da3fbccef03a9a280eff85af0482fb33f9a0d6feb22ecee829d02f0cd1e2cea2

Analysis

max time kernel
1919s
max time network
1895s
platform
windows10-2004_x64
resource
win10v2004-20241007-es
resource tags

arch:x64arch:x86image:win10v2004-20241007-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
31-10-2024 21:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AASDF.txt
Size

26B
MD5

cf0baaedd1597397fdb17ca598cf85d7
SHA1

54227f21f4b5e4a503ee1bafe159237757249160
SHA256

da3fbccef03a9a280eff85af0482fb33f9a0d6feb22ecee829d02f0cd1e2cea2
SHA512

c2da5a954a11ecf579b14a4ca358f2b2e7cfb1deafda021eb9b49976ec6fb30f5da67a869e78dedd94f40eae8be4a9f29f9942a453415af4bb037eb4b866ea89

Score

8^/10

steam defense_evasion discovery persistence phishing pyinstaller

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

steamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe

Executes dropped EXE 20 IoCs

Processes:

steam_auto_cracker_gui.exesteam_auto_cracker_gui.exeSteamSetup.exesteamservice.exesteam.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exegldriverquery64.exesteamwebhelper.exesteamwebhelper.exegldriverquery.exevulkandriverquery64.exevulkandriverquery.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exe

pid	process
5332	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
5824	SteamSetup.exe
628	steamservice.exe
6136	steam.exe
17164	steam.exe
17380	steamwebhelper.exe
17464	steamwebhelper.exe
3632	steamwebhelper.exe
6352	steamwebhelper.exe
19028	gldriverquery64.exe
4604	steamwebhelper.exe
3004	steamwebhelper.exe
18436	gldriverquery.exe
19236	vulkandriverquery64.exe
19200	vulkandriverquery.exe
20140	steamwebhelper.exe
20360	steamwebhelper.exe
8208	steamwebhelper.exe
12012	steamwebhelper.exe

Loads dropped DLL 64 IoCs

Processes:

steam_auto_cracker_gui.exeSteamSetup.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exe

pid	process
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
5824	SteamSetup.exe
5824	SteamSetup.exe
5824	SteamSetup.exe
5824	SteamSetup.exe
5824	SteamSetup.exe
5824	SteamSetup.exe
5824	SteamSetup.exe
5824	SteamSetup.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17380	steamwebhelper.exe
17380	steamwebhelper.exe
17380	steamwebhelper.exe
17380	steamwebhelper.exe
17464	steamwebhelper.exe
17464	steamwebhelper.exe
17464	steamwebhelper.exe
3632	steamwebhelper.exe
3632	steamwebhelper.exe
3632	steamwebhelper.exe
17164	steam.exe
3632	steamwebhelper.exe
3632	steamwebhelper.exe
3632	steamwebhelper.exe
3632	steamwebhelper.exe
17164	steam.exe
6352	steamwebhelper.exe
6352	steamwebhelper.exe
6352	steamwebhelper.exe
17164	steam.exe
4604	steamwebhelper.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

SteamSetup.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Program Files directory 64 IoCs

Processes:

steam.exe

description	ioc	process
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_030_inv_0328.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0508.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\btnDisBottomRight.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_rtrackpad_left_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\vstdlib_s.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_rtrackpad_click_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\c4.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\vgui_indonesian.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_button_capture_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_l2_soft_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_l_right_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_button_options_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\AchievementNotification.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\FriendIngameNotification.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_050_menu_0160.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\downloads_bg.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\mnuSepCenter.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steamui_japanese.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_mouse_4_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_dpad_left_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_button_share.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_touchpad_click_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_030_inv_0320.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0338.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\filter_profanity_thai.txt.gz_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_left_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_dpad.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tenfoot_images_all.zip.vz.193cb8c4eb4446698ea2c0a9e8c4e6b6a623dac7_5572671	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_030_inv_0326.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_070_setting_0030.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox_lb_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\filter_banned_russian.txt.gz_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_r_left.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_lstick_click.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_button_l_arrow_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\sounds\recording_stop.wav_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0303.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\avatarBorderGolden.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\platform_swedish.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_r2.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_dpad_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_r_ring.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_button_circle_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0411.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0523.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_dpad_right_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_l_left_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_dpad_up_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_rstick_right.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\chkselstd_sm.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_servers.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\joyconpair_right_sl_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_l2_half_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_koreana.txt.gz_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\sounds\steam_chatroom_notification.m4a_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_050_menu_0140.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\controller_config_controller_ps5.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_090_media_0020.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\chkUnselStd.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_l_up.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_r_right_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_russian-json.js_	steam.exe

Drops file in Windows directory 2 IoCs

Processes:

steam.exesteamwebhelper.exe

description	ioc	process
File opened for modification	C:\Windows\INF\msmouse.PNF	steam.exe
File opened for modification	C:\Windows\INF\keyboard.PNF	steamwebhelper.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
defense_evasion

SIP and Trust Provider Hijacking
T1553.003

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier firefox.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

description	ioc	process
File created	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	firefox.exe

Detects Pyinstaller 1 IoCs

pyinstaller

Processes:

resource	yara_rule
C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

vulkandriverquery.exeSteamSetup.exesteamservice.exesteam.exesteam.exegldriverquery.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe

Checks processor information in registry 2 TTPs 47 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exefirefox.exesteam.exefirefox.exefirefox.exesteam.exefirefox.exesteamwebhelper.exefirefox.exefirefox.exefirefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133748843500843348"	chrome.exe

Modifies registry class 64 IoCs

Processes:

steamservice.exesteam_auto_cracker_gui.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	steam_auto_cracker_gui.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\8\MRUListEx = ffffffff	steam_auto_cracker_gui.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\Shell	steam_auto_cracker_gui.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	steam_auto_cracker_gui.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	steam_auto_cracker_gui.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	steam_auto_cracker_gui.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	steam_auto_cracker_gui.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6\NodeSlot = "21"	steam_auto_cracker_gui.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\24\ComDlg\{7FDE1A1E-8B31-49A5-93B8-6BE14CFA4943}\GroupByKey:PID = "0"	steam_auto_cracker_gui.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	steam_auto_cracker_gui.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2\0\6 = 56003100000000005f5936ad10007061636b61676500400009000400efbe5f5923ad5f594dad2e000000fc43020000000700000000000000000000000000000091f115017000610063006b00610067006500000016000000	steam_auto_cracker_gui.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	steam_auto_cracker_gui.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202020202020202020202	steam_auto_cracker_gui.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell	steam_auto_cracker_gui.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	steam_auto_cracker_gui.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\20\ComDlg\{7FDE1A1E-8B31-49A5-93B8-6BE14CFA4943}\FFlags = "18874433"	steam_auto_cracker_gui.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	steam_auto_cracker_gui.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	steam_auto_cracker_gui.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22	steam_auto_cracker_gui.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "3"	steam_auto_cracker_gui.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	steam_auto_cracker_gui.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2\0\1	steam_auto_cracker_gui.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2\0\0	steam_auto_cracker_gui.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	steam_auto_cracker_gui.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	steam_auto_cracker_gui.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	steam_auto_cracker_gui.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	steam_auto_cracker_gui.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	steam_auto_cracker_gui.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	steam_auto_cracker_gui.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000000000001000000ffffffff	steam_auto_cracker_gui.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steam\Shell\Open	steamservice.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\7\NodeSlot = "22"	steam_auto_cracker_gui.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2\0\2\MRUListEx = ffffffff	steam_auto_cracker_gui.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 03000000000000000200000001000000ffffffff	steam_auto_cracker_gui.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg	steam_auto_cracker_gui.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2 = 98003100000000005f5921ad110050524f4752417e320000800009000400efbe874fdb495f5921ad2e000000c3040000000001000000000000000000560000000000553fcc00500072006f006700720061006d002000460069006c0065007300200028007800380036002900000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003700000018000000	steam_auto_cracker_gui.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2\0	steam_auto_cracker_gui.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18	steam_auto_cracker_gui.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\24\ComDlg\{7FDE1A1E-8B31-49A5-93B8-6BE14CFA4943}\FFlags = "1"	steam_auto_cracker_gui.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	steam_auto_cracker_gui.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\24\ComDlg\{7FDE1A1E-8B31-49A5-93B8-6BE14CFA4943}\FFlags = "18874433"	steam_auto_cracker_gui.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\24\ComDlg\{7FDE1A1E-8B31-49A5-93B8-6BE14CFA4943}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000ed30bdda43008947a7f8d013a47366226400000078000000	steam_auto_cracker_gui.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam	steamservice.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{7FDE1A1E-8B31-49A5-93B8-6BE14CFA4943}\GroupByKey:PID = "0"	steam_auto_cracker_gui.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\24\ComDlg	steam_auto_cracker_gui.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell	steam_auto_cracker_gui.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	steam_auto_cracker_gui.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2\0\2\0	steam_auto_cracker_gui.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	steam_auto_cracker_gui.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202020202020202	steam_auto_cracker_gui.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	steam_auto_cracker_gui.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg	steam_auto_cracker_gui.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\MRUListEx = ffffffff	steam_auto_cracker_gui.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12	steam_auto_cracker_gui.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	steam_auto_cracker_gui.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell	steam_auto_cracker_gui.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202	steam_auto_cracker_gui.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg	steam_auto_cracker_gui.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	steam_auto_cracker_gui.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13	steam_auto_cracker_gui.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

steam.exesteam.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	steam.exe

NTFS ADS 2 IoCs

Processes:

firefox.exefirefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\Steam.Auto.Cracker.GUI.v2.2.1.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	firefox.exe

Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

NOTEPAD.EXE

pid process

3228 NOTEPAD.EXE

pid	process
3228	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exechrome.exeSteamSetup.exesteam.exe

pid	process
3492	msedge.exe
3492	msedge.exe
4516	chrome.exe
4516	chrome.exe
5824	SteamSetup.exe
5824	SteamSetup.exe
5824	SteamSetup.exe
5824	SteamSetup.exe
5824	SteamSetup.exe
5824	SteamSetup.exe
5824	SteamSetup.exe
5824	SteamSetup.exe
5824	SteamSetup.exe
5824	SteamSetup.exe
5824	SteamSetup.exe
5824	SteamSetup.exe
5824	SteamSetup.exe
5824	SteamSetup.exe
5824	SteamSetup.exe
5824	SteamSetup.exe
5824	SteamSetup.exe
5824	SteamSetup.exe
5824	SteamSetup.exe
5824	SteamSetup.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe
17164	steam.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

steam_auto_cracker_gui.exesteam.exe

pid process

1764 steam_auto_cracker_gui.exe
17164 steam.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

4516 chrome.exe
4516 chrome.exe
4516 chrome.exe

pid	process
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

firefox.exeAUDIODG.EXE7zG.exechrome.exefirefox.exeAUDIODG.EXESteamSetup.exesteamservice.exesteamwebhelper.exe

description	pid	process
Token: SeDebugPrivilege	3364	firefox.exe
Token: SeDebugPrivilege	3364	firefox.exe
Token: 33	6056	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6056	AUDIODG.EXE
Token: SeDebugPrivilege	3364	firefox.exe
Token: SeRestorePrivilege	5276	7zG.exe
Token: 35	5276	7zG.exe
Token: SeSecurityPrivilege	5276	7zG.exe
Token: SeSecurityPrivilege	5276	7zG.exe
Token: SeDebugPrivilege	3364	firefox.exe
Token: SeDebugPrivilege	3364	firefox.exe
Token: SeDebugPrivilege	3364	firefox.exe
Token: SeDebugPrivilege	3364	firefox.exe
Token: SeShutdownPrivilege	4516	chrome.exe
Token: SeCreatePagefilePrivilege	4516	chrome.exe
Token: SeShutdownPrivilege	4516	chrome.exe
Token: SeCreatePagefilePrivilege	4516	chrome.exe
Token: SeShutdownPrivilege	4516	chrome.exe
Token: SeCreatePagefilePrivilege	4516	chrome.exe
Token: SeShutdownPrivilege	4516	chrome.exe
Token: SeCreatePagefilePrivilege	4516	chrome.exe
Token: SeShutdownPrivilege	4516	chrome.exe
Token: SeCreatePagefilePrivilege	4516	chrome.exe
Token: SeShutdownPrivilege	4516	chrome.exe
Token: SeCreatePagefilePrivilege	4516	chrome.exe
Token: SeShutdownPrivilege	4516	chrome.exe
Token: SeCreatePagefilePrivilege	4516	chrome.exe
Token: SeShutdownPrivilege	4516	chrome.exe
Token: SeCreatePagefilePrivilege	4516	chrome.exe
Token: SeShutdownPrivilege	4516	chrome.exe
Token: SeCreatePagefilePrivilege	4516	chrome.exe
Token: SeShutdownPrivilege	4516	chrome.exe
Token: SeCreatePagefilePrivilege	4516	chrome.exe
Token: SeShutdownPrivilege	4516	chrome.exe
Token: SeCreatePagefilePrivilege	4516	chrome.exe
Token: SeDebugPrivilege	184	firefox.exe
Token: SeDebugPrivilege	184	firefox.exe
Token: 33	3500	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3500	AUDIODG.EXE
Token: SeDebugPrivilege	5824	SteamSetup.exe
Token: SeDebugPrivilege	5824	SteamSetup.exe
Token: SeDebugPrivilege	5824	SteamSetup.exe
Token: SeDebugPrivilege	5824	SteamSetup.exe
Token: SeDebugPrivilege	5824	SteamSetup.exe
Token: SeSecurityPrivilege	628	steamservice.exe
Token: SeSecurityPrivilege	628	steamservice.exe
Token: SeShutdownPrivilege	17380	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17380	steamwebhelper.exe
Token: SeShutdownPrivilege	17380	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17380	steamwebhelper.exe
Token: SeShutdownPrivilege	17380	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17380	steamwebhelper.exe
Token: SeShutdownPrivilege	17380	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17380	steamwebhelper.exe
Token: SeShutdownPrivilege	17380	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17380	steamwebhelper.exe
Token: SeShutdownPrivilege	17380	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17380	steamwebhelper.exe
Token: SeShutdownPrivilege	17380	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17380	steamwebhelper.exe
Token: SeShutdownPrivilege	17380	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17380	steamwebhelper.exe
Token: SeShutdownPrivilege	17380	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17380	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

