6cfee201de57aac09f6cb2

SHA256
6f88012bc705512f22a26d7311f3dc9f69bdd11f4c4413dc8b39375b79367eee

SHA512
a9ab8ad926c7ea3088839428e6fb3b68f29dc1fcc1f4db987ef9bb1d7b86bc8c476864d2d8ba5fbdf289ae57f6a20ae5c97760776601e34f3802208256ae9577

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
213KB

MD5
a9b9743930d7dbbbbda509843ed30b1f

SHA1
69643d199abd6fff471025361d6b682731d1dc8c

SHA256
b31e8a29a3c6b021ad30318d255dacb0e8b9cf55b5df2dbca312427831747ac7

SHA512
21ec1df8c5f5b96f2de6b065261b6255c5e462a101836042a0e2ae7efa3f3bc3fe6495dc06f3835cb459ec76b10f3ef3420aa6202a854a4a2f458579b633c725

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
2ea0a24b68644dc38fc440ae52595699

SHA1
c52f4f05eb13f1e37ae2934136fced8d990cd5ca

SHA256
523c5af92e4e3189a3797ce9980af49913547a0e3b22bb53d8751c257db2aff4

SHA512
754f92b572f79504cdd13e0a27c5f1b5715c76b52a7cc5400e7a896bc4c983bed3249d1657e2f5298c8a83d2dced4c696c785bc26c6995e2062767801407b9e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
213KB

MD5
b435414506ab7843ca7e5b1c8ea68542

SHA1
ce576d7d4bd94eaba8280e7d9a370a64a0f5b356

SHA256
ac0f6bc21c4f5174cdcc1ac41858a8620a32d621391b83fc082b51b067253acc

SHA512
3d45678c8412bc2ab0bc47f846f57400127a33f40e2f2e5bb44131fe26f63a29298f850a02c8fc204dcb0c029a049c80d5aae2d9557a431551b7f7a84f4041ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
243KB

MD5
a55acf48642cccbf0b0aea4b664847e5

SHA1
d6e4420359df12d1be19e948ddff2fba4d3cad6f

SHA256
8e0be5718473e2e9c44793d8e5b863da2e1ddfeb71b297674108e77d4d5b881d

SHA512
ef053e122375e767ba5f223b690ea6ce5b7473f8e8fcaf9c1b141e55f7fd4b2685820fa6c873ce360f8227a5aae9abf6055e4c0188e2deecd421e6fe4ca38218

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
213KB

MD5
b03755156d0d0ce5364c6b989998380a

SHA1
0ca777bf92d525e13469b66ed6427d954d84019e

SHA256
ae1045a2d3031b41d9e78af95ba0007bc745abd99888c87e6752947a3c66e711

SHA512
d7defdddb8a77ca6f4d2eee686a46a1fb2a46df3af1f14e342537701b305c3fb598e57e618952ad3dd1032793c8fc8e70b20753d67b9973465fb5f6743c102d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
254KB

MD5
6f618b965f4395d8aa0d405c52186a06

SHA1
cfffba41ea503c79bbd838301eaf4341be0f72cf

SHA256
bffaae6d6da95b76d1fd956fa5f90a109dcceeaeaee86ddebfac3df36ecc53a9

SHA512
0141462deb7e9f6e052074f5c14085504c4276d2f2bce21dfa2fe0ea01b48e6be932803e4693beae745b3580ea06d694b3b99024191a5ced870896967475d910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
213KB

MD5
0cb090afe8318bd5b3911e050d7fa000

SHA1
7dcd2ac0a5f0af08c0bc6cbc0c21c3ee8f6193b9

SHA256
e93d7f263784183c9e81de300221ccd05f88d5368f33931c2d99d6744cc53563

SHA512
881aa17b95222d506e21e648d57a2d6633b5f8d4a263d4f539d057349da229a852f329fe8811c3e4461ab869e9dbbe18387fd92c9716bc584bbecef7f2823d12

Download Submit
C:\Users\Admin\AppData\Local\Steam\cefdata\Dictionaries\en-US-10-1.bdic

