hxxps://gamejolt[.]com/games/sonic-exe-the-game/16239

Analysis

max time kernel
1134s
max time network
1208s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
31-10-2024 11:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gamejolt.com/games/sonic-exe-the-game/16239

Score

8^/10

steam discovery persistence phishing

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

steamwebhelper.exesteamwebhelper.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe

Executes dropped EXE 20 IoCs

Processes:

ChilledWindows.exeDolphin.exeSteamSetup.exeSteamSetup.exesteamservice.exesteam.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exegldriverquery64.exegldriverquery.exesteamwebhelper.exesteamwebhelper.exevulkandriverquery64.exevulkandriverquery.exesteamwebhelper.exesteamwebhelper.exesteamerrorreporter.exe

pid	process
5124	ChilledWindows.exe
372	Dolphin.exe
408	SteamSetup.exe
2864	SteamSetup.exe
1168	steamservice.exe
5468	steam.exe
7592	steam.exe
7500	steamwebhelper.exe
1572	steamwebhelper.exe
8500	steamwebhelper.exe
464	steamwebhelper.exe
552	gldriverquery64.exe
6712	gldriverquery.exe
7248	steamwebhelper.exe
4888	steamwebhelper.exe
8960	vulkandriverquery64.exe
8968	vulkandriverquery.exe
5024	steamwebhelper.exe
7820	steamwebhelper.exe
6476	steamerrorreporter.exe

Loads dropped DLL 59 IoCs

Processes:

SteamSetup.exeSteamSetup.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamerrorreporter.exe

pid	process
408	SteamSetup.exe
2864	SteamSetup.exe
408	SteamSetup.exe
408	SteamSetup.exe
408	SteamSetup.exe
408	SteamSetup.exe
408	SteamSetup.exe
408	SteamSetup.exe
408	SteamSetup.exe
7592	steam.exe
7592	steam.exe
7592	steam.exe
7592	steam.exe
7592	steam.exe
7592	steam.exe
7592	steam.exe
7592	steam.exe
7592	steam.exe
7592	steam.exe
7592	steam.exe
7592	steam.exe
7592	steam.exe
7592	steam.exe
7500	steamwebhelper.exe
7500	steamwebhelper.exe
7500	steamwebhelper.exe
7500	steamwebhelper.exe
1572	steamwebhelper.exe
1572	steamwebhelper.exe
1572	steamwebhelper.exe
7592	steam.exe
8500	steamwebhelper.exe
8500	steamwebhelper.exe
8500	steamwebhelper.exe
8500	steamwebhelper.exe
8500	steamwebhelper.exe
8500	steamwebhelper.exe
8500	steamwebhelper.exe
7592	steam.exe
464	steamwebhelper.exe
464	steamwebhelper.exe
464	steamwebhelper.exe
7592	steam.exe
7248	steamwebhelper.exe
7248	steamwebhelper.exe
7248	steamwebhelper.exe
4888	steamwebhelper.exe
4888	steamwebhelper.exe
4888	steamwebhelper.exe
4888	steamwebhelper.exe
5024	steamwebhelper.exe
5024	steamwebhelper.exe
5024	steamwebhelper.exe
7820	steamwebhelper.exe
7820	steamwebhelper.exe
7820	steamwebhelper.exe
7820	steamwebhelper.exe
6476	steamerrorreporter.exe
6476	steamerrorreporter.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

SteamSetup.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

ChilledWindows.exe

description	ioc	process
File opened (read-only)	\??\E:	ChilledWindows.exe
File opened (read-only)	\??\G:	ChilledWindows.exe
File opened (read-only)	\??\U:	ChilledWindows.exe
File opened (read-only)	\??\V:	ChilledWindows.exe
File opened (read-only)	\??\Q:	ChilledWindows.exe
File opened (read-only)	\??\R:	ChilledWindows.exe
File opened (read-only)	\??\S:	ChilledWindows.exe
File opened (read-only)	\??\Z:	ChilledWindows.exe
File opened (read-only)	\??\K:	ChilledWindows.exe
File opened (read-only)	\??\T:	ChilledWindows.exe
File opened (read-only)	\??\W:	ChilledWindows.exe
File opened (read-only)	\??\A:	ChilledWindows.exe
File opened (read-only)	\??\B:	ChilledWindows.exe
File opened (read-only)	\??\H:	ChilledWindows.exe
File opened (read-only)	\??\I:	ChilledWindows.exe
File opened (read-only)	\??\O:	ChilledWindows.exe
File opened (read-only)	\??\P:	ChilledWindows.exe
File opened (read-only)	\??\X:	ChilledWindows.exe
File opened (read-only)	\??\Y:	ChilledWindows.exe
File opened (read-only)	\??\J:	ChilledWindows.exe
File opened (read-only)	\??\L:	ChilledWindows.exe
File opened (read-only)	\??\M:	ChilledWindows.exe
File opened (read-only)	\??\N:	ChilledWindows.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service
T1102

Processes:

flow ioc

233 drive.google.com
234 drive.google.com
417 drive.google.com
223 raw.githubusercontent.com
224 raw.githubusercontent.com
232 drive.google.com
Detected potential entity reuse from brand STEAM.
phishing steam

flow	ioc
233	drive.google.com
234	drive.google.com
417	drive.google.com
223	raw.githubusercontent.com
224	raw.githubusercontent.com
232	drive.google.com

Drops file in Program Files directory 64 IoCs

Processes:

steam.exesteamwebhelper.exe

description	ioc	process
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0320.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_lstick_touch_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_r_up_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_r_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_dpad_right_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\templates\controller_android_wasd.vdf_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\chunk~1a96cdf59.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_100_target_0050.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steampops_vietnamese-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_lt_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_ltrackpad_right_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_lstick_touch.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_dpad_left_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\minithrobber08.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_lstick_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_lt_soft_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_l1_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_lstick_down.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_110_social_0110.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_l_ring_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_rb.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_lt_soft.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_l_up_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_color_button_x_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_mouse_scroll_down_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_german-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\icon_groupchat_idle.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_buttons_s_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_details_hover.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\vgui_korean.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_dpad_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_l_ring_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_110_social_0110.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_koreana-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_thai-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox_p2.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\filter_profanity_latam.txt.gz_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\ssa\eula_german_bigpicture.html_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\Receipt_PreorderCancelled.res_	steam.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping7500_1362749432\_metadata\verified_contents.json	steamwebhelper.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_button_x.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_rstick_right.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_button_steam_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_l_right.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_buttons_s_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_button_capture.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\VkLayer_khronos_validation.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\SteamOverlayVulkanLayer64.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_mouse_5.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_lstick_click_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_ltrackpad_left_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_030_inv_0308.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_r_up_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_dpad_left.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\GameOverlayRenderer.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\steamui_postlogon_romanian.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\hp_m2-1.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_p1_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_vr.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_outlined_button_circle_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_color_button_square_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_color_outlined_button_triangle_lg.png_	steam.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

steam.exeSteamSetup.exeSteamSetup.exesteamservice.exesteam.exeBTD5-Win.exegldriverquery.exevulkandriverquery.exesteamerrorreporter.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BTD5-Win.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamerrorreporter.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

steam.exesteam.exesteamwebhelper.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 41 IoCs

Processes:

steamservice.exeChilledWindows.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steam\Shell	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steamlink\Shell	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steamlink\Shell\Open	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steamlink\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2045521122-590294423-3465680274-1000\{127B5BC3-92B9-4734-9DAB-DEE32C147DE6}	ChilledWindows.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steam\Shell\Open	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steamlink	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steam	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steamlink\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steam\ = "URL:steam protocol"	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe

NTFS ADS 4 IoCs

Processes:

msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 534692.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 463064.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 69932.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 583906.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exetaskmgr.exemsedge.exe

pid	process
4576	msedge.exe
4576	msedge.exe
3968	msedge.exe
3968	msedge.exe
3712	identity_helper.exe
3712	identity_helper.exe
5608	msedge.exe
5608	msedge.exe
4228	msedge.exe
4228	msedge.exe
5180	taskmgr.exe
5180	taskmgr.exe
6024	msedge.exe
6024	msedge.exe
6024	msedge.exe
6024	msedge.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

taskmgr.exesteam.exe

pid process

5180 taskmgr.exe
7592 steam.exe

pid	process
5180	taskmgr.exe
7592	steam.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 50 IoCs