firefox.exe7zG.exesteam_auto_cracker_gui.exechrome.exefirefox.exe

pid	process
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
5276	7zG.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
1764	steam_auto_cracker_gui.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
184	firefox.exe
184	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

firefox.exechrome.exefirefox.exe

pid	process
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
184	firefox.exe
184	firefox.exe
184	firefox.exe
184	firefox.exe
184	firefox.exe
184	firefox.exe
184	firefox.exe
184	firefox.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

firefox.exesteam_auto_cracker_gui.exefirefox.exeSteamSetup.exesteamservice.exesteam.exe

pid	process
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
3364	firefox.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
184	firefox.exe
184	firefox.exe
184	firefox.exe
184	firefox.exe
5824	SteamSetup.exe
628	steamservice.exe
17164	steam.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe
1764	steam_auto_cracker_gui.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 4496 wrote to memory of 3364	4496	firefox.exe	firefox.exe
PID 4496 wrote to memory of 3364	4496	firefox.exe	firefox.exe
PID 4496 wrote to memory of 3364	4496	firefox.exe	firefox.exe
PID 4496 wrote to memory of 3364	4496	firefox.exe	firefox.exe
PID 4496 wrote to memory of 3364	4496	firefox.exe	firefox.exe
PID 4496 wrote to memory of 3364	4496	firefox.exe	firefox.exe
PID 4496 wrote to memory of 3364	4496	firefox.exe	firefox.exe
PID 4496 wrote to memory of 3364	4496	firefox.exe	firefox.exe
PID 4496 wrote to memory of 3364	4496	firefox.exe	firefox.exe
PID 4496 wrote to memory of 3364	4496	firefox.exe	firefox.exe
PID 4496 wrote to memory of 3364	4496	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 2220	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 3748	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 3748	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 3748	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 3748	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 3748	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 3748	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 3748	3364	firefox.exe	firefox.exe
PID 3364 wrote to memory of 3748	3364	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\AASDF.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:3228

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4496

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3364

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2024 -parentBuildID 20240401114208 -prefsHandle 1940 -prefMapHandle 1932 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {042c51ac-a481-40d9-ac5f-b9ac0f7ad62f} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" gpu
3⤵
PID:2220

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2420 -prefMapHandle 2408 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8bac2a7d-e5c9-4f6c-95f6-7bc1a95b3730} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" socket
3⤵
- Checks processor information in registry
PID:3748

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3232 -childID 1 -isForBrowser -prefsHandle 2988 -prefMapHandle 3256 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2c8e860-d8e5-46de-80f7-543334c13e5f} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" tab
3⤵
PID:4364

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3904 -childID 2 -isForBrowser -prefsHandle 3900 -prefMapHandle 3896 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1e7c419-aa80-404a-b30c-ac38602b4873} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" tab
3⤵
PID:1896

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4896 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4864 -prefMapHandle 4888 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1413dda-030c-425d-8430-c54555ae2df8} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" utility
3⤵
- Checks processor information in registry
PID:5536

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5372 -childID 3 -isForBrowser -prefsHandle 5368 -prefMapHandle 5364 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae517120-f34e-46a0-a3f3-6221dbc79098} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" tab
3⤵
PID:6048

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 4 -isForBrowser -prefsHandle 5512 -prefMapHandle 5516 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5516263d-adac-42ff-8ae5-8bf9dabf0bee} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" tab
3⤵
PID:6060

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5708 -childID 5 -isForBrowser -prefsHandle 5788 -prefMapHandle 5784 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56098fbb-4633-44bb-8b72-7bab4b2e37b0} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" tab
3⤵
PID:6080

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6128 -childID 6 -isForBrowser -prefsHandle 6052 -prefMapHandle 6120 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54655e68-2770-487e-a369-42fe78dddb2a} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" tab
3⤵
PID:5380

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3868 -parentBuildID 20240401114208 -prefsHandle 4308 -prefMapHandle 4324 -prefsLen 29357 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cc16c79-231c-403c-a836-d6490e12eb48} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" rdd
3⤵
PID:1768

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3520 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 3512 -prefMapHandle 3508 -prefsLen 29357 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a98e8189-897f-4e3b-8a5c-0312f236f79e} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" utility
3⤵
- Checks processor information in registry
PID:4692

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5656 -childID 7 -isForBrowser -prefsHandle 5672 -prefMapHandle 4616 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d72e7660-f312-46f8-b5a3-e54ef020211e} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" tab
3⤵
PID:5428

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6936 -childID 8 -isForBrowser -prefsHandle 5788 -prefMapHandle 5748 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4013c53-1e7c-45ee-ba54-f5d2db02f3ad} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" tab
3⤵
PID:5436

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7052 -childID 9 -isForBrowser -prefsHandle 7132 -prefMapHandle 7128 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49aa2291-1f26-4522-8570-5c2961483a24} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" tab
3⤵
PID:5456

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6200 -childID 10 -isForBrowser -prefsHandle 2340 -prefMapHandle 6080 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0169458-1fe3-41dc-9805-819ff1723c2e} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" tab
3⤵
PID:5532

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4548 -childID 11 -isForBrowser -prefsHandle 5188 -prefMapHandle 6876 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6db28ddc-db58-469a-8b1a-51530305a285} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" tab
3⤵
PID:5516

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4588 -childID 12 -isForBrowser -prefsHandle 6968 -prefMapHandle 6976 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37c4f5ec-98bc-43ce-a37e-dc305510f8a2} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" tab
3⤵
PID:3136

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5464 -childID 13 -isForBrowser -prefsHandle 5824 -prefMapHandle 5300 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77134e4b-ea7a-4d02-94a7-0717c1ac3e65} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" tab
3⤵
PID:2004

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3680 -childID 14 -isForBrowser -prefsHandle 5488 -prefMapHandle 5860 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6b2732f-a42b-41f5-8c53-434ec0ad61dc} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" tab
3⤵
PID:1344

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f4 0x240
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6056

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4856

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap17511:116:7zEvent29219
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5276

C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe
"C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe"
1⤵
- Executes dropped EXE
PID:5332

C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe
"C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1764

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
3⤵
PID:3296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault0294c57ehb8ebh4d79h8609h8914e73a7246
1⤵
PID:6132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffdb5a746f8,0x7ffdb5a74708,0x7ffdb5a74718
2⤵
PID:4672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,8899565010797761273,4675813575829393463,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
2⤵
PID:5088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,8899565010797761273,4675813575829393463,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,8899565010797761273,4675813575829393463,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
2⤵
PID:3488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdb6a9cc40,0x7ffdb6a9cc4c,0x7ffdb6a9cc58
2⤵
PID:1896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1888,i,17197816640728639897,9792038558736856163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1884 /prefetch:2
2⤵
PID:740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2208,i,17197816640728639897,9792038558736856163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2248 /prefetch:3
2⤵
PID:4064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,17197816640728639897,9792038558736856163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2260 /prefetch:8
2⤵
PID:1048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,17197816640728639897,9792038558736856163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:1
2⤵
PID:4404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,17197816640728639897,9792038558736856163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3320 /prefetch:1
2⤵
PID:5676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4492,i,17197816640728639897,9792038558736856163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4520 /prefetch:1
2⤵
PID:6000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3696,i,17197816640728639897,9792038558736856163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3716 /prefetch:8
2⤵
PID:4080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4800,i,17197816640728639897,9792038558736856163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4792 /prefetch:8
2⤵
PID:5428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3700,i,17197816640728639897,9792038558736856163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4812 /prefetch:8
2⤵
PID:3124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4804,i,17197816640728639897,9792038558736856163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4672 /prefetch:8
2⤵
PID:4808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3688,i,17197816640728639897,9792038558736856163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4896 /prefetch:8
2⤵
PID:2328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5020,i,17197816640728639897,9792038558736856163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4996 /prefetch:8
2⤵
PID:2440

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1920

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5136

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:3200

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1608

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- Checks processor information in registry
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:184

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1940 -parentBuildID 20240401114208 -prefsHandle 1868 -prefMapHandle 1844 -prefsLen 24856 -prefMapSize 245077 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa99af40-b92b-4701-b3a9-b1b83dcd2be5} 184 "\\.\pipe\gecko-crash-server-pipe.184" gpu
3⤵
PID:4544

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20240401114208 -prefsHandle 2276 -prefMapHandle 2264 -prefsLen 24856 -prefMapSize 245077 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d84f294e-ced0-45de-a8c3-c1eddd0e44a3} 184 "\\.\pipe\gecko-crash-server-pipe.184" socket
3⤵
- Checks processor information in registry
PID:860

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3276 -childID 1 -isForBrowser -prefsHandle 3140 -prefMapHandle 3180 -prefsLen 25355 -prefMapSize 245077 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c66fd081-d7c8-4395-96ea-a859eff3b80f} 184 "\\.\pipe\gecko-crash-server-pipe.184" tab
3⤵
PID:4420

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4184 -childID 2 -isForBrowser -prefsHandle 4136 -prefMapHandle 4132 -prefsLen 30642 -prefMapSize 245077 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {413d96d0-c18f-4d3c-8337-e1b453cf2aff} 184 "\\.\pipe\gecko-crash-server-pipe.184" tab
3⤵
PID:4780

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4728 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4720 -prefMapHandle 4708 -prefsLen 30642 -prefMapSize 245077 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49eb1224-0d76-4019-8961-70d6651ae4bc} 184 "\\.\pipe\gecko-crash-server-pipe.184" utility
3⤵
- Checks processor information in registry
PID:336

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5048 -childID 3 -isForBrowser -prefsHandle 5032 -prefMapHandle 5052 -prefsLen 27974 -prefMapSize 245077 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99101ee2-740b-423e-921a-450b64c1265e} 184 "\\.\pipe\gecko-crash-server-pipe.184" tab
3⤵
PID:4604

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5256 -childID 4 -isForBrowser -prefsHandle 5336 -prefMapHandle 5332 -prefsLen 27974 -prefMapSize 245077 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b641c183-a6b3-4740-8992-cd984e323440} 184 "\\.\pipe\gecko-crash-server-pipe.184" tab
3⤵
PID:2160

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5244 -childID 5 -isForBrowser -prefsHandle 5472 -prefMapHandle 5476 -prefsLen 27974 -prefMapSize 245077 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62356b70-bbb4-4316-8ca8-4c795ddb471b} 184 "\\.\pipe\gecko-crash-server-pipe.184" tab
3⤵
PID:4144

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6064 -childID 6 -isForBrowser -prefsHandle 6048 -prefMapHandle 6056 -prefsLen 27974 -prefMapSize 245077 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43abd052-c5da-4763-a702-4fcec10bd266} 184 "\\.\pipe\gecko-crash-server-pipe.184" tab
3⤵
PID:5804

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6316 -childID 7 -isForBrowser -prefsHandle 4384 -prefMapHandle 4368 -prefsLen 27974 -prefMapSize 245077 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {319cb1f6-5ae3-4276-a9ff-7c78d7a82404} 184 "\\.\pipe\gecko-crash-server-pipe.184" tab
3⤵
PID:220

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4368 -parentBuildID 20240401114208 -prefsHandle 6488 -prefMapHandle 6428 -prefsLen 30642 -prefMapSize 245077 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d66e123e-c96b-4a05-b08d-6c080235acb8} 184 "\\.\pipe\gecko-crash-server-pipe.184" rdd
3⤵
PID:1900

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6724 -childID 8 -isForBrowser -prefsHandle 6692 -prefMapHandle 6712 -prefsLen 27974 -prefMapSize 245077 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {edff31b3-ec94-4a49-8090-def8becdce4d} 184 "\\.\pipe\gecko-crash-server-pipe.184" tab
3⤵
PID:756

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6900 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6976 -prefMapHandle 6972 -prefsLen 30642 -prefMapSize 245077 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9dac08d8-2111-49a4-981c-e0d4a6e751c5} 184 "\\.\pipe\gecko-crash-server-pipe.184" utility
3⤵
- Checks processor information in registry
PID:264

C:\Users\Admin\Downloads\SteamSetup.exe
"C:\Users\Admin\Downloads\SteamSetup.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5824

C:\Program Files (x86)\Steam\bin\steamservice.exe
"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:628

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f4 0x240
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3500

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies system certificate store
PID:6136

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:17164

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=es_ES" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=17164" "-buildid=1726604483" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-userdatadir=C:\Users\Admin\AppData\Local\Steam\cefdata" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:17380

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1726604483 --initial-client-data=0x368,0x36c,0x370,0x344,0x374,0x7ffdb40dee38,0x7ffdb40dee48,0x7ffdb40dee58
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:17464

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=es-ES --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1596 --field-trial-handle=1728,i,17216676092438389601,12217770450539361890,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3632

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=es-ES --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2192 --field-trial-handle=1728,i,17216676092438389601,12217770450539361890,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6352

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=es --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=es-ES --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2508 --field-trial-handle=1728,i,17216676092438389601,12217770450539361890,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4604

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --first-renderer-process --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2932 --field-trial-handle=1728,i,17216676092438389601,12217770450539361890,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
PID:3004

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=es --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=es-ES --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2464 --field-trial-handle=1728,i,17216676092438389601,12217770450539361890,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
4⤵
- Executes dropped EXE
PID:20140

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-agent-product="Valve Steam Client" --lang=es-ES --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=3632 --field-trial-handle=1728,i,17216676092438389601,12217770450539361890,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
4⤵
- Executes dropped EXE
PID:20360

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3548 --field-trial-handle=1728,i,17216676092438389601,12217770450539361890,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
PID:8208

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3744 --field-trial-handle=1728,i,17216676092438389601,12217770450539361890,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
PID:12012

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
.\bin\gldriverquery64.exe
3⤵
- Executes dropped EXE
PID:19028

C:\Program Files (x86)\Steam\bin\gldriverquery.exe
.\bin\gldriverquery.exe
3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:18436