Filesize
441KB

MD5
4604e676a0a7d18770853919e24ec465

SHA1
415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f

SHA256
a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100

SHA512
3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000003

Filesize
18KB

MD5
a6eead536e5a4d028a3538b3d46bfbe7

SHA1
6fa4331371147b2099e898b2cde79e32f6a29491

SHA256
bf9d968e95aa378078677c02da00c0651bdc00c2859f31555d03ca67dd8e7afe

SHA512
a102aba1290726a905ad34489d80eb2f46b52216d55d57ab427f2729401edf51a5eace8b8e991d120f304861188fdbaa55c99f0f8e18fdc4b895fc261c634fc3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000006

Filesize
71KB

MD5
1786b17d76f6cefb605a95cb21e6bfc9

SHA1
1c5689a9bc1c7b3535f757e86c11b861b2acfa99

SHA256
039dc192fc1bd9a6ff73171b83f1f7249dc92aec8d82d7bbb4e1bd7d10132f5d

SHA512
126383d0563a9134397a605f291de46871fa08fc6d5e81086b6c210c00bc07335c9735c5a7a7bbbdf1b1b4137eb4ef36a42a8d96dbd07a05ed158e45ede52640

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000b

Filesize
25KB

MD5
7e2adf1419ce1435dd39ec612c0eb192

SHA1
1c3d344cc621fbde7271ef524066f180001ea7cc

SHA256
f7ef8154a0ccced98a38b707957c8510e9e4f169ebf4c6ba45d061df2f394ba2

SHA512
e2d6f54969215c4989a29f350fcf881f8b1bc63eb2f676cd295d6de92ce71582c7a1137402883c20cda6cab01fa4daf7005d439b085f7ccd2e41129e7356b4ae

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000d

Filesize
32KB

MD5
e13edde4a25e96e573f37bdd11e020aa

SHA1
84a0c3cc6cd74b149cc27de2b0fe48bc2acb70d2

SHA256
45b526e6aa5356b278aa37e67593a25d09c9653e8a0e71fb8e155111d3b7a515

SHA512
9ba4cce47994f949731e594538f56f423ee46a8e602fe922ab6e1d173b87831ae5a80d967d695fc45a08b25aef5c494518b43cde6b4709db690e904b2cc1c053

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000e

Filesize
36KB

MD5
ef94e26e09fd6962f86f29c1c30f7447

SHA1
c574353d60b5973522a96fe726b0d26092167386

SHA256
2c3a7f1d3f5524c76c35942871974ee222eb012c65ec7f19d83c392f87b50847

SHA512
77abdad3b1f76fdd8eaa4cb3b2dcb9e5e0c00f46f25b52420e24129c4b178b34103329de52c15b130c3dec214c77e25eecbd2294855c1b3ca39936c8c94a5b26

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000f

Filesize
19KB

MD5
499c1e719c78437eecb886cd5708e159

SHA1
d041f09450f48bf1c56cf9d79dfdbdf6dd04189d

SHA256
735abd11abae46fd2d71f4fdf774b0cd361c6e480d3f3c1c8ccd4c30990c7a71

SHA512
927597ddd60ca95123d8ff285d48af852332c9feb1e1b15b04784e1e6863337895cd7145cf0e8b49fb9b4e6ba7594dae24c4a959df84de62c174bdb9a241df13

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000011

Filesize
242KB

MD5
23dffec9e5a4fc0787a2c2f06a579a27

SHA1
a84b1704645f3c24efdf503e7c8a881dba8a61dc

SHA256
7568c59c30bd2eb987e4d172cc56133121f232a530771e2c1edc23afffd392e6

SHA512
6b2d60b41c79d9eae2f74c957f162f2e19b80b4ba402c9896e32ab3d4e6ec802c8a9a89967e727334846bd11d54017d817ebe223ad64bf0c05ca117c599f71c9

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000012

Filesize
474KB

MD5
f9677d06a51295aff68033939b0a2b78

SHA1
b2be41f4324d892a4eabd113defc62a0e2479a0a

SHA256
6942e4258ae8cc88f11a604762df89b8715a847cebdbab133833742da24881c3

SHA512
6edc3b05df8f51b7d02b42d76654205b851d63156154a47b0895e31560fc59ac7a78a0604039cb35437f70f224e2d7ebf8b60673ce1a43ccd590071dd08d1398

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
6799f6b8d85da79a46b242d99527dea4