Processes:

msedge.exe

pid	process
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

AUDIODG.EXEtaskmgr.exeChilledWindows.exesteamservice.exesteamwebhelper.exe

description	pid	process
Token: 33	2360	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2360	AUDIODG.EXE
Token: SeDebugPrivilege	5180	taskmgr.exe
Token: SeSystemProfilePrivilege	5180	taskmgr.exe
Token: SeCreateGlobalPrivilege	5180	taskmgr.exe
Token: SeShutdownPrivilege	5124	ChilledWindows.exe
Token: SeCreatePagefilePrivilege	5124	ChilledWindows.exe
Token: SeShutdownPrivilege	5124	ChilledWindows.exe
Token: SeCreatePagefilePrivilege	5124	ChilledWindows.exe
Token: SeShutdownPrivilege	5124	ChilledWindows.exe
Token: SeCreatePagefilePrivilege	5124	ChilledWindows.exe
Token: 33	5180	taskmgr.exe
Token: SeIncBasePriorityPrivilege	5180	taskmgr.exe
Token: SeSecurityPrivilege	1168	steamservice.exe
Token: SeSecurityPrivilege	1168	steamservice.exe
Token: SeShutdownPrivilege	7500	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7500	steamwebhelper.exe
Token: SeShutdownPrivilege	7500	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7500	steamwebhelper.exe
Token: SeShutdownPrivilege	7500	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7500	steamwebhelper.exe
Token: SeShutdownPrivilege	7500	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7500	steamwebhelper.exe
Token: SeShutdownPrivilege	7500	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7500	steamwebhelper.exe
Token: SeShutdownPrivilege	7500	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7500	steamwebhelper.exe
Token: SeShutdownPrivilege	7500	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7500	steamwebhelper.exe
Token: SeShutdownPrivilege	7500	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7500	steamwebhelper.exe
Token: SeShutdownPrivilege	7500	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7500	steamwebhelper.exe
Token: SeShutdownPrivilege	7500	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7500	steamwebhelper.exe
Token: SeShutdownPrivilege	7500	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7500	steamwebhelper.exe
Token: SeShutdownPrivilege	7500	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7500	steamwebhelper.exe
Token: SeShutdownPrivilege	7500	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7500	steamwebhelper.exe
Token: SeShutdownPrivilege	7500	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7500	steamwebhelper.exe
Token: SeShutdownPrivilege	7500	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7500	steamwebhelper.exe
Token: SeShutdownPrivilege	7500	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7500	steamwebhelper.exe
Token: SeShutdownPrivilege	7500	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7500	steamwebhelper.exe
Token: SeShutdownPrivilege	7500	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7500	steamwebhelper.exe
Token: SeShutdownPrivilege	7500	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7500	steamwebhelper.exe
Token: SeShutdownPrivilege	7500	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7500	steamwebhelper.exe
Token: SeShutdownPrivilege	7500	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7500	steamwebhelper.exe
Token: SeShutdownPrivilege	7500	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7500	steamwebhelper.exe
Token: SeShutdownPrivilege	7500	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7500	steamwebhelper.exe
Token: SeShutdownPrivilege	7500	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7500	steamwebhelper.exe
Token: SeShutdownPrivilege	7500	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exetaskmgr.exe

pid	process
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe
5180	taskmgr.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

SteamSetup.exeSteamSetup.exesteamservice.exesteam.exe

pid process

408 SteamSetup.exe
2864 SteamSetup.exe
1168 steamservice.exe
7592 steam.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3968 wrote to memory of 4884	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 4884	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 1656	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 4576	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 4576	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 4312	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 4312	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 4312	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 4312	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 4312	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 4312	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 4312	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 4312	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 4312	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 4312	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 4312	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 4312	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 4312	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 4312	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 4312	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 4312	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 4312	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 4312	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 4312	3968	msedge.exe	msedge.exe
PID 3968 wrote to memory of 4312	3968	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gamejolt.com/games/sonic-exe-the-game/16239
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb346f46f8,0x7ffb346f4708,0x7ffb346f4718
2⤵
PID:4884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
2⤵
PID:1656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2588 /prefetch:8
2⤵
PID:4312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
2⤵
PID:4268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
2⤵
PID:2884

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8
2⤵
PID:2728

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5164 /prefetch:8
2⤵
PID:996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
2⤵
PID:5180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
2⤵
PID:5188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
2⤵
PID:5416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
2⤵
PID:5424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
2⤵
PID:5704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
2⤵
PID:5960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5820 /prefetch:8
2⤵
PID:5968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
2⤵
PID:6068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6092 /prefetch:8
2⤵
PID:5204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
2⤵
PID:1820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
2⤵
PID:5260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
2⤵
PID:5688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
2⤵
PID:2384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
2⤵
PID:2548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
2⤵
PID:4848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
2⤵
PID:1164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
2⤵
PID:5592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
2⤵
PID:5832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3068 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
2⤵
PID:4400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
2⤵
PID:2384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
2⤵
PID:5168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1
2⤵
PID:3564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7712 /prefetch:1
2⤵
PID:6004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6120 /prefetch:8
2⤵
PID:2728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7392 /prefetch:1
2⤵
PID:2804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:1
2⤵
PID:5876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7940 /prefetch:1
2⤵
PID:6040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8024 /prefetch:1
2⤵
PID:4468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7448 /prefetch:1
2⤵
PID:524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
2⤵
PID:2124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
2⤵
PID:1320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1
2⤵
PID:4264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2580 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4228

C:\Users\Admin\Downloads\ChilledWindows.exe
"C:\Users\Admin\Downloads\ChilledWindows.exe"
2⤵
- Executes dropped EXE
- Enumerates connected drives
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:5124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7480 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
2⤵
PID:3412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
2⤵
PID:3592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1
2⤵
PID:2240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
2⤵
PID:1592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:1
2⤵
PID:5404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
2⤵
PID:5844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
2⤵
PID:5244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
2⤵
PID:4268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6624 /prefetch:8
2⤵
PID:5656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7312 /prefetch:8
2⤵
PID:964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1
2⤵
PID:1324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6500 /prefetch:8
2⤵
PID:4964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
2⤵
PID:5160

C:\Users\Admin\Downloads\Dolphin.exe
"C:\Users\Admin\Downloads\Dolphin.exe"
2⤵
- Executes dropped EXE
PID:372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2608 /prefetch:1
2⤵
PID:2856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8132 /prefetch:1
2⤵
PID:4404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1
2⤵
PID:3448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8224 /prefetch:1
2⤵
PID:1228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1
2⤵
PID:5460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
2⤵
PID:1964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
2⤵
PID:4500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
2⤵
PID:1368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8524 /prefetch:1
2⤵
PID:692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8452 /prefetch:8
2⤵
PID:2616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
2⤵
PID:2340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9076 /prefetch:8
2⤵
PID:5136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,3063893115049695356,14321393649690329959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7312 /prefetch:8
2⤵
PID:5560

C:\Users\Admin\Downloads\SteamSetup.exe
"C:\Users\Admin\Downloads\SteamSetup.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:408

C:\Program Files (x86)\Steam\bin\steamservice.exe
"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1168

C:\Users\Admin\Downloads\SteamSetup.exe
"C:\Users\Admin\Downloads\SteamSetup.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:996

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x3dc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2360

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
1⤵
PID:5876

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:5180

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 420 -p 5124 -ip 5124
1⤵
PID:4468

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
1⤵
PID:5124

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\Temp1_Bloons.TD.5.v3.6.zip\Bloons.TD.5.v3.6\BTD5-Win.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Bloons.TD.5.v3.6.zip\Bloons.TD.5.v3.6\BTD5-Win.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2932

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:5468

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:7592

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=7592" "-buildid=1726604483" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-userdatadir=C:\Users\Admin\AppData\Local\Steam\cefdata" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:7500

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1726604483 --initial-client-data=0x368,0x36c,0x370,0x344,0x374,0x7ffb244cee38,0x7ffb244cee48,0x7ffb244cee58
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1572

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1664 --field-trial-handle=1736,i,852668519558659935,12877541214575849523,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:8500

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2184 --field-trial-handle=1736,i,852668519558659935,12877541214575849523,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:464

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2512 --field-trial-handle=1736,i,852668519558659935,12877541214575849523,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:7248

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --first-renderer-process --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2932 --field-trial-handle=1736,i,852668519558659935,12877541214575849523,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:4888

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1244 --field-trial-handle=1736,i,852668519558659935,12877541214575849523,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5024

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1092 --field-trial-handle=1736,i,852668519558659935,12877541214575849523,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:7820

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
.\bin\gldriverquery64.exe
3⤵
- Executes dropped EXE
PID:552

C:\Program Files (x86)\Steam\bin\gldriverquery.exe
.\bin\gldriverquery.exe
3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6712

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
.\bin\vulkandriverquery64.exe
3⤵
- Executes dropped EXE
PID:8960

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
.\bin\vulkandriverquery.exe
3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:8968

C:\Program Files (x86)\Steam\steamerrorreporter.exe
C:\Program Files (x86)\Steam\steam
3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:6476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files (x86)\Steam\package\tmp\siteserverui\images\steam_spinner.png_

Filesize
1.5MB

MD5
220d457252003a47bd6c120b059c2a92

SHA1
35f68a1017339b27c98a64d87540d7adcd241ad1

SHA256
4d1f5f98d7e42ba4338d0388fb386344d5c374a47d45fde1ef5b3606080f5e8f

SHA512
7768d3c36cc77be7088a1ff5529e6cde2ccc1b0715c8f3dfbf7447685414e7982aa0202e85fb913eaae8be4ec70d3a8c5d09953e7f3ce524b97ba8d266f91d5c

Download Submit
C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping7500_1362749432\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping7500_1362749432\manifest.json

Filesize
1003B

MD5
32ef54fcac37d3d390c05880067559d6

SHA1
ab44258473c7c1a920596ccc33463a765e5fe60f

SHA256
d97f5e50808d1ef75bb241df2dde8f7293b9bfcd498dc525e258c97b39564211

SHA512
3bcdd94edb8b0df2d1684ef865f9711bf544c4c4f6adde927611b648dab2776e398e3b29681369a80e8c7ebfb9cd100ba8469ea69c5034ec023c796d8cbfefa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

Filesize
19KB

MD5
2227a244ca78dc817e80e78e42e231d7

SHA1
56caeba318e983c74838795fb3c4d9ac0fb4b336

SHA256
e9d7b93bae57eebd7019ac0f5f82bac734b7ac3534d1fa9bdba6b1fc2f093a24

SHA512
624cc23d4a18185ae96941cf8a35d342e048476b0384f0595ec1f273e19163ca49b17b14760628eb9da9a5f5519d4671544669fb08985c4945faf663faf92e12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