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
.\bin\vulkandriverquery64.exe
3⤵
- Executes dropped EXE
PID:19236

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
.\bin\vulkandriverquery.exe
3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:19200

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:8048

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
PID:8036

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1948 -parentBuildID 20240401114208 -prefsHandle 1856 -prefMapHandle 1848 -prefsLen 24856 -prefMapSize 245077 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfa5b42c-9916-48cb-8821-aa320b3abc96} 8036 "\\.\pipe\gecko-crash-server-pipe.8036" gpu
3⤵
PID:10436

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2312 -parentBuildID 20240401114208 -prefsHandle 2292 -prefMapHandle 2288 -prefsLen 24856 -prefMapSize 245077 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f7e393f-f431-4a5a-bac4-8411e9d3030e} 8036 "\\.\pipe\gecko-crash-server-pipe.8036" socket
3⤵
- Checks processor information in registry
PID:10508

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3352 -childID 1 -isForBrowser -prefsHandle 3292 -prefMapHandle 3084 -prefsLen 25355 -prefMapSize 245077 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6f8858f-c248-43f3-a00e-c235426eb09c} 8036 "\\.\pipe\gecko-crash-server-pipe.8036" tab
3⤵
PID:10816

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3744 -childID 2 -isForBrowser -prefsHandle 3740 -prefMapHandle 3736 -prefsLen 30588 -prefMapSize 245077 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c14759d9-db6b-4028-a6f5-813c4a547a38} 8036 "\\.\pipe\gecko-crash-server-pipe.8036" tab
3⤵
PID:11032

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4740 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4744 -prefMapHandle 4736 -prefsLen 30588 -prefMapSize 245077 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0c43640-d97f-4d0e-8149-07799727f4e5} 8036 "\\.\pipe\gecko-crash-server-pipe.8036" utility
3⤵
- Checks processor information in registry
PID:11384

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5116 -childID 3 -isForBrowser -prefsHandle 5108 -prefMapHandle 3632 -prefsLen 28027 -prefMapSize 245077 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dde999f9-536c-434e-bbe7-8fddad3db857} 8036 "\\.\pipe\gecko-crash-server-pipe.8036" tab
3⤵
PID:5504

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5348 -childID 4 -isForBrowser -prefsHandle 5272 -prefMapHandle 5276 -prefsLen 28027 -prefMapSize 245077 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc20301d-701e-473b-baad-cca918c9734b} 8036 "\\.\pipe\gecko-crash-server-pipe.8036" tab
3⤵
PID:8444

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5492 -childID 5 -isForBrowser -prefsHandle 5496 -prefMapHandle 5472 -prefsLen 28027 -prefMapSize 245077 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b53c8e1d-cadf-4765-9f01-cf970a96c07a} 8036 "\\.\pipe\gecko-crash-server-pipe.8036" tab
3⤵
PID:8516

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6140 -childID 6 -isForBrowser -prefsHandle 6092 -prefMapHandle 6096 -prefsLen 28027 -prefMapSize 245077 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86deb74a-8f75-4a65-824c-a9039a77c821} 8036 "\\.\pipe\gecko-crash-server-pipe.8036" tab
3⤵
PID:9384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping17380_1928286608\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping17380_1928286608\_platform_specific\win_x64\widevinecdm.dll.sig

Filesize
1KB

MD5
36e5ee071a6f2f03c5d3889de80b0f0d

SHA1
cf6e8ddb87660ef1ef84ae36f97548a2351ac604

SHA256
6be809d16e0944386e45cf605eae0cd2cf46f111d1a6fe999fec813d2c378683

SHA512
99b61896659e558a79f0e9be95286ebf01d31d13b71df6db4923406e88b3ba72584ef2b62e073b2f5e06901af2c7d1b92d3d12187fe5b4b29c9dd2678444f34e

Download Submit
C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping17380_1928286608\manifest.json

Filesize
1003B

MD5
32ef54fcac37d3d390c05880067559d6

SHA1
ab44258473c7c1a920596ccc33463a765e5fe60f

SHA256
d97f5e50808d1ef75bb241df2dde8f7293b9bfcd498dc525e258c97b39564211

SHA512
3bcdd94edb8b0df2d1684ef865f9711bf544c4c4f6adde927611b648dab2776e398e3b29681369a80e8c7ebfb9cd100ba8469ea69c5034ec023c796d8cbfefa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
71b50de2c071ee6e3b6adc56a5d6e970

SHA1
558d3fadf0e161f0fdbe96a23560a1ee08db5365

SHA256
09d2d776e7f12a10b7e24180eeff469810c430cd090395c2d5462e9e09930491

SHA512
7733b0a1fb4fa81b08cb4654689ce6713a6ff0fd76cc229a7d37299ee81f47027f12e446211c38841e4d90d1a9ffc17bd04a24316da1c550dd9040785d5cd391

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5375820c67cf4e53d0bbb2c1dbdc36fe

SHA1
6aa7e02ca29c0085d8d711acf4c1250c21d4d5d9

SHA256
a84cf4e3a240c52499dc4e25603db18b338d89de6cf27000c047b6b9e120fb94

SHA512
718d7020ce19644242cb6ed2dde357ff5636cdca45209afba723d9b4fc2ed6959a057c51e8f2a34e7efba235096ae275e8daa5ff33c653898c25cf6a67b94b3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b9341af2128839b5ec9a240c7f11847b

SHA1
4d22f90dfae2d43f36606144aecbd70f6f972862

SHA256
25394c0a4fcd8e5fdcc8dff1dde54c9b2f5b46f196feea337366a7d2d4450c78

SHA512
582221c6badb22d4b973b46a84e28cdcc6803c1945c154731e50d50e33970fbd0318a53aab3794dfb69f1b08e78fd93267aa17c7f7c259f28849cd85ede88f1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f1e6402b998d715698b702253c720b3d

SHA1
cb8b06128b6378c19fbf30a63e02474c3baec8de

SHA256
67a55b85d61fcc3f451740d1e6c3691582638d98cac8d1d430d515446a39b2e6

SHA512
0f0083b97ddbc7f772b9c8ff81befb9fcf1ae7aa5c350267c85e75eba813a38c33b022f2a750ace1dc940af66f8cc9edca4be87bcc198d8e90660eed8c350a35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a09123acb8cb10b29ebbdc9af3ed9116

SHA1
6e751f33726a09e9527ec3ba0e8db31cd3358537

SHA256
d3fe8822ac60392f0aaf29fc47f3924510130b8b893c5d687a17995a7a4534ba

SHA512
b85969bd3f4f241825a66d010c0ca7808d093359f8fa6c00c69ebcd6a774d1b8e96499bf4c67c2414410c1b937f51f9b07b7c31de217a0158a2e26d12fc08d1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
5c6265c6a532f1e4cf1f9d58f870cae3

SHA1
22eab981b666a3c71d4148e7bfcc8749f16e8274

SHA256
40a6d092574bb3a64f17875d0b6408b02127e4763627e0bd9674e7e2e0075c66

SHA512
25fc5fb49ede5d9d6b11eb0601e8e94c314e240d9fba0159d0ef1780aff70530329dd73308b7a7921123cb1bab999480da90b15c483794797609b894c2fd5bd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
5c823b3f78da1da665bbec380eb995ae

SHA1
7fb218a22b5f6cffe8215ef0cda3c225c09a75e6

SHA256
b8d0756fe94a898628313983d68f2f5277b119d5a3dbc41316207f78d3126683

SHA512
5dc28444941e70246e4d03e8f7be7e3a121c1ceb5e5bb42041affc004ce17f571607f0e961e55b4a26befe4c762490f74c45f6f0a5896d8442351d4b95769cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b247e223135afc66f481f758608672e6

SHA1
eef6d1428bc50731e3ed237176c1701082dcf4d1

SHA256
f2702f88df2ee7e70ccc97bc17aa987ea06105311a5ebf88b122e7ec5ec0bb5d

SHA512
74bea2054b7cbebdf730f77cbf31b260927775b5a7ac12cf04e25ad949e367edf7a1522465ce6f0a3fd59b1d4cc9f541bb3de85aa3ef0755d81ab3a04e04d3ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
25bc328d7c5e3a83d73b29c2367b6b2f

SHA1
fd3250e6f76d7771b3ad0988665374b9fbe9b12d

SHA256
08857fdf7245ebab267d24ae825437eba21b520000f196617aa7734db8f2cecc

SHA512
05728e56a55b88fc01b4eafc314db7a629b079f009470cd161e68474fce7bb9b51e1a9e1c9788ee066e6e9f37ecd9fdce695f6bde8d66d898a9012126a9f79f9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\activity-stream.discovery_stream.json

Filesize
18KB

MD5
f4071792e99beb9f31f78471b0e2b629

SHA1
fac3cb1da94fe8013cbf33c0a820554c9a942d8d

SHA256
11c424fe09a34af6e4a27bc4b0bbd6a9fec02355f714c613aeb10f8f847626f7

SHA512
f4c765396a823cc9fc6523a302683a68830c008c4732910d254aa1327152c90d47d5990966a8d67a90eee98f982cbe763f988b4e9c92f6e52ee46e6bdfa22894

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\doomed\24997

Filesize
1.6MB

MD5
ab52f188e7e85d7d25f55f4a80c4085c

SHA1
dbe3631390b0d2b9924764399edcc710b64cb44d

SHA256
06c9eadbe3876fba17ee02573d57d0209ae4cf20bdc37e2966bba24c8aa79b42

SHA512
9487017fe13ec38dbf299b2afe45d4e8cf6ac76977d705a3468af0616c7ae36c9d269343f5c0cf9190ff07f463b38d8787c1fb9c130900d9cb6d593a71512ae9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\01E45DAB63BC6FEE18B1E08B21C59EC616938A33

Filesize
247KB

MD5
a0867a95962cffff726f368db9492c06

SHA1
730f20b145a969330dc984358da1498315c00411

SHA256
ea186826b3ca857eec6eff2742d4a4901d008b8d114ed94e8a949b038436822d

SHA512
939d518b107cb50d00d2e0cb959e9cf12056b81492b4fb04fe483f2f817b924a1621f1b95d5f3f7f345d6e2fc9864d2be21d007e7c5adea83337fd3d07d653d0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\2D8525BB345EEFD7EA77B17615BE7B8943800A8C

Filesize
46KB

MD5
0a8604512c09c9bb6fcd693e483cc633

SHA1
794e89634da0681bdbc56d681b215a78be1e6e9f

SHA256
26af11d876b0fad360b90467dbce046d1bd169234d83d8a090d74a13e0c786a4

SHA512
07f0e3f89cf6c678023bf62a2f9f7a09fe20280db17ab3c7d98c6ef344b0d31bce056feae444bd98ec4c8992b74819373294ed621b0a707e140b8f57b56d8962

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\51493B0AD49E82494123261E227E79EAC73CFF6E

Filesize
13KB

MD5
1c86b5f32bc055fa6865361bd5622985

SHA1
f728dfc40cf5faff4916b58c2ef22e26addc76f3

SHA256
e2b2224c87871bd911fb3a53a42f8560dfa5dc45e1ac94afac9adaedd236b231

SHA512
047398ff571d434dab3a1349fb54ef809ae3487e0ae1d27fa7467a3a74315fce0d34d3713868ae35a5a48bbc76a08a977cd50ae5d05aed42175247db3108feb8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\52AD6A2CB7CF25B1329E335F81A4EE2C82CD36D3

Filesize
16KB

MD5
8a891fdfcd3e212962e7a624e892ed28

SHA1
eea7e4768715b8156ca48d754407710426ff7b02

SHA256
238e2dc95adf37ccfb6685f1c28e7903eb7bef10230f90c408da725ad9849dac

SHA512
ba089cb03cdc0e8a276e2de6f71e68ba431ffced5cb79e6f4c6a1e4d68183265526e96967cf3b03afa33bead48ec9054a950456c3deec1677386cfec6da787e7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\53B8AB1A4022552B544DB810ABE1A1DFCFE41DFD

Filesize
699KB

MD5
ae656a9d02c04cc3343f81bb15e6baf0

SHA1
57f754c257efe6baaf3f38ea24ee8de766e3c781

SHA256
75119228d11f0aa90d0bebeb49aee01ca4a84099258d7412f496632fc667cf3c

SHA512
e9d34b66e325adcda409c5caddd93e7c38fef80a2188dc21d67d149c165a06c2631a9fe4176ff5db86d2b7ea44564fe2926b3813fc44492935cbcb45716ce7f1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

Filesize
32KB

MD5
219d515bff947d2c25cb4cdc0c5757fe

SHA1
2a9b35d193b82e5733ff83e1db7e90fd6d6c2264

SHA256
074d075864da3800e064ea82054eb97990b0e557b27b61cd2376e14b40a41e60

SHA512
1bcd3a0e4e38e7558cefe9dc69d5156819fd21fb73d4441e0baf527a26372dce1d84170186e0634d92b48c9b2a74e03dffd7a81ff8c8130cec4136a8342d2c4e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\72486DBDEBF1D64101900CFD6B0C98DB58BA51D8

Filesize
12KB

MD5
09086eaaeeec8001f66b5ff10784159f

SHA1
372124c1511e34cc4300feda9e92b29014e67e34

SHA256
ff7ecddd6ce67f1aa12171899caa867fae91261382152dec56e2153acb40a931

SHA512
1a4a50c22d9ee5f5133f97b26012c3aaf5f56b4c8c9eaac4768ffb8722b282c003a816947956fbdad0d2e255f909008d64aa63753c5897e366fe4ab19cdb1e94

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\86872C35A7B37D6E2142197601DE181F468519B8

Filesize
27KB

MD5
d1774700cf62f3bac79d92ab836925d0

SHA1
a73fc86f095e5e13a467242e68f0b8e6b20b874f

SHA256
ab70a91cfce81e6cb1a60ad8c8ba285e3fd104f9aea619fd6e1b3024f444f685

SHA512
a29f9fef3034474ce3d465c60364214a34902258f9d1f912e9802e6ab559ac09d06a22cd78f4072f97c57e2b697e95664348c3ea5b3c2887525d9477c4d8c6d6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\878D4F5D6C51837D0C109F0C4ED3B77C339B9CF3