SHA1
a6e58f6369b0fa19b1623b3f0874fa96b5750224

SHA256
0ad651e39f1656e8856e2575508c643c5bdd8bc6ead7cef2dbba43e94d575bd9

SHA512
f766406f49c24985d1d177efba09dd9c0faf8989f4f3490dbf03790345c225672908b93a530bab7cbd4d8a1e9b83f2e9ce930a2463f810989dccbb8a0ad27daa

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
1318f01158d50d487b8a58e76bd39dd5

SHA1
5a0b5ff9961f337f3b8429ddf6882c3492ceb3cd

SHA256
b18ea1140f73ecaf015b62dd53b242de196c35cf64b5589342327912beb5d1c5

SHA512
bb809ffe76223df5a0e634e2bf5dd15d689ea691db44fa871a2cb9b24b35ed026d9cc37dc31e9fd8f97edc90660e0f05ec1f8946d1ed77bf6c6789a5d2a3de12

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
81fef1e44059e19efa3103ed762d7398

SHA1
4b0d858b1964d356a692804b608fe8161c78899c

SHA256
1a63da72d711ba6c32f8ca2691e415611a14512abfb3052321e08597f8bfafc6

SHA512
dba031e97ea32a6eed75f28ed36f866224d22c49d6bf0703b504381ceb2f8669e7323dce348e8b79fc9ca2710b6d3919e78af6bf84a55e188d04e33113a6d39a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe5b053c.TMP

Filesize
48B

MD5
81ac698c7fcd6b2f0ca04e362128cdb0

SHA1
d9c4ed21308bf62bf7aba3e1077b5f3bf1e10922

SHA256
72f75f77eceeddd324195130a6e0fe3b5741d388abcbcf3c5a94b246177a9dbf

SHA512
4e4e8d5679b7b52142da7573ce33da76f8c31adf37e54aee60614ec646d36fdd825b2ffa0815bef5c92db84c2e40ef5df404187e93e297749e20c95e3a9f1945

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
700B

MD5
6680de28fca78b2edce956046f19052f

SHA1
764d40c75adedab46501f3a5174e90bf329a330b

SHA256
9c8119db84383fb391ad52ab3d5550f40b8327b75213707b280c6cda8933cec7

SHA512
2be6f7a6d91aadb473cb778ee56b9e5617f011d4bb2bc8dedd681688d7ba0e99a7bafa9af8b24c2dd7186479f271a25913ecec1ffcb5fdbe6365a8e1593dd505

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
771B

MD5
1c9425928374b1e3d187fb791110f6cb

SHA1
47d1251072d3c0a63cab1ce4927ba2e761ee3ad3

SHA256
ee7fd5dbed46352ee10bc2acc1f2b8f8e050c0888a1cf2efc8da54cb879dee8c

SHA512
f1e82a3c10ca91073b1f247855b59160326feedc6cc02eeb13bc1c5d2d6c089e845f7431516f1e57d8cac66f04673531c046f33f3442749682cfa408a647f5c6

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
15b92723549f9975527775c5d9c06c54

SHA1
5aab10f62c22f67d2913f5e9567594c169a235c2

SHA256
96fbcb52b4b7fcd6000f93b30c3525f3d3720d31a101e634fb7cfc19d257ff6e

SHA512
fda589b7d43b2bf175faf090d32573f9429333f03f648e032d2671e6244331f54be9d3d7965f0c0b372d11e7ef340275b0ee2c668735aae9a44f2e2d7f8c28db

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5b4c86.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
707B

MD5
280233058517f47bd101b090eaaaf7c3

SHA1
7aa71ceae77937e98643c3abc474477bea986bfa

SHA256
c92047879bdcc07761ea6a4afe90f23baae9d2d414d56a404cff702715e61b84

SHA512
5506e3f296669b37e19184b679c3e77c04640e45980975d7b44aecb884e096f165463bf707687a1ba8486a9e174ee595fb9e6d3e6ea9ca9f89ef6921073c59cb