Filesize
47KB

MD5
55a93dd8c17e1019c87980a74c65cb1b

SHA1
4b99f1784b2bb2b2cc0e78b88c5d25858ff01c5d

SHA256
4925dd477b8abf082cb81e636f8d2c76f34d7864947114fc9f1db0e68b5a9009

SHA512
f9ade542c593067dbcd13ed94da1ba17a84782575355396db8fd7c28aa70a3120d0c0a22d3ca3d2f0774c1dcb06b9319e243b36001c618c92e0af25cb9c8e46b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000052

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

Filesize
67KB

MD5
fb2f02c107cee2b4f2286d528d23b94e

SHA1
d76d6b684b7cfbe340e61734a7c197cc672b1af3

SHA256
925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a

SHA512
be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060

Filesize
25KB

MD5
382066c45c0bcd0dec5403492274c6b5

SHA1
df8fe723405dc8a94a503216df23e1d67277cc1e

SHA256
9bd0ba67f98ec609bf06f7abdb3483dc954616295ec54cffe473019970498cba

SHA512
6f5496afbfc8cbbcba42569466e6a230b81d7793b3130bf10f4ce9100d2b69727ad3c7daa6e490abe3196ec7fe6e1a5b7b3c590329de6bfb9fce8fd724a715ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b

Filesize
337KB

MD5
706b08e88d22cd1515e7ac6552a848e1

SHA1
ec86ab7c52c00b2ff4315bfc4888f224c53cd646

SHA256
53183b98a1090f2493708fc963eab0c5dc9dc0931cb8ce4e7b00f47facbd520a

SHA512
9f06529ca0e63cc88314c7f9175468acc44d55f6140db20a4d85d53d7ae05d90800be0320d25a3b278a5db2231f6c7b3238dedc48e2c6b5da2e8594352e6a92f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006c

Filesize
34KB

MD5
a9465c21e604405006eaaedcf990c0e2

SHA1
f64722155e6e63078a34044936c38fafe20b75cb

SHA256
0608b5700daf8d7af53240f787584b9079146ed2c301fe3a2e270dc26704e351

SHA512
1e4f87202121d72e04d2c7277358a81021c9a3e82c769d9df55fc83d2bb6a3081bebe83f0596e5697ca2f674a9e08152a65b16a35817948ce49a26207fdfa664

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006d

Filesize
218KB

MD5
d7a93f58cfc9af643c57d1a4ebf6872b

SHA1
d202fdd3a8b624112c029e8e5107fd0ab01cf8f5

SHA256
41b5194bae5ebcc2d0f5d6cf41f2d22e249aae0a2cf04a0258ce73ec618e156a

SHA512
1246bfa7eb2506309074bbbf00a986e531668a31ee4446bba2840f7817464b0f0657d2d60a474938d7d785800b4bb4ffc3ccb905acc41a8eaabeb3636433525c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006e

Filesize
385KB

MD5
2b667cd1e67199f55d6867e77aa3e135

SHA1
b724830cc748699281c440d1f50eb5e839fc424e

SHA256
555cba7e199ae01c5b12f977572ac272f31344e212696504a04b1be0c4725cfc

SHA512
d2ac63b0735c1a0fd2c209516b78ef575c11ed1a3ee76ecd972fe8ffaf42ea0004dd128b5470cba6aef77ac11ba3f18824c5015bbd8ec8113a7db601586cdd40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000070

Filesize
362KB

MD5
4c290df68fb26523ead660c3fe6e5b64

SHA1
7302ac0bde0aa325b42e4f4b00dfa0b6b90a3898

SHA256
f7501b84155255d3b39d359bf15f5c0765655fca885ec1bb9c43b270b9a0df46

SHA512
6843c4720255df135c1cbba1a61479cd7e8f932b9192aff39ed5b281c92b84113b32d1e88107ae8eb1ea28ecd89bd656a47e73d185cfc99d012d0b5487485c8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000071

Filesize
63KB

MD5
1fc02d4eb1a7c51e4abaaa805bd80fbc

SHA1
58a863bb3ff505179317e2929f56669dac400805

SHA256
ff91bc694f048e778a8ba8bc41705be81e50472f687f4169f70d15eeb4a7a774

SHA512
9309d1679d58533b29eb5eac9daa31fed60924bf18f1eb860e8b0cbc6df8aff30ee1952fde117a3824aa2ac4c86921ca4247265d83f88de6aace439a72f7e351

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000072

Filesize
104KB

MD5
75f3f5748181f1ff5ab8c10aaad6bbef

SHA1
dd77e69deaecb69337535a07e143154e6689f349

SHA256
7ded1660e3ac64f4f7f7a83430320bb8c17afc73e49d099347c17b674d5e7832

SHA512
fb852191cd0defdcf8f3de5cffa12f7990b0496839a7a998150990d4b47320e2e45792c473675055209db28d3b0b37bd292f6dc7f32b6826c0124201be80ac64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000074

Filesize
51KB

MD5
f61f0d4d0f968d5bba39a84c76277e1a

SHA1
aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

SHA256
57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

SHA512
6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000075

Filesize
34KB

MD5
0360dbc6e8c09dce9183a1fd78f3be2e

SHA1
6cd4b65a94707ae941d78b12f082c968cb05ec92

SHA256
2db6bc36808d43fa89029c652636e206fa3e889b35ecf71814ab85f8ba944af3

SHA512
93c9f1856142da0709f807ca3e5836065e61bc8160f9281fec9244f31ed8ae8df500cd5c64048ac59b4dbc36ebd18ba8e7fbceef58134dd76441079fae147ab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000077

Filesize
70KB

MD5
01c06b4b035c745f28fb4660e7a89a19

SHA1
a26ac2be15b94198d6db941577ddc3708379c8cf

SHA256
c7af7964b962d034ab2b8264204f3dde6dce4f4488f2a9360a5394b070175b8c

SHA512
49a7c788856985b0e977a77a9130c946cd61e73e1d0ca9b0f65550dc4b76cf584331a185bb05db99f4a4c9c4857f2f22a3a65f91011fe2a25e3ec53b32b754ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000078

Filesize
93KB

MD5
32e192b6865ced23845cbdcd33ee8182

SHA1
442398ff456df5d499dd254f8b7aae7ca6c8dbb4

SHA256
afb574b0d738fceba3d0870e25ea0eaf1dd80b505e3fb98be9f6e136d17cb5bf

SHA512
98cd14fa49c870233ff82608f30207594d14b2d50dcd82b22bb07a275ab91524f31125f06f95181c651102bdfd5319178fdf669dbe278a16ac5a46e699cbbcff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000079

Filesize
23KB

MD5
4b9177f7f48e91a684548b6341dcf21b

SHA1
e12ae0672caf5e6e0f4cb65dd4577c077d3fae27

SHA256
4f204954309d04d3c17f4a7f6cb84833e22fdaa41f7c610da6da6a28794639a8

SHA512
d17b16e7bb1c47edcbd8ff0f2d0eb76e4098d3e008a32564ce2ee2c3cd768940ae96916a9f9b64790a90ec6eb6881f0a2f6b3a68dd227802e60db95bdd92d5b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007b

Filesize
348KB

MD5
3808fdf3f2b59157e071d69c1266ce13

SHA1
1acb5a994e5ca9675507fe3bdac3cea40b4c280f

SHA256
61a3eecae506b10579fc8058c19cc8a6cd2382042c534c76c7cd61dd061c4018

SHA512
fe47e7fd4271d8e9f5cff07faeaa28b3c45dbb2861d2adbadf555c32e9cc0d71389e0e9eeb3c252bea921d619e69262a12c832f7276b780ad1847b46e4da52ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007e

Filesize
38KB

MD5
e036c584f8c5842bcf19c22e35008486

SHA1
fae3e2b04e3a18061e1fe0ea6ee4959983e26036

SHA256
4b28f4c834b466f0de20ce2c0e4d98b68879f69a86bf417f5e179f3f57045e66

SHA512
cf284436d0dfbad4d34f197c69ec3f535bd04e52251994244c333cea6bab7569cce677a1709d396d1d913e96e5407f60df055e42ed992e9a7fe2044b738062b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007f

Filesize
49KB

MD5
f79f2f844ef06af05997235e3248619d

SHA1
32aa08b48d142f29faaff08b6c93b5b66a80cc1f

SHA256
c20139341e758c5b6443b6a8375e6bd8fdb80a188b050544a8cd0e3e7713ce11

SHA512
2dea94563a5a635b91bf65990dd692045c7db92606f971e631603427228288256458f7d8cf4d63b0acfcea62fc3e25907ed2d2ff099a0437881150e6ce0530f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000080

Filesize
19KB

MD5
748da140c27a0d76a59a210178f24aed

SHA1
191b440d1942a24863d81867bb80a3568a4c6887

SHA256
aee0bff9283c83c48da206dd3efa4d5cb47379746f855ea927c8d86895b3c86d

SHA512
a6f21792e8358a3a053600eea5e4ba19d1aa90c403ade43429a7a9cf326278cf830b0f3329d2dd98fe8534dcd58a4f873947744606f44276c54508e248100ee4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000081

Filesize
71KB

MD5
7c558d16466b04193b92f9b6f83ff83c

SHA1
be1d966272a4bbf4ba4776d0ced5469878776174

SHA256
944871c0491b2d420bf763e0a4e66e564f24073ffdd6c34fead51453bdcbf63c

SHA512
9b9d9d2088eaae589d4d4beae4eb91cd6531cc12caabfcac8ecfff866deef3da99d1ae8d4d1a8f7e4b10f6996d8784a8f61eaac363becc3c8ae6fb54f1d61848

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000082

Filesize
229KB

MD5
c6f8c7424989efdd675f67d51d674ed2

SHA1
2f31ca655c988fb34a6d6264e9cd3421b9b52b3a

SHA256
9b2fa44866398993e490e9c61fa561ff5e3a4732a77990e151fcce49e82b12f3

SHA512
276b136966c0c6e809ddd3a532c7c1cb070b64865bbec79325981d69c4d70a9c314fc5a56d3029ccc7319058e634a883c89e9d39d03668c1c3d5129766884365