Filesize
9.2MB

MD5
8ec427dd5a4ef5d800f4994d62b57fc1

SHA1
8112bce62250a5b6fccf8db7b50f21ec1e4362ae

SHA256
ab38ac67d929d3382db455dac54d846db6ea39908ec4bf28878043afd2faf36f

SHA512
0024d074f0b60e551efb7cd592c6fad2396719b07bcabaf4b192f50221b968b90d8574c6166af5836dc20040c47caa9c58430a93c8bbf8d2e313a6b74bb0733f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\8AD6F5CF0FEC728921A5A08D73A7BA92616EE430

Filesize
81KB

MD5
5ea715ec3d85b75a6bec84eba6271138

SHA1
1a65bfb92e6961973b20fadb797024a194850eb6

SHA256
377ee341df70fcc52fb72542c5d504304b4649d6e15604a4bdd43ce3d4b66b25

SHA512
bc3a19245761ff861e4e0964edd747f1f9e84eb808c1adbe6715b540911929d79290149b38f8e0f1a229c1bb43d996a08ae74d3efff0807c30da1ed08e83d0fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\8E85625EE9AA011944D3C0C6D5776A5A154B9FB0

Filesize
44KB

MD5
b0e4a62577229f757e035627a4696cc5

SHA1
fcf506e0ffc5ee2a85b3c81afcd7a1c9df2a1c19

SHA256
8abf1f6f2aaf843f5f6ab155c4a14b4931c1a08cf6b07e54a86734eb1bc74298

SHA512
69cfe548e0a2f942f8e51c62a3266fe2044d531ed9aeec534a52eb9636d790bee0fee5e006bcbd4aab6970914a9ef8bbafb080ba71b80187ee5c1b51dbc8f4f3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\9304916E9AA953768B81A902FB0D7D621AC646B8

Filesize
223KB

MD5
e25ce1694bcef668259f1dc03e9b9fe7

SHA1
2b68a9f4a99f0570351f9da561c47ad520626865

SHA256
a6a942b984262d6885ee870a353a280a39aebea82da3c45560d29aa77fd73b8e

SHA512
95627c82f47d5c920fd2d84829baaaefa7a16160dc2973ea6c5b0e07f5d8ec15546cf750d3155b466dbcf46815172894ba556de07e918aa7ed97c40ea6533122

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\A16E28EC4379DEE4C85C9D277CC4D22180262236

Filesize
549KB

MD5
67302c19b6add31e25999bf4b309206d

SHA1
78e0acec05efc496484420d44cd14965771fc82f

SHA256
5c399db7252b1e4996691c8156e264552a55f3701e4b350cb6aff6f0250c484a

SHA512
ad229e930a80abf264166126f354572b306390ff9a3b43f24731d1b100514a93f7339dbab4b753ee40662bf821ddd2f305b9a2a65f0df63ef6b2ad316f8e53f4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\A178041D1CE56178B2DFA9E124BD9FBB4879D9C1

Filesize
246KB

MD5
109d32aebca1c1337a8e70e22533dfc8

SHA1
ccec8a308aee93ec32888c54791b70ccf9455433

SHA256
ee39601592f2c18f1fdcfb80573aa908a71ffd2643839ea3f41f1f7ca122f3dc

SHA512
d04e1bd7c21d36f12c71a1ff048ae43e1e1f6bc002198a3da3147a9fedc0633e971103c3622a3b77937e7ac13a80b45aba20153ed5166a75f8a6b71b9e1ff6a0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\A98287AF147D42F55A9870B9202170CBEB987338

Filesize
418KB

MD5
8653b8a7ed9353af1f348c6ba54ec08f

SHA1
439576ac86e3b1cd3901c31ad26e3c1e65915e96

SHA256
9271936fc7fd4e9750c44b1c08c76fdc752b58953cd219d4f7fbab578f12875d

SHA512
2686e2626798e168bd9e5e9155eb687669279f23e1d33e38d37c9423b2d120c58e364b556c3c1b408b6400f9cb467357be8c46d0b0013917e9088471a01439e7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\BB64D88F4C22D7E7717D86B1B9B240357E2F5BBF

Filesize
429KB

MD5
0bb9b693c274682564fa42ca78d15511

SHA1
39fab5088f0e3f9384c332bf4a8bf09e52d7a9a4

SHA256
4bba3031117c818614a1cfaa061fa7ed7dd3619440be6d01c99d70313373291b

SHA512
0c2440ada5760d1b40e965fb9f40845b0373ee0aaa3ee3bb3497d86ab00d1cfe30591e10e4a944748fb763db36b0d218c4662b2d5e2f529aa324ee8e7c2b7b7f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\CAA92896BB011F3FC8AA09A6942D700C05A6DA8A

Filesize
105KB

MD5
9d967e15780101d26be5e6b5211bc13a

SHA1
cccbae917c97f68f4749dbbcd17f7203a52c7c27

SHA256
a523542b0864b7331e06bce08f5b7480bf88786f9f809c6a83692b9fdc574d68

SHA512
a54ae80d66b91202fd851bcf3a95a1b5b0eec3fafe2ef920f9b45926cc71b0fffea7105e4feeb50b1fdd641d36cabb632a997064a5c62b09a23eea44d86dc6bb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\DF0F087B3B322D19A4DE0F953C1E5B5461B51731

Filesize
46KB

MD5
8acecaffc8328650b7f91bb0b5a346f1

SHA1
4d0a8634c97600edc685af6909dff39c370fd397

SHA256
918916c34d1a43d21837fc78fecd8ce4bf20f23bfccf8fc125a4818bd28bfc43

SHA512
649dc8bbcc4c10790b5594c35cf92ad7a85dab9a94bf61ef03fb56e105b16927525616d24654ee2191d546b6ffecdc97309f16ad274af2d271d6320799681bea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
29c3ff60853db6f892501ec8869d8099

SHA1
3b0e2c08208e61e883fdd0ef11c5d25fb01180e5

SHA256
887d68e6834e3364b29b334222a7a5b296f11d8354d817ae02ab85d2931b383f

SHA512
7b4099b36645168f46c2a38a42f9fafba3eb9f73a82b79b9753d94cfd45251f28ccecd04f77ac7609c86b6a2e73fabc23aba7780d15744329bb5952837d479ff

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000008

Filesize
36KB

MD5
47d88f0e30322831ac51429e321af624

SHA1
0a3a50ae8c9d61a6d96b872f91b4694187be0bcb

SHA256
ff066f3e1ab3028b7bf326825772da1a50d4c9bfe92ec0abcb52f17ed996482c

SHA512
416fa132223c396c6ec4ba581383ff0859ee02a7e73acca4836df0e8154600cc9cfa4249832d0370fc7c45232e0114994e7da36d094cd459a6f3c77be539cece

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000009

Filesize
20KB

MD5
1cd9f819fae888ce4860b7f6093347f1

SHA1
04f78da120741f1198d595af811b2c42ca9d5406

SHA256
d90bde2cee49d26d93cc149da64ebfe3b57b6f391c1fe84c696a2d5e3f33b3ad

SHA512
2f7e22a0b36ed64c6be176f48f91663bbaca60d7a4ea862a6a81678fadc1d8df31c59a3266d1097654fb52345e0d2e292b8bf48e9497be9c3e3be89cf43bf90b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000010

Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\temp-index

Filesize
912B

MD5
a793282aa732da5e717a18c82aafdbef

SHA1
9b0b3a83275b65908706b5a0394454e8204d6571

SHA256
0eabe19497bd012966b76de0857c5c66513f99406aa8575d8cea99d03414ab68

SHA512
428da8ef9bfa91cb33af446361c7cdad0c3ecefd637da9af106bbb4f62296176a68bcd80ad1210d7adefd083fc15e8f42abf09dc7777d1233670644877052a08

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
c0c2514c34b3b4c8a79876664b86439d

SHA1
87ad6220ce02181178c0b4e930134beb89a8edee

SHA256
ffc1c3ebcec7d031ec2c7bd99cca08ad9042f562737be09b6d75d83c2e338eec

SHA512
23ccc6453539528a9e4691e9aba24ff44a47bc45a16085168b74a61629cfff5efbbe3179535de82e53ad622be5a8b3a17a639e925a61aa2cdd4b7c4a10ceeb81

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
110e2b519c16346eda2dde15fee9fa85

SHA1
b112f46ce497ac055849b5bf2bfe742a5c5935dd

SHA256
9243bee184b30766b2f854a394758a9db03cd6dbe735a65b7518ad4f77e0aa35

SHA512
fd043356b120aba3d71a228b36528c7a326f63f184695368d3a221ab029ead6b5ff70ee98281971235aa0cd00a2095cffe648c772be1f10e0dcfdafe14e7266f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
88d48966936577606b6ee9fed180452d

SHA1
178e72671f6999e2e1c25b7a90a876cad93c1491

SHA256
c1af536924e55508f3ed9e59c831ba5603aa98f4908484aca4843d3f2a137731

SHA512
1647a4164204f06e945b50a71d36b9002efa8f2c2601839a752d046aa76ad4a0536ce229d9a20af89535fba41bc12702558a0e67d95517c5fe8c6eb6aaa904a2

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe6151b9.TMP

Filesize
48B

MD5
ada2a113343f77eca5bbafb2da4b877d

SHA1
805886d2988fa940961d44b5fd6958916c50c2c8

SHA256
c14c0f8e514796dbe30e76b645d45cbda669d7e5124140e0f46b6683fee2cb6b

SHA512
99a99b13a70cfff9fde0012455defb8d85f491135dea1aae2e26d430e894f75f40be66a6bf8d5c5f373eb631e027912e2693a8c7f8b0beabbad488abb180dd0b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
700B

MD5
cb308a2ff2155132b93ac7c6f584af45

SHA1
0de791b06079fa8b90ea490a39c62fbeaa989cd8

SHA256
3054e1c29db88adea64e33e2b20b8765a122b339d52eb142c6fc12496db322e4

SHA512
9332ade7d0db3ebf6c532fd10e9c3b0dfe415d6755233e6e49f367b3059eb567ae81d3636ffa49d04e75aecd8ad9fab5a41518657dd7c1ca3b26b246b1f54b56

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
795B

MD5
52122cb704b87ea684d37a0a0f041d65

SHA1
77e73b18b92ce188afb125307aa730fbcfdcfa87

SHA256
73570932109d5bae8b7752af3d80503b71fdee926e4bb2c55c5e0e1ebeaab3fe

SHA512
4f2a7a837a4dc46c2f07c3c468de223115f99280e9b730527a5c9cf2b59bb3ca47692e97bafcb913a970f5695c20c3be0218bdd6d33c6bc729c20b90139bf34c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe620d1a.TMP

Filesize
484B

MD5
04965753f789a76f73e68a1792788672

SHA1
3ef5e4e67aa3fd2419ab2de8fb9c1614dd661869

SHA256
918b5e41191a7c39ed70a3917456866ddc58f92de91ae6798e18893314d86e91

SHA512
d0a9e3a7298bfa72b5e9f650624079b6dc514e7f7c5666b37feec65049177f84351f7fb109783b8fb8ba871a6a666dff3d6141b5e318ed73fa0f08e643b05a3a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
bdedd767aeaba26786febc233504f91a

SHA1
0d6c6caa579f6c84298455197b4eab7ce9b74202

SHA256
6f06f27d5de35a78415c411cf3a5f679dc3fad71c91524444914e1591d5481cb

SHA512
c54f094b82bf751c074fd13a45aa074b014d2c6a61901d37bfb5265916c22f68fb2179db8599688df75d8456d6780efbdd22b4c9f919862c82394c230bf490d1

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
bf951db9436ccb18ddabd45a1b3e5431

SHA1
6d55095e966e3cb6321f58c322599ea4572c61aa

SHA256
676a954361764961f0f49f9bc195bbba3ce2f5fade5193fb08c2e2d9d8ee5f82

SHA512
4c6afcadf0d3ea231c138173e4b158e01893dc3684fbd37a7c189a3ca13a8048098c32b71c680546f11315e4ff04274c8cb14c589f9e7a87f2fa0b87ebc4be70

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
8c0cdc2ff63070e2434ccd0f6a472fa6

SHA1
14fca11597a45c5603224521090c88f3dba180c6

SHA256
9d59afc5f6f4f15f2766bc88c88b2336d22e57209c67100e4a6141e4344192d9

SHA512
fb2e318986ba97aae23241715432e408e945ed5bb2ea6f126ac34bd9389440ba61a74791f9e62097bef2547559b9c27d6b6e98041dc0d93017f7b3ce0ce08b53

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
300B

MD5
a37410c868181a96e15f0b38dbd6b4ff

SHA1
d2979d535c19a51ea40c78c944534e6f9ff3dbda

SHA256
1bee658d0c6101ad10370d8c51d07e3c3619318c25fc86aaeced0be6905e314a

SHA512
d2367b25abbdebf9cc1eb9a3aca4cfcb460802bd249e872af67fb424f50dd9e938f7b466e0ae9f1e71d22c7b936edf4492b30c81b6fcf1a2b7dd2b48f97cd1e8

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe621de3.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
daaaac5db0f3a9336c7989103762c527

SHA1
d613067417cee634bc3852753abef90f4e4aa73c

SHA256
26e648ba8e00f0972a53c52ad81cb9fc57a30cda5b0311827300022b105fdb56

SHA512
18e97075e9b457d2adfec5dc0a7ac3c5fbf51891ef03227fe84a9f77d497104d2437414439cb55524bc83c1d693a64c73b15f29d6f392822d03805926d853b08

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
94e269c8b59b0b5c46fea5a5f2ab71d5

SHA1
553b4d971cb4541039aebde35dd2d559dd1e55d8

SHA256
cb1c9f3108856113f395227a276c4d8a67aa287422b3f967276a7e831a4ee13b

SHA512
c407fccadb0792311180fbf0fde2f1a9a582bc8afb8cf5ab9766f5b768e2b4630768b97c47884b01005f6da138aad3948a9d3a86b4a460281e9ea1b4b4199924