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
707B

MD5
f9ec30711687b8cd78d7aedbb8100664

SHA1
c5ff6b72269546f7f4eb3f715bbff7d57c933ab4

SHA256
34b0548a81652c586e82d132f5fecba37db1dc9a4ba41c166423170b37738ae6

SHA512
c8a985b1d069e80834b82aff2ec2be606392c2a17f903471dde23467d108bea4ff657c6798cdcad54d90e076c4af1adebaf1c3c5e28db8178d6a14fdedc89a82

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
707B

MD5
d4b86338a33cc6a52c588fe51dfb5ec9

SHA1
7dfce8001e36236859e975e4650ecc3df4b9a238

SHA256
604f59acd2928b677014191ec98ba298e8c570e56a928446810009172dde9be1

SHA512
1ad2a21662dd046099db62cb9933642db246f2c70a1eba69eeb80a69daa73323126a34b697565b698104deb35f974986f3c3621ae6bcdb19e578f6be4058ca5d

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
371B

MD5
a72ffecd4080e2b16f44f0f234a14eaf

SHA1
11b7a46df60805200a3beb3ca3ae46dd3a82bdf8

SHA256
93a2fd0ab904bdcd4170d66308803fe13bfae9db314fe4eade3e6212ab234134

SHA512
2239172b469e87f104d91e3b6d3e97c70a5b0f434b6fe55d409f4fafb0c7162326f658a8a74a11fde151bc41d746782ae4329d6c412dff821d94bc2b0d8abdaa

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
539B

MD5
8e917699dc5579c6c1ae524a89607224

SHA1
1eb15b7b42e9389305f6fda58453504fbfda28f8

SHA256
09553be338773b632b061706a66d4bc4c1c823fa930c39710c8b7d21ec58d1ff

SHA512
8e5a3ad183593ae9744ebb75274515f2f8015a852e8983fee5ad5dd7b76769f6b955b7b0e1438f5cc7508e7fb9c3bf0f13221c6c52dfb21cdafbd020ec61a42f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
707B

MD5
db890583775ace0ef32f0d92a1e1ab9d

SHA1
3f1c4370eb1339b5a88dd2f9c12013b75f640786

SHA256
907523340f2a7bcc155388d6aa9510a193efd7ff741282bd1a7c873c5f76547f

SHA512
cf0ec738a25ca715cedf0f74aea1e82d54e8e20ad96ebfe2479d500430458e51cb40291fd9c84bb6ffbb3e84879dc55899b9c20d3643ee57424248070556fecd

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
707B

MD5
899ebde9b0da5630faa62599f71319f5

SHA1
63dae60b1ba134a43961751e46b5b84d19ad6df8

SHA256
3aba8e12d1c7a98a7afe6e3d7c24eda799a48ae7c68e348c4c276565561ca540

SHA512
fe0689a75c8233f92932ae342ebb501359f24eb95297293670c9d77521641402558b5448494b988a8729597e66b2934a2066b24029e3f598683cc643591e9ae9

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe5b4785.TMP

Filesize
203B

MD5
cc400d312ef37fc76dfd6e9edcfa6cb7

SHA1
7ecd079392b42b11ca57fa562967f28385a55e9d

SHA256
c2762ba1e261d7618043f8a12647d1436714b098dd80e9c528bd0638bffce8c5

SHA512
08cb1faeab7b1d32b1af8486f0abf2d2a9d9531ff636afb12426b3e46fbaabe2af671c3e3c69fe51e416f8b428559a57fecd27c443225da1b0d1a41ae1cf9108

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

Filesize
1KB

MD5
0302a3aa47bfc16f1d4a57b52261e006

SHA1
7b9a6f16add13a13d983b34d5d3149be6ed51314

SHA256
722a8fc9b14d1f32db7249604cdf2f55908890b835db490c0f169aebb732b089

SHA512
52f74ed7cc58cd16b71368727fc4d7753d53d19e3223cc307f2e97fd7079527dbf05e428b5e235a4f91b1e0c57a6bdf7171c824a4c85aca890b7a6cd813a2b5d

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe5b4727.TMP

Filesize
1KB

MD5
4f3545c52eb9817f3b82ca600216f81c

SHA1
ff006c2b5ff11be63dd23ef54944805efb5b2216

SHA256
c8ea81157c98f7eaf6db5e374a1b29abb0094cd5f47ee45ac98df84d5dde8423

SHA512
87d257f6b59896bc92853f4e17dfa94e2fc3ccc8386eef47e67a226fb50b6fe57d1f3ac137d6e71140b92384eb36b9277ff34fd195eca844db147c387d99c0a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410042327521\additional_file0.tmp

