Analysis Overview
SHA256
a9a387482a32f5aeb135b0713ecf60e04680852a0f8f92729e53c837996f1d30
Threat Level: Likely malicious
The file Windowkill.zip was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Blocklisted process makes network request
Checks installed software on the system
Adds Run key to start application
Enumerates connected drives
Detected potential entity reuse from brand STEAM.
Drops file in System32 directory
Drops file in Program Files directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Executes dropped EXE
Loads dropped DLL
Drops file in Windows directory
Event Triggered Execution: Installer Packages
Browser Information Discovery
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Unsigned PE
Enumerates system info in registry
Suspicious behavior: GetForegroundWindowSpam
NTFS ADS
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Modifies system certificate store
Checks SCSI registry key(s)
Uses Volume Shadow Copy service COM API
Modifies registry class
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Opens file in notepad (likely ransom note)
Checks processor information in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-06 09:03
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-06 09:02
Reported
2024-11-06 09:34
Platform
win11-20241007-en
Max time kernel
1487s
Max time network
1473s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4716 wrote to memory of 4724 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
| PID 4716 wrote to memory of 4724 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Windowkill\HOW TO RUN GAME!!.txt"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Windowkill\HOW TO RUN GAME!!.txt
Network
| Country | Destination | Domain | Proto |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-11-06 09:02
Reported
2024-11-06 09:34
Platform
win11-20241007-en
Max time kernel
1452s
Max time network
1470s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\steam_api64.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-11-06 09:02
Reported
2024-11-06 09:34
Platform
win11-20241007-en
Max time kernel
1401s
Max time network
1174s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\steam_api64.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-11-06 09:02
Reported
2024-11-06 09:34
Platform
win11-20241023-en
Max time kernel
1473s
Max time network
1495s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2032 wrote to memory of 3704 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
| PID 2032 wrote to memory of 3704 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\steam_settings\build_id.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\steam_settings\build_id.txt
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-11-06 09:02
Reported
2024-11-06 09:34
Platform
win11-20241007-en
Max time kernel
1473s
Max time network
1491s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2036 wrote to memory of 4704 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
| PID 2036 wrote to memory of 4704 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\steam_settings\force_account_name.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\steam_settings\force_account_name.txt
Network
| Country | Destination | Domain | Proto |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-11-06 09:02
Reported
2024-11-06 09:34
Platform
win11-20241007-en
Max time kernel
1454s
Max time network
1471s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4160 wrote to memory of 484 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
| PID 4160 wrote to memory of 484 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\steam_settings\supported_languages.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\steam_settings\supported_languages.txt
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-11-06 09:02
Reported
2024-11-06 09:34
Platform
win11-20241007-en
Max time kernel
1456s
Max time network
1476s
Command Line
Signatures
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\windowkill-vulkan.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1264 wrote to memory of 3536 | N/A | C:\Windows\system32\cmd.exe | C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\windowkill-vulkan.exe |
| PID 1264 wrote to memory of 3536 | N/A | C:\Windows\system32\cmd.exe | C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\windowkill-vulkan.exe |
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\windowkill-opengl.bat"
C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\windowkill-vulkan.exe
windowkill-vulkan.exe --rendering-driver opengl3
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-06 09:02
Reported
2024-11-06 09:34
Platform
win11-20241007-en
Max time kernel
1800s
Max time network
1756s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
Checks installed software on the system
Detected potential entity reuse from brand STEAM.
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\support_flag_bottom_hover.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_dpad_left_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_mouse_r_click_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_mouse_scroll_down_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_outlined_button_b_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_lstick_down.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_outlined_button_circle.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\btnStdRight.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steam\cached\Receipt_Server_Timeout_BFS.res_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\templates\controller_xboxone_gamepad_fps.vdf_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\d3dcompiler_47.dll_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\switch_controller_korean.txt_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_rstick_down.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\templates\controller_ps4_gamepad_flickstick.vdf_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\streaming_shortcut_16.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_090_media_0030.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_button_capture_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_r2_soft.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_lfn_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_050_menu_0040.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_lt_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_button_a_lg-1.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\public\c2.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_right.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_button_minus.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0344.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\clientui\vr\rendermodels\steamvr_quad_2\steam_quad.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox_p4_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_110_social_0090.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\controller_config_controller_apple.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_050_menu_0307.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\hp_r4_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_dpad_swipe_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_lt_soft.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_rt_soft_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0357.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_r_right_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_color_button_x_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_dpad_up_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\movies\steamdeck_thumbstick_move.webm_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\mr.pak_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_040_act_0340.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_button_minus_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_dpad_left_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox_rb.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\resource\layout\sitelicenselockdialog.layout_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\resource\steamscheme.res_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\resource\vgui_italian.txt_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\resource\platform_brazilian.txt_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\hp_l4_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_outlined_button_square.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_rstick_up_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_swipe.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steam\cached\offline_english.html_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steam\cached\subchangepasswordenterpassword.res_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\Steam.exe | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\friends\trackerui_korean.txt_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\public\steamclean_ukrainian.txt_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\public\steamui_thai.txt_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox360_button_select_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_dpad_swipe_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\friends\addfriendresultsubpanel.res_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping27612_82134012\manifest.fingerprint | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping27612_82134012\_platform_specific\win_x64\widevinecdm.dll.sig | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping27612_82134012\_platform_specific\win_x64\widevinecdm.dll | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping27612_82134012\LICENSE | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping27612_82134012\manifest.json | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping27612_82134012\_metadata\verified_contents.json | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\bin\gldriverquery.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\steamerrorreporter.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\steam.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133753576289530498" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steam\Shell\Open | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\MuiCache | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steam | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steamlink | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steam\DefaultIcon | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steamlink\Shell\Open | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steam | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steam\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steam\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steam\ = "URL:steam protocol" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steamlink\DefaultIcon | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steamlink\Shell | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steam\URL Protocol | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steamlink | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steamlink\ = "URL:steamlink protocol" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steam | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steam\Shell | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steamlink\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steamlink\URL Protocol | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steamlink\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Program Files (x86)\Steam\steam.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Steam\steam.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO0236C238\windowkill-vulkan.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\Windowkill\Windowkill\Windowkill\windowkill-vulkan.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Steam\steam.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Windowkill.zip"