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000087

Filesize
38KB

MD5
d4586933fabd5754ef925c6e940472f4

SHA1
a77f36a596ef86e1ad10444b2679e1531995b553

SHA256
6e1c3edffec71a01e11e30aa359952213ac2f297c5014f36027f308a18df75d2

SHA512
6ce33a8da7730035fb6b67ed59f32029c3a94b0a5d7dc5aa58c9583820bb01ef59dd55c1c142f392e02da86c8699b2294aff2d7c0e4c3a59fce5f792c749c5ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000094

Filesize
12.0MB

MD5
3e860c7bc49209c1105973d69e12d93a

SHA1
08e9070c7031c7e6588d314f7516d038b7224b81

SHA256
0bb2c6a7dce36ddc07f2bc7ffb1b27f8b96afb3e8da2695e1e6c37e37d86c2bb

SHA512
ff64c4d245842a6861d820708d7c16cdf3b8a4540ace90c3a1ff15542965801f422f4f2fe051a311e51541d3780f0b067ed5d79c3db864deb39a7243e64ae8aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009a

Filesize
22KB

MD5
52d9d84a96978cee1041f678c55aca6f

SHA1
182e5aba11733940455115228c1bee4f43c7acc0

SHA256
cbb1b238ec4dc6fbb203cab36076a245fbcef04dfca6b7f0e29735ee018f0dbe

SHA512
3b85a7269daa613c55b0b70de3c6ef3be3e39fa58eac52d8895d31886e02e80fa6c358acfb1facad7e1a7a9957e8fd83aff1102516867502c5f8eaf115640604

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a0

Filesize
71KB

MD5
4432ba6759218c592d12ea3054b8f9f3

SHA1
67b1acd1aceb6162e88f2dea0c2fa327c7a6e741

SHA256
c9297f0ff7cfe9f8a788d5d283a548dcfac9d7ee0c914882e993dd7732b08a80

SHA512
ecb956ee95847206a9e11db82bed59fedc03ce35e4f75f05539af1c38591fb99a478eedec89ea1364ac3d0a655cf1441de7a6b9c3ad01b86a5d8e7383b811e3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b9

Filesize
499KB

MD5
d07fe0483acbc3805f1e48cb971c606d

SHA1
a8d9fcde781b5045cf6572297dab853097a2178d

SHA256
1b8a56da98c2552790865d9295586b5116c9f2f08cdf69bb4479432f249c6380

SHA512
03cf0c25ea172525572ce45687207854a3a5d9c7a69d44b2de295529da7205322846d611baf9f2dcaa48235796eeee4568439cc201ea9fdfd53cfb19f2001232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c8

Filesize
17KB

MD5
1473f8a94b63a755d573ed4fd1081db8

SHA1
f376d3446e5538d2e360f78a56cf9b615af30878

SHA256
4536fc6db111d60eb6e9212866291cfd029e4fc8e5a18d9302bdfe21e8644273

SHA512
4e97b53c3cd6c0b350c23f55fb11c5d0100aa16cd763ee834ac94811ad6ae8618bbd0f30c766f24b4b21181d963936ae1d68c96391f87f9c6bd81a0680317b63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d2

Filesize
54KB

MD5
78a8ffd7e2178444be7f7e7e9f63623e

SHA1
9091c60b530eb757743195c27ae5563c06bb85c4

SHA256
8a31d782af13ae9128c4130657c40293c82e82a95021f39db31f0ed625e644b5

SHA512
875f733e39adecf44a4110a7721a8b98f9b38ab9c6d483e8a9f17d014689c49a15a6e2a2c568f9f65dea57d5c28c34213d8f40ac5a4de240bc4f0fc6a70b42fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d3

Filesize
40KB

MD5
23dccd50c1598cf87c321dd0e788e2e4

SHA1
4697f41531098e96b97de4ca6626fd86621efb1e

SHA256
167b5e3d2fc6a069ef986144f71f70ca1ed8c4332846757c8aa4792703420635

SHA512
00174629a41be7b3d69e0ef03041aab41adae416c39209934b8a9c3923350010ddf01ce8d37cedd6bd57769796b41ee3c18c1b393726988039b556416c20f676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000dc

Filesize
716KB

MD5
25081476466948e2df11adc8c9937804

SHA1
a8bb6209d8264de390513e4e44df781260ce6c32

SHA256
40d8df14959a05ab2648d03121318a336d5b346b997619dc4c76423317b04476

SHA512
9b274130212f0c07c1befbe3702febe0457faa5455a64455cb8f1372cd7108a6ab7d9192ca2f8fbf4cb121d826a345df7049cccbba28b848abc9fb9e3bf228d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e1

Filesize
784KB

MD5
0e0bc6ab39c2edd36778f3464d7de6dc

SHA1
fe67f81378646827ed47f88ae1f9569f60f759ea

SHA256
0241d56723b5adb0ad3f71e39e08abc2a06659b861e9743b2b63a30250425015

SHA512
b0675461158bef933d94b956fb5cf0905ee79a40495cf08dcf324e88105b83878124a688dff5b1effc52250405156b576f63147dde0425c93647b9ede6759a6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00011c

Filesize
30KB

MD5
81d72046d97e4e906981ee8bfbae3a7e

SHA1
5dc528721d51b10ca551605eeb57f3113ca776bd

SHA256
e3da38ef8935759329b8b15329c698dc013f378b39bcecd32111da2fb03117ca

SHA512
b60212bb3dd7615d70576dc6d72dcb2a00b4878b5cac19353dcfc8962ff6dc3203ae8b47a3a0791ab8c4b92ab55892c4fe7f8371b7ce83ae8ac80aa9ed110624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9e84abd223b5fba0_0

Filesize
19KB

MD5
94351864ef28b17bf2546c4c1c37774a

SHA1
351d04e65373f0e57e17d3e691d4e97b67e881f2

SHA256
8a8913265f692fc6036e097142bb1c76831d61790990ca4d94ee26147e4b326e

SHA512
8f186fc9c0a0eb874eea33ea0aef71e79edc0b9184b0a2665a9198718e643576071e433102b2603d67057c02e3d5d0a9821a1f1c97e59ddbf4707500582b03ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\de9698447d08268a_0

Filesize
5KB

MD5
750dd39b0254a9fa1922c8874479d854

SHA1
3f4990ec7157e9847aa4c8638be6ee8d8c6a4ade

SHA256
a08a224350d6984be89b874584184eef4a421ad897394aacc39e55f6399100d4

SHA512
fcd297cbe55fc95fb65d792b1d4d6f38a68576c09c73c642aa910ba6adc5c516f9e3f18e39a850bce563871ae19990246f3174f970afe83b1574ea3e7002da28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
60a361334f735943c9ef1dc8c3ba6e4e

SHA1
db965064162aa39fed032dd3c8d3c8d474b27c46

SHA256
a22890c84cd37d5924080b6633cf404070517746c1d71dd4453a7a1605fe90c9

SHA512
55dfbc836c1db5e8ba2e1e63f6a4f6cec18ecc0b345eb1ca0a858110ee6b92aaa201d1bb6f4a54c22c489f398cbf023175cd7ce26e53766b61e47167752cb2fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
d709f73888d2249e88d6e7ea6badc357

SHA1
cf3cd52fd0acac1c24b4345387944718b112a437

SHA256
a0af07b53554fb6f36b4e3933c66da1719989d0ec3d7e2510be70f8d5884a796

SHA512
21c269e3abd5537f6f62b1d9235a4ad3e562f7debd9bede9b82362f61d1c915f7c9fae7a088ae3bbdecda786120f531764db5de1464eb37f430687e2aa0d2e94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
b4b18ae004d2089bcc68a3d85bf5f952

SHA1
8a08cb7173db11f290ea1092c091644b48682186

SHA256
60a6e193535fc636cf0e5114e7154e595f65b795434e89945bdb023aa5015431

SHA512
94a547b49c70960539c4355bdd8cfbefb0aae252f461aeaef140bdd46434f5a65cba003f32f7d5420bcad9228bd16b132695e69a63ce250101d85a7e2798f243

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
1a7989fabcb67810f5107e4379b30b1b

SHA1
887ae766ee6dbcbb1a7bbee419e5b1c0b1774f82

SHA256
57bb9e2f9c6bbca1ce0588f6cc5d6712c221265b92a0ed0db87b520801454544

SHA512
d5ad2fd6fdea3b1704cdc6884304ccea860838bcba3d8c08afe94a7911333a997e7cefad6bebc458c91a6c774721ffe6ab8b6636eb81d2988dd235ae33c16c3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
2e4e14f1d72e6bcf760f7bfb54ccb7fa

SHA1
12f16d5f95b4b082b0de44e2836e68a0dcd7cf25

SHA256
c48a51c6c6074dd469717619a21ebb5428822667eb2a2b6321fd755518f8986b

SHA512
6d6c5d4606a42cb3b0b6809667d48f7654d810d43695242183b64f0c5a4b309f0ae15f3e23db692f7fd5d6f21ee48c18ddfa8cc9f2ccf7c214a744fb24c7b4c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
2505ed8321aae2e459231fb8415aecea

SHA1
3d3603ddde5e0ff4bffd69ae84e38a93b0c375c6

SHA256
532443fe9df28d87a043f2cf0dfb5496dab634e4da7021c14592113b16d18162

SHA512
6b327f1f655938bb58331b23ef5f5ab3785f260311ad82b9f9c398c8a1bfad3e1ce4a183f40029ed65cc6653eb42a6a9d2d446e8f53d2aac6515a280393fd29f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
148181e07662b7e6672318890f849df9