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
63b381ea796a69ee39461b3afeb6c644

SHA1
e649ca77088cf1b187d68a893e6ec898940d1127

SHA256
a7e934b5f197b2d07374d9a675be5d4dfc53d9854a94750cafc4b73aa95f36d4

SHA512
c4701ae3b241015ba518a8087a5b9392a63d2367988fadba5ec50cddceea9a742a94bdba3aa75e5840ca0af14d4290ed5cd5450204d529c2c16da3d85edfbebc

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
885dba5efa6183ce20f45a67089a3886

SHA1
d47b56c5ea80ab0773560ed6b9e275191fa5f8ea

SHA256
0bc88c744b3dc5c4c4b86319d1366caad9f3d6ba1facfcd7b338ddc40cbfd976

SHA512
15f87f4cfea56af863e6aacfbd4ae5c8df5250e839858eb2b3c4f30122792683840a58e2995bb6499fa6de5233eb976d98e5c35602d8cb0e12e17ff5e16fd699

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
c15cf0fb5e0d5cd6f6476df42a8ac0f5

SHA1
dfed6526f482851040409e59f065e9afaff9b135

SHA256
54489d3df7e8be97347e9e15a8cbc1e4f988ba6b6f6580cf9f009f4915da6f9d

SHA512
df1a4c2758defec6bf88b76327e825b94b53ccfa4c50230f65bbb99b31f1489f605e52a164be194ee187c2d88044beeac9d6b88f7f9112462e51f66514b964d6

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
b16bb6b1e7a9e0f2907327606d4062ff

SHA1
e419c0403bea99fc7d3808e1e9ff9e8c4056f374

SHA256
9bf16eb376f6fefed49f58c27e6a97cbb3123abcfc6dafda3a10f59ba01d9e9a

SHA512
d099682ff6fa1d2662df219ccf386fcfcca4a1a4acf5e975c992b99cdba159509dfd419de3abede32f45c576ed6fb7c321a9266ffb3dba6ea03fded132b72dba

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe67ac5f.TMP

Filesize
203B

MD5
dbf86487f1ed448a8c30e51a7547b4f1

SHA1
290f3f2bbc226a94d8d44167c69eae9755add6c2

SHA256
dc81046d53ec1ec4a2fa82213efee70aff222ec6461b634ac07f926fb25d72f7

SHA512
9cc24ce76064c6768abef3674be9489c5835829666db13607fb72edb8d71b2a5a5da57ed28056685ec564324181c75688f3ed87e5766785e3783e2a4a7e079e4

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

Filesize
1KB

MD5
0e6f12697c0b1c4507d517ac06740816

SHA1
700f4b3929fd9653d5385aa7ec714d4f9dd60e93

SHA256
742145dc081092b384c0b915488917e9c797f36771768bc766542f167d38f3af

SHA512
e905669603a4ec2119fb74aabb5601a76670bd2b16f4105cc7a76b6ee7bcb25b0f20f9a7a5f30e544996e51d5691e36d7b8f52c79d158a5876fce6eb730d6aa6

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe67e040.TMP

Filesize
1KB

MD5
5a9f0e83162e5206f9c268a64042ed84

SHA1
ca215d58b7a19e921773ff95caa79016df13a84c

SHA256
04d304111a342c7708003d14a0c9e5c661e74757d70b3e327a5c0e7983a9f1cf

SHA512
689de1ba21c2d6a2c5e15d09f38faffc11341ff00678801cdd9e50e323321728d4d71943475044f6ac020176d9ab69e4a1fab7343e153b62d1d74a8e87978fad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\VCRUNTIME140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\_bz2.pyd

Filesize
85KB

MD5
b024a6f227eafa8d43edfc1a560fe651

SHA1
92451be6a2a6bfc4a8de8ad3559ba4a25d409f2e

SHA256
c0dd9496b19ba9536a78a43a97704e7d4bef3c901d196ed385e771366682819d

SHA512
b9edb6d0f1472dd01969e6f160b41c1e7e935d4eebcaf08554195eb85d91c19ff1bfbc150773f197462e582c6d31f12bd0304f636eb4f189ed3ed976824b283e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\_hashlib.pyd

Filesize
64KB

MD5
69dc506cf2fa3da9d0caba05fca6a35d

SHA1
33b24abb7b1d68d3b0315be7f8f49de50c9bdcb6

SHA256
c5b8c4582e201fef2d8cb2c8672d07b86dec31afb4a17b758dbfb2cff163b12f

SHA512
0009ec88134e25325a47b8b358da0fed8bb34fe80602e08a60686f6029b80f4287d33adb66ef41435d11d6edff86a88916f776eeaf2d1cb72035783f109ca1ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\_lzma.pyd

Filesize
160KB

MD5
77b78b43d58fe7ce9eb2fbb1420889fa

SHA1
de55ce88854e314697fa54703a2cd6cc970f3111

SHA256
6e571d93ce55d09583ec91c607883a43c1da3d4d36794d68c6ecd6bea4ab466a

SHA512
7b03b7d3f2fd9b51391de08e69ca9156a0232b56f210878a488b9d5a19492ab5880f45d9407331360fbe543a52c03d68f68da4387bf6a13b20ec903a7b081846

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\_queue.pyd

Filesize
30KB

MD5
328e41b501a51b58644c7c6930b03234

SHA1
bc09f8b62fec750a48bafd9db3494d2f30f7bd54

SHA256
2782cf3c04801ede65011be282e99cd34d163b2b2b2333fd3147b33f7d5e72ab

SHA512
c6e6e6bca0e9c4e84f7c07541995a7ee4960da095329f69120ba631c3c3e07c0441cf2612d9dcc3d062c779aec7d4e6a00f71f57cc32e2a980a1e3574b67d248

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\_socket.pyd

Filesize
79KB

MD5
cd56f508e7c305d4bfdeb820ecf3a323

SHA1
711c499bcf780611a815afa7374358bbfd22fcc9

SHA256
9e97b782b55400e5a914171817714bbbc713c0a396e30496c645fc82835e4b34

SHA512
e937c322c78e40947c70413404beba52d3425945b75255590dedf84ee429f685e0e5bc86ad468044925fbc59cf7ec8698a5472dd4f05b4363da30de04f9609a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\_ssl.pyd

Filesize
153KB

MD5
70014e88ecf3133b7be097536f77b459

SHA1
5d75675bb35ba6fae774937789491e051e62a252

SHA256
d318795c98c5f3c127c8e47220a92acba0736daf31bab0dc9c7e6c3513bb2aa3

SHA512
aa59b32c9164afca1b799e389c7087e95eeaa543790b6f590f9e30aa13b7fdb8cc83d0ef6351f0b578a4da636f4ca1e6dfe4558dcf3a813b744a80f7392aa462

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\_tkinter.pyd

Filesize
65KB

MD5
77cf63868cae43963b69b4561114cd19

SHA1
6975afa15fde28279ede93c78d78847ed58d6221

SHA256
313fb33e72028fcc893ec7874e0c825c035cdcebe1b5b7c7d8d11ef3ad1b354f

SHA512
fcf92377b07a2979b87cce7f545dd5f34df8739e2634d889077a10bb4441853b24a9427fa92ed5cb4694e71ef6421f89e1106bd689f94d11d839e29f576af514

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\base_library.zip

Filesize
1014KB

MD5
8b06eca7d1ca5640aa48f8287bcc3847

SHA1
81cbd84318a9d7aaab6a5e7b9f2d5247aebc71ac

SHA256
9cb58470abed7b95bf29bf2713227ee41c4db56e8ffeda7b0245c99063c480fe

SHA512
b1cf25b6426cd9f8012934b670f3c44da26dc81046c5cddee05ce74637438e45392ed3895376dcdf448439e0eb631d0716a5b384e3a6b1e422270004b0e5a109

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\libcrypto-1_1.dll

Filesize
3.3MB

MD5
ab01c808bed8164133e5279595437d3d

SHA1
0f512756a8db22576ec2e20cf0cafec7786fb12b

SHA256
9c0a0a11629cced6a064932e95a0158ee936739d75a56338702fed97cb0bad55

SHA512
4043cda02f6950abdc47413cfd8a0ba5c462f16bcd4f339f9f5a690823f4d0916478cab5cae81a3d5b03a8a196e17a716b06afee3f92dec3102e3bbc674774f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\libssl-1_1.dll

Filesize
682KB

MD5
de72697933d7673279fb85fd48d1a4dd

SHA1
085fd4c6fb6d89ffcc9b2741947b74f0766fc383

SHA256
ed1c8769f5096afd000fc730a37b11177fcf90890345071ab7fbceac684d571f

SHA512
0fd4678c65da181d7c27b19056d5ab0e5dd0e9714e9606e524cdad9e46ec4d0b35fe22d594282309f718b30e065f6896674d3edce6b3b0c8eb637a3680715c2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\python39.dll

Filesize
4.3MB

MD5
2135da9f78a8ef80850fa582df2c7239

SHA1
aac6ad3054de6566851cae75215bdeda607821c4

SHA256
324963a39b8fd045ff634bb3271508dab5098b4d99e85e7648d0b47c32dc85c3

SHA512
423b03990d6aa9375ce10e6b62ffdb7e1e2f20a62d248aac822eb9d973ae2bf35deddd2550a4a0e17c51ad9f1e4f86443ca8f94050e0986daa345d30181a2369

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\pywintypes39.dll

Filesize
129KB

MD5
74f0a90fbdd64f0c431cbf55a47eab35

SHA1
ef8711c4d6539ef0fde786976f665cd3bacff901

SHA256
684267ae1acf4a7cc069e511ffd72bbc8d9d071ee23c4a7d98156374dbf87958

SHA512
69cfa5766d376fb4caf23e2adb4fa374eb01ec645e1d1b71f44e264c130eee888e75bc46b99465def162601f487b41917bc245aa2d1f9bd194aa7dff31ebb6c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\select.pyd

Filesize
29KB

MD5
35bb285678b249770dda3f8a15724593

SHA1
a91031d56097a4cbf800a6960e229e689ba63099

SHA256
71ed480da28968a7fd07934e222ae87d943677468936fd419803280d0cad07f3

SHA512
956759742b4b47609a57273b1ea7489ce39e29ebced702245a9665bb0479ba7d42c053e40c6dc446d5b0f95f8cc3f2267af56ccaaaf06e6875c94d4e3f3b6094

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\tcl86t.dll

Filesize
1.8MB

MD5
75909678c6a79ca2ca780a1ceb00232e

SHA1
39ddbeb1c288335abe910a5011d7034345425f7d

SHA256
fbfd065f861ec0a90dd513bc209c56bbc23c54d2839964a0ec2df95848af7860

SHA512
91689413826d3b2e13fc7f579a71b676547bc4c06d2bb100b4168def12ab09b65359d1612b31a15d21cb55147bbab4934e6711351a0440c1533fb94fe53313bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\tcl8\8.5\msgcat-1.6.1.tm

Filesize
34KB

MD5
bd4ff2a1f742d9e6e699eeee5e678ad1

SHA1
811ad83aff80131ba73abc546c6bd78453bf3eb9

SHA256
6774519f179872ec5292523f2788b77b2b839e15665037e097a0d4edddd1c6fb

SHA512
b77e4a68017ba57c06876b21b8110c636f9ba1dd0ba9d7a0c50096f3f6391508cf3562dd94aceaf673113dbd336109da958044aefac0afb0f833a652e4438f43

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\tcl\auto.tcl

Filesize
21KB

MD5
08edf746b4a088cb4185c165177bd604

SHA1
395cda114f23e513eef4618da39bb86d034124bf

SHA256
517204ee436d08efc287abc97433c3bffcaf42ec6592a3009b9fd3b985ad772c

SHA512
c1727e265a6b0b54773c886a1bce73512e799ba81a4fceeeb84cdc33f5505a5e0984e96326a78c46bf142bc4652a80e213886f60eb54adf92e4dffe953c87f6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\tcl\encoding\cp1252.enc

Filesize
1KB

MD5
e9117326c06fee02c478027cb625c7d8

SHA1
2ed4092d573289925a5b71625cf43cc82b901daf

SHA256
741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e

SHA512
d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\tcl\http1.0\pkgIndex.tcl

Filesize
746B

MD5
a387908e2fe9d84704c2e47a7f6e9bc5

SHA1
f3c08b3540033a54a59cb3b207e351303c9e29c6

SHA256
77265723959c092897c2449c5b7768ca72d0efcd8c505bddbb7a84f6aa401339

SHA512
7ac804d23e72e40e7b5532332b4a8d8446c6447bb79b4fe32402b13836079d348998ea0659802ab0065896d4f3c06f5866c6b0d90bf448f53e803d8c243bbc63

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\tcl\init.tcl

Filesize
25KB

MD5
982eae7a49263817d83f744ffcd00c0e

SHA1
81723dfea5576a0916abeff639debe04ce1d2c83

SHA256
331bcf0f9f635bd57c3384f2237260d074708b0975c700cfcbdb285f5f59ab1f

SHA512
31370d8390c4608e7a727eed9ee7f4c568ecb913ae50184b6f105da9c030f3b9f4b5f17968d8975b2f60df1b0c5e278512e74267c935fe4ec28f689ac6a97129

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\tcl\opt0.4\pkgIndex.tcl

Filesize
620B

MD5
07532085501876dcc6882567e014944c

SHA1
6bc7a122429373eb8f039b413ad81c408a96cb80

SHA256
6a4abd2c519a745325c26fb23be7bbf95252d653a24806eb37fd4aa6a6479afe

SHA512
0d604e862f3a1a19833ead99aaf15a9f142178029ab64c71d193cee4901a0196c1eeddc2bce715b7fa958ac45c194e63c77a71e4be4f9aedfd5b44cf2a726e76

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\tcl\package.tcl

Filesize
23KB

MD5
ddb0ab9842b64114138a8c83c4322027

SHA1
eccacdc2ccd86a452b21f3cf0933fd41125de790

SHA256
f46ab61cdebe3aa45fa7e61a48930d64a0d0e7e94d04d6bf244f48c36cafe948

SHA512
c0cf718258b4d59675c088551060b34ce2bc8638958722583ac2313dc354223bfef793b02f1316e522a14c7ba9bed219531d505de94dc3c417fc99d216a01463