C:\Users\Admin\AppData\Local\Temp\7zO0236C238\windowkill-vulkan.exe
"C:\Users\Admin\AppData\Local\Temp\7zO0236C238\windowkill-vulkan.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Documents\Windowkill\Windowkill\Windowkill\windowkill-vulkan.exe
"C:\Users\Admin\Documents\Windowkill\Windowkill\Windowkill\windowkill-vulkan.exe"
C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff9e980cc40,0x7ff9e980cc4c,0x7ff9e980cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,6471348633338055283,17781070199840874577,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=1816 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2044,i,6471348633338055283,17781070199840874577,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=2132 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,6471348633338055283,17781070199840874577,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=2196 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,6471348633338055283,17781070199840874577,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=3228 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,6471348633338055283,17781070199840874577,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3536,i,6471348633338055283,17781070199840874577,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=3540 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4580,i,6471348633338055283,17781070199840874577,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=4620 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4632,i,6471348633338055283,17781070199840874577,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=4584 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4948,i,6471348633338055283,17781070199840874577,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=4960 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4988,i,6471348633338055283,17781070199840874577,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=4960 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4792,i,6471348633338055283,17781070199840874577,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=4092 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4656,i,6471348633338055283,17781070199840874577,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=4832 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5036,i,6471348633338055283,17781070199840874577,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=4964 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5200,i,6471348633338055283,17781070199840874577,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=4704 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5212,i,6471348633338055283,17781070199840874577,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=4684 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5032,i,6471348633338055283,17781070199840874577,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=5108 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4292,i,6471348633338055283,17781070199840874577,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=4600 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3332,i,6471348633338055283,17781070199840874577,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5432,i,6471348633338055283,17781070199840874577,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=5452 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5444,i,6471348633338055283,17781070199840874577,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=5592 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5744,i,6471348633338055283,17781070199840874577,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=3244 /prefetch:8
C:\Users\Admin\Downloads\SteamSetup.exe
"C:\Users\Admin\Downloads\SteamSetup.exe"
C:\Program Files (x86)\Steam\bin\steamservice.exe
"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5796,i,6471348633338055283,17781070199840874577,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=3232 /prefetch:8
C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=27556" "-buildid=1730853027" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1730853027 --initial-client-data=0x29c,0x2a0,0x2a4,0x298,0x2a8,0x7ff9e911af00,0x7ff9e911af0c,0x7ff9e911af18
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1548,i,18375512494182881554,5678498178744503711,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1552 --mojo-platform-channel-handle=1540 /prefetch:2
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=2292,i,18375512494182881554,5678498178744503711,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2296 --mojo-platform-channel-handle=2288 /prefetch:11
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004B8
C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
.\bin\gldriverquery64.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=2760,i,18375512494182881554,5678498178744503711,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2764 --mojo-platform-channel-handle=2756 /prefetch:13
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,18375512494182881554,5678498178744503711,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3120 --mojo-platform-channel-handle=3112 /prefetch:1
C:\Program Files (x86)\Steam\bin\gldriverquery.exe
.\bin\gldriverquery.exe
C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
.\bin\vulkandriverquery64.exe
C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
.\bin\vulkandriverquery.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3700,i,18375512494182881554,5678498178744503711,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3704 --mojo-platform-channel-handle=3696 /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3732,i,18375512494182881554,5678498178744503711,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3832 --mojo-platform-channel-handle=3848 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6040,i,6471348633338055283,17781070199840874577,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=4220 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4556,i,6471348633338055283,17781070199840874577,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=5988 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6252,i,6471348633338055283,17781070199840874577,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=6248 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6240,i,6471348633338055283,17781070199840874577,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=6380 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6244,i,6471348633338055283,17781070199840874577,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=6232 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6324,i,6471348633338055283,17781070199840874577,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=6236 /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4172,i,18375512494182881554,5678498178744503711,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4176 --mojo-platform-channel-handle=4168 /prefetch:10
C:\Program Files (x86)\Steam\steamerrorreporter.exe
C:\Program Files (x86)\Steam\steam
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=4160,i,18375512494182881554,5678498178744503711,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2060 --mojo-platform-channel-handle=4168 /prefetch:14
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| GB | 104.86.110.104:443 | tcp | |
| GB | 104.86.110.104:443 | tcp | |
| GB | 92.123.128.177:443 | r.bing.com | tcp |
| GB | 92.123.128.177:443 | r.bing.com | tcp |
| GB | 92.123.128.177:443 | r.bing.com | tcp |
| GB | 92.123.128.177:443 | r.bing.com | tcp |
| GB | 92.123.128.177:443 | r.bing.com | tcp |
| GB | 92.123.128.177:443 | r.bing.com | tcp |
| US | 52.168.117.171:443 | browser.pipe.aria.microsoft.com | tcp |
| GB | 92.123.128.155:443 | www.bing.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 216.58.201.110:443 | chrome.google.com | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 216.58.201.110:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.201.110:443 | clients2.google.com | tcp |
| GB | 216.58.213.1:443 | clients2.googleusercontent.com | udp |
| GB | 216.58.201.110:443 | clients2.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| GB | 2.19.117.27:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.19.117.27:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.19.117.27:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.19.117.27:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.19.117.27:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.19.117.27:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | cdn.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | shared.akamai.steamstatic.com | udp |
| GB | 2.19.117.27:443 | shared.akamai.steamstatic.com | tcp |
| GB | 2.19.117.27:443 | shared.akamai.steamstatic.com | tcp |
| GB | 2.19.117.13:443 | shared.akamai.steamstatic.com | tcp |
| GB | 2.19.117.13:443 | shared.akamai.steamstatic.com | tcp |
| GB | 2.19.117.13:443 | shared.akamai.steamstatic.com | tcp |
| GB | 2.19.117.13:443 | shared.akamai.steamstatic.com | tcp |
| GB | 2.19.117.23:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 2.19.117.13:443 | shared.akamai.steamstatic.com | tcp |
| GB | 2.19.117.13:443 | shared.akamai.steamstatic.com | tcp |
| GB | 2.19.117.23:443 | cdn.akamai.steamstatic.com | tcp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| GB | 2.19.117.27:443 | shared.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 27.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.21.192.23.in-addr.arpa | udp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| GB | 2.19.117.23:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 2.19.117.23:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 2.19.117.23:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 2.19.117.23:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 2.19.117.23:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 2.19.117.23:443 | cdn.akamai.steamstatic.com | tcp |
| US | 151.101.3.52:443 | cdn.steamstatic.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 2.23.210.75:80 | r11.o.lencr.org | tcp |
| US | 151.101.3.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.3.52:443 | cdn.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 52.3.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.169.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 142.250.200.14:443 | google.com | tcp |
| US | 34.174.255.69:443 | e2c60.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.255.174.34.in-addr.arpa | udp |
| GB | 2.19.117.24:80 | test.steampowered.com | tcp |
| US | 8.8.8.8:53 | ipv6check-http.steamserver.net | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.82.234.109:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | 109.234.82.104.in-addr.arpa | udp |
| US | 162.254.192.99:443 | cmp2-iad1.steamserver.net | tcp |
| US | 162.254.192.98:27019 | cmp1-iad1.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp1-atl3.steamserver.net | udp |
| US | 162.254.199.165:443 | cmp1-atl3.steamserver.net | tcp |
| US | 162.254.192.99:27020 | cmp2-iad1.steamserver.net | tcp |
| N/A | 127.0.0.1:62968 | tcp | |
| N/A | 127.0.0.1:62966 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | e5.o.lencr.org | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| GB | 2.23.210.75:80 | e5.o.lencr.org | tcp |
| US | 8.8.8.8:53 | e6.o.lencr.org | udp |
| GB | 2.23.210.75:80 | e6.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 99.192.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.192.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.199.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cmp2-atl3.steamserver.net | udp |
| US | 162.254.199.184:27018 | cmp2-atl3.steamserver.net | tcp |
| US | 162.254.199.165:27018 | cmp1-atl3.steamserver.net | tcp |
| US | 155.133.253.52:27018 | cmp2-dfw1.steamserver.net | tcp |
| US | 155.133.253.36:443 | cmp1-dfw1.steamserver.net | tcp |
| US | 155.133.253.36:27018 | cmp1-dfw1.steamserver.net | tcp |
| US | 162.254.193.75:27018 | cmp2-ord1.steamserver.net | tcp |
| US | 205.196.6.133:443 | cmp2-sea1.steamserver.net | tcp |