Filesize
2.7MB

MD5
be22df47dd4205f088dc18c1f4a308d3

SHA1
72acfd7d2461817450aabf2cf42874ab6019a1f7

SHA256
0eef85bccb5965037a5708216b3550792e46efdfdb99ac2396967d3de7a5e0c8

SHA512
833fc291aacecd3b2187a8cbd8e5be5b4d8884d86bd869d5e5019d727b94035a46bb56d7e7734403e088c2617506553a71a7184010447d1300d81667b99310c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410042327521\assistant\assistant_installer.exe

Filesize
2.0MB

MD5
3b103a9ba068fb4f932d272d19f5619f

SHA1
8270adf6a18d0101ce54afb77179d55a78a35fc7

SHA256
7e9f5f137372bf9e13383dc06c71139d92a4a7efcb5c64c570311999ecafab15

SHA512
83011d2315dfdd8838d62b66f576259882033e28e58ffb1931f97bb0a105cce5f03a4ca6c1de88611876d038f7e2ca7be626d4e0fb689d1ed8c99c6ce9adda4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410042327521\assistant\dbgcore.DLL

Filesize
166KB

MD5
612a3bebcf72256296103e034ace0236

SHA1
4e722e00e3294194224ae348477e3898c01b47b3

SHA256
3e20d38b7f1ab5dcbb1057f06f4dabf64e57b71d12a7335b4c5601b5b4a6047c

SHA512
dde0aabbe0905408c8df74fb51232b322e233dc43fc34f4ddac9a5e626359d7e4948d41f3fcbb95f0a635cbd229953757ba456a095b2b3523bb7a851663e6302

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202410042327521\assistant\dbghelp.dll

Filesize
1.7MB

MD5
3f68b6ab3dcfd45911952ed4f5d75197

SHA1
c24c63d36a26f2320ae1c70b282769fae1e18b48

SHA256
e2f7ff92d8b959239e535b1824eac0bcf21b3134418a7b0411fa0c92ab6259e4

SHA512
5e6e031c5b802f667dc846f5dddd3c3ff5ad810b6274633bf519aa07d6a4eb7cd1c810b04f9fd552e0f6c7bb7285db0d3dc64b7a5690899583ae30bdc4e3c09f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4320BD38\setup.exe

Filesize
5.4MB

MD5
c9eaa2458c4d06ec258c79360b418430

SHA1
1452c54b8653f7f8b770a1b0c3a1b1aac045bdc5

SHA256
281460bcc97d91be23ba1e136e26e0a65f6adb759fca1d7ffdee98931aa6b21c

SHA512
bd96d07e1c434859a5242b532fe68fb24f64cd344d87af8a5e386fa3435c3e3ceffe54f79bebb73b178781fcbdf34e374d9b96872d31339a5e0fc4ca95f127e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_241004232751891460.dll

Filesize
4.8MB

MD5
f0cde99844b3289d1eb241f0324a4ac4

SHA1
66f2d0bfb4f9048d35b5b93e9e89e7a03bb3a7f7

SHA256
01e6841403ff084cc38ca19ac3db55954a0c8bc4cfeb55bb1c9c70a4a373c3c2

SHA512
68dfb6fede9fdcecb5296a38a4d11280255db75bde5f5adf8dd68c95d8fd66dbad143d13ad97aebd5511f63656a14edc8b7de01d77902faa68a7fe2af136b97a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb11E5.tmp\StdUtils.dll

Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb11E5.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb11E5.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb11E5.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb11E5.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb11E5.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
7a58a4157962f6808e330e5f4fd6318c

SHA1
d2d1ab56583d46ada9360d8ba8d9aa4bbb6aa65b

SHA256
be9274be18c82c17112cf93997fd7395b348e02aac3ff006070a95e759783312

SHA512
9d28c9e7448fa0a3caeeb48d850a84f2c0491931551cf3563b7ec67d685c59d72913c8d2f23dd4041d7f85dbf2007f063f38355da28c5f4de3e0ba028e07ea85

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
102c3c5985999162d4fba0331c4cd12a