SHA1
0bc1a371fbbd6b9f46360e0d0297954544f294c7

SHA256
4731aca84b3e5e1eb2b1b3c805277027aa81bca72ce7d5f4c9847643db4be460

SHA512
4a4852af768143675033d4320ea936cb04a9376dd86cfc4c4de44d7fbfd2aa4cc40f05b3e312dbdf89ca40b1baa420e7b2e89ed0357dc105c0077db906beb22c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d3ea798a146fa0c1c0ef9e74283620b9

SHA1
53f9edc0df2878bca727ca3c2e1a98650e062e20

SHA256
7f746b134a3d49d1cc68a3159f4ceeadf393a0b84eb8d327916c1299f1d3b1b0

SHA512
136b76e92e9248844242f960f95c60a894fc98facf2ffe51ceb86fff35fcb0afa46a1a0464a74f01aa51601c0bd343d27ff9f308d7f56543ade7a9027b871f3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
697a206b9b27eb975d47e7180aee8506

SHA1
dc79df8021ad029eceae2bb162b46cae543eb040

SHA256
fef03164b0ce88d9850619e65be5844068b5087517abc6dcbfe0755bb2117c19

SHA512
71e5063f86842905bf6c120ac3fb3419c2112d013118cbab3a19ddff764e33147b0c2ea76a692384544c2effb93dbd842d3917decdfcb68113b69b841dff38cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
93b67983e3853c3cbb70ff4d580ea51b

SHA1
c944f3b3d6a489d46eb32c92c7471da3e0f37711

SHA256
226d7aaf3a5edc3e5076686ed16b753bb869eb1c66803ba7758a34f2d8c0bf7c

SHA512
c9504daf89051a8035f865627c9f80b7fad4af01317d5770eaee4c6de851983f0db586af9ef671c7f808791ed529e3bdbf066fc793a9b9aa76be7074bbff624a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b709888d6f49ef6950487b4b9ccbd88d

SHA1
4d43bc68e3c653158514fefae698782fa528e050

SHA256
c6cbbf986411f65b46f6da9fc24fb56955e15cd5006460771618d1edb16726ac

SHA512
53602b3b1ff7b8ac082d198713fab5785aef6610bbde369da13a014edebf536577f40da91f0b14572356aa3f200f5e95d7c659924e24b34416432118dfc33ab5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3c5c63fe05f93946b21ceeaed5f895db

SHA1
ebfbe9639230a483f019cc04bef2e4fed292cc2d

SHA256
062bc917778f1e34f793d88ea663808811d438ee59539b56b267c05c51641979

SHA512
30a6c3a52de7a2fbebb3c5b76a5c78589054969cdf9313be7a0881e3290ababec9550fdb7ca0cddc51c56a7579f489828aef58d4b74754f79ca2f0f9954935b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d268416e6519af0fa498b88db779bc43

SHA1
3fd4c1fa05e5c481f80b6fa0ecc8201cb43b1f97

SHA256
e38151928ed8e87d181c02a0fc4ea9522183904818045510e0b39142e589c039

SHA512
4cd6f722f3801cc2ec8254292767006b5fff1cc262f3d7180a872f29500e7319936671a9449790cbfe8a5ed8c29747f968df27ef2f665e363c4350bb339ff836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
cbf1687f3e510f6673c9a6bebfbf0e96

SHA1
ca6a047f952b054788f7db0c574a23e81808eaf2

SHA256
52fcd2f7cf65bfa5f41053b8719c3008f00f3a90e71df4e9f0b28aa5b737f163

SHA512
8e6feba3bc0a081c7d7003c5a924f4b8add5619aee31dc368fc4bcc92eff670636041106ae6824520d66a6c72d69ea486ca1583739e9cfe511f659b6704b455c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
54c0d767bc685cbf7834f72ebaf07657

SHA1
e2fbe84c402f1364ddf2723a7855ee6c415ce0f8

SHA256
a7bcdaaf8b66d4017883f1e266b7a758225b5ed2db2ed50c925e4a3a1ec2a9f9

SHA512
0a2419369df1f9d0083a8c7a4237375e6f061df36c8e2223c0c8b4fbe4e150a3b5302415a7b8953381686310e1b3cd0ce63d9214e15c8d2ce19adc97d717ca77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
56a2717794482a628bdc2b1e13e1d4a2

SHA1
25caf5771066b70d9bcfc0610279fa1efcfa0728

SHA256
ffd23308bfd0d355a97a0e37b720201f477880d7002d4d6f9963ce84a0200ce3

SHA512
d595795b6e9e2de7cf2729b6ab63c2da300637b1b7406ab92d26cc12c60cf39a110b29e696c36be616095f655568f0486e6b5f2a3f635a860a19f52731688a4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
75a3e78c03bc8bf838bfe039ea63dced

SHA1
1ac4140361476935ca52ef2c9e6a06ac0e2145a3

SHA256
7a64e6588182570e73962e4c591c57eaf70dcce8641ed0f338e832219086a3e5

SHA512
d922f079bdd97ad094490984df01657034a69eb08940e9aa40792f65f53092d4b77b7af6b2ae6530c83983926c6ce84aec944493cf2031e855ea9c5eddeadc4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
9514470cbb7be2a4caec733c46b4dcb7

SHA1
efcaad0d4e082a93540f24498d7aa489b08218ea

SHA256
ace6cc1279060840b2b8d3228e856157c3789184c5fc805c2f5b264b5e9aa8b5

SHA512
ec2671b054199fdc331e5ec841358152d5c99f7599f3903ed5761fc188907362ed3e388714c166d78c33b6d6551b7d5c26d43dbe4933107005f6efef1ce8b917

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
c77517f246ba3320146598e98d1a687b

SHA1
9da1b6e99a2e82ce32f456c931e37d422d9295de

SHA256
0453353027d7f9be00851461b555a7eb03d02c3d40adaae460f2b665ba123473

SHA512
63fca2394b1724cbf012ffa277f28beb8bd50e75a097f42ca1291d5f2636cf9de7d7a4060f323515de8de0b03d3b785de66d0f2a716f7e66dcbfb660b5fa4c04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ea2bd56ae59b19c3d7055b1fff33643a

SHA1
e85d9dcf95122c0fc5fdb91f1f157bfa9df3788d

SHA256
7a37b0443f734f4ad2ccd49223feb42cfc43dea57965a9a44ea1e6eb9b14a71e

SHA512
e3487dba37be46027b5ce5c547558c1ef56bbecdb1abce5c9f7e78a489ab711ad436caeae5399626147536d481d16caf3bd7cc00fd5a6714f0518384dd351f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a9b0fcc883bb121f80ff05c43da5c833

SHA1
0c04e10a6cb9e4ae83730c2a91c98bcb622bb134

SHA256
586c5b6d2b5df78e871e1c7e04ebcc1afc1dd96d6140ccb290e812bd4e9915bf

SHA512
7eb599f1d00e4b4cb7bfbdac5e6b586bddf5f7cf243907ee15694e1a83e53a6c31c11deb6051f91ebe52ad8cbfbaf94471b087d08053e180de654cd6a2a2732d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
31e6b6a013182b5082774334fa7ddbe9

SHA1
70142292eb3eb1506d5e7e664c74997950429331

SHA256
de84f015a529c819d7b4a656438c3a32ce69c14bbd7498ae1567a49c79755f5e

SHA512
b0be320ebe4b8322a412e5ea67afed6d7771bd07c90377b1f98fed31001c2a89700d4a4bcc642689d7d72f2b4a6fdd8751582178bbbfb3d9cda4ef8a7f3dba6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
2731dc70c7b4e648e35ee024b5e991ba

SHA1
7a7bbad720809f83f4e4d51e80e79ac850c8c6f8

SHA256
eae06d8e2875098d29c22b90ef4a1b981d886bc89c6058715f53acf289cad1a4

SHA512
e01045c38420862f2e52febccc4490d633e32e8b05dffc62b7b703c88260f0a3512b02c6aed56f6cdf8bdebf60fdcd08f9b84031feb687754dd4a7ad7e70beab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
1e2a87a03650af86e23cc226650124d4

SHA1
cb95406f1c9f2d3b7ca25135e7fdfcbee7d7a159

SHA256
0014c99cbc1bad6148119efb2eb53cfab1f073aeb810ac48c11c389644ad494a

SHA512
9fd1fe052fdac82c30d7da38532ca7ad22631122385a40f483cd8f22a6bdcdeaf8e0dfc950758d5fdd65a95f8aea07eccbdb28ca8ec18f5e7814181fa6cd90fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
32b69a3f1bf4a23a7b4113fa9679d76f

SHA1
6c3a008e950173d70c0467f534688585e3bef61a

SHA256
9c82c07fa6b8d24c88f79f19246ef6cfba78696cfb00dfc94bf1d2292e963c02

SHA512
443e1c8fd1838299e0a5fb3787d2d84391a01e0f0e6563054dad2d28ce8b1dbe516d845edf2b3aae8ef3d3b1035dd53c9e7718ea290cbcb98c57650b9e981b48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
d5c5a2e8b81b21878c5e479e75b03435

SHA1
eafaab893347b578eacb7968518006f02117934a

SHA256
a397ae4d665491328c95276fb85ec0db045e00ef36b3a03d88ef57b8907e2d32

SHA512
8b8aa62728150e97b895fe03f1b83bda73d1034e8d3f432334d39fa8d6b0d068db482786ef991925836a1e890fb004a80229bfcbe51092b25013e8a42da5e0ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7031f03a0d62cb1119f1d54cf4bb046e