| US | 205.196.6.132:443 | cmp1-sea1.steamserver.net | tcp |
| US | 8.8.8.8:53 | 52.253.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.253.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| GB | 2.19.117.22:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.19.117.22:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.19.117.22:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 22.117.19.2.in-addr.arpa | udp |
| GB | 2.19.117.22:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.19.117.22:443 | store.akamai.steamstatic.com | tcp |
| US | 104.19.230.21:443 | udp | |
| GB | 2.19.117.22:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.19.117.22:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 21.230.19.104.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | google.com | tcp |
| NL | 172.217.132.135:443 | udp | |
| US | 8.8.8.8:53 | 135.132.217.172.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.200.14:443 | google.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c34.gcp.gvt2.com | udp |
| KR | 35.216.18.75:443 | e2c34.gcp.gvt2.com | tcp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| KR | 35.216.18.75:443 | e2c34.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 75.18.216.35.in-addr.arpa | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | 194.212.58.216.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 216.58.213.1:443 | lh5.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 172.217.169.35:443 | tcp | |
| GB | 172.217.169.35:443 | tcp | |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 35.169.217.172.in-addr.arpa | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.201.118:443 | i.ytimg.com | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 216.58.201.118:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 118.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 172.217.169.14:443 | www.youtube.com | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p2p-atl3.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | 123.35.104.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| US | 8.8.8.8:53 | ipv6check-udp.steamserver.net | udp |
| US | 8.8.8.8:53 | ipv6check-http.steamserver.net | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.82.234.109:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | cmp1-sgp1.steamserver.net | udp |
| SG | 103.10.124.4:27018 | cmp1-sgp1.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp2-sgp1.steamserver.net | udp |
| SG | 103.10.124.4:27020 | cmp1-sgp1.steamserver.net | tcp |
| SG | 103.10.124.5:443 | cmp2-sgp1.steamserver.net | tcp |
| US | 8.8.8.8:53 | ext6-hkg1.steamserver.net | udp |
| HK | 103.28.54.172:27028 | ext6-hkg1.steamserver.net | tcp |
| US | 8.8.8.8:53 | e5.o.lencr.org | udp |
| GB | 2.23.210.75:80 | e5.o.lencr.org | tcp |
| US | 8.8.8.8:53 | e6.o.lencr.org | udp |
| GB | 2.23.210.75:80 | e6.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 4.124.10.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.124.10.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.54.28.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cmp3-hkg1.steamserver.net | udp |
| HK | 103.28.54.102:27020 | cmp3-hkg1.steamserver.net | tcp |
| HK | 103.28.54.102:443 | cmp3-hkg1.steamserver.net | tcp |
| JP | 45.121.184.23:27035 | ext4-tyo3.steamserver.net | tcp |
| JP | 45.121.184.21:27032 | ext2-tyo3.steamserver.net | tcp |
| US | 8.8.8.8:53 | 102.54.28.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.184.121.45.in-addr.arpa | udp |
| JP | 45.121.184.21:443 | ext2-tyo3.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp1-lax1.steamserver.net | udp |
| US | 162.254.195.69:27018 | cmp1-lax1.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp2-lax1.steamserver.net | udp |
| US | 8.8.8.8:53 | ext1-syd1.steamserver.net | udp |
| US | 162.254.195.75:27018 | cmp2-lax1.steamserver.net | tcp |
| AU | 103.10.125.148:27020 | ext1-syd1.steamserver.net | tcp |
| US | 8.8.8.8:53 | 75.195.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.184.121.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.195.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.125.10.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p2p-lax1.discovery.steamserver.net | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 104.19.230.21:443 | udp | |
| US | 104.19.230.21:443 | udp | |
| US | 104.19.230.21:443 | tcp | |
| US | 104.19.230.21:443 | udp | |
| US | 8.8.8.8:53 | client-update.steamstatic.com | udp |
| US | 151.101.195.52:443 | client-update.steamstatic.com | tcp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| GB | 2.23.210.82:80 | r10.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 52.195.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.210.23.2.in-addr.arpa | udp |
| US | 104.19.230.21:443 | udp | |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 104.82.234.109:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | ipv6check-udp.steamserver.net | udp |
| US | 8.8.8.8:53 | ipv6check-http.steamserver.net | udp |
| US | 8.8.8.8:53 | crash.steampowered.com | udp |
| US | 208.64.203.173:443 | crash.steampowered.com | tcp |
| US | 8.8.8.8:53 | p2p-lax1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | cmp2-lhr1.steamserver.net | udp |
| GB | 162.254.196.80:443 | cmp2-lhr1.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp1-lhr1.steamserver.net | udp |
| GB | 162.254.196.79:27020 | cmp1-lhr1.steamserver.net | tcp |
| GB | 162.254.196.79:27019 | cmp1-lhr1.steamserver.net | tcp |
| US | 155.133.229.4:443 | cmp1-fra2.steamserver.net | tcp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| US | 8.8.8.8:53 | e5.o.lencr.org | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.203.64.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.196.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.196.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.229.133.155.in-addr.arpa | udp |
| GB | 2.23.210.82:80 | e6.o.lencr.org | tcp |
| GB | 2.23.210.82:80 | e6.o.lencr.org | tcp |
| GB | 2.23.210.75:80 | e6.o.lencr.org | tcp |
| GB | 216.58.201.99:443 | udp | |
| GB | 104.82.234.109:443 | api.steampowered.com | tcp |
| US | 155.133.253.36:443 | cmp1-dfw1.steamserver.net | tcp |
| US | 155.133.253.36:27018 | cmp1-dfw1.steamserver.net | tcp |
| US | 162.254.199.184:443 | cmp2-atl3.steamserver.net | tcp |
| US | 162.254.199.165:27018 | cmp1-atl3.steamserver.net | tcp |
| US | 155.133.253.52:27018 | cmp2-dfw1.steamserver.net | tcp |
| US | 162.254.199.184:27018 | cmp2-atl3.steamserver.net | tcp |
| US | 162.254.192.99:27018 | cmp2-iad1.steamserver.net | tcp |
| US | 162.254.192.98:27020 | cmp1-iad1.steamserver.net | tcp |
| US | 162.254.192.98:443 | cmp1-iad1.steamserver.net | tcp |
| US | 162.254.195.75:27018 | cmp2-lax1.steamserver.net | tcp |
| US | 8.8.8.8:53 | ext2-par1.steamserver.net | udp |
| FR | 185.25.182.52:27038 | ext2-par1.steamserver.net | tcp |
| US | 205.196.6.132:27018 | cmp1-sea1.steamserver.net | tcp |
| US | 8.8.8.8:53 | 52.182.25.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p2p-par1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 104.19.230.21:443 | udp | |
| US | 8.8.8.8:53 | ipv6check-http.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-par1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | ipv6check-udp.steamserver.net | udp |
| US | 8.8.8.8:53 | ipv6check-http.steamserver.net | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.82.234.109:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | cmp2-vie1.steamserver.net | udp |
| AT | 146.66.155.85:443 | cmp2-vie1.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp1-vie1.steamserver.net | udp |
| AT | 146.66.155.84:27018 | cmp1-vie1.steamserver.net | tcp |
| AT | 146.66.155.85:27018 | cmp2-vie1.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp1-fra1.steamserver.net | udp |
| DE | 155.133.250.4:27020 | cmp1-fra1.steamserver.net | tcp |
| GB | 2.23.210.82:80 | e5.o.lencr.org | tcp |
| US | 8.8.8.8:53 | e6.o.lencr.org | udp |
| US | 8.8.8.8:53 | 84.155.66.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.155.66.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.250.133.155.in-addr.arpa | udp |
| GB | 2.23.210.75:80 | e6.o.lencr.org | tcp |
| DE | 155.133.250.20:27020 | cmp2-fra1.steamserver.net | tcp |
| US | 155.133.229.20:27021 | cmp2-fra2.steamserver.net | tcp |
| US | 155.133.229.20:27023 | cmp2-fra2.steamserver.net | tcp |
| US | 8.8.8.8:53 | 20.229.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p2p-vie1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| US | 8.8.8.8:53 | ipv6check-udp.steamserver.net | udp |
| US | 8.8.8.8:53 | ipv6check-http.steamserver.net | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.82.234.109:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | ext1-tyo3.steamserver.net | udp |
| JP | 45.121.184.20:27021 | ext1-tyo3.steamserver.net | tcp |
| JP | 45.121.184.23:27029 | ext4-tyo3.steamserver.net | tcp |
| JP | 45.121.184.20:443 | ext1-tyo3.steamserver.net | tcp |
| HK | 103.28.54.102:27021 | cmp3-hkg1.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp1-hkg1.steamserver.net | udp |
| US | 8.8.8.8:53 | 20.184.121.45.in-addr.arpa | udp |
| HK | 103.28.54.100:27021 | cmp1-hkg1.steamserver.net | tcp |
| HK | 103.28.54.102:443 | cmp3-hkg1.steamserver.net | tcp |
| SG | 103.10.124.4:27018 | cmp1-sgp1.steamserver.net | tcp |
| SG | 103.10.124.5:27019 | cmp2-sgp1.steamserver.net | tcp |
| GB | 2.23.210.75:80 | e6.o.lencr.org | tcp |
| SG | 103.10.124.5:443 | cmp2-sgp1.steamserver.net | tcp |
| US | 162.254.195.75:443 | cmp2-lax1.steamserver.net | tcp |
| US | 162.254.192.98:443 | cmp1-iad1.steamserver.net | tcp |
| US | 8.8.8.8:53 | 100.54.28.103.in-addr.arpa | udp |
| IN | 155.133.225.21:27024 | ext2-maa2.steamserver.net | tcp |
| US | 8.8.8.8:53 | p2p-iad1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| US | 8.8.8.8:53 | ipv6check-http.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-iad1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| US | 8.8.8.8:53 | ipv6check-http.steamserver.net | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.82.234.109:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | ext2-lim1.steamserver.net | udp |
| PE | 155.133.244.50:27028 | ext2-lim1.steamserver.net | tcp |
| US | 8.8.8.8:53 | ext1-lim1.steamserver.net | udp |
| PE | 155.133.244.34:27022 | ext1-lim1.steamserver.net | tcp |
| US | 8.8.8.8:53 | ext1-scl1.steamserver.net | udp |
| PE | 155.133.244.50:443 | ext2-lim1.steamserver.net | tcp |
| CL | 155.133.249.180:27034 | ext1-scl1.steamserver.net | tcp |
| US | 8.8.8.8:53 | ext2-scl1.steamserver.net | udp |
| CL | 155.133.249.164:27020 | ext2-scl1.steamserver.net | tcp |
| CL | 155.133.249.164:443 | ext2-scl1.steamserver.net | tcp |
| AR | 155.133.255.100:27032 | ext1-eze1.steamserver.net | tcp |
| AR | 155.133.255.100:27033 | ext1-eze1.steamserver.net | tcp |
| US | 8.8.8.8:53 | 34.244.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.244.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.249.133.155.in-addr.arpa | udp |
| AR | 155.133.255.100:443 | ext1-eze1.steamserver.net | tcp |
| US | 8.8.8.8:53 | ext2-gru1.steamserver.net | udp |
| BR | 155.133.227.50:27034 | ext2-gru1.steamserver.net | tcp |
| US | 162.254.195.75:443 | cmp2-lax1.steamserver.net | tcp |
| US | 162.254.192.98:27020 | cmp1-iad1.steamserver.net | tcp |
| US | 8.8.8.8:53 | 100.255.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p2p-lax1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | 50.227.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p2p-lax1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| US | 8.8.8.8:53 | ipv6check-udp.steamserver.net | udp |
| US | 8.8.8.8:53 | ipv6check-http.steamserver.net | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.82.234.109:443 | api.steampowered.com | tcp |
| AT | 146.66.155.84:443 | cmp1-vie1.steamserver.net | tcp |
| AT | 146.66.155.85:27018 | cmp2-vie1.steamserver.net | tcp |
| AT | 146.66.155.84:27018 | cmp1-vie1.steamserver.net | tcp |
| US | 155.133.229.20:27022 | cmp2-fra2.steamserver.net | tcp |
| DE | 155.133.250.20:27020 | cmp2-fra1.steamserver.net | tcp |