SHA1
db4dae19ff40b38c3b9294bcd6ad1a46753fb4c5

SHA256
d4a5471d5dcc731c63ded2c743187eb84d892846c02dbd52682b837973e902a3

SHA512
53fee71d1e0e30c4750975d7faf3182e90208e7fcf427fb6153749b0fd5c5f7a6d86294c7e12a95b49a2959673b5851b621095827410c299f2380289bf7ac3bb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
8ba8eef4f6fbce3a3ad39a0fcd9758a4

SHA1
dd4951ff842440a94033da7e849880c03db110e7

SHA256
ddb9b21045d86233ce813c37b3aa202609f258e1e9b89b688ba279496de491de

SHA512
b1e5d35c05240b3d595ecfd469dfb2ffc8f52c7d6b1ab7d55cab91593758f1fc060aa6ff23036dbb4552bcb43c35a695cbf6f952496f87d59d246599768ee42d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
a02eec3ffbab3165b6e5d3af82d9dc03

SHA1
6ba48c7cc30d21504b0e4287daf92f492684023c

SHA256
597ca1c6ed555f384b57b7626dabd2e2f8edfff6263020619fd882e471d03213

SHA512
37fb65f403a1e8880849dc11ac864ba77ab59b73b6d9a8f9a07eee69502a67461bbf1964eb8ac5075051cad11b5d202ec1d659aa4af9160d64341c7b41aeb5b9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
36a78c373ee77331dd943d1a2f5c06bf

SHA1
2e14bab6becd8cc32f002e5befd5f274b7898007

SHA256
6490929cc6448f8ddb18811ce5485ac1b26f54b0f64670c6361de24e18c89bab

SHA512
8b3340005cefb402173153f251d3acce53d5fef96d1c97f0a81638b63a0aa416f00a626f4d3e618bdff747991bad508eff5af8556fadd606d88c74891ea5ae89

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
776bdf3b5628c82734af43b2978a84d2

SHA1
f95f732e978781c60ea57ecdc130e46d7e610459

SHA256
bfe50025119f2a1dd173e74ab6f96657038e89ff95f0b104b6c8d4b890c00048

SHA512
df8b184f463679b3125bfb88b3c5a3a553ecc652e65d756aeb10f79204ce3f383dca6218c952e0da7fa2daf47dc4a67f79d83f4e53313376754ad3c5d0fcbc60

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
bee2239024da96c373379189a2844ec3

SHA1
e69c575d0cfa7831c9da67bc19c1590522a4d89f

SHA256
0f577bf1f6adcd46d8d3e9454feb4b555edb45c91372b64b5aa9c70d113fbb92

SHA512
f3b019dad0d08ce8f363814aa6c9e900a2749c034773d00b3b4e542489da813c0b3951553875bfa3fa75e5faafd0fbaf0196fbbaf599c358b2c32ef39484a608

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
a8d12025099818a52afb48e8c9677982

SHA1
4d0f3dc72411493f0d4291549fd77fcfa80bbdfc

SHA256
de32f63dfc1f839524fdc3da66cd251c20fd655d35168ed1cb03c6f86dd8bed9

SHA512
4992dc26928c0e4d202bb2666211ab445193e58e020086e88e26b04299867380791794cc001674de40cd579f7ce5a3a9abfa176de626df104669b02c5ffa1a9b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
44b8e5b7d562c453aa8d75ec29e72f47

SHA1
eb0f33ea76b957a56d5484eedd1baa26969e276a

SHA256
9de738377122513d690b1f9ee7649744b84ace6ecc4022f3fc17457a86a182d5

SHA512
692ddf58b53d072b28d201d5886a58a4b33808efca8bc7837f2bbaaf6aa7c121a84d149874e9b2bf82b9e69715a3ae16b2703ebb667faf47cb119f2f163d2780

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
9a3c98e304a91f73d1c862ded370c21c

SHA1
c4398b062447f949ee4dbefe5ef696ecd1161686

SHA256
d647ad0ca77725b07e1f4b99bd6d8d2f19702144649c87282e5a80c9f58bd806

SHA512
abf9eb465b4894b4a37e2f1786e94731c859dd461237a9f5b091b53caf5e92599ed25e653f164ee70745b635577eaf20feccda9055f0840586a3d60a0cd21be6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
12KB