SHA1
346b875b2b6c578ab01c9c9e6e0426108aaa69dd

SHA256
c9d77cb27b53aa579c52d89ec6a9328ef504289fb651bd749252270a6273989e

SHA512
cdf664557b8eb501f435b05c0b05809a0cc603c7bb5d7b2bec3ae5dd450cf26fa5d05d3db24611bd611ec3b013bd5d5bfcab2468203bda4b04344f86adaec40f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
f659c500e7c227b69c26b0a5eaa4f886

SHA1
a44306922a070297d5f16b869224bc4aa77ec1da

SHA256
8962b076bbc21ba55c4179105338afa0a61c8efcad5b943ca76a268e123390ac

SHA512
7869b2806002f8930c7ffeea634d0d51b36d973e6d89ba136f58a51ef69ddeea33e552181ba1d54cf5911c6be88e052ccc9b4a950021e63ef5549ee8587c7b99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
fb27f33872283ef33a6efc284f21ddfe

SHA1
0770f655d66bf3673bfdf5a9e6aa194c58801642

SHA256
fa2be6774f5e9bf010c209baa11e6a5eb04a220ea6c249085d388a8612c14728

SHA512
51223fe9b7640bead3a7695d9e848417b477f6cc1ce9e67b6ef7faad5a3fe3845e40b8c6e6ba398dce19347114e1b3bd680b21185f4e48f3aeeceb2a41f6174f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
95fb0f5e6931434ce3877fcf3db32128

SHA1
201ec7501ceeee7e589582dc23bbadff2aa36e80

SHA256
39eb73d1906e85f1048262bf81aa740193498ca07ed1ab4ab51b5cf43b82d288

SHA512
77f1fc236412117763e04c26b2efeef4936872ad023ff91d7beb0afa264c2631a789f53f916292bfb00d0c53fe3454e9b0f8a6e05c8e43c4cefbe34439e9248c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
7e12fa4a0f4c023d9cb2585438d6ac94

SHA1
cc2632615d8147246c27938c5be975cbeccee436

SHA256
4e59da81eeb77e26ff375202aa2bf71064eea8d5afd16e9699d27abaf02e3aa7

SHA512
fb6bcd4d4914def84e010d6d993116bfc213fb8fc7a7d96c37eef580933116f7a5f16cbfc949883b707edd5d86ee6280a2fa895eefd277aafc1bccd71fa20151

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
e468e38e0a28b636881b5acdd845018f

SHA1
dc5ec3dd358ab1c94f866a0a6a18b87ef460081b

SHA256
71493ef94864394f100d304ed9cffa6d9210154b698617a92a7b22a87d992e11

SHA512
daa3a80a06b6521788b4350b17e5b2b6160ea465443f3d4bc5ae7ef682ab0ae2a1cbe8dd048861fd71e80cd87260ef5794ac3d6a98359aed5c4c0ad2ef8f837b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cbe949714db22b79afb83fc6c8a1bcfc

SHA1
e135b57c5f2ba7120ac95e36fab24b4cf8bd4939

SHA256
07cfb0eff530a7430dab947b6e2369216896dc49f852eef41e8ebead3abac267

SHA512
fbb34c19d9d79691a94b7a2232feec9e8a349076e32c6cf437fa5317696699d351c347d168b2e054eb23e076ca3efd4623e8b925da4329c02d239a64bb117772

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
25095fdc408a16f84c8f3bf8340bb35c

SHA1
7841ffda16cebeda6959b3e8aca109997b42cec7

SHA256
6285eb644342db96baad494f42305399c8107e9e37081d13763538a8b115a8dd

SHA512
0730bf6d72f30a5079a292ea6ef5d33a789e6d3cd3eba1c251c9aa8a10b5da85a20ae06a2270a64221e63e3a6846483f78962b5db2cdd736d8775df602c21a48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
90eec9f722605dde2b87db82c139194a

SHA1
b71fd4da3b7de9beb37366d97bc1dfa91376fe29

SHA256
5ef2c055d13b8f3c2f2c0e8bcb8ba4fdfc73f3aa602a898024fb9c4a2f09e681

SHA512
56ffa86304e27b948b7b793ba7cf7822fa3a8dd046db5ba8ee6d95edeee5a64ee385bd48d3a95e161d62217285a084d48c554048c5a77f2fec215cf960ae460e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f2abc237f2970f3f1b5edf5a16c69b7d

SHA1
1b45ed37bbaefea64029494dd8a6a4a1481343f5

SHA256
0c43a4acf03127f091ffb7e2705ac916d9215ad11a32bb2cf60d321989333cb2

SHA512
e156a32a8bb1494964162d1897fe01fd1ab9d432c9d26a34fbf3fec6eb4bfaae1f5cf59add3d97e4e687d0cb7cb9c275cae336e5cb6279e0e37ba74475e66ed8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
abd68f948d79fa1e7406bb1e91ca0989

SHA1
584c1eab53ed46113b0dccc72a21dd5c727753cc

SHA256
6cca68c909c86e1e3bcb24a3232ef66bd9b57249ba29045e76727015809a2159

SHA512
a712602df29d1f5ab4ef53e359f2a75f69d38416d4359af4c96ffa668f8c8b38bfefcf2974b7551bdc98504454f15c4aed7292b8d913edb4336adcc5680586f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f3b36a0f8e79c8dcb3c64e18b7951de7

SHA1
7506bbcabee03a1235200d1ec723fdd692623320

SHA256
4534f2036d1108e64f9315a8b472322875591b2c31d072fa65aa8934dfa372f1

SHA512
ea29fd37f3bebac65a16d3a4c92b27e054c76ad43b5df33575163f5ed764a22f772e286b826553ba8ce54700a0fcf503a56863cb7ecf52b74923a7256ffabdc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bfcb20d0549993fb636876d7efa9d0d2

SHA1
ebd28cccafea9af62f2ae127bc03acdc39c2d123

SHA256
e9cef8bd0af277fc9aa9f1f3d87fe89bf6d36c63734c9ea5f709719901862faf

SHA512
9e04ef6520d5a681f478fa32385c0a32b512af78f096e1d4643cbc5e6043c8e6b5877ef27b765ebeab4b47790147db8888a9b79d9e9a45f18849dc1a2bcd9df4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3ade9cc3cd4cf815a66a4148db1fa191

SHA1
6aedb4a4c4618de8df259409210962e554bdbac4

SHA256
b6a5c9d47ae294d07114b620af884b9f2066bf2c4676b7682456d5281a135695

SHA512
ddb1bd02aeaaae5e2ec6b5352f426a719d939886f7d234779e7377ea948f791d66d960b09413b88e494b97015be78428b449f6b7eac9439afa991689050933c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9a6fb1c5329b237015e6c416dfa9184c

SHA1
0a1b00102b77ae5d660b61742219a8a558601f8e

SHA256
9c6b6182d8dc2e06a3e64afce99a87426a6a5d97eb472362ce7df725e70bd508

SHA512
d66591a50df44ec7c11be4ad5d6937b049ac3320168e6a78ebb270e631a1591fdb4515bbef3ff793ec205bc42aa564fe7e42d17942c2d4b88acfe3091e29d9af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
106498de811e5552ad33f00b854953df

SHA1
8744ef48d90a400556f9f4240ad759d118c5c7b0

SHA256
c137889679ad009575985ce6d67bd9975c6ccb26a38ce674fff2473d9fbf0fbd

SHA512
3548e8b35e56427234c7a84537540487d16cf5746a7f3fc5c699ba94c32792d06827085907d0cbaee42bef896db8ef888648acc9245814e9d498b395bcb2c02e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0e686347bed9e283dd65224b0c6e323b

SHA1
dab49d116aa626f7168c276f6f8c0a7ce1e69d5f

SHA256
0214e4e1d66a2865a4d6ef18255cd996e2caea5a23d3d2cea36c44e9516f5634

SHA512
4a1deb3eb6f8b07b9b0b9d1bf9867701c847334675f9394fcbd92e4c38f8b6d4edc5f87f76cfef1154eac4d1dc5084d850154f1a19e8dc70adc02e5a85b0bcc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
6d2f260a3c4d86ff0d436da1ed7b5beb

SHA1
933292debce6c75ad61fe85dce4bcbd54ac96bcb

SHA256
6510859d9f1e7f80dfa1be096af30b12eade29f6d93eb84b82544f59ef62d035

SHA512
609d9ad767d8f8b5b748ee324096f1197358933c4992e9c09ecf1dda44e6e1e729515fac81786cfe895f15b72bc0d329dcaad73f1e1967153ddb77144b7f2b86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
a878b8b91d749ec5491003ef2cd314d4

SHA1
bc16196f6614fca4328d89d07ff0cd5c1e75f694

SHA256
852854a34ca1c0108cdb74672cd3e3278936d21e1029b351ee39a23b226ef331

SHA512
3e3bb01f038fefb9b147bd96deeb5467f5dcfaa56af7682f4d913504a68fd90c4739d18a999119b4dd730bed5a3dc2b366c9e764db98a4e9ed5baea0e73b47e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
2a4684f4d7647b31f507d44ae5f02834

SHA1
1545696742432b75afdc279caac14017f85dbe63

SHA256
fef5d265d4cc53e1511a26c36ebf2bcc0fad57c52a16f69979376872585d8cec

SHA512
dcf7556bc31e870eb42096009e92b1d9ea5efcad1f168d0b29af310df1b155a71386e440856ed67557d0b6e531511178e2e3d393ce92b5dcdd29e1d6a3555306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c9d8c1d65ef48d9c847d568431fc782f