| DE | 155.133.250.20:27024 | cmp2-fra1.steamserver.net | tcp |
| DE | 155.133.250.20:27019 | cmp2-fra1.steamserver.net | tcp |
| DE | 155.133.250.4:443 | cmp1-fra1.steamserver.net | tcp |
| US | 8.8.8.8:53 | p2p-fra1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| US | 8.8.8.8:53 | ipv6check-http.steamserver.net | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.82.234.109:443 | api.steampowered.com | tcp |
| HK | 103.28.54.100:27018 | cmp1-hkg1.steamserver.net | tcp |
| HK | 103.28.54.102:27020 | cmp3-hkg1.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp2-hkg1.steamserver.net | udp |
| HK | 103.28.54.101:443 | cmp2-hkg1.steamserver.net | tcp |
| SG | 103.10.124.4:27018 | cmp1-sgp1.steamserver.net | tcp |
| US | 8.8.8.8:53 | e6.o.lencr.org | udp |
| GB | 2.23.210.82:80 | e6.o.lencr.org | tcp |
| SG | 103.10.124.5:27020 | cmp2-sgp1.steamserver.net | tcp |
| SG | 103.10.124.4:443 | cmp1-sgp1.steamserver.net | tcp |
| JP | 45.121.184.20:27023 | ext1-tyo3.steamserver.net | tcp |
| US | 8.8.8.8:53 | 101.54.28.103.in-addr.arpa | udp |
| JP | 45.121.184.21:27037 | ext2-tyo3.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp1-lax1.steamserver.net | udp |
| JP | 45.121.184.20:443 | ext1-tyo3.steamserver.net | tcp |
| US | 162.254.195.69:27018 | cmp1-lax1.steamserver.net | tcp |
| US | 8.8.8.8:53 | ext1-bom2.steamserver.net | udp |
| IN | 155.133.224.22:27038 | ext1-bom2.steamserver.net | tcp |
| US | 162.254.195.75:443 | cmp2-lax1.steamserver.net | tcp |
| US | 8.8.8.8:53 | p2p-lax1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | 22.224.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| US | 8.8.8.8:53 | ipv6check-http.steamserver.net | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.82.234.109:443 | api.steampowered.com | tcp |
| SG | 103.10.124.4:27018 | cmp1-sgp1.steamserver.net | tcp |
| SG | 103.10.124.5:27018 | cmp2-sgp1.steamserver.net | tcp |
| SG | 103.10.124.5:443 | cmp2-sgp1.steamserver.net | tcp |
| HK | 103.28.54.101:27020 | cmp2-hkg1.steamserver.net | tcp |
| HK | 103.28.54.102:27021 | cmp3-hkg1.steamserver.net | tcp |
| HK | 103.28.54.100:443 | cmp1-hkg1.steamserver.net | tcp |
| JP | 45.121.184.21:27021 | ext2-tyo3.steamserver.net | tcp |
| JP | 45.121.184.21:27029 | ext2-tyo3.steamserver.net | tcp |
| JP | 45.121.184.20:443 | ext1-tyo3.steamserver.net | tcp |
| US | 162.254.195.69:27018 | cmp1-lax1.steamserver.net | tcp |
| US | 162.254.193.103:27018 | cmp1-ord1.steamserver.net | tcp |
| IN | 155.133.225.21:27034 | ext2-maa2.steamserver.net | tcp |
| GB | 2.23.210.82:80 | e6.o.lencr.org | tcp |
| US | 8.8.8.8:53 | p2p-ord1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | 103.193.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p2p-ord1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | ipv6check-udp.steamserver.net | udp |
| US | 8.8.8.8:53 | ipv6check-http.steamserver.net | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.82.234.109:443 | api.steampowered.com | tcp |
| US | 155.133.253.52:443 | cmp2-dfw1.steamserver.net | tcp |
| US | 155.133.253.36:27018 | cmp1-dfw1.steamserver.net | tcp |
| US | 155.133.253.52:27018 | cmp2-dfw1.steamserver.net | tcp |
| US | 162.254.199.165:443 | cmp1-atl3.steamserver.net | tcp |
| US | 162.254.195.75:443 | cmp2-lax1.steamserver.net | tcp |
| US | 162.254.195.69:27018 | cmp1-lax1.steamserver.net | tcp |
| US | 162.254.195.75:27018 | cmp2-lax1.steamserver.net | tcp |
| US | 162.254.199.184:27018 | cmp2-atl3.steamserver.net | tcp |
| US | 162.254.199.165:27018 | cmp1-atl3.steamserver.net | tcp |
| US | 162.254.193.75:443 | cmp2-ord1.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp2-ams1.steamserver.net | udp |
| NL | 155.133.248.43:443 | cmp2-ams1.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp1-ams1.steamserver.net | udp |
| NL | 155.133.248.42:443 | cmp1-ams1.steamserver.net | tcp |
| US | 8.8.8.8:53 | e5.o.lencr.org | udp |
| GB | 2.23.210.75:80 | e5.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 43.248.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.248.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p2p-ams1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-ams1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | ipv6check-http.steamserver.net | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.82.234.109:443 | api.steampowered.com | tcp |
| HK | 103.28.54.101:27021 | cmp2-hkg1.steamserver.net | tcp |
| HK | 103.28.54.100:27021 | cmp1-hkg1.steamserver.net | tcp |
| HK | 103.28.54.102:443 | cmp3-hkg1.steamserver.net | tcp |
| SG | 103.10.124.5:27019 | cmp2-sgp1.steamserver.net | tcp |
| SG | 103.10.124.5:27018 | cmp2-sgp1.steamserver.net | tcp |
| SG | 103.10.124.5:443 | cmp2-sgp1.steamserver.net | tcp |
| JP | 45.121.184.21:27033 | ext2-tyo3.steamserver.net | tcp |
| JP | 45.121.184.23:27038 | ext4-tyo3.steamserver.net | tcp |
| JP | 45.121.184.21:443 | ext2-tyo3.steamserver.net | tcp |
| US | 162.254.195.69:443 | cmp1-lax1.steamserver.net | tcp |
| US | 162.254.193.103:27018 | cmp1-ord1.steamserver.net | tcp |
| US | 162.254.192.99:27020 | cmp2-iad1.steamserver.net | tcp |
| US | 8.8.8.8:53 | p2p-ord1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-ord1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | ipv6check-udp.steamserver.net | udp |
| US | 8.8.8.8:53 | ipv6check-http.steamserver.net | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.82.234.109:443 | api.steampowered.com | tcp |
| PE | 155.133.244.34:27023 | ext1-lim1.steamserver.net | tcp |
| PE | 155.133.244.50:27034 | ext2-lim1.steamserver.net | tcp |
| PE | 155.133.244.50:443 | ext2-lim1.steamserver.net | tcp |
| CL | 155.133.249.164:27021 | ext2-scl1.steamserver.net | tcp |
| CL | 155.133.249.164:27035 | ext2-scl1.steamserver.net | tcp |
| CL | 155.133.249.164:443 | ext2-scl1.steamserver.net | tcp |
| US | 8.8.8.8:53 | ext2-eze1.steamserver.net | udp |
| AR | 155.133.255.164:27022 | ext2-eze1.steamserver.net | tcp |
| AR | 155.133.255.164:27033 | ext2-eze1.steamserver.net | tcp |
| AR | 155.133.255.164:443 | ext2-eze1.steamserver.net | tcp |
| US | 8.8.8.8:53 | ext1-gru1.steamserver.net | udp |
| BR | 155.133.227.34:27023 | ext1-gru1.steamserver.net | tcp |
| BR | 155.133.227.50:27031 | ext2-gru1.steamserver.net | tcp |
| US | 162.254.192.98:443 | cmp1-iad1.steamserver.net | tcp |
| US | 8.8.8.8:53 | 164.255.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p2p-iad1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | 34.227.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p2p-iad1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | ipv6check-udp.steamserver.net | udp |
| US | 8.8.8.8:53 | ipv6check-http.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-iad1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-iad1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-iad1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-iad1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-iad1.discovery.steamserver.net | udp |
Files
C:\Users\Admin\AppData\Roaming\Godot\app_userdata\windowkill\logs\godot.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\5eba79d4-b2b5-471d-9df7-f813febb613a.down_data
| MD5 | 5683c0028832cae4ef93ca39c8ac5029 |
| SHA1 | 248755e4e1db552e0b6f8651b04ca6d1b31a86fb |
| SHA256 | 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e |
| SHA512 | aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Temp\scoped_dir3828_726509112\63f1871d-0e71-4e0f-a3a2-ae5b7e070347.tmp
| MD5 | da75bb05d10acc967eecaac040d3d733 |
| SHA1 | 95c08e067df713af8992db113f7e9aec84f17181 |
| SHA256 | 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2 |
| SHA512 | 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef |
C:\Users\Admin\AppData\Local\Temp\scoped_dir3828_726509112\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 5bb308a885741e94fc437b494022b87c |
| SHA1 | cb9287ea5b9ca20e027b23f1d08c915c0089a9f4 |
| SHA256 | 89ff923a7143811740aa91676345247e696a97e93a298afdb2df050f5f689f13 |
| SHA512 | deab27afd6feee75e85f3c8a01d10e9fa098a649feac2b3030888245f61fa673c03246eb330ff024b92620053e76fd543fd95192e02b263a2c90d653e728503c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6abbb46c41926209c96b4ee2ac4b1da2 |
| SHA1 | f046cebf09fa0c266cc0ab04a25a5794230c347a |
| SHA256 | b62d5ba0eee2cc2045e3794b0e440450f743bcb645255a730677e26072c91a84 |
| SHA512 | e473c25e9c56ba34d80e6aa1b35947fcf7ff974263d5ea6b08547b3976282d4837a99f715a23708d0d163de3609b391ca8117f71d6e73d72c13f9a882ae2072f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0cd1be0d2b2b943325c2049f7c732e5a |
| SHA1 | 4f234bf5549e24a6dc7afea5332a5d74284c4e86 |
| SHA256 | e29f3ea91e3267046f3c1b0c757d66d6b8a3e7102ea5531aabceb026d4730220 |
| SHA512 | a1208683ee24c75981b0feddb591fd29700b48b3079808be5ec4ce52759e0eb62deb752923e39b29f7b8cd2a837a81b3f869510c86ecdaf0164df6e61cd02326 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 12975ef7d6fc1baf68260db1300f6c47 |
| SHA1 | 7a75c8da3a9b15f535018525f0f0cabefed514fe |
| SHA256 | 86072b64cdb0424c7c7186e4f9ab6d2e9566bbc20621a534579f2fb87e371e15 |
| SHA512 | 6f1ad0746937cd705d53e1dd7ddd62e384cb5cb07c011037ba2f4f2676f8b778972b336c5b12d7f18343d255dc178443c373cdb44b4ee5e2bac1d9640b147dd2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 3bdb79a6aaee4a39573ad44658f06b29 |
| SHA1 | a026582cd05ef89660d5cce014cd5abb68168e30 |
| SHA256 | 62d8cfcc9d026de2bcc1343ecf1c136cdf3e82105c30ffa41aed6c57709d7e58 |
| SHA512 | 3a4d386706e2cb43b1831486b51603640e4b4e3d4918b3ca1c823530a270f686fbd1ce903a1f1775a6f962fc623a15f5e292bfff3f674fefd9a538464508d903 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | c71d2d1ac87d67e677f53e2ec283ea34 |
| SHA1 | 4cfce41c05f4b10b776ddb6fea1013f0686970c5 |
| SHA256 | 491fa40153a6603c9bc70b830eefe3e5b70e36e0f9973077a217e7431951dea3 |
| SHA512 | 0ddc63f7b027438ffe6f6f184a0e4fcf8f0ccef22f1dc2b5641439f2691983ccefcd5791c0090ed774da93f360ec7e4b1ab3e489255dd9b8eb9fc4cc78271ac5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b05728dcae878c517e0f142898342b86 |
| SHA1 | 2907853ccb5e805f7c4b6e2fba3da41b5dfa3ed0 |
| SHA256 | 4e5e1d15037766dbdef30cb9fb84da34f9aa5c12cd149686c8b8de7b8214c467 |
| SHA512 | 5ba153a7efccfba409dd18a189ea5bba3fe9937f033cb442a076c30f46c362ce69f3b7f6d3e09ecbb3489067522f16f7cd385947a81803d91cdcd9bbeb518182 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6513718bd918479357f0349e78cddf9d |
| SHA1 | fde009be9c30e08f5e5ca37df6848a4901e714dc |
| SHA256 | d33ca72d9f2127ffb1a2a30af8756e2691dcd871526ae2c728472246647cb707 |
| SHA512 | 8d326a42c43d54c7f709d44f2ab15d3d14d94362806fcc6a1bc8c1205ac4865915510454fad25efc402ce2650e2385fc66f4405a736e186289951ec3307f37bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 591e541c0db8afac13cccc3aa7af068b |
| SHA1 | 46eb62d00ee710156b151bc6c8067dd9c032f823 |
| SHA256 | 6ae81170de3c3ca1116a70cc50efb9e67a601d0eabde7b9ebfa8930e4b20e199 |
| SHA512 | d747cecca3aa5c8a94850ba91fd750a6e4501a12d2f8afcbd2fca4c8725dcbc15e13eb931e2bbec67e37edcaf3ace5fa05125c920423eefa97ed2b0412fd6c64 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d9b5c7adaf6dfb0d28ba72953b5b3469 |
| SHA1 | 3bc7cd3432daa8e04a943ef364d0e636216453b4 |
| SHA256 | 2f5ea1b7f89422b4c6384fc8feac3dba30198456fb07eff49e399a7f91174821 |
| SHA512 | 5f99fd510cad02ed239cc94c072c7e2ce52ba327fd1ff2ede9899e4ccb091e32a09c8d1e8d0e6409e94a236a4dcc941c9070bf1a81813264ba179e00f3c46b73 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 58b9a33d291ccd8b4493b323305e6884 |
| SHA1 | 1a61013856065ab3d2d4fca50fd3fb868b2bcbef |
| SHA256 | d208c91b106682e43b74da0ffb72943a07643407e9087be1bd0b61b9cedf131f |
| SHA512 | c1299996067345b56205c17e56d297a8b17650295f06034176d8b10323f67de4c708bf8a3532ebb3dea44c6dd2ced3b5c2a8ac1a1127d9d7cd9ad6f5053c878e |
C:\Users\Admin\Downloads\Unconfirmed 92591.crdownload
| MD5 | 1b54b70beef8eb240db31718e8f7eb5d |
| SHA1 | da5995070737ec655824c92622333c489eb6bce4 |
| SHA256 | 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb |
| SHA512 | fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c2f93d0808e7b190018eee253bdcc8f4 |
| SHA1 | 5e3219d75b0079c646e94977b6d3ecf0af276acf |
| SHA256 | 563eccda5f4ce519c14363302c7e777bf4dee1b3d9939eb3ddd3fef1ee5253c9 |