MD5
db8d2b48c6f7a67866f735b545ef4563

SHA1
919a7cd09ac329529b74a8a824d53c38f7d49cf1

SHA256
498fbad1af217227f7ce133e1a85f8f5b980de27fbadbbd103b045d6e0a98c87

SHA512
fda92254acf1b81cb227e6c4633a1e79a0bca01df6ede5314fb80b3c39ece967ad8371454bb07a5a961a5b69e9255ce0900bf83bed78e13d2d63bca237b7a834

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
12KB

MD5
6e3809415996008ac216b943e7eec515

SHA1
e44638fa8f306fbfdffa5a8e30290425fa295aa0

SHA256
f53352386980afccc3671a5b4ebceb10035f3637c6c8ea5fb6b79f29ecc3ffea

SHA512
83300a4706b598c741f6b119cfa450a3bf05f3b89ae2ba6e5c342a9df821ee61521351a1e78461fbdcad5ede143667cbc22e277f8933f6f388fddbc823cf12eb

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
5b1715ac2abac402b383cbf24cbd5580

SHA1
9012583ede721bee875b22c763491dbec6c333ed

SHA256
cbc32fc2649f78c0bedae1d6f8b89d33d0774af28858115500ad74a38610cef7

SHA512
ccf73980fd970392bc7f33309375157b7c9e0337a42345320aa919f3a0cee89e71a1ddd2029af5591a51c30cad83616dd9dd62ed6317402621233cae016ad897

Download Submit
C:\Users\Admin\Desktop\Among Us.url

Filesize
222B

MD5
1b4df51ed444a24c0627a12b83cc1228

SHA1
a56c9deda1b646fc06d01afb267fdfea0b8ccd3c

SHA256
fbee0aa9d62e22c78eeaa93846938e8b826b268f0d6771d88a6a3b5df501c1a9

SHA512
e69b53712ae723ded2bc3f3b31ed0c1ee716c65461ba08276de127448748941d8c7465fcfc825d6d74994b6bc638b48674cd063f1e85cc14086eea39bede6745

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 189418.crdownload

Filesize
4.9MB

MD5
8a928d5b4eaa0d1f25fdde064fce2dd8

SHA1
0dcb10d745c6d43aadaa1ab97b7cce0c1e85f1cb

SHA256
64137fb074ba4603e4c3bae70e3d549f457338e10b69fd01d7d2603c20940ecd

SHA512
0d4936033a79655319697e5511908b1f500ef451c3bd18e862d0526efac219764b99ad1ab1dd73528a460afb18c81fa6150a531c5c3c7b1e64c3fbcc5364caa7

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
C:\Windows\Temp\{36206121-57F3-4DFB-9C16-B64DF5519272}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
C:\Windows\Temp\{A1F8DB19-3DDF-47B0-BE0F-FDDB7F42EE34}\.ba\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
\??\pipe\crashpad_3880_UNQYDXEOBGHGOTXH

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4872-852-0x000002174DEA0000-0x000002174DEA1000-memory.dmp

Filesize
4KB

Download
memory/4872-855-0x000002174DEA0000-0x000002174DEA1000-memory.dmp

Filesize
4KB

Download
memory/4872-853-0x000002174DEA0000-0x000002174DEA1000-memory.dmp

Filesize
4KB

Download
memory/4872-854-0x000002174DEA0000-0x000002174DEA1000-memory.dmp

Filesize
4KB

Download
memory/4872-851-0x000002174DEA0000-0x000002174DEA1000-memory.dmp

Filesize
4KB

Download
memory/4872-850-0x000002174DEA0000-0x000002174DEA1000-memory.dmp

Filesize
4KB

Download
memory/4872-844-0x000002174DEA0000-0x000002174DEA1000-memory.dmp

Filesize
4KB

Download
memory/4872-856-0x000002174DEA0000-0x000002174DEA1000-memory.dmp

Filesize
4KB

Download
memory/4872-843-0x000002174DEA0000-0x000002174DEA1000-memory.dmp

Filesize
4KB

Download
memory/4872-842-0x000002174DEA0000-0x000002174DEA1000-memory.dmp

Filesize
4KB

Download