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\tcl\tclIndex

Filesize
5KB

MD5
c62fb22f4c9a3eff286c18421397aaf4

SHA1
4a49b8768cff68f2effaf21264343b7c632a51b2

SHA256
ddf7e42def37888ad0a564aa4f8ca95f4eec942cebebfca851d35515104d5c89

SHA512
558d401cb6af8ce3641af55caebc9c5005ab843ee84f60c6d55afbbc7f7129da9c58c2f55c887c3159107546fa6bc13ffc4cca63ea8841d7160b8aa99161a185

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\tcl\tm.tcl

Filesize
11KB

MD5
215262a286e7f0a14f22db1aa7875f05

SHA1
66b942ba6d3120ef8d5840fcdeb06242a47491ff

SHA256
4b7ed9fd2363d6876092db3f720cbddf97e72b86b519403539ba96e1c815ed8f

SHA512
6ecd745d7da9d826240c0ab59023c703c94b158ae48c1410faa961a8edb512976a4f15ae8def099b58719adf0d2a9c37e6f29f54d39c1ab7ee81fa333a60f39b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\tk86t.dll

Filesize
1.5MB

MD5
4b6270a72579b38c1cc83f240fb08360

SHA1
1a161a014f57fe8aa2fadaab7bc4f9faaac368de

SHA256
cd2f60075064dfc2e65c88b239a970cb4bd07cb3eec7cc26fb1bf978d4356b08

SHA512
0c81434d8c205892bba8a4c93ff8fc011fb8cfb72cfec172cf69093651b86fd9837050bd0636315840290b28af83e557f2205a03e5c344239356874fce0c72b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\tk\button.tcl

Filesize
21KB

MD5
aeb53f7f1506cdfdfe557f54a76060ce

SHA1
ebb3666ee444b91a0d335da19c8333f73b71933b

SHA256
1f5dd8d81b26f16e772e92fd2a22accb785004d0ed3447e54f87005d9c6a07a5

SHA512
acdad4df988df6b2290fc9622e8eaccc31787fecdc98dcca38519cb762339d4d3fb344ae504b8c7918d6f414f4ad05d15e828df7f7f68f363bec54b11c9b7c43

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\tk\entry.tcl

Filesize
17KB

MD5
f109865c52d1fd602e2d53e559e56c22

SHA1
5884a3bb701c27ba1bf35c6add7852e84d73d81f

SHA256
af1de90270693273b52fc735da6b5cd5ca794f5afd4cf03ffd95147161098048

SHA512
b2f92b0ac03351cdb785d3f7ef107b61252398540b5f05f0cc9802b4d28b882ba6795601a68e88d3abc53f216b38f07fcc03660ab6404cf6685f6d80cc4357fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\tk\icons.tcl

Filesize
10KB

MD5
995a0a8f7d0861c268aead5fc95a42ea

SHA1
21e121cf85e1c4984454237a646e58ec3c725a72

SHA256
1264940e62b9a37967925418e9d0dc0befd369e8c181b9bab3d1607e3cc14b85

SHA512
db7f5e0bc7d5c5f750e396e645f50a3e0cde61c9e687add0a40d0c1aa304ddfbceeb9f33ad201560c6e2b051f2eded07b41c43d00f14ee435cdeee73b56b93c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\tk\listbox.tcl

Filesize
14KB

MD5
804e6dce549b2e541986c0ce9e75e2d1

SHA1
c44ee09421f127cf7f4070a9508f22709d06d043

SHA256
47c75f9f8348bf8f2c086c57b97b73741218100ca38d10b8abdf2051c95b9801

SHA512
029426c4f659848772e6bb1d8182eb03d2b43adf68fcfcc1ea1c2cc7c883685deda3fffda7e071912b9bda616ad7af2e1cb48ce359700c1a22e1e53e81cae34b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\tk\menu.tcl

Filesize
38KB

MD5
078782cd05209012a84817ac6ef11450

SHA1
dba04f7a6cf34c54a961f25e024b6a772c2b751d

SHA256
d1283f67e435aab0bdbe9fdaa540a162043f8d652c02fe79f3843a451f123d89

SHA512
79a031f7732aee6e284cd41991049f1bb715233e011562061cd3405e5988197f6a7fb5c2bbddd1fb9b7024047f6003a2bf161fc0ec04876eff5335c3710d9562

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\tk\panedwindow.tcl

Filesize
5KB

MD5
286c01a1b12261bc47f5659fd1627abd

SHA1
4ca36795cab6dfe0bbba30bb88a2ab71a0896642

SHA256
aa4f87e41ac8297f51150f2a9f787607690d01793456b93f0939c54d394731f9

SHA512
d54d5a89b7408a9724a1ca1387f6473bdad33885194b2ec5a524c7853a297fd65ce2a57f571c51db718f6a00dce845de8cf5f51698f926e54ed72cdc81bcfe54

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\tk\pkgIndex.tcl

Filesize
376B

MD5
3367ce12a4ba9baaf7c5127d7412aa6a

SHA1
865c775bb8f56c3c5dfc8c71bfaf9ef58386161d

SHA256
3f2539e85e2a9017913e61fe2600b499315e1a6f249a4ff90e0b530a1eeb8898

SHA512
f5d858f17fe358762e8fdbbf3d78108dba49be5c5ed84b964143c0adce76c140d904cd353646ec0831ff57cd0a0af864d1833f3946a235725fff7a45c96872eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\tk\scale.tcl

Filesize
7KB

MD5
857add6060a986063b0ed594f6b0cd26

SHA1
b1981d33ddea81cfffa838e5ac80e592d9062e43

SHA256
0da2dc955ffd71062a21c3b747d9d59d66a5b09a907b9ed220be1b2342205a05

SHA512
7d9829565efc8cdbf9249913da95b02d8dadfdb3f455fd3c10c5952b5454fe6e54d95c07c94c1e0d7568c9742caa56182b3656e234452aec555f0fcb76a59fb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\tk\scrlbar.tcl

Filesize
12KB

MD5
5249cd1e97e48e3d6dec15e70b9d7792

SHA1
612e021ba25b5e512a0dfd48b6e77fc72894a6b9

SHA256
eec90404f702d3cfbfaec0f13bf5ed1ebeb736bee12d7e69770181a25401c61f

SHA512
e4e0ab15eb9b3118c30cd2ff8e5af87c549eaa9b640ffd809a928d96b4addefb9d25efdd1090fbd0019129cdf355bb2f277bc7194001ba1d2ed4a581110ceafc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\tk\spinbox.tcl

Filesize
16KB

MD5
77dfe1baccd165a0c7b35cdeaa2d1a8c

SHA1
426ba77fc568d4d3a6e928532e5beb95388f36a0

SHA256
2ff791a44406dc8339c7da6116e6ec92289bee5fc1367d378f48094f4abea277

SHA512
e56db85296c8661ab2ea0a56d9810f1a4631a9f9b41337560cbe38ccdf7dd590a3e65c22b435ce315eff55ee5b8e49317d4e1b7577e25fc3619558015dd758eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\tk\text.tcl

Filesize
34KB

MD5
7c2ac370de0b941ae13572152419c642

SHA1
7598cc20952fa590e32da063bf5c0f46b0e89b15

SHA256
4a42ad370e0cd93d4133b49788c0b0e1c7cd78383e88bacb51cb751e8bfda15e

SHA512
8325a33bfd99f0fce4f14ed5dc6e03302f6ffabce9d1abfefc24d16a09ab3439a4b753cbf06b28d8c95e4ddabfb9082c9b030619e8955a7e656bd6c61b9256c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\tk\tk.tcl

Filesize
23KB

MD5
338184e46bd23e508daedbb11a4f0950

SHA1
437db31d487c352472212e8791c8252a1412cb0e

SHA256
0f617d96cbf213296d7a5f7fcffbb4ae1149840d7d045211ef932e8dd66683e9

SHA512
8fb8a353eecd0d19638943f0a9068dccebf3fb66d495ea845a99a89229d61a77c85b530f597fd214411202055c1faa9229b6571c591c9f4630490e1eb30b9cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\tk\ttk\ttk.tcl

Filesize
4KB

MD5
af45b2c8b43596d1bdeca5233126bd14

SHA1
a99e75d299c4579e10fcdd59389b98c662281a26

SHA256
2c48343b1a47f472d1a6b9ee8d670ce7fb428db0db7244dc323ff4c7a8b4f64b

SHA512
c8a8d01c61774321778ab149f6ca8dda68db69133cb5ba7c91938e4fd564160ecdcec473222affb241304a9acc73a36b134b3a602fd3587c711f2adbb64afa80

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\ucrtbase.dll

Filesize
983KB

MD5
8d78c854fac7afac4c261bb2a38d8f42

SHA1
8326ec243443752718f060560657c5625610bdce

SHA256
8b04be88020bb0465a0f6f038c714138a4121f05245c8b0157eb44252c44ef1e

SHA512
e91c1d88d0d68fe2af5582f1a450b4c80404e8311a7e3cf3ce54df1f1a9463d02faf42bdac5da5a2b89f7fa976920bc6145a98147956d4b6f586a7300b377514

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\unicodedata.pyd

Filesize
1.1MB

MD5
3ba2a20dda6d1b4670767455bbe32870

SHA1
7c98221bc6ed763030087b1f33fb83eac2823ea4

SHA256
3a0987025f1cf2111dc6e4f59402073ba123d7436d809ee4198b4e7bfb8cb868

SHA512
0688f8af3359a8571bef2a89efabc2dbf26f3f5c6220932a4e7df2e33fac95cafee8b80796346ba698e6bf43630b8069f56538b95a8ff62ec21d629787ca5cd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53322\win32api.pyd

Filesize
129KB

MD5
2c792ab3c75a897aaf4355532872e48e

SHA1
eb7742196a17fd7e4badaab82bb32d06f9948082

SHA256
e68bf1a0e2f1aafff0558dcb40b8916f971860eeeaf6ccdf726d4bffbadd7d1e

SHA512
31464abd6e64045308727e71e81969175a521c762e2344112403ff5f998ab6e3249d33e9c8e8e46fd1521c9dd700f535e47435b5ba179e98421dc6f35162eda3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz2551.tmp\StdUtils.dll

Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz2551.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz2551.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz2551.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz2551.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz2551.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
12KB

MD5
d5284d90a35ae29a6a9bf053a2a864da

SHA1
358c3c37303e9377ae16d3695d039aa4e75080cb

SHA256
61fc22cc6267276a9ad33274e8092d3dcf452c6de90d227cf7ecb455f256fdb8

SHA512
6e67b4d3015606b896bfdb5685093531635392ededd8496bb2fe82b91cca5eaceb2622d6553653712aaf84864210f03bac14337590e2403e640fa7f07c26f78e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
14KB

MD5
d85fdec400451a21abea33340f23a1ca

SHA1
367988aa1954676a3edcd8a1fdf355285bbd703d

SHA256
9c1a13a4da46bc5cf80f5dea0ec17f27a1b4463bdb2649fbf2ca0bb1c4d2e25d

SHA512
b1d69a8aa9666d858d4a823adeaa32d512763e6d452ac2748edbdb59ac1eae7624f8f52fa0c2b4f2d0aec8679dd485ae918c358680dd78f46f663ccae06c37d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\AlternateServices.bin

Filesize
43KB

MD5
b33b2e19eaca24d7d6c79384e41d7379

SHA1
2b9469603d8172f3cee1b813b2381fd8f4b8410d

SHA256
5c3267e9dcb4a5e11b2f7776fc6607797b7c7d07c1b233b8913c240d56c11285

SHA512
31d9450344d92acc65c50180a3ada3f39c964d0018b1afd3affabb1b9b84ac5acee184eba4edb00f9adaec6b561e4e84fe8db95d9cc77c699fd8cf53237bc122

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\AlternateServices.bin

Filesize
7KB

MD5
557a57b133a42f95c0423f6eb0b37285

SHA1
425706b04d426be03a60ef876c6de7b661b2b394

SHA256
876d8fec26a51d33a4c8d1395aab83bdbb6ec33c79e620b124548810fbebd0ff

SHA512
fc598cc1d8d797ce4abb6319945930288cb5ee7c8beadc80b30426f0dd346848bb341c02091d71e6f6501755a934bb9f9311c0cca50e3502ad45502e377385ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\AlternateServices.bin

Filesize
25KB

MD5
c10e4372a147419036f91ca25b6fb9ba

SHA1
078f3850a36fb609bf49b2ccc524bde5653f9aae

SHA256
0e296593e33d228eec0156c2603d2b685d9779986eb38573a4968e238052ce4b

SHA512
83e041fa38862f875f5128f2eb047d3d1aec0a89d2365e9f90782c7dbd00835ccc4e3bb0bb53fa05bf78b1d1b25cbfab1d3aca9ea1a5f8815060969b1c560132

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\broadcast-listeners.json

Filesize
209B

MD5
97c3738563a9448365a735f5f29ed3d5

SHA1
15a81433236ca6e6ecc4e1c8d0fdb8523b265c57

SHA256
63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24

SHA512
ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\crashes\store.json.mozlz4

Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp

Filesize
92KB

MD5
176345efd618b6d48f6ea706d338a6ea

SHA1
e116b43ce4e93ffc6b3047bf5f1cb41a864da463

SHA256
fb22f6e3371df1c6e0cea62d30f817788c943eaed121d4d4e185fa36d401974b

SHA512
ac66d1c850b256fc7f7ff9f2c46fc7515703df5d4556d415957b699d937f52621e5da22d7def26c72146670edb7e11d4bde7dbb655e3fdb3bd2c8befa136f247

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp

Filesize
51KB

MD5
4b127397f683768262bea0c76df1654f

SHA1
06af916e55bdc37866a8cb0f79ee32477ca49425

SHA256
2cb01a2ef69e7d25bc7fb06ce1eb564f551e1a48fccb171d3f4b4527d2986402

SHA512
89291807ac1fae77d3671470f3f2c0fed536518fcf7b91719a117e4b60c52d8750e5ad279d8b9d1c2c6a04e5982da2e42268590ad82f4e41259bd167cd90a191