| SHA512 | f6fa6b84bdd251c05d71fbb47c1da4c392e7d368805119b64fd06b31599c2d074081e51aa20dd6bad40d55592a9c07afe1fec700341344fe3ccad9b93cde23f4 |
C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9987a9ebd4ce448275cb5b49c253fd1e |
| SHA1 | 3c62a3f6a569aebae29ce9d4866e01125dd2ce93 |
| SHA256 | 009719e319da0f205acb543b93c121d76960496ed59ffe526d0f9857435aef62 |
| SHA512 | 34f91d3e005c510d3525555c6dc4a01016bb29580b0869af01c539454213ad1064a6966c8453d88f7e8a3c0d6ddbf355fa25df9afb72b182b929b68c7b8b29ed |
C:\Users\Admin\AppData\Local\Temp\nsbDCB7.tmp\System.dll
| MD5 | a36fbe922ffac9cd85a845d7a813f391 |
| SHA1 | f656a613a723cc1b449034d73551b4fcdf0dcf1a |
| SHA256 | fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0 |
| SHA512 | 1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b |
C:\Users\Admin\AppData\Local\Temp\nsbDCB7.tmp\nsDialogs.dll
| MD5 | 4e5bc4458afa770636f2806ee0a1e999 |
| SHA1 | 76dcc64af867526f776ab9225e7f4fe076487765 |
| SHA256 | 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0 |
| SHA512 | b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6f169d4c92326d0ddb7b1be6fb406646 |
| SHA1 | 758b327c4e50f9477e7f8a5b46858ef1dd4bc283 |
| SHA256 | 62115ae6b2e208ebeb40cb1f02aef3017a77b98e942d64b6b6d15d738c73d8d3 |
| SHA512 | 3295548f66c6bbfa9c8d76707bae2f46d9632479d8774fa59b196851e693c5f382d2ef4c4a580b224a020128154d94fcec951e45f531546e26193bac5c99f202 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8b7f3bcfbed98adc6f4331c0b1e73c11 |
| SHA1 | d4398cd250b585c28c5316d7f4a8169cd2ba61ae |
| SHA256 | add06fce36eec28c99a9f4c70032ad4ed3166d569281f6a176cb959acc3a84b6 |
| SHA512 | 12e8280b37a6d9c8fdc1cd0abd76da76343ed45db69a19de519b6c22c3389efb2709d2d50ecd42cd8357351bfc28532209d30cc2f557b8ea0b64487195d588bf |
C:\Users\Admin\AppData\Local\Temp\nsbDCB7.tmp\nsProcess.dll
| MD5 | 08072dc900ca0626e8c079b2c5bcfcf3 |
| SHA1 | 35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37 |
| SHA256 | bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8 |
| SHA512 | 8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c |
C:\Program Files (x86)\Steam\Steam.exe
| MD5 | 33bcb1c8975a4063a134a72803e0ca16 |
| SHA1 | ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65 |
| SHA256 | 12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1 |
| SHA512 | 13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49 |
C:\Users\Admin\AppData\Local\Temp\nsbDCB7.tmp\nsExec.dll
| MD5 | 2095af18c696968208315d4328a2b7fe |
| SHA1 | b1b0e70c03724b2941e92c5098cc1fc0f2b51568 |
| SHA256 | 3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226 |
| SHA512 | 60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5 |
C:\Program Files (x86)\Steam\bin\SteamService.exe
| MD5 | ba0ea9249da4ab8f62432617489ae5a6 |
| SHA1 | d8873c5dcb6e128c39cf0c423b502821343659a7 |
| SHA256 | ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d |
| SHA512 | 52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b |
C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt
| MD5 | 7913f3f33839e3af9e10455df69866c2 |
| SHA1 | 15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25 |
| SHA256 | 05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c |
| SHA512 | 534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804 |
C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt
| MD5 | 202b825d0ef72096b82db255c4e747fa |
| SHA1 | 3a3265e5bbaa1d1b774195a3858f29cea75c9e75 |
| SHA256 | 3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314 |
| SHA512 | e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566 |
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt
| MD5 | 7e1d15fc9ba66a868c5c6cb1c2822f83 |
| SHA1 | bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7 |
| SHA256 | fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265 |
| SHA512 | 0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406 |
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt
| MD5 | 8958371646901eac40807eeb2f346382 |
| SHA1 | 55fb07b48a3e354f7556d7edb75144635a850903 |
| SHA256 | b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585 |
| SHA512 | 14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554 |
C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt
| MD5 | 1514d082b672b372cdfb8dd85c3437f1 |
| SHA1 | 336a01192edb76ae6501d6974b3b6f0c05ea223a |
| SHA256 | 3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4 |
| SHA512 | 4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55 |
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt
| MD5 | 18aaaf5ffcdd21b1b34291e812d83063 |
| SHA1 | aa9c7ae8d51e947582db493f0fd1d9941880429f |
| SHA256 | 1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5 |
| SHA512 | 4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154 |
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt
| MD5 | 189ba063d1481528cbd6e0c4afc3abaa |
| SHA1 | 40bdd169fcc59928c69eea74fd7e057096b33092 |
| SHA256 | c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695 |
| SHA512 | ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903 |
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt
| MD5 | 5c026fd6072a7c5cf31c75818cddedec |
| SHA1 | 341aa1df1d034e6f0a7dff88d37c9f11a716cae6 |
| SHA256 | 0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382 |
| SHA512 | f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12 |
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt
| MD5 | 10c429eb58b4274af6b6ef08f376d46c |
| SHA1 | af1e049ddb9f875c609b0f9a38651fc1867b50d3 |
| SHA256 | a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13 |
| SHA512 | d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46 |
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt
| MD5 | 9e62fc923c65bfc3f40aaf6ec4fd1010 |
| SHA1 | 8f76faff18bd64696683c2a7a04d16aac1ef7e61 |
| SHA256 | 8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7 |
| SHA512 | c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035 |
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt
| MD5 | da6cd2483ad8a21e8356e63d036df55b |
| SHA1 | 0e808a400facec559e6fbab960a7bdfaab4c6b04 |
| SHA256 | ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6 |
| SHA512 | 06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925 |
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt
| MD5 | 31a29061e51e245f74bb26d103c666ad |
| SHA1 | 271e26240db3ba0dcffc10866ccfcfa1c33cf1cc |
| SHA256 | 56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192 |
| SHA512 | f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8 |
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt
| MD5 | 03b664bd98485425c21cdf83bc358703 |
| SHA1 | 0a31dcfeb1957e0b00b87c2305400d004a9a5bdb |
| SHA256 | fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115 |
| SHA512 | 4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d |
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt
| MD5 | 2158881817b9163bf0fd4724d549aed4 |
| SHA1 | c500f2e8f47a11129114ee4f19524aee8fecc502 |
| SHA256 | 650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7 |
| SHA512 | f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28 |
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt
| MD5 | 4c81277a127e3d65fb5065f518ffe9c2 |
| SHA1 | 253264b9b56e5bac0714d5be6cade09ae74c2a3a |
| SHA256 | 76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9 |
| SHA512 | be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a |
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt
| MD5 | 0340d1a0bbdb8f3017d2326f4e351e0a |
| SHA1 | 90d078e9f732794db5b0ffeb781a1f2ed2966139 |
| SHA256 | 0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544 |
| SHA512 | 9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93 |
C:\Program Files (x86)\Steam\public\steambootstrapper_turkish.txt
| MD5 | 29f9a5ab4adfae371bf980b82de2cb57 |
| SHA1 | 6f7ef52a09b99868dd7230f513630ffe473eddf8 |
| SHA256 | 711675edb20b3cb70acf6cf75f2eea8e0d87c8ace3e11c8df362b4517427a34f |
| SHA512 | 543fe63f791250e05e8fda24fd2ceadebb4c8925e8927de49ae490895c87eed3e61a9ad50237532649f99fe3165836261de215ee3f66ffbfc6d677ddeea7732a |
C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt
| MD5 | 53f7e8ac1affb04bf132c2ca818eb01e |
| SHA1 | bffc3e111761e4dc514c6398a07ffce8555697f6 |
| SHA256 | 488294b7faff720dc3ab5a72e0607761484c678b96d6bcd6aad9ee2388356a83 |
| SHA512 | c2e79c2505a6fd075df113ffce92ad42c146424ca39087601daa4ed15a2b5528d478a093921d9d8a738c7b6b963275a0693ebe526b6e2135d14ced03639d0e70 |
C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt
| MD5 | 194a73f900a3283da4caa6c09fefcb08 |
| SHA1 | a7a8005ca77b9f5d9791cb66fcdf6579763b2abb |
| SHA256 | 5e4f2de5ee98d5d76f5d76fb925417d6668fba08e89f7240f923f3378e3e66f6 |
| SHA512 | 25842535c165d48f4cf4fa7fd06818ec5585cc3719eff933f5776a842713d7adb5667c3b9b1a122a1152450e797535fc7a8e97ebdd31c14b4d4900a33ede01f3 |
C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt
| MD5 | b2248784049e1af0c690be2af13a4ef3 |
| SHA1 | aec7461fa46b7f6d00ff308aa9d19c39b934c595 |
| SHA256 | 4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690 |
| SHA512 | f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c |
C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt
| MD5 | 66456d2b1085446a9f2dbd9e4632754b |
| SHA1 | 8da6248b57e5c2970d853b8d21373772a34b1c28 |
| SHA256 | c4f821a4903c4e7faea2931c7fb1cf261eba06a9840c78fdca689f5c784c06c4 |
| SHA512 | 196c2282ba13715709ece706c9219fe70c05dd295840082e7d901b9e5592e74b1bb556782181cdbe35bd1ab0d6197fef67258b09491fabc6f27606dbed667d49 |
C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt
| MD5 | 56dcf7b68f70826262a6ffaffe6b1c49 |
| SHA1 | 12e4272ba0e4eabc610670cdc6941f942da1eb6a |
| SHA256 | 948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f |
| SHA512 | c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2 |
C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt
| MD5 | e04ad6c236b6c61fc53e2cb57ced87e8 |
| SHA1 | e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4 |
| SHA256 | 08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e |
| SHA512 | 0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331 |
C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt
| MD5 | 6367f43ea3780c4ee166454f5936b1a8 |
| SHA1 | 027a2c24c8320458c49cd78053f586cb4d94ee6f |
| SHA256 | f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998 |
| SHA512 | 31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32 |
C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt
| MD5 | eb8926608c5933f05a3f0090e551b15d |
| SHA1 | a1012904d440c0e74dad336eac8793ac110f78f8 |
| SHA256 | 2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04 |
| SHA512 | 9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a |
C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt
| MD5 | 9b0b0e82f753cc115d87c7199885ad1b |
| SHA1 | 5743a4ab58684c1f154f84895d87f000b4e98021 |
| SHA256 | 0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32 |
| SHA512 | b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df |
C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt
| MD5 | 58e0fcbee3cca4ef61b97928cfe89535 |
| SHA1 | 1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b |
| SHA256 | c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425 |
| SHA512 | 99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2 |
C:\Users\Admin\AppData\Local\Temp\nsbDCB7.tmp\modern-wizard.bmp
| MD5 | 3614a4be6b610f1daf6c801574f161fe |
| SHA1 | 6edee98c0084a94caa1fe0124b4c19f42b4e7de6 |
| SHA256 | 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b |
| SHA512 | 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281 |
C:\Users\Admin\AppData\Local\Temp\nsbDCB7.tmp\StdUtils.dll
| MD5 | db11ab4828b429a987e7682e495c1810 |
| SHA1 | 29c2c2069c4975c90789dc6d3677b4b650196561 |
| SHA256 | c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376 |
| SHA512 | 460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 88b52ae6f6b082598d86dc22e68dec48 |
| SHA1 | 10800337cb98b50c102e88ff6ecd0c5107eb7111 |
| SHA256 | c99e991de9445189c1fd903f8b8a0524dc4a069f173572f942efd2dbb582b716 |
| SHA512 | d64fea86c1bbc67107b6c1cea5cf1dfbe21c475a639550bf05a696e8bc7132c95aee50df31f436648046b17b33c570561480b16ef344b16a4321d0e2a2418c60 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9e6740b0c67e6e6e8aa37112eeaef9e2 |