SHA1
9fd2193eaf397d7563d3f1002570b3a8b705877a

SHA256
9be3feb68993cbe86f7ae186f9489d3ab6c949099eddb9829bd085f034307c30

SHA512
3a3b91deb289634f2cb9733654f2ff768a8050378a43b23a9032b7c340b05823979c576962858f87e492e8999e82caab8b63a738c6df8a048d674c1534ccd470

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ceddf09d42cfddfb4f42723ad5b1712b

SHA1
aa40927acd28fe6bf172bdb5b5fd3cfd1b4ea7fd

SHA256
43eb2d317c12da754cc7ba9cb58262daf1198be56720a4bfa8966bbc14e8e4f2

SHA512
c45c027e08c7040fd429af5ebd8ffcef4066e86c58080fba5ab9c764098964376e21925823b66f0050eac342eb076a6920f3a59ce759a95e4091dbff9699e95e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
57ac95c7aab9f51d4ae126db0b1b09af

SHA1
8eb4d97837adf80b6c904f72c3c1232220a3aa0f

SHA256
99c69adceecfee1e1a7a978a5c5bc294240d2ec0cdc1bc4023aad096a8acdb09

SHA512
eb9f2754b684693598832b3545b1d00a7df7d825d318a4d9eeb8e992312cb9521e4ebb5dff5906466676e5df689b42cadaccf826186646a17689f2bc0e684cb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d9b80f40ab958d3103209a4777966aa5

SHA1
60f3323ee84669ef1163c84d221eeca6ef66e78f

SHA256
91e7ffe2014f4a23b3a7707cec98b35dd3ec1309ce43e33d814ec5ba8ca791b5

SHA512
c5eccd8ea11d8b1b30b2f3556fcff195a502ea3bcab5d5c1325b9fe4cb7b4a98c911294193728fbe4e189e438d9ec3d60d6e8e2678d4691579e7cdf2b6b7c63e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4264bed187d6a59ce8c331aa09f76f2a

SHA1
158d2ddd6161d7bb3d5f3b80ac4f011fbc83b514

SHA256
ee91a92b57fdef4c47eb2e0402653f1939355538c05f44176704c1d969cf7a2d

SHA512
f0dac5100a7735d01513ce1f8fd1e20eb7afc405235394686f2b1fcdaa493125b29760d0f4f02bda921c9e9747eeddd5d35f409fe19d2e1b31c3b729844bca34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7bd2c3b2bb4cb718c5abc38ae01c59e5

SHA1
06d32dff80469cc5e184fa8bd8855787a4d7c656

SHA256
2eaa78590508be8e998bc82ee294c3f890e632812fdd4abbba44a36327f27b55

SHA512
704620f0c189dc822f50101a0b4527409ec9382a490b214b569cd1dd2bf2e743ca8f4835d17bc31cecea9fa59fb8fcf56fd900857bf5fc3c4c757824fac1bf39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
cc76e44b75b7daf41bf7303603dec228

SHA1
0cf48a014c8dca7fbb7e04bd300427b2a396e379

SHA256
b37b4cdb9783046549744a99a8b1bb9ee4fc456db7b0a959962884a6b539b0d0

SHA512
1ddd3b5a311d7d74acfaffa2352efca8b9e38610d271c8169db183bb60d1d958d6f978477fe6656ffb2604566a6c08615296ecf69762ca5a593a73a3bd8cdfa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
746e5bc28d6fea51583e62ab6649c968

SHA1
b68bde91bc6f50379533493b5b1f3da46456b88e

SHA256
a75eb369efaf144b0175f0dae84e6ce402557e71c31d4d736327422992465f06

SHA512
17fd7184ed179c096675e8dd213d43d99e6e012f4d97543d750f8f25bd2994db718c6bfffcb1a391cf8ce1e393bc8766d7a3da4e30ac6fbdd800f7cec0e1d155

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
5114eda651ba67d71eac0b1984e80ad3

SHA1
e5c490c8dd12d7cd448fbdd6a1df103a6b6c3d9d

SHA256
0e5f3b1ed7f23261890e3946f7eb45120a953186693e8f5fdd197f01acdfed84

SHA512
eac99fd95296aea34c7d397c04d2440a3b984e65e70373d64ed6a179b4df4cb44ec79b6cfedff0c9585d64360da58f8412084e9fb215cad2f9bc70989b094643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
59de154a1d0d941a170f177a7cba3bf4

SHA1
5904b02ead792e7f71d4759b4412d4ad90c8498e

SHA256
3621196cdc4681271cb2db94035ae48931a7059831f8597da53c92079d5a7797

SHA512
7e619d9321b1d591d501016304ecf063ad3fabd703304af61abc59287761ad1457c00111014024d9dc418c06beac53d921febcb8c06ac2a5bd9e811a1ac3a882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b1617b10da7bf795f4ec4fb61f864f1e

SHA1
20bac3527424d976c277b8951f5a4a3103e065d9

SHA256
7a4d78689726f7919a441f1339c3262c1246115b5bae0413cd3098d6df5f7da7

SHA512
4983df4699ea2700fde57d36493fe18c3bf132857df1a3343faf02525d8e5ffa3a549ea67bf22aef1733f65010c585befa5681844b7b8e67f13463445b619e9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586cde.TMP

Filesize
539B

MD5
9cc8a47daea975e68a9161b925a4ea68

SHA1
85a379cecc5f216b9f0a3d22f69c6a9fb0fe337e

SHA256
dd471cbc77a543a91260f83b7ebdc8abc3d6563698b14360f818e6b1c095e108

SHA512
a2d1095fc56a6a85c7f20ff4c416611e01e01f8d3a4bc4aab4fc2d94a1f6eb97fa6c4701ee42e2ebc3eeb2b24e7b2638e7a6622f0fd3c915db3f949de7201aad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3d4c6648227034ea2f89e245053091d5

SHA1
37d3b07ff01caf721fdd5d47a1b710398432bd4d

SHA256
a605483158968ed1dcc152e66880ff943cdfc9dda598e21db62887f4cc8f93a0

SHA512
71e4645374045d8d1ac0df3cb9e0b8bc9a5ccff47f35a1c9edbffd56ae36b88bec6f36407b96cd887e25e094355d387300e0c6e5bea63560198acdc55a838148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
78839f5c177959cd4cb96d6119330951

SHA1
0d79bd4016065e824b11f21639d1b90d24700643

SHA256
d29da9ed6c3b812d5426834045df00dbb4a506164a4c56f1e169a8166783db6c

SHA512
2fa456b79becd35cd400570abee5758a37b2e6cd3f316827ec2231c893dafedd655920c76e53ec324b510af5f78409a08c92407ec2949e8e634ab98e356f01ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d3afc32082eb6f7b93589648f8961c06

SHA1
a94bd0b8923ae0fc3bffdadc3fdae1f30d266dde

SHA256
b908e060b726b9996383abd10f8daa7e082b64a2b25c49f8771145b5c8ef16d4

SHA512
b27432eacc7da4c5b23ca9bfef70d6568c1fb491270e1ba22e8788ba1dd3af0773ef9c19cebc35181fcebfa810a2c494f07b0ca386280e8c20b035667c0a9288

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4ade54b23efc0ad307fb09a9eb736e82

SHA1
f265d363db91b70a209d82c5fba170e9ec3a9c98

SHA256
98beb4299fc9e135e6c39d2371193c88e8c4d2d2f974910d3c6d4a650a2c74c8

SHA512
33791dd97bb5292475a4311c4efafbaa4bf3778bf4c2b71277fc4a4223c9c6422e7d813f2814b8b71d4fe4820ca0671c0f3d4a0b56a5230aa81b0172f1bf3531

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a04d45c80446085058626fcd85dd4d15

SHA1
78b1180ec4640df87f856b1657c6a8ae590d5aa1

SHA256
77aac6cf237e19740fa777e4818b540589fd4315bddd4a4d7714b76c359bfcf4

SHA512
c942e3d1561891a0259915439702cbb72059549c0b3a4d7cf3d2dbf40aa7c81141aa6593ff1fdea9bc00eb3e9ec31369361ceec6b168d5fa12dbf2e3e3c781f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
33bb560fd8322d441d9ac73d47b84a12

SHA1
382c2f5b2e5992e1b0629b9467d4efc0fa6c1665

SHA256
17505d85f967fd442cd2da69d93c49e91cb80462dc73ec88ec66859a311f6bce

SHA512
75e0a4a6a0c359658bbc78cd9c4f6977b3b8a02a1c6e1ad2ec55d00964c19039834ab5673d02f303835d5e5198c7bdbdee97112356c57a0d25af1d676812acd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
78d186c25c019aa01a721c38fdfa0122

SHA1
a34e46b5ba054c13b89f06710663bfa498826da8

SHA256
c921ac5cbf64dec62600989d8602967d86dbc94dfaa2b414865af825cf5ed909

SHA512
e26bc3c253ac19bf4f1d309cd29e9a1d15bfe5273b4918302a01ba56a7fe94a9d6c9434431ca70dae13cc274615f6870d4f1d57538b9b12e4e6b0f047ef41d1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
67111b0c8df2eb73e97538451737b232

SHA1
d0a1e94f1c0336575acd8fc368f7159039f1b151

SHA256
0bf3b4854dc7c85a1435e8997b8e2454db577394c66c77c40bfe1c327dfc6e01

SHA512
f6ed2d04e16378ca0f4a072bcffed1d5835f8dc926d74e17e42fec5586b0bd3edc9d31165811783eccfc35f9a6178efd2b1f33bf0dba22dec7c67dcd173f297b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
abc9e6aba2743b78079ad0ea48b6e72d

SHA1
5a15eb06411711d219c8360161b6524708374f0d

SHA256
c1d625a4861b7071c013f286186437f6314497456baaad26ff7fd7053c8afd91

SHA512
cd597e6b9bbec2f694bd8198960ba9e84ab69e581a1b9327ef0d130f6674cca82cfd36ef9fced81d66fce8a0e83bb4f54e80d7f8a1148cb0770140f31dbbcd53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
896KB