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp

Filesize
55KB

MD5
a44a072eccd93b5f52f6f0245597a793

SHA1
b23938e74ea5b31cb0676a937cba445929c4b121

SHA256
d02c262e39ce7e91163f292a616e02d4aa33d42d276476a4fca0e7440f115d6c

SHA512
95f80b6b4698d2027bc44953a5049ae97c3be2900ffb9d1674791a09c49bef6e11edc0487f88de2da4cce2264f264b49844d422730be65242e6d065524c5f93e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
c4886ade36260b329462aa0af9537547

SHA1
5adfa08e8ae755e74c70f11212b53ce9cf90cd80

SHA256
e861aaa5d9de6b9bef2307b38a64c1f043ceb7c4368ee84baca10b8dce42a782

SHA512
39ddd45874c1e45803034dbffa2b91f93983641fc3c156e6943d0bf9d1ac46981c08c8ea958efa1646060a558925795e039fe3acf7ddeb82cab06441e83b461d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp

Filesize
93KB

MD5
2ff2ececb94d39c7af3e753f248e9171

SHA1
d16568acc998373c273c980a3f032145cf5b8850

SHA256
56201a75a081aa12a16e1260268599b808c058daf5df5a78a5b71db76448ed71

SHA512
c13b57d0b3f16f70d5600d99a06e86c195dfe562b62799a31384e8a5e6dfe93a20a430fec7bdd1fcc17ca6509498ef8c69e930ad29e5f603bbf5143ee4a660a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp

Filesize
58KB

MD5
c300f8a0ddbf465114bde3810bb56341

SHA1
adbd948719230d686cc7c558f9e58fa93bbd7792

SHA256
c2da4b13c57978571a87b5f621bb6eb24b052b62e20e0f9aef1fc26dce8a1931

SHA512
f29fd951d1b42df370cfd051271f1caa9c4c035020f8422899cf8830fb87ae7e60241e07092293d05d489769cc24f6e0ef8059df3f3f25c323540377b29cae65

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
35ce0b27dfdd144e2a2f380b8ba29d0a

SHA1
201f4df5b1d49c19c47003feba1018edd53e7916

SHA256
f96e5326d7688a278b5568afa4eb1af354814314e698917232bd31e3d633d495

SHA512
0bb498bec0b30c305915d0c79850be83611edb09fd900c5b732923ce4deb95128bf7e027db58af1fc3e90088147ce8218e0b306e467ece53873b016b5f2882ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
d8432c3627a6209c4ed24ce8789f3060

SHA1
d00d5b80d7649188fc8d140e714e8e9d87c110c9

SHA256
a2c2cea542098181abf08ba2f1fb3a61320c2148bc593fef911e1cec54df0f57

SHA512
50efb1e005f5429ef9247208955dfb1ed91d1340ef1f49affed21500f501f3332e459006789c5aa4acfb929f6b4748ee8f222e516697198155a39a28a51ef731

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp

Filesize
94KB

MD5
6455606b564f8481709893217283e309

SHA1
40b70034d348e2e2587779773cb9e10a0b84a7c4

SHA256
e9b6a70cef22959d77e81b00262101fd2f7dd25525257b5578f64e61dfb6f32c

SHA512
abf4ea3a86bdaa9284f54c40f5c3c8083587082a24f814f46e8b592c845edee2da2f44d3ffc2a0d7165bbb3e41036f0bfd4c64fa899dcf4485247168949c5d87

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
d75a1447a9d4f13acb49c7600570f38d

SHA1
a3fe9c9c83330ff308eb78d5ccf5a0dc66d55500

SHA256
9786f8d0fe2f373592c3e99aa723bb51aa5e13e44533e2f1a0d63889d16d5f6f

SHA512
f976370b3df92a8fdfe2234bd630f87083006c12f00ef45ef23d8dac7334f7d6cb573855f81416c87b4dbfc3501f250b971c272d721cd98373073cbc447cd58d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\0330d38c-3c8c-42b8-b873-970b20ca6534

Filesize
21KB

MD5
6796c7f5659ca74790ae263f92cbaa08

SHA1
143ab38b7a1380482b5c7e6dfde6b1ee7e42ccf8

SHA256
7e93c68f3ef868c06d6f1f6b681054f842fd0aa09df323cab9e9ac573e826fa1

SHA512
c620a3fb41c742beee4af4643af4aa9289ca902488116b1e55fb58ff0036d60cebc4322f1994f53a342fca9f6ded9d8e7580bc5cfc8a2fd2db36292e74fb03bc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\143a7736-a5dc-4618-aae5-b69a7c08632f

Filesize
734B

MD5
5198f3ad475bae0c2f228b5fd5042f9a

SHA1
3bdb4a94bf3b1f7f80941ed2799271cf3563b49f

SHA256
a3d907832452a16b9afcac33ab9cc0cc3dc8f95b765e3880bc4f849267f371d2

SHA512
d82b432a01c106371a281e94d0f347150940fd7f15b45cfc2eced84cc51e2edb54e95c877f4e2faeafba2004eb0bb3779224163f6c19988a807041cbcc849711

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\4260f719-72b6-43ef-8d43-a47f22396a5b

Filesize
25KB

MD5
dea74c8bf6e53dc665d0e47e268525bb

SHA1
ca95bce7dc42574414f123f44b35d3b7e319671a

SHA256
7ee79041d8bf2e5f9740bead2f40891e37b2fc29b5eab1318968767aafeda219

SHA512
bd26da462f04678f6c2b53209fc0aae59df8de3bf73c633a915f625bb2d1a94e687a29237cc304319330a7a4fa431fd3202800ef49eab386ac08425db377a94d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\45eeba94-b7a3-4ad6-92ac-fc43baac9d09

Filesize
671B

MD5
b66fa1df1390b1b30806bdb0aed3b773

SHA1
bd72b967c159d53ca24e3dd8386565ece666249a

SHA256
e53bd580645a198c6f1d5fe78856d5f9afa85366c8ab0629feaed746adcfcf82

SHA512
1ea40dfcee70f88301b004ae8f0a6d09e7b4adcbf470041c9f1d3f0a741764ad4b8faf09561b90a63dc6b15fd7d6342c64643eae239edc1ff22fea760c0c58b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\89b02a13-30c1-464e-a4a2-5acb66789ddc

Filesize
26KB

MD5
5044204a6cc992e74754ba45d5502ebc

SHA1
b7c5a2de729e6c385b836192f3bc68a55209f87b

SHA256
c5c6285f0dd2fd169fc16bb5cce2c23a936d1201ac3153e139f9e083fe7e28bd

SHA512
967324d12a80d9329b6b3234261a0bb73c4f5cfc9c797c4232fa50be474c93dfddba08001914fa988bee33b6eb442a9b6f488f0ed225ba59d4269727dfaa1b0f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\913b5489-b91a-4442-a2a7-7ba2ba8c440a

Filesize
982B

MD5
bddbf7ef438d1773c08f392c2f9dce27

SHA1
0c9ae5f37aab2e6a933f58de196aea4daa89e08c

SHA256
75642ae39fcaa5c774b2e0aaa595ab2ea5772e400ac948e0bcc19c74f774517c

SHA512
fa8bd86c40ecd049e14f88ae1c0c58cd9d55aa8bde2b53319700d9b0c1c248330d05efe95ef153a4f355f976bae97e9ad8e754d78c67496e21246bcf589dbfaf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\99367082-674a-48b9-bdca-3a8a7e012942

Filesize
1KB

MD5
2251e37b672a2fdb828a727be9349100

SHA1
a859c1e168927b53130a5e687032f57f31ba967e

SHA256
ad576c30c7291c44eebd17508fc165d5ec093f9a2ac373c03c2e45115cca11b8

SHA512
2b63e5e4373b2922016d932f1ede2a976ff02ab272edb30d5ac90b04ada03161ed55f41c857ef255d8bcaecdf0dfebc04168c3271bf87c91f9ba51c8dbd59ee0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\aedc1b84-789b-436d-ad03-9442fac447bb

Filesize
3KB

MD5
c27d88881d23ce4919ed4da1c3d27f74

SHA1
49e4dfe9d97248b9905bdc1f8de8d97500cae21a

SHA256
d805c95f222135fc2181dba0c48de7e7bdff05f2d5aed481ae1a0c447e94167a

SHA512
5c4972611d3d62879ab07b5c048bf0396a40654111f9761d132e7af5c1f97494089b956824f5dfcac02cd8ab168da3747813e69c54e3ae07263ac704a2c88b3d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\c7e28abb-364a-4e15-b2e6-8427f2d34471

Filesize
2KB

MD5
46bbfbd2fff3115f2329e434881f3e13

SHA1
4986b38ccbe4f45ea3d08724cba93be85741c154

SHA256
c292993af132c9564f3f1ebf2eb0d837ab4eff2c22d8241f4be2951a89766778

SHA512
4ba44d453edc7a3ecd4ce6ca51c86852ed3fc66801dc2b1e25f388a8cd1fc71345162595e51bed077fb9f79206a9606f427dfc69aadd3f61d68240db586c2f50

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\cebc6f2e-ef8c-47af-af40-b8d893067124

Filesize
19KB

MD5
ca2c6b358f0281850b0b7cfc6b893b71

SHA1
d2898ad148f3c24e2e91d602050c56c543c71794

SHA256
c6b25881745f6304523dd0ca6c5fd0ede1844fc10be6a16f90f15665d1240956

SHA512
2a824177cb56e0f962919f7f56d639277ecb3070eda33e77e646ab6dbf8e73a074c89b898664027c6bee5344f9cbf9926fdc377c05509de413608db6807accfd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\e9fa97b8-afb5-41bf-ae0a-fee39412d5f1

Filesize
734B

MD5
c6fa781f42d2fb865a25aea725b0f59a

SHA1
84014164adbc4e90dded5251ab4961e52b5797ae

SHA256
4f82c29a80162ddef251cd41a97cfbce6a8a9ebbc5fb82d9a923c222b4dacbdb

SHA512
9c2cc4895607784bbc70290cfe782ca6881573b1d9a87863654c0e5d4902b3355ca92abb4c5b3c83191ba611b42a4a5b52d001549f28684d3322a674f9186f6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\eaab2a8d-dc30-47d4-bfbe-cf1c78a626b9

Filesize
1KB

MD5
6240930f75405207b4a07f12eef74a2c

SHA1
8d95c6ea3b20f6e2d89cefc3b974b9932c1064b9

SHA256
cf82afa0a6b77fe12c888803c0c88e67d75d1f8cfd851c368f40d1c950fe5084

SHA512
06de657dc5853fbb1fbd6360ed48eddc3badc2c0720bafcfdb8012bdf4350cf26346dbd9bc940323afdba5f7b5a7e16a7dc01fd62e46c955c700cfd7bb0e2697

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\places.sqlite

Filesize
5.0MB

MD5
cec8d448f292685048d2e7f2d41a605e

SHA1
e25787b21f388d25ac22587dc53626cb02834b7d

SHA256
e00278d731bf970677cfcb66f946d924d10f734a67167038fe57b664f682f474

SHA512
a26dbc50e4358d063fb9b6804f036d43fd8570fd463fe30ffd20cf6be3d1dbae31ca4e23672f81fd205ff203317473d0f0d1e9a0d2feb3258b0a586fdac27f73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\prefs-1.js

Filesize
11KB

MD5
a87b2f9cda39e962bf234e94e67f4b3a

SHA1
a326e734b545e3ab45ebf16b5c21ac106fcbaea9

SHA256
9eb6eb5e78e0ce2fe40a5e80bfbedcc3ee5c9ef468d939f9fa905ce9cd371b23

SHA512
d3145f6107cff68395d64655f255628ce98fcc6b6701635f5f1c95555ceaa7488b5f42153e8a4aaf44fa001114234f6e86ee2e3d56857c4d6d889658ef228318

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\prefs-1.js

Filesize
12KB

MD5
5ab29d2351fe53957caff4df37112b6d

SHA1
6ffe87fcaeab8771d661311c7d6a40dd4b0ffc6e

SHA256
a77f43742c47e6bc43e13137568dd39161462fd9edd8eb543f2b92817289b38c

SHA512
da03ba435f9847cff5c8985bac8a2f8994e0daead1fc37990034f84eedc387626b996e9eb4c0878f18cb01a85927047fc44fba0809e13dc3cc8fa747a4f90752

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\prefs-1.js

Filesize
10KB

MD5
62adf1a87fa26f6b5f5eb6bf349e46e5

SHA1
012583c4ee867748c63cec939548b229b95e5b7b

SHA256
02d38f40dd93ce374ed895a494d99119bc4c2879b70bc980832441659c93912f

SHA512
b3a018560cd10eb9e2a6b3b940226192ba3bccd958fc07da57ff4ba9f719d09627b586ad5bf079a8fba57295f5bea014d66270531db821721f13984a95fa5ccf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\prefs-1.js

Filesize
12KB

MD5
680def03215325acea68169560136de2

SHA1
9ae9274c3596c985f969276232d69ff6f480f08a

SHA256
a910780406850a37d1e77df8c2d245deba7045759ee6e566e85248ed43a7f3e9

SHA512
31bac8e8431ef952c9dce8770f29dbe44013121f0c00d2cd3121fbdb7392fec7c50f34f4722009d0b9d5bee928fd69a5cf73d2153b5e0b7bd864c2a897bd74af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\prefs-1.js

Filesize
12KB

MD5
0b3ec98c70733f5ba47073dc268f6360

SHA1
e581274d643ebe01c0ca6203f574579f9ecc420d

SHA256
79e36085a75ad961507b1160cdb14941d17ec3309ba6acc77eab23303b70c668

SHA512
ea63112c4abd4f018ebf39c7624d2f121e916b3d5d7ba6c4d633029b223a6fff1b5bfaf2cec906bb6e087986eb78ff3787871c5ba5462f361498c081c17f8fac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\prefs.js