| SHA1 | 84a47e9c92ec58b14b54a0b61dad7c4c926eb47e |
| SHA256 | 137628f75a5bbdf8e0bb477e56acdefb0e32f91f3703ebc8a7e86fd77970eb74 |
| SHA512 | f13c0c3c5c6e4e3240bf41d9a5860ca6ab5e87bff3545f62bfec2489b05a45347004ac424b0c201db87a3cafbac5e1a46693420754c5758362249861d9cf85c3 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c8af4d351136daf7d8d75b633f3c73bd |
| SHA1 | d6a1b253ec3f3a1e77262464e6683c095038cbb9 |
| SHA256 | 6543d9a7340cfeb0f54a68edcee09e302a54219e14a84c8c8bfa67989ce39f4c |
| SHA512 | da0109e203b664b85a605d0e22f4d2b145376c92554575387dcf654c7342a22d732fd7f756f6a29088e456c5de089cf78328c12fe7c475036a43ced585d80b56 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a678195bd324c448987fdb67398a05b4 |
| SHA1 | 1d6cc10e91f2e3687603bb5c2082411b08945a7b |
| SHA256 | 96c341aaa84780c99389363f8851a0144643a59e6274d9564d75757aeb3f79f1 |
| SHA512 | 41542ac9db1dcbcc30c96d9425880fef6a183862f23b056bd0e91da8d4e16b5570dea160118d5974ed3d54fc2848aeb6a5ae836905e1dc3c825f2ebd8d9b6da6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 65a33955f88537d2b4d272142c4b1733 |
| SHA1 | 260fc1c0debfe5a912be4db10b8a0bec356c0972 |
| SHA256 | 9b1a148975d93b2c77650565c83a474af8bd57f4c4fb86850434f97d17eb49e8 |
| SHA512 | 2a72abec5cd48d1f56511c0b82bcdd9f48339da7e4472789ff65ded10d83e5b9dab2115622843ca345226a5c617c66dfa830ca6091534d583e434d9eda1be0cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8dbd47a36e6b16c55c200fb087059983 |
| SHA1 | 5216cee7c33c8407d2ad543e7f613b8d39881bf5 |
| SHA256 | d073d4f1988d457b3cd0b334b2ee1475de833e9a1f0e1a4ce6a515d2633f6cfb |
| SHA512 | 4dc6e6ade5c3e99baa64d5243cf2621f6c18c2e1ad49b8e2a1a74c73f4ef72cf9de27279134eb8f04b38d58e78a5acbcc54702d96810ba3757a7669088efc990 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9f49522682e96970d90ec3b7e1c8c852 |
| SHA1 | c7d1e15ef544bc3c570415a5e5be2d70f9ed7116 |
| SHA256 | 4a91b0617b541b4698b11784f6282ecc638218efe10853461855a7ac6f90492e |
| SHA512 | 9f715b84468e358060f9aaff5aad2952175532255645307e8ece3c4a912efa01cea669fd07fc1dedb5f6b4b6b5b63374c142efed84712c6261b0199380c26473 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 247a3ac571719e6fc8bddb369145259a |
| SHA1 | 63b4b74407d8fd26bb2783f54989a031d1eaa627 |
| SHA256 | 706f67d2d5dbbd48078e97b7163662b007160f4c23975b32cf97cb8392a90c0f |
| SHA512 | fbfac0448d4fb2971ca04a9933a1c539b1d0c1f0f52d06e5942b29ea25331e0825d058d84389a1aa98154f64a833ea32ca88a198e0515642c05680097fcbc5ba |
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_
| MD5 | 00bf35778a90f9dfa68ce0d1a032d9b5 |
| SHA1 | de6a3d102de9a186e1585be14b49390dcb9605d6 |
| SHA256 | cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2 |
| SHA512 | 342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041 |
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_
| MD5 | 836dd6b25a8902af48cd52738b675e4b |
| SHA1 | 449347c06a872bedf311046bca8d316bfba3830b |
| SHA256 | 6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64 |
| SHA512 | 6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80 |
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_
| MD5 | 577b7286c7b05cecde9bea0a0d39740e |
| SHA1 | 144d97afe83738177a2dbe43994f14ec11e44b53 |
| SHA256 | 983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824 |
| SHA512 | 8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2ca277630f3d3929b09e350660e7bb69 |
| SHA1 | ce235736f231fc8ea51dfb366ec7e25cfeae4b0d |
| SHA256 | 52d7ef9e3e0164b6fd98585d75ebc380b3ebfcecca23e0b3a00c2dc434a347cd |
| SHA512 | 96802dc1a9a105604814ee81bf8f356b23602b39b74ae6a43975e998c46dbdc48e2889405b51895a73d0513e6b63eee633c47f03ecbc9fcd1181efb701c5b40d |
memory/4784-13097-0x0000000000FD0000-0x0000000001482000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
memory/7304-13138-0x00007FFA0ACC0000-0x00007FFA0ACC1000-memory.dmp
memory/7304-13139-0x00007FFA0BA60000-0x00007FFA0BA61000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | 6e6a2b18264504cc084caa3ad0bfc6ae |
| SHA1 | b177d719bd3c1bc547d5c97937a584b8b7d57196 |
| SHA256 | f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53 |
| SHA512 | 74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679 |
C:\Program Files (x86)\Steam\config\config.vdf~RFe5cf842.TMP
| MD5 | 3cdebc58a05cdd75f14e64fb0d971370 |
| SHA1 | edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe |
| SHA256 | 661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7 |
| SHA512 | 289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6 |
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | a2ec2e91c3ef8c42e22c4887d032b333 |
| SHA1 | e2c738a2e9400535b74e2263c7e7d1ecefe575f2 |
| SHA256 | 8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3 |
| SHA512 | b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3 |
C:\Program Files (x86)\Steam\config\config.vdf.async27556.tmp
| MD5 | 5ecde1d3bf5d98e8e15e3efb6ce0242f |
| SHA1 | 9b1b605b29034d049362729910fe7cda0bc8df8f |
| SHA256 | b1ca1dff5f310a854a791b862e7dfcf82fd571387181b23a5af00a6596e98c81 |
| SHA512 | a269acb04103dde47f796eae52d7b2785bf644d5090b1de2b1ca5e48b584b9a065dbc3835a865b6932e00d817d91aaaf6991efee090d342fd00ec4d0a26b5bf7 |
memory/27556-13256-0x000000006E450000-0x000000006F791000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000002
| MD5 | 2fed1645b3d6857e061b7bc0d2850494 |
| SHA1 | 4cceae6416b4275b18a172eb9dec60c16e874753 |
| SHA256 | bbe87edc7f708e4f75d90f09135220e03a29ca93730f30da17be4869d0a1a436 |
| SHA512 | b968593188c7558f41c9d809d027ae9b29a6fde2be2c5184a8c6bab579eb572be9a9df5b4a2ef4e15698a00377b36b839f80bbd9e4e7b2a401f528b9560452be |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000003
| MD5 | 9fa060a599b0ee1912f2073ed59df3c8 |
| SHA1 | eaaeef616747d09506c6ed1d96901d2c8d1ad4e0 |
| SHA256 | 7924474a8f327264982347dc932997ed49890ea4114925024ba678fba2d4e90c |
| SHA512 | 93837c0d1bf848ff603073bce6ac252f770a35fad094b294609682e11b04b463292c74c8440891e89741f28fa67a888ed6fdc1575fda99a3c2b6065ccc4e7b47 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000004
| MD5 | ccca1d507e618047398d2b7925f6ccea |
| SHA1 | 107b142dfa77a1df956f8051b1569e7767d4a2e7 |
| SHA256 | f56b99fc2b763e22df8d023fb1d9dde3afa04c52560abfbf0fda5c75649c599f |
| SHA512 | f1d40a2ae4369811f1fc44ade60b0321d42eaa1369f17ec998010470291c60b536e5a563bc01cefa3776b6aab3214c6e2c9b50234eae4b0fc70647df3212a37a |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000e
| MD5 | 1046f118e94b9be80b93c392ef392601 |
| SHA1 | 7964bff232ba386ef811f90528a06ecae45e0ed9 |
| SHA256 | 7562e901ec3a9d3b876691fbd4e13d72c7746641d91bda979f533994d106813d |
| SHA512 | 9a3c02be4a6792151728957bccb52003c8d14c8bd4be8ab69000ab2db372599e54b55241c74fcd1af1fac69403f4582c6497b9268146f3ff622c730e8fb0d2d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b7e488486606b0766bfcb2f2ce513974 |
| SHA1 | 99ffd5c73c46c8f559c7ab529ebce7e082f03e79 |
| SHA256 | 623091934b817deb23f0c64215a6b0b1d39cecce6797708f020f9d4adc5b6960 |
| SHA512 | c36dde217502af8600cecd4e0dce11f987c1ab6359508bbbc57b12036d18820313aae1fb6e7f5d2488d5f0999c99457fe3fca16ca768b9e878d6cbe66af635d1 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000f
| MD5 | 23dccd50c1598cf87c321dd0e788e2e4 |
| SHA1 | 4697f41531098e96b97de4ca6626fd86621efb1e |
| SHA256 | 167b5e3d2fc6a069ef986144f71f70ca1ed8c4332846757c8aa4792703420635 |
| SHA512 | 00174629a41be7b3d69e0ef03041aab41adae416c39209934b8a9c3923350010ddf01ce8d37cedd6bd57769796b41ee3c18c1b393726988039b556416c20f676 |
memory/6580-13380-0x0000016F5D3A0000-0x0000016F5D3A1000-memory.dmp
memory/6580-13378-0x0000016F5D3A0000-0x0000016F5D3A1000-memory.dmp
memory/6580-13379-0x0000016F5D3A0000-0x0000016F5D3A1000-memory.dmp
memory/6580-13381-0x0000016F5D3A0000-0x0000016F5D3A1000-memory.dmp
memory/6580-13387-0x0000016F5D3A0000-0x0000016F5D3A1000-memory.dmp
memory/6580-13386-0x0000016F5D3A0000-0x0000016F5D3A1000-memory.dmp
memory/6580-13384-0x0000016F5D3A0000-0x0000016F5D3A1000-memory.dmp
memory/6580-13383-0x0000016F5D3A0000-0x0000016F5D3A1000-memory.dmp
memory/6580-13382-0x0000016F5D3A0000-0x0000016F5D3A1000-memory.dmp
memory/6580-13385-0x0000016F5D3A0000-0x0000016F5D3A1000-memory.dmp
memory/27556-13390-0x000000006E450000-0x000000006F791000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ca22c97b02d85f5d15118be7b4f51aa6 |
| SHA1 | 3d6df331f51552e69d322ac221fcf8e4b8892089 |
| SHA256 | f30c8387bb28572667f3f90772a52cd2e29c792540bb9821ea0a34cfee5d0b68 |
| SHA512 | e6442b062a454951955c4ac4c1aab4a5d01f892798ac3f2ff1ed63daa1bab10ff3329558fd528a989705fecb195691a692a8f2771290e4d4ed6cd4216766e7be |
memory/27556-13412-0x000000006E450000-0x000000006F791000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe5d6350.TMP
| MD5 | 68b20851ccb9834d21fb32615e42bd43 |
| SHA1 | 88fab935f0b9484994097c08f785e9ecb7d68127 |
| SHA256 | a954b528dd65ad6c4c2091fa32f17abdb7a49454ce88e10bb6c377734c70c26f |
| SHA512 | dcb0771120c8fe35213d60e9abf4b242af807324759e3c99e9b2569c00a941d885d53ef6fadfe69e6b740e0b52a6008602605d643801190a2d29175a7d065e15 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json
| MD5 | 602c49f9246967bdcff45b4f43cf2fb0 |
| SHA1 | 4c5796e0c724bbd7a9244cc8a0fc9e8f40181f2d |
| SHA256 | a3ad9649c1038078038be1abd591cdba73b4b4f5cf30e11bb6cb7a432b746114 |
| SHA512 | 2f273c0dd0127071f4c768cfe7277c6efff84c1ef4f4271c1326db3658c84261794b106af3198717f349fbaaaf276163700bbb50ae20fe52ed0a88a192d46f77 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | 04fadd85a84148bbf28e9094e1739f68 |
| SHA1 | d5eb4564ba4cfafdf4040db5d321224d131c57d0 |
| SHA256 | d2b63af889ff7dcbc0b3df52b89e818abc577a741877ae54bfc3388334e56a14 |
| SHA512 | 82d4cc7784ce46dc625f24b675fc3bfc6b7a3af92bc243b2dfca7bfbdc353fc9bacb2adacd93b4473be295ad7988d5237825d00d851fc426792d98e39d4e8163 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe5d638f.TMP
| MD5 | 5dfd58690d48f3c3dab87c6ae7203c44 |
| SHA1 | a1d27ebe767ecebd48a7e63301cb77a63bd8016b |
| SHA256 | 3d2beeb930fab409718d11d96b6bb32a31ebdb118920636a72f91fed55e54a68 |
| SHA512 | 6e464c1c8401ffd7398dd78f142c8601130711780863ad2cc990e444c33fab0b55b86be89bf0f43b686be03c315f4f51050955df333026944f8dc3d87f00ae29 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe5d7254.TMP
| MD5 | 6ef43d869349f17cb378794bf0d6a297 |
| SHA1 | 113710dc57bf532459fea19dca25c8bc60d1d85a |
| SHA256 | 5d7d2133314f1cdaa25bb5d6bab010287a77667bfaba64aa95fec48b3d09d339 |
| SHA512 | 3bb5345679cb5341cd92b9155b9b854089be41304b31375daa73d21d311352cf31a5cd40fe395704ea40346e699c9ea443b642bd5a713d6f14e7539a687c8655 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
| MD5 | b765e7b037363f485dc9cedf7733ae57 |
| SHA1 | 744a860502305e0348f5d8eec8daa9bf6a319def |
| SHA256 | 344341afbd4c36de3ea5b8c7b778b942af0a173c46bd6eefbe3671dc3b7e0d70 |
| SHA512 | 91a3c8b294dca2187a22f4836d40a4726073aa43e5169e1f9c32fcd6d9b34d985e2bc6f7a12589a8e691c479ddcc9fdeaeee8b289661f8c30816cff4a23c5d67 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8ddb6a69c93b4bfbadd2d1c9a0a5b3a7 |
| SHA1 | 081ab13ac6d3fa2b65264c7b6cfeba0997f5a70c |
| SHA256 | 972ed5c1f941c561ad36ef148fb8d50690b2a1520262bd49fe37c141de2f9d22 |
| SHA512 | a8763139ae4abda25a6cd6f4995f0fdec63f23d9d1c9effde75028adb430bea61ce01df414510b88ebbedbfa8defa97fe81be25990c688c15f02930d49263f0e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9f13973e5c3a1a24e75dd6551c9fd6dd |
| SHA1 | e6466249c364279f853c4a4e43db123780b48c47 |
| SHA256 | 75b1536826d98c2f89f34e7004a3ad982b326d816eb4028f912e053713a7bc99 |
| SHA512 | 877ef832c76f53899e9d45d82f87cc76ad1b92230a1b9ac9950ad04f2c913a441af6c42c376a73a6957908a619eee293eabe96d27d5d9edaf161cba0908de353 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f79839852e4e7d6b20cb3e04663c1f60 |
| SHA1 | ab26cb83804780dae3c42e7dc134e47107390085 |
| SHA256 | 4e64a82836d0c0b492858dee955a2998857f1dbb8aa334d47cb38a7f57e0bdcd |
| SHA512 | efe0cda91b8454371e96ca5f542d4b3330cbd692b72f39b014987838e06fd6041ba69fab37ef423b3a45f39081c9edcd93cd10988883e5714da235555bf6fd93 |
memory/27556-13500-0x000000006E450000-0x000000006F791000-memory.dmp
memory/27556-13503-0x000000006E450000-0x000000006F791000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
| MD5 | 6e16a0e00a70defc9c40ae9ece97c9e5 |