MD5
4fba02728d49c8ad6f7dcdb45d98feba

SHA1
c6ff745542a98f2eebf71fcb53cecfaf8ff66a81

SHA256
4a91eae8a9342c1c698754c7d8fbff044395522e573a5ce8535f59893153cb72

SHA512
f559d89952ce957bf4fc76de26fa5fe311ca796e24867ef46aa6ac1359d5eb6e665b2d5976b981efc47bbd2d9df9a2685961e5de870ea0d3899bd78bdcb2d7fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
9261579ca9864fd9f2e61f5d70f23db1

SHA1
75e3c7a29c80f5e193a65cdfdcebc36b0377ebf6

SHA256
fc8726de4c8fbe4fd2902e39a15d266f7a805fc2317b818fa45ccc85671faca3

SHA512
05bede8d0191864b335a4505d0e6753b8ec0096bb2ab50c154fc77b9994fbaaef27a5546f80148f5da6b37d1a16ade059451720dad9153b31117819681ed9336

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe641212.TMP

Filesize
48B

MD5
fe8f8c181bf3b6b801550ecc6a216b8f

SHA1
d23e0eb1f52b9edec9e780cf0136a7e05dd59120

SHA256
7fd0e232fec9ceaa0a7825b2334b9ebaabe29a222c2531f916a181002dfd5e0d

SHA512
a8ca9d10ca1125b5705a26905cbdb1f8d987dc54af1325504ede812349b92fcdfca98f24b2385a70bb0e4ff35bdcb13c03158eb54dbd8092c65d8ec14428afd1

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
700B

MD5
e2271fc5b5d522ca176efc97838320c5

SHA1
9e558c21d1e8cf68631acd0eb7e5ca0cc4e4644d

SHA256
e8f7560ea32124cf20584e7ae35dc3301c43e0cc7c4c007feba03471b846d003

SHA512
635442204c1ec5ff6e9e2cd09b2d7ca3ba80250d3c9dfe43bfd83733ab7524039cad75f373cb6b145d44446a00c3fe7689e9a4a9a0ded3a6b6f3fc1024c379ba

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
795B

MD5
bd0d80595504d9140633fe1143ab0cf7

SHA1
2ad7dd373f3808d62092c9266aefc0fff275a81e

SHA256
2c118b734cf4bd1a92cca7b747d2ed1016c03606b1971b3799cbdffa96d5342f

SHA512
84f686dfa2338a463729853b62c66983e56d4a47791f43ec5c953474a14470d71f32c2a59c0065fd66abc73fa1714c6e62e8ff1c6793a505d2131b8f99aa7fc8

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe64af9a.TMP

Filesize
484B

MD5
0b60cd46739e9c5b9f778c3fae7b5b67

SHA1
1429cbe0213c68ac8938a3b76156c35125217cf9

SHA256
a0532a8db0c5c323e26350a146ea71af87ea2e5ba6e6fad4a52e5bde32271ea9

SHA512
f388ff37b7ab6b854eced253a4082111d4964745a5af4f6f9daa6dc46ef82ee89e704325365341f2438fcc967b792e3d6f1dc3d9bf5c28cdb79fb13c58d36b1c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\3a133182-fb75-4441-b30d-fffbb41f0ef4.tmp

Filesize
300B

MD5
1a26cdb5f96820dca833275d1b9f8541

SHA1
018edb24a42b15da02bc558ffc3e2a0fb7bdaf73

SHA256
5831464ea472ad4ee486a0bf0fbb45743e3fa6e738aabfb737729781e527dae3

SHA512
96d998030e4a669c18e0ec55e5b28f6b8523c832654b0a7894f04d2bf803e734b7eb7dc1e5f8a640f4c399988277236c56d9a40c9b67ca0459cda289dfed124a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe64c5b2.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw5034.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw5044.tmp\StdUtils.dll

Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw5044.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw5044.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw5044.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw5044.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 463064.crdownload

Filesize
4.4MB

MD5
6a4853cd0584dc90067e15afb43c4962

SHA1
ae59bbb123e98dc8379d08887f83d7e52b1b47fc

SHA256
ccb9502bf8ba5becf8b758ca04a5625c30b79e2d10d2677cc43ae4253e1288ec

SHA512
feb223e0de9bd64e32dc4f3227e175b58196b5e614bca8c2df0bbca2442a564e39d66bcd465154149dc7ebbd3e1ca644ed09d9a9174b52236c76e7388cb9d996

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 534692.crdownload

Filesize
47.8MB

MD5
c8aac36721c9a3ea8f6d6b538819380d

SHA1
4df0660796ee1b75a67cdd6b6c86a5218db85b61

SHA256
c648e72f2d223792a076026f1532b2545b61bd19bbd3a18c22722b95bfae5cb8

SHA512
d020a2b7aaccad419a654da4578bc87c283de68945621d788655e5f8be4f144fa1a42b41d84c0948b35c61c4e63f9dbb5801ebb81dc8738408b3b40696cfbeb5

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 583906.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit
C:\Users\Admin\Downloads\chilledwindows.mp4

Filesize
3.6MB

MD5
698ddcaec1edcf1245807627884edf9c

SHA1
c7fcbeaa2aadffaf807c096c51fb14c47003ac20

SHA256
cde975f975d21edb2e5faa505205ab8a2c5a565ba1ff8585d1f0e372b2a1d78b

SHA512
a2c326f0c653edcd613a3cefc8d82006e843e69afc787c870aa1b9686a20d79e5ab4e9e60b04d1970f07d88318588c1305117810e73ac620afd1fb6511394155

Download Submit
\??\pipe\LOCAL\crashpad_3968_UENKYMXCTIUDWHMC

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1572-15774-0x000001C0B9A20000-0x000001C0B9B35000-memory.dmp

Filesize
1.1MB

Download
memory/4888-15785-0x000001E9984B0000-0x000001E99851B000-memory.dmp

Filesize
428KB

Download
memory/4888-15786-0x000001E998680000-0x000001E99875A000-memory.dmp

Filesize
872KB

Download
memory/5124-1262-0x0000000021CE0000-0x0000000021D18000-memory.dmp

Filesize
224KB

Download
memory/5124-1263-0x000000001FBB0000-0x000000001FBBE000-memory.dmp

Filesize
56KB

Download
memory/5124-1260-0x000000001F250000-0x000000001F258000-memory.dmp

Filesize
32KB

Download
memory/5124-1136-0x0000000000EF0000-0x0000000001354000-memory.dmp

Filesize
4.4MB

Download
memory/5180-1258-0x0000015F0ACF0000-0x0000015F0ACF1000-memory.dmp

Filesize
4KB

Download
memory/5180-1257-0x0000015F0ACF0000-0x0000015F0ACF1000-memory.dmp

Filesize
4KB

Download
memory/5180-1239-0x0000015F0ACF0000-0x0000015F0ACF1000-memory.dmp

Filesize
4KB

Download
memory/5180-1252-0x0000015F0ACF0000-0x0000015F0ACF1000-memory.dmp

Filesize
4KB

Download
memory/5180-1253-0x0000015F0ACF0000-0x0000015F0ACF1000-memory.dmp

Filesize
4KB

Download
memory/5180-1254-0x0000015F0ACF0000-0x0000015F0ACF1000-memory.dmp

Filesize
4KB

Download
memory/5180-1238-0x0000015F0ACF0000-0x0000015F0ACF1000-memory.dmp

Filesize
4KB

Download
memory/5180-1255-0x0000015F0ACF0000-0x0000015F0ACF1000-memory.dmp

Filesize
4KB

Download
memory/5180-1256-0x0000015F0ACF0000-0x0000015F0ACF1000-memory.dmp

Filesize
4KB

Download
memory/5180-1240-0x0000015F0ACF0000-0x0000015F0ACF1000-memory.dmp

Filesize
4KB

Download
memory/5468-15700-0x0000000000470000-0x0000000000922000-memory.dmp

Filesize
4.7MB

Download
memory/7248-15784-0x0000020B601E0000-0x0000020B602BA000-memory.dmp

Filesize
872KB

Download
memory/7248-15719-0x00007FFB43450000-0x00007FFB43451000-memory.dmp

Filesize
4KB

Download
memory/7248-15718-0x00007FFB42660000-0x00007FFB42661000-memory.dmp

Filesize
4KB

Download
memory/7248-15783-0x0000020B60050000-0x0000020B600BB000-memory.dmp

Filesize
428KB

Download
memory/7500-15773-0x0000029290370000-0x0000029290485000-memory.dmp

Filesize
1.1MB

Download
memory/7500-15801-0x0000029290370000-0x0000029290485000-memory.dmp

Filesize
1.1MB

Download
memory/7592-15863-0x000000006FF30000-0x000000007131B000-memory.dmp

Filesize
19.9MB

Download
memory/7592-15765-0x000000006FF30000-0x000000007131B000-memory.dmp

Filesize
19.9MB

Download
memory/7592-15792-0x000000006FF30000-0x000000007131B000-memory.dmp

Filesize
19.9MB

Download
memory/7592-15885-0x000000006FF30000-0x000000007131B000-memory.dmp

Filesize
19.9MB

Download
memory/7592-15877-0x000000006FF30000-0x000000007131B000-memory.dmp

Filesize
19.9MB

Download
memory/7592-15870-0x000000006FF30000-0x000000007131B000-memory.dmp

Filesize
19.9MB

Download
memory/7592-15847-0x000000006FF30000-0x000000007131B000-memory.dmp

Filesize
19.9MB

Download