Filesize
10KB

MD5
df37bea78dd897e174429ef6b9b3857e

SHA1
9a8d8a8939981ac354fc716931b192d478d25302

SHA256
0931e7e2754acc378e9f43abee4ef5dd1aed883c47f83fbe9589ee82c860c43d

SHA512
7070e31b6123d95b1b1d784e33419fd36ef693ae7a413ac37b0b39e92cbe455eeb3348b821fe214b031fc61a3fe2efcc94152a125b9fec420087eac644c77384

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionCheckpoints.json

Filesize
193B

MD5
2ad4fe43dc84c6adbdfd90aaba12703f

SHA1
28a6c7eff625a2da72b932aa00a63c31234f0e7f

SHA256
ecb4133a183cb6c533a1c4ded26b663e2232af77db1a379f9bd68840127c7933

SHA512
2ee947dcf3eb05258c7a8c45cb60082a697dbe6d683152fe7117d20f7d3eb2beaaf5656154b379193cdc763d7f2f3b114cf61b4dd0f8a65326e662165ccf89cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionCheckpoints.json

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionCheckpoints.json

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionCheckpoints.json

Filesize
228B

MD5
a0821bc1a142e3b5bca852e1090c9f2c

SHA1
e51beb8731e990129d965ddb60530d198c73825f

SHA256
db037b650f36ff45da5df59bc07b0c5948f9e9b7b148ead4454ab84cb04fd0e2

SHA512
997528e2ecd24a7e697d95cd1a2a7de46a3d80b37fd67fac4fb0da0db756b60a24648b7074255dc38f7651302f70894a53c3d789f3d7cd9f80fb91bd0cade4be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
648ea624280e409ac3a7f120b5e9000e

SHA1
168bd9dd85eb0603e0db6bef23a0df64f916bf83

SHA256
ea208bf36fe4e150165db9ff5972004c6f468114058d6dbe5d0350f85e8fc08a

SHA512
49520e85cd86cdb0b9fcefecaabc99ba3915ed5ce0b622ffe752de94df6d1fbf3f2fbae13ee18397b32477aadfb23280e42be6f92ec1c74feb4f246c60eb7e32

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
0505b59e73619797e06ecdfab6957669

SHA1
a58def521b0572a1cb18bef3a9d668192538e76c

SHA256
8e6239785645b6718fcb9bd29580d4b875cae5e3405254c7b2c1db80e3efad60

SHA512
78d07f70eec82dfe2756fc8e03603e3fbba30c2c2e40ce57f1540c6a43fec7d0a421a7bcf1d99cee94c392e47e427c8e5e8b68284a5fb97ac3ef29c3776b2a29

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionstore-backups\recovery.baklz4

Filesize
93KB

MD5
c615b969dfc5330fe520fbc5bb45ac8d

SHA1
20b33d518ccd39325e64b9d957b672b80b3d777c

SHA256
182b7a8398f8f8bf83ae8b6d29357d800d56abcdfcae4629f78954d1cf93f4c1

SHA512
e2e6b3eff3b8d62fba218841cfee8dbaeae34fc10345d1dab55d15b69d5e2f6ab83ba86356d924f73cf5d2d5868d60f8d0e2624c0cb6f81d0fb9cfb8be088892

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
14e319d616cb1b2ad0d13111ca0a366d

SHA1
1696a0328c63f5ea80ceda1a94aa3bc567913088

SHA256
b1f0a6abbe5b78916dc2b808b50fc7aee0e80e76144d879c631bee25204a33e1

SHA512
33a34b209f37faa7315254da6e741d7a7c8c3b4db045d89f6d22e2e259e85c367f7a45cf236b46169eb5456fe206ab550cabb1478dd138d9eb9b9be1493a69ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
d1fa3f9cb96645b88edd91e5d4e0f178

SHA1
e8931486db6561d9736724909cd99dae0685617b

SHA256
3f1f1c178eef756824f3b9d3e295fc33058b2adf8c3efb5513548cb9f302b971

SHA512
6d21cf8c1b93cbb70b13ce9c63498ce54d5a271a478b48a95aa01a50c1973c339b505eddd8e6ba473bc1c0b5105c8e6c6a8142a890fa5cfb88ee0e7c9cd4bff5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
6c834bd7e544bbbb88473a843c5a2812

SHA1
313a02dc48bdbe18ace842e0e51d3fbe76a7b703

SHA256
393c9d7fa932af28fd7f4ef5b2a6cb23ee5a6dae0cf965501674d1def49a2ad6

SHA512
88e8fea2ebfd281c7258464161b265ae415e1d97c1d1cce6dc6b5490e8de2574770f2197f594eb6e66b109fb5ad0df9236b464432da800f9ffe5fc04cf502170

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionstore-backups\recovery.baklz4

Filesize
51KB

MD5
33ce17486363d8d4c7f9dc4cb9c55a21

SHA1
223f714997dd7ea2b56800ca7bb8dd43d34ae2a3

SHA256
eeb0a9ee7a9b3ccc241e8e4688838cc1683b0afc8c1347d489cebe2d87b5bca9

SHA512
bcc099087d82e5bede340aac8aa0e83d38f5e68a30fe05dee88cb26e0428d7022e9f558d1f11d113dfd859ec77a36bcdaf7c01c91a854711b33131751cbd09b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionstore-backups\recovery.baklz4

Filesize
92KB

MD5
9ebfd0607d01437a4de1b1d710a934e8

SHA1
e65c88d629e498197218170c2df51adeebf45550

SHA256
88d48abb3ea7bb40a769c31cf753ff305562a906bc300423c9371984b4307af4

SHA512
31964eacaecb3e53fce0253f4c14a8e4ce803206d0a17e0df15dc0be993e9de1e816cb239ce269d737864b8a0c91b318be19b9d9633cf88457847e0b5d6224a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
a15f3d081b553b2d48e67a15b7aae542

SHA1
5fe453ce972fea8ae4cfc9317926c8c40bf5ef4d

SHA256
75ab0dc84c85f64f4d649477a5a42f63062f985914d127cb7a50ca4c7faaa5f3

SHA512
7b3a28d6de38d21186c73a6aefe23c6e3188a6256d1ca23ae24b5d4f253c3df210391222b9e61306fe2cb7a5f37b70887e6778229b3c3ef30bfdc17c315fcddf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
81eb10c4fb640c7ecb58cf44170031b8

SHA1
6e95c6cd0d5d326e2ac8c7692417c0f814fde8b3

SHA256
fbe51c89af95b3b063279e65c1158e822fbe1ec250e2782df8d29f54a8fecc3c

SHA512
141ebe44afc156eeefcdf4219c9e07f00e5ff4a442a07c8e6201779078ca37b09ff7f6ea58410e87d20aefa6562d3dafa52e3fe2ef7f8fc9df13ac0e83de7dfe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
4c762121e7d608c9eda49225313417ff

SHA1
359e84c0a6a9a312dc4e568530f79e26788ba6db

SHA256
5d992fe77cee5e8b678d8bfcc22d432d0d4867b94da373c8117175d2a8d8777a

SHA512
76c611bbc695b90f84e51bdb008387f4e4fff93aa0888c1d086bec689cbc2752e1f3629b5d1bdeae03728939b433b8214cd9e72759a283840ad3d4e9627e08d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionstore-backups\recovery.baklz4

Filesize
42KB

MD5
5f647d5428faf33fa613615902430324

SHA1
b8ce70b7c6fb05a97d92902bbdfcbff0667e92e7

SHA256
ae0ea8025935c52c2db25251c41b4b4372ceeeef5aa3c91f11ef8ed84a51f43c

SHA512
e4de1f2d21815eaa6334c6f09b9bfce728c1b77051ebecc6a9c8306f31d0e623ac664afb33f107c4f89a3ccee209311e881c9117d79c5d71f4b528a0ea1eb358

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionstore-backups\recovery.baklz4

Filesize
90KB

MD5
7991b61e32c246f0f9412180b6721805

SHA1
3f2a8c810643d78bebd1187d3347e53271be4f21

SHA256
7f34fbffac1e721055c7724ed553ce4cd87625771e78a070debce9b068720475

SHA512
696d73c9bf99612775ecb7c41a9adbd62e52b32626d39d30965c4853f404a06de2904025b0444a3f33bda969aaa2b486ed106ae139d66e885ff7f695edcc6912

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\storage\default\https+++wetransfer.com\idb\3865057905o3rVino.sqlite

Filesize
48KB

MD5
b1f2b50630924efac1a2a7509379a6ca

SHA1
628953e1562464b4e3f0c452084e3fcfeda1e6a1

SHA256
dab341217a35444d3bf6373b30992cd43edd8376fb395a34ce18322d79a7aa33

SHA512
411e769ed9a784f30cb69435e2ba117c9bc7f89ddc63dd1d10e1b7f7b481824ae55e3a389af39b98937c14ed273ad310457069b9231f88aa5e19b7342a022078

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\xulstore.json

Filesize
141B

MD5
d7a9c29a5421078a9135ccf1cade552a

SHA1
e1b43108778d359d8d9287cf59225617e1769463

SHA256
bade20948c677d1d458e39a4cf6d8c4d8237263d55e63370d6272fa3243ffe28

SHA512
49553b13fa1cc8d257f2ca9056742e6e11fbdce21633edeb5af6f863294f97ccf3cabe851d94bcedba03e2716311a48dcf8064eb1500f8a7c400b049bf48296f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\xulstore.json

Filesize
217B

MD5
3c7edbdeecdb47fba617e3d03c36b0d3

SHA1
53628ce8c5170810fabafab8e001bfd971d47825

SHA256
c3db6f2519b071b7441022f9ed508b0da5ba40295be0ee449a27bd6146595d04

SHA512
bbf56ea374114173f7de198cd71ac6e75276b0f30926c6690db512f45ac2e54d099d990c285578f702696494d2884d8550e5dddadeee01077933034ac3817842

Download Submit
C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe

Filesize
10.0MB

MD5
9b13d23586bc94a9a03a74c703544d2f

SHA1
404294664583896fc4e2fa82efcf30cea4d24a26

SHA256
4544dd9ccce49465d264ed6725036551c32975ab96014322f65499b79497f56a

SHA512
02f72f2d26fa0c96a82e1a310fa7769b51822bccce2c4241571e89fae6493078b3eb13e2f71a5214ab2e95a59f3a14b74591d9b9c2a76636e73b5179e4a4bc5f

Download Submit
C:\Users\Admin\Downloads\Steam.AbAnaC86.Auto.Cracker.GUI.v2.2.1.zip.part

Filesize
16.5MB

MD5
93dd0c79faaa39c57d67aa07aed48c24

SHA1
65490baf70f3cd3375a161556dc908aaa683c085

SHA256
c4949e748348256c219ec0406d2e16e3f4845fe676d3dc26dbfcb2059afdfa81

SHA512
4f1bca38cec5c74f5c3dc0836086387ec57303d9b9231be8312159173e0ed519dd48aa4f5aa061c28c378b39e271790effafb6026ad95476dc8f74769b637ac0

Download Submit
C:\Users\Admin\Downloads\SteamSetup.exe

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit
memory/3004-16135-0x000002192AC50000-0x000002192ACEE000-memory.dmp

Filesize
632KB

Download
memory/3004-16085-0x000002192A9B0000-0x000002192A9B8000-memory.dmp

Filesize
32KB

Download
memory/3004-16229-0x000002192AC50000-0x000002192ACEE000-memory.dmp

Filesize
632KB

Download
memory/3004-16084-0x000002192AC50000-0x000002192ACEE000-memory.dmp

Filesize
632KB

Download
memory/3004-16115-0x000002192AC50000-0x000002192ACEE000-memory.dmp

Filesize
632KB

Download
memory/3004-16152-0x000002192AC50000-0x000002192ACEE000-memory.dmp

Filesize
632KB

Download
memory/4604-16082-0x0000020DD8200000-0x0000020DD829E000-memory.dmp

Filesize
632KB

Download
memory/4604-15911-0x00007FFDD52B0000-0x00007FFDD52B1000-memory.dmp

Filesize
4KB

Download
memory/4604-16133-0x0000020DD8200000-0x0000020DD829E000-memory.dmp

Filesize
632KB

Download
memory/4604-16108-0x0000020DD8200000-0x0000020DD829E000-memory.dmp

Filesize
632KB

Download
memory/4604-16083-0x0000020DD7EE0000-0x0000020DD7EE8000-memory.dmp

Filesize
32KB

Download
memory/4604-15912-0x00007FFDD5780000-0x00007FFDD5781000-memory.dmp

Filesize
4KB

Download
memory/6136-15885-0x00000000007F0000-0x0000000000CA2000-memory.dmp

Filesize
4.7MB

Download
memory/17164-16107-0x000000006F330000-0x000000007071B000-memory.dmp

Filesize
19.9MB

Download
memory/17164-16226-0x000000006F330000-0x000000007071B000-memory.dmp

Filesize
19.9MB

Download
memory/17164-16212-0x000000006F330000-0x000000007071B000-memory.dmp

Filesize
19.9MB

Download
memory/17164-16168-0x000000006F330000-0x000000007071B000-memory.dmp

Filesize
19.9MB

Download
memory/17164-16146-0x000000006F330000-0x000000007071B000-memory.dmp

Filesize
19.9MB

Download
memory/17164-16123-0x000000006F330000-0x000000007071B000-memory.dmp

Filesize
19.9MB

Download
memory/17164-16117-0x000000006F330000-0x000000007071B000-memory.dmp

Filesize
19.9MB

Download
memory/17164-16112-0x000000006F330000-0x000000007071B000-memory.dmp

Filesize
19.9MB

Download
memory/17164-16102-0x000000006F330000-0x000000007071B000-memory.dmp

Filesize
19.9MB

Download
memory/17164-16088-0x000000006F330000-0x000000007071B000-memory.dmp

Filesize
19.9MB

Download
memory/17164-16075-0x000000006F330000-0x000000007071B000-memory.dmp

Filesize
19.9MB

Download
memory/20140-16205-0x0000029833EE0000-0x0000029833EE8000-memory.dmp

Filesize
32KB

Download
memory/20140-16204-0x0000029834000000-0x000002983409E000-memory.dmp

Filesize
632KB

Download