| SHA1 | 9772b4012ee94ed05356c98ba7e27e71283211d7 |
| SHA256 | 82c83658c88de47b8e7da9904ca19299fc174763fcee974dd3c087b80b9bd532 |
| SHA512 | 5e3984a7985a21d5644f5b579f32f408b28bfcb4de59764f403e4e10e08085e7b3f099748fa6e22180b6097edb4d8c20b676de182999155b13fdec4fae93367d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 99e1d893bba57182b124a744cf5c1d82 |
| SHA1 | caa9e6f561d703f68c2219e80d2e37ce1207f89f |
| SHA256 | f6833df4b873a1272e0ca35a908d9b31b981d50d46b02aa9bcde622661c837ad |
| SHA512 | 5bd9bfa1522c7d8a46f191f86d6ef4dfdac248f3f58135956051af25b710ae0dab2f68080385cc58fe389bffcbaf30fc19523140937d363215bc967421c665c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9c6fa3a3-ac07-4646-a672-bacac1a69e4c.tmp
| MD5 | 1fdbf346f6d1c03d03a1c61082488096 |
| SHA1 | 45f0098ab39ef518875c82e8854dc88ace56f848 |
| SHA256 | b6461c222110c03ee192e67affec6503b0c3393fbce44792c280c8f8e4c93fc3 |
| SHA512 | 7ad9d7571390fbd65bc6ce77ce1301c5ad2f4b2c59bb6c5d4aac4788cf1de185b38f6bb5f490b9a12f92f7ea47cc13b43dd178eeb866d41a3b314026cddf4297 |
memory/27556-13560-0x000000006E450000-0x000000006F791000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000063
| MD5 | 6e0e667faace18dedd6545595e604e94 |
| SHA1 | 87d9a896c9215a466fab10a435c88dfd4806fbfa |
| SHA256 | f3b3a0b1e5e71579058d7d59b576d9145282f38da4f39ecfaa6391e3010bd885 |
| SHA512 | 7e60c0595b6efaa71a0154b2f6a17450f292783d92c024b4c6229c7cfb577c3336e06bbc8329dc4efae46e3d2a3bbb2473e7ff5ae0d5bc440abfba7ad05a890f |
memory/27556-13612-0x000000006E450000-0x000000006F791000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a22db6d2040049b2af309b1b64e09391 |
| SHA1 | 5d00a442ab177c0bdbe585a57d0e0d5e04fdfa58 |
| SHA256 | fda826881a8948d7c0f84d4ebc77eecdc0040ffa45ba3eb22adacf0badafdbf8 |
| SHA512 | c0253b42a21136d0e5b2cdf3dd7d194264a718171a99eb82b97f3c520828f0114c6974f9d24add606fd7d22a4889e946dc5032b7e7767810c6396bc69ff597bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2dd9b559bc1130ad34fda32175bcbeb2 |
| SHA1 | 5df76f6800f28b6401cc016d4590b60c5c976d23 |
| SHA256 | 96ed7c39d3b0e51c224b358c2568977ca40eb17340ec747f55f2aca4cdb38074 |
| SHA512 | 97b9e77d4c89bea10113ebbae10f84a79633eb0fa69556119b7a80edfeb0556e6182016cda2a4386bac6fdbd39aeabae49c4fb633598c759101568d797ffd3cf |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5e157a.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State
| MD5 | a40ba97a9313665d200c048c5fd731f4 |
| SHA1 | 5820aaf5bab9db0f954d588435004df901d44c9e |
| SHA256 | 8d8a3d98cb37540a5d3ebe59363681fa397ead32b33ff5ac51cdd4e240386f35 |
| SHA512 | d2d2973a5881db138b7b9e49e419eb573161208725c20b40def728dd972b0e9979f876fbbf456234712f7cf9d4652be11d04618c66e2add99603743f19b94287 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json
| MD5 | a1128ca1abfc851cbb6a97a4b4499d54 |
| SHA1 | 9dab90c80ac751b607e342ed2276e333c66d4979 |
| SHA256 | 91956b57ab4bb635985dbd64f8b937bbb7e0a0d2604bec7fcc4fb5ab46c23be9 |
| SHA512 | 4562848faf1f4ae337852793af1295db363a2d206eb43ecf4af78b61897efecaaf6bf42cbf2d2d06c79c9992bd91ca0f03a6a9886b655aab8e370a46148fc997 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5e1fda.TMP
| MD5 | 3c924cf9b3331defcacd5a36654b1799 |
| SHA1 | c65865a59c8d6f828b19c151d2d6fd6cfc45f5ba |
| SHA256 | c5e37fb8e63bd099b3756796c646cec33be3eb5ca0154b4691e004ed0ef33612 |
| SHA512 | 34344d2593a91dd98bdd9963c9c05f7a1408cf974bab90de97c2620db887eb2176b5389fc38de9e461fe13ed4490f4c7e24b560a7768113fb05a05fc3568dce8 |
memory/27556-13654-0x000000006E450000-0x000000006F791000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ac5d891a-8a3e-49c2-a3af-990bfafd6a2f.tmp
| MD5 | 2fa0aa992d3055e5eaf2e3b91e69186a |
| SHA1 | 9d0df852e2d3b9e1b9c4883ffaa39c00eae3df25 |
| SHA256 | f126fb9c02f60e3943b8d6f48bbcc9a1f35aff1b33221ad9523535cf4b819589 |
| SHA512 | d41da6a8e0623d95fa80a11a9d565f0d9d790699fc50c74051ba3ca2c87423ab36815925b43ab657ca431cc75c5cff940919b0883a3a8d1b27520c2b47d55c91 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e89655de3619492d0b174902da00b19d |
| SHA1 | d463a9d38e42ede083a36fa69f80923ce8604d9b |
| SHA256 | cd527842670ed00cc4a159cf3cfb8487bcc8108680530cb68952f474b2e582ce |
| SHA512 | 1d118b05cdb4e0093921e5484293a8724b73aa60543200313ec23c89c83d944d0566f04cb77e66be48ec0d35807fe62b873a126e9bbc3ffcbb872d97100c7d84 |
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | 0e4a9b142fcd28fa418837ccb53ba375 |
| SHA1 | f184fa5277aa80c4dcf979bee7b12560318d0e40 |
| SHA256 | 873093d9c95d678208c5603721904c000c1074c86b13e7e9947669b9f8290b57 |
| SHA512 | bb19041b2219f5aff428444ef8c48c74a174a58032233c87d794c30ff104de729f4b936321a108e6fd5e042ee0d771f9608c1770b32a8a2645867f3c6b098b2d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005f
| MD5 | 98eaf699f517ff88bb2f595bddb2c5d8 |
| SHA1 | eae1d3e4c6e6a8f9636c0efb0a04ecbabe8b63ca |
| SHA256 | 7aa34824dbe8dbfd8011576a365dcd057127406d61702634d69f0240325cc582 |
| SHA512 | 7d9623ca066012a200a01bf48e0617fcfb35cad0efff091bc3b7931e98b72b95df66205cfa904ae9b84d92c9fcea421b366d9ef3023c023488cdabf91b5ef8c5 |
memory/27556-13705-0x000000006E450000-0x000000006F791000-memory.dmp
memory/27556-13706-0x000000006E450000-0x000000006F791000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 43f8a7fb310d8b3ed71dbf2d0bd99517 |
| SHA1 | 10a883dc4558a4dc0a18a66238ddaca4a91de91f |
| SHA256 | 77eb1d83964fae4b1a68a915bfa998c2e417abc48ae31d90ebdfb39f52080150 |
| SHA512 | f138d5142d740b3eeb88005420a1e4731dbfc54c2c2f3ea459ca3c8190c837cf6f54a269f39e7691215147d1d4f815b21e1218e3ba5cb535a60c588630d5ecdf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5b94f38cd5310fb7804699753673dd32 |
| SHA1 | 7fe6a1edf205e3a7487bcd31fae72c5665b70912 |
| SHA256 | 5f466f4ba0088074d46b3c2bd77f770179e7ea80032fd9ffc23ab1e0b0b67bd3 |
| SHA512 | 23cf08479e9d9a029058615f6b0321704a29f05f0d9e2dbefdd63a897264c934670dd059b1d86d738afb406cb386b3790cd2a7df1467e925374a16135b3f7c61 |
memory/27556-13738-0x000000006E450000-0x000000006F791000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | 9a45b4055bfe9256081cabd7d9f8d632 |
| SHA1 | ded8713c726ef7a1689429c0894ed6766d18f44e |
| SHA256 | cbabc87448d69693a3c195c381459f7ab97f7c9f3c87f387ffcbb171ddec2010 |
| SHA512 | 203787a8fc6da4fb40ed9e57f9e19c1adcd8938a7c86ea3ac807cb356cf69ee693a84027f4c26a79c00808c905cf3d45723acf0b51ff9ade6ce207f8a03c8ed1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 35f6b59a4833ac07e911308532929d76 |
| SHA1 | 836ca731d61a289625527bd42b69a6c327709152 |
| SHA256 | f4690f32507c6e5be21c8db3c2c00a1ad5fea4b3ef5bcb27686364e466ad86e9 |
| SHA512 | 9705242496cc86cd033e6350c06647ddf43c320419bd4c5559fb6caac3c8925ae36727b398884332a000bec5fa67796e703425a5dc821d9171f546a5abe75fbe |
memory/27556-13757-0x000000006E450000-0x000000006F791000-memory.dmp
memory/5316-13760-0x000001E4D84B0000-0x000001E4D84B1000-memory.dmp
memory/5316-13759-0x000001E4D84B0000-0x000001E4D84B1000-memory.dmp
memory/5316-13758-0x000001E4D84B0000-0x000001E4D84B1000-memory.dmp
memory/5316-13769-0x000001E4D84B0000-0x000001E4D84B1000-memory.dmp
memory/5316-13768-0x000001E4D84B0000-0x000001E4D84B1000-memory.dmp
memory/5316-13767-0x000001E4D84B0000-0x000001E4D84B1000-memory.dmp
memory/5316-13766-0x000001E4D84B0000-0x000001E4D84B1000-memory.dmp
memory/5316-13765-0x000001E4D84B0000-0x000001E4D84B1000-memory.dmp
memory/5316-13764-0x000001E4D84B0000-0x000001E4D84B1000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
| MD5 | 9dbb685bf84c50d943bb946526c99683 |
| SHA1 | c8e68b6cef8e33563fd1d7830a6039c37aab793b |
| SHA256 | e8d3bb1bb0a588a595f8c09ea51652b23b67d36862aa41e6ef0b6723db9e9121 |
| SHA512 | 742af52d529aae0951bebaebcbc1b894bacdab9299204b8761dfae1165537c992284278c66e8bbfe6e5a2372b888fdb8b261cdab8281c00960c5bfede3e60893 |
memory/27556-13789-0x000000006E450000-0x000000006F791000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | f82e4eeb7105cdd89afc3f10decc8f0c |
| SHA1 | 49a2f94cf01c513a9f9f9f3d073bcd972e4022fb |
| SHA256 | a92affff00cde56f4066f1ad1e84409a768be8dc73e81174df86ad070c3b08eb |
| SHA512 | 2aebad11a78780497d48bfd79d0927fc03133374618355007628cca2443f08cdaa7d48fc89d88ecba3700082f296c7bde92f84a280c3efadf2dc1d4bc99042e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 588d1a1080d4f38245bfff4fe1c36f86 |
| SHA1 | 537dbae09772866d8fb6965b92937daa2035c4f5 |
| SHA256 | f11fe4f03d305b12cc45aa9ad565a86d350bd819740786bff5dd01c05ac10f35 |
| SHA512 | 1e32e4a52e3414115f8a446f13b88c4ba26bbd034d5ec1ba77427ca40dc27b5932cb30e54296b8be4c68aa6053ed7bf750911e00f43a4f14d29e3468600b80e5 |
memory/27556-13808-0x000000006E450000-0x000000006F791000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | e1653a8da16f65f82deec9879261cd91 |
| SHA1 | a93fa8403e8dcd90c3eaa733caf77c7100c2f639 |
| SHA256 | b299a40b777811884ae88cb022a16723b0f083a2cf205000b87a57476b2882bf |
| SHA512 | cfa9850957235b7bed6d3a7c8c8117fade88c35b57001115fb41a37599b472586214d6dc7c7be47c20b37a7f6c23fefa27308181eeac1ce7379ddde6a5d459db |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f9940160ea54aacd6f09ddf6aa059896 |
| SHA1 | 4bf440dae4ce6226c27c5f6edb3e93d32b71d622 |
| SHA256 | 36a86a21a302c37c6bc9b1005ebb5c5073e2563fb292bc6c6356d8765c454435 |
| SHA512 | 4f5fb781e7cda83fb564babff9ef7f000aecbd459565fdb6590c6863ca6b5c9b3b72933c71cf0f7526c03aa5fd0e774d5920db4c69de8fe6f535b552727a57cb |
memory/27556-13847-0x000000006E450000-0x000000006F791000-memory.dmp
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | f25072b9f34f77056817fa68907e8c8f |
| SHA1 | 6edf11d4496abb9e726c65c618acfef750da6962 |
| SHA256 | 9cdedca9a698ea3c419084a4cc53f8aaf670cb26d0d4da68e5f50cd7f644ea35 |
| SHA512 | dd8a2bb28ab96f31e778d1699420a5a5ab141e0b106c101c831e82b00bce0688070b251a29cad4a1a28b9c8c2343bb3cc6544657bea77adc50402e744cddc0f0 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping27612_82134012\manifest.json
| MD5 | 2ff237adbc218a4934a8b361bcd3428e |
| SHA1 | efad279269d9372dcf9c65b8527792e2e9e6ca7d |
| SHA256 | 25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827 |
| SHA512 | bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping27612_82134012\LICENSE
| MD5 | f6719687bed7403612eaed0b191eb4a9 |
| SHA1 | dd03919750e45507743bd089a659e8efcefa7af1 |
| SHA256 | afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59 |
| SHA512 | dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | 06ad83b80474c94aa5d9d6f138868f8e |
| SHA1 | 1631b034d316561858a7f5a7b03cf96f8cc82f18 |
| SHA256 | ed9174293358d286bb22e3d7ae1bd13801cc29e04f75461af82fc316c3cbdbd9 |
| SHA512 | eb0cf2d5720b17a48c101606a5392ae71ab83db9f2a6974c3889ddd9b9416323e9a7a84effe9e6cff0a8b87b0faa760e2e4bc23ab420b58e4ca4b9414a710f7d |
memory/27556-13915-0x000000006E450000-0x000000006F791000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c5760367c32b07026b7543ca90b43fb2 |
| SHA1 | 1ef6e72a4baa4e66a795350704dde251a215a47c |
| SHA256 | e0efb027f984668f724ebd5b908304dadc348b251f2d092aefc2f04868b5d64f |
| SHA512 | 0f6e8b2ffbc86aa72f2a102a6c03f2cfef52a46d53dddfb7be99ba3afc5b34587326c03a42708d9b588ee1cf6ede4c99ea26eb7207d3347593311f225f5ff2d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c32677dce0aa9549054450438003a641 |
| SHA1 | 241f23f3cce1747019232f5fa64dae2ab4f15bd3 |
| SHA256 | 064bb38535616a887db972dbe14fdf083c7b2d4b1ff6e4d88167a874ad7d9d21 |
| SHA512 | dfe3940c9d46f9f7342446f669e40512faac22b5534d4c06e0097738fb8b1da8ce8d9091ed9396e7bf6db85fc64e7374293ba778c4c781b30085e57573a732e3 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json
| MD5 | 1eb430cec635d8a5ae23d40fe38de886 |
| SHA1 | 78fe62640184152098e35876e6bbc21a50888c58 |
| SHA256 | cee3788351177c2c3db56089f9902c3ad760ac814fd77a91f18156cdd0db2e63 |
| SHA512 | c456d0621a84939dc85302a376d109dedf55a7a7639f8ab29c8050f4561a582a423f1e73c3f01f0a1989e05f95fdf80e5e61f615636968b2133cdcd962da8bd3 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | 9a2797eea663304ed0bc9b348d9b8c44 |
| SHA1 | 72ac130778175ce53c84ee1d5435e3459701c73a |
| SHA256 | 818402a8bce9f0ebf050d19945d08b9a8b8aea83dd0fc501d6b64a9df09caa9a |
| SHA512 | 5ac3a3f901f77acfd0507fa241455adc1cb0c78e2b36ca1a79ecc8ce2800d7679e62708f514a2ee16dc9c798646e2b4e1e3939a710689ab5994afdb9ce496353 |
memory/27556-13961-0x000000006E450000-0x000000006F791000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
| MD5 | 83f7221bc57827c23bf96c203ab5cbf6 |
| SHA1 | afbbd55b29f1c8d77bf0b0824b937e7106531c47 |
| SHA256 | 5ec5e2fd5da60f09d65e4b774380dced8a995e8089b9b93359074696c0d75277 |
| SHA512 | e0c0c551961019762db024fe2a6da82cf7af49c7adda12086a7dd7d703ebd88494c11ed975be266b916e4e4d1fa2cc981cf8ff2a28cf7f7d9f84d2f8ee2d72da |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State
| MD5 | cd4ad679235cc4849f45a63de192363e |
| SHA1 | 3a6c1d999a09b79e7adb14f908a342b3065896f6 |
| SHA256 | d5145afdadf9ebe46f51f5dd5df6b33785f9a46246f3473af11d06abd4ce7cb2 |
| SHA512 | fc95628e3ca128f4ebedb2fa1244f9b2cc2036a6d8b57f229a8ba56644356b014f0f16ad73fcf03b503c9bab079767b56ba754976624b6c57af9cd501090b434 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f1c5e89749395283bf81b193869b7076 |
| SHA1 | 480850ae40f53edd6331f594d0b31a9ff55d787e |
| SHA256 | aa9d5708aa54544918ebfcfc7a4f02e51169fd9043fe85286accdbf5e4e86124 |
| SHA512 | 63e03f3c6654ffa88aa1f8cf164836dea3931a066159868b0246ef20d77525bd65093142eebf4260da99bcc536fdd258edc97ee3fe8df46c03d821ddbee5f81b |
memory/27556-13989-0x000000006E450000-0x000000006F791000-memory.dmp
memory/27556-13990-0x000000006E450000-0x000000006F791000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 78f578ddb1d0d1e652764095b60d420d |
| SHA1 | 5be0e1adfc2011662c124ea6bd0dc6690a6b11ab |
| SHA256 | fccee8bc3aef21eb4209a1c3aeae7161a43e818805bb1201840fe6b35c81238e |
| SHA512 | 69b77584c080c2126c33079ea44f3e284002cc09e7aeee6b6e151af3d13780f6268993f40f8639e2f4cd8afbc7421f4dd43db03e6cc691f8057c9b862f445487 |
memory/27556-14000-0x000000006E450000-0x000000006F791000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6e05997a17a95787f4dcaa0ce65ecd70 |
| SHA1 | 577fb7fc20d0436f46eea643e6393c8d580f4b8b |
| SHA256 | 5958be2cfcffb4d86588004646eb6837352a061d64d8271beca05d9ed80a0df4 |
| SHA512 | 6f62501ff483f79d8a0dd25ca746e647f270cd219703df3c6f68e0660c8f95f2e5f72e73a2e7e5eb359d59708ec061aad74acf96236526ba36ae8559a1e22ae6 |
memory/27556-14010-0x000000006E450000-0x000000006F791000-memory.dmp
memory/27556-14011-0x000000006E450000-0x000000006F791000-memory.dmp
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | 283daa92574548175849e1c26f43a034 |
| SHA1 | ddd92123226e3e3f4e08692e65c0a912a8171610 |
| SHA256 | 1422babdda72cfc5c10d85bb392a805b85e0f88b3f2d64449cc96149f8885679 |
| SHA512 | cbdd0b8801378bda9baf30fa4f69448908bece17164319c17f4fa20a3491470f061f37903fe449ab85090aa7d05ea732ac9dc345a962f82dc64be7d19146603b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2598324c8c9083aece10b4acde14b549 |
| SHA1 | 2881f6fa88ad0282a2dfbffbc83b61a680b5a14f |
| SHA256 | a6ae08d1c9f4e380b40b30fdeb037baf61b5f3b81abcc81deb22a743219c912d |
| SHA512 | cef1f6015bcc2dd113126f0ffde584070f87523deae058f7bf4c3fb354e4528333d88b4fb5f277f71a82cd8fd88c3c927c24e83c8fa8ef0ecee94413d1549836 |
memory/27556-14030-0x000000006E450000-0x000000006F791000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000013
| MD5 | 1d95e2bf44ebb318972a0be7f62c2e4f |
| SHA1 | 0a2adf6949449c7e5a35b8618365db84fb822f49 |
| SHA256 | d67b3a4ee9bef0835d20d36f3b16e0a332200b8fa88646db78cf8290ccbf24e6 |
| SHA512 | 00c42870eba476ebbf28ff8978c1db3e957759599fac1a681784736d848bd98cf1d7b7910ce2f1d43b4dcb94504255963ebb762a43790edad19fbb48269fe313 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 83529a612885e55f580f73fb2dcb8b20 |
| SHA1 | 42543272a9de1a24d6c5abf8765cc0155e5ba1de |
| SHA256 | 0216589422838112b23064c68df64fbc76264619f35eaa4b379fed273d397c0e |
| SHA512 | 70fda06885992139840486bd022010514866865a4f26809f88e8b05353fea476ed448f246a8525518b0faf68be138b88b94bc73b70b39ee24041cd6b36f93b21 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | ef685b89bd034850e4987f0b960edea6 |
| SHA1 | ce2279dba64fae9d830ec44f261e977b5e67265a |
| SHA256 | d8b210febfe630107d5ef0028f65caafadf1acaf14534c589bbf57772cc5357a |
| SHA512 | c7e54cb754d50a7cbb5798bf15d8e54ab69ba03e60b320112d1097455e4ddef94151507c7c27a1a33ba06da65d1456252be1da0616736fe8191bc7eadaf82f41 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State
| MD5 | 599817f2a4cfba71e1a72394c65049d0 |
| SHA1 | 73f9f659268598aa5d3ea74a2607b63ad951e195 |
| SHA256 | 90c06760c9888fe8cfb7be14c9be91c9139a64eb0e6cc09f52a062a1b9b16fd3 |
| SHA512 | 1ba9d620f356f3b018828529b7757ac59894c137e88aea31469de233692ba6fb806afde05870547b139e886f162c1b4d24ff393d7777f13d0fdcf15a54434381 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e6e5f585743d4575dbab12948b79f8bc |
| SHA1 | dcf083eb6aed53a0c357faea8b81c4b222a34ab9 |
| SHA256 | d8aaefe33ea4ddb9e0749655655c6742ba90cdd0d2000a5ecbd6e3a716c28c2c |
| SHA512 | bd2604475aaf115d01d80d3241a4c0cc03663df4741901b61a3609d6131d6a74dea088ecf9d86fedb08d079048fafa7c304998684f879762ea9663128ca869c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 07c7bd94671fc5c7eb5b2cbc6534e730 |
| SHA1 | ec3cfd86e5b1f5ac1e973f2e921fdaca2a710e4e |
| SHA256 | d72be7ee1002369ba39f7544cfce7dbc501208bcf2d4065b3aea609fdad97269 |
| SHA512 | d2e491df8d42088f4c0e459e546fe59a0a9b0c73b8999d327527ce844e6583bded1a68049ce936e9fb7b589b15758cf9ae083d97bd3058cbaab32af860cd04fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1c024da58f27ec2a2a5da59ca5cfc058 |
| SHA1 | ece1dece80d2b32804369d8d9a6af908c23c7102 |
| SHA256 | 738a5b1d5f74ea90150e2d55ae65c20577736815efe0e2e6c49ff33a83d85968 |
| SHA512 | 47efd7fb6e7e28875d0ec12a90833582a36ed52d8617baa671e7ddb8465734902eb056e0c074e2c329792ae9d74e102fa1de0466253828199ca1d52c3feb415a |
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | 0f912a0bb9ca57e583465f1015807e1f |
| SHA1 | 445d08aa35c2f68c17c953a2b608ff05254cff68 |
| SHA256 | d6f5034f77133de4af66fa9c8ce99d621540ed92a95eeb317d0c8332303f5a25 |
| SHA512 | bb30a0ba28b4581e4c483d2187bb3610f5768ae47c18532de2202bf44cc848bb87a6c2419ccb7b2130cbda0422d5809df497c16a1fd08e5a48eb10236ee4f4a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 20b2bbc00f06e82dcd002e2a0042fef5 |
| SHA1 | 4db4889bccd3d2d300c6ba9db582877b34454a60 |
| SHA256 | cb4ab2c37bbcf09ef5d6ec73d595f769bded9a362080b3fc2cfefe4eaf354942 |
| SHA512 | fc5d75691445314eac06c3293c048de92d8c90f4dc574520c658a9f3ced1eeece071bdc5315589065317fbb94a160d4d568a5a14db5b052e6ec1c859f86aa903 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 354eaa8e1f9643ecbd6c576046d0ed7d |
| SHA1 | a43bf9b8eb046cda75e5c2d09fbdc23f408f1255 |
| SHA256 | 2b94378423574f23d6b369f68e222edaccdae6b26a5b6fc178bc30f4bf88c891 |
| SHA512 | 26489983fb4155b4d500264201da8dc12593dfff5d534d26c57d7fd0c6e67991d7e04924be12d52814933283726cdff3fc15dfcde5128560845711788a483073 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 155263a1b812f3df370b5be0b974aeef |
| SHA1 | 3a8742ace751621ba0ffa12dd86693e57354e921 |
| SHA256 | 71f41cfaea97b79c695b375bf9d4ab583fb764a7dea445cd7137002a118d7c60 |
| SHA512 | 41e5765e520f056ddac596414d918d1c91b1d8ae3a97585e53fbef73e22d500ebc26313a576404b317fb37c484cecd0998289f8ef20962546444a29612b4159a |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State
| MD5 | 0e83a99121b4de24822e6dd1303d15fe |
| SHA1 | a15a6ae96ebc10881bcb6359cd8aac273529ecc9 |
| SHA256 | 6206743a260b6b691a7ee627b5fee2e1b800b9297cba7f65b486392c4231d807 |
| SHA512 | f7b30c6d3ae56e88d9037367e804531808b21e4583f2397a0c07fa57d796208d26f33ef11df1575a6b3d78d7d928801dd5254667afdeacf8cf4d00f5b3eaa9ea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 410992e4cd78fe0de0676a014558229e |
| SHA1 | af195ff11ef35f4302e0708ae46b1b9d3afca10f |
| SHA256 | 6e2de6a434adf7350a0ee0ce5223652dc6dc6cf30c1981acf512c9a95728670e |
| SHA512 | 1dcd0b46dc90a9368bc05474b15dce1a9096f411c20f0f60e2f6611b315c3893c903b8d2950defd9a32159b06c319d2d60479c9d66053204744ce2f328c8e2ea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fc5a553fe35438e9bb8b70259d56673d |
| SHA1 | 7f77e750a935a7dca33e1247aee3422b77876eb9 |
| SHA256 | ca004630578a6e5ef6b80fbf709bdf4a7636e4c127f2c001374a5d12d5b0f2b6 |
| SHA512 | a5c63a8aabb231af524bbe29f5b0617cdeade42fc25490ae36d1d1b6e03c7b1ed885458c3cb06b0b576b94a0710e1caaa47ded05a125dd9d453e9af042d3beee |
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | e935c805f5148931cb0113082872ccff |
| SHA1 | 3101463dd9792a055e7b853ce6dd6697c18e672d |
| SHA256 | 8dc27cdac8e092b91d60177a9e6a2a0fe0ee0689d236c154cae8dfda8ff14b1c |
| SHA512 | efba2168c3b0d7359e47341a1ca2ada91ec4e44670d69ff2895cbe6cda70e43f33fd8fbfff7f3bf0e1198971827d671f1772d48439e10cba1b0ef7435badd1cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bae0522dc59c18facf5faabed18e94f2 |
| SHA1 | f53d203f03423579d8efb52e376da014af4d6cac |
| SHA256 | 682289495f5f7be3028f9814c6c3f8d522c43fcb810512fd4f96ced2ad2e73df |
| SHA512 | f2fb04f64c36b0aa80597faf03fbf1b44b69fe1506af3d715a9482e85ff47468f1b4356b8439b8f1c92a01c3764708c7209f485bd9713bb56c5d8c6c94eb2746 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 03a6fca61e0b9889b9c3ba4077a69312 |
| SHA1 | d08a2e11d6ab636c80a9822a2880439fae443a7a |
| SHA256 | 3fde776ed91fc3fc3e0c5b8789d1f807e79679084cb158178f42b8be1478a0e2 |
| SHA512 | bbb0c9734387578e53d8009aaf073ebc9bc174ccec7b9ac76c51fd11e9f0d792528487a717a56d880a91d571692dcd160fc19c46355e0eca9b8c8bd321cececf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d801270346fc4d9348311e896ef171f0 |
| SHA1 | 2ea9a721a998f540dcee2ee80951782279a303a1 |
| SHA256 | e857e83b90ffed87f3d468b1bb65a23ba31f55ed0c3d08bc7343684e90129894 |
| SHA512 | 80eb3714adfbaa843604bf82b45e2a389e54581fefb89238198a41e630f57193c08bab91811b794058e2a9c49e81c10343c0f23f2a323e0a1f5f73cd323a29de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 67d618f689d65d9a48099389a531f825 |
| SHA1 | e4491b395d081264da0c5ef4db36a57b33ca7d75 |
| SHA256 | 7cd2271770fcc8b14c8ee3c368fcd9837c523e471793d0d0c077141a12af28a3 |
| SHA512 | 134dde54026e45bfda1fa453654f7f3480a604a5c83ee1a2faff37733fcacc8e95b388a3b47efb37500a65113eaceaf3e5ca50f5a5b6ab8511e1ace650700afb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4326f3111bb7a2ed184c22fa2448e98d |
| SHA1 | 201916fc28e609f1d696184fcbdbfda6cda5225c |
| SHA256 | 23629d4e9d3f38b40c18ecc5fe5acabe4a8915860496334c603a1e9e1ea4dfd8 |
| SHA512 | 55757f02148872dae590a61ddd947d8cab6efc318a883db46b3c027090315e1c496e824a778acc373e4fc71744c4a2f5f7dfe4f1e4471485722491a70e227c7d |
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | a4603c85fb5f9fc3b3559b3c4dd8f5ac |
| SHA1 | 6143a4c6a230c528d2e87e7fe270cdd3657b5f15 |
| SHA256 | 06d5a3bc308b1e10b12602d328cca1c83b0c072d4756bf2ad737ae2931a11386 |
| SHA512 | efd89b342cb4d64e7b5cdf840e7b89c238bb453a2c08238f161fe650e40719d750188958815cb73abdd3df56bca6eb4c745c9f64d515b858ad8a556b0e64afcb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 59b34272d6d2a5e8dcb920379eb8b97a |
| SHA1 | beeec5e39624581f6b299c9830f15b27338e1021 |
| SHA256 | 7d05c25046c13c6fdc2a36cf2fadcdbca8bdd5db340d6d15fcecb51374b31bf4 |
| SHA512 | 66ef0192a51539342100386a36efcf29a26a78f2d89b51c3e83dbc99c76076af20a09696e7066788ce81d0cf10336301dcbc771a3e125335d89868f61217c14b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c68b773a8fa180721a3543009e6a3b84 |
| SHA1 | 9f7f66050a15717b5fafa77d92dd9091baf8400a |
| SHA256 | 15d0e251de5d79b203a930b592f496369967ef67c63e21d9e463233c203eaa5d |
| SHA512 | 18d9ffcff9b5ecbe75106bd59eff65f2af1f82e410ad93d12d6c6261935207a5c915f5e9b23cf305fad999f0e669c4c4f6e2c162035892b7c1b0bb970f7182b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8584e6e6f580c290840774da51d2e9ce |
| SHA1 | f8acc32f81131d517afc5458c690df89c4c926b1 |
| SHA256 | 44e38ff6ae4cdc731021292ea63931a5459d35477ea9acfb320076e99942044a |
| SHA512 | f129d2c4ca8d5e20dd1638fd7fb205495ff9bcfd47e0da04649feeeb54b135d06ed175bc6caf043832c7bc5e0279acf4fd052868dc6a352b859880db6a5ee1b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4c8e2fbdaf56087bdfe9f882a5da6082 |
| SHA1 | 932cfcb805da757bac01024f57f12a5161ee460e |
| SHA256 | cd300ced4be2e8e3af014ca8b7aeff82b1140184c09c25fecb3e09f050806a7b |
| SHA512 | 3e9ce7b9fc2198e62f9997efcf8a2a742242a8d4c0d442287be2e5487176a665a8164ec8a66fce0a942f5c2262e49ea1e66e194ec4edbe5477e94b916460d3b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4c26ca0ab70bc026490b3c71bd5b0e0e |
| SHA1 | 20687ae567481520882d859dbf24243e4e46f14f |
| SHA256 | 7c3e09050aeadd39ac31e617b03235167c81925f07fe071e8e297ad115ba90f3 |
| SHA512 | ea83843947ecfc35fff8697cab3f9112a56e37188a3b6b47f529bd34ac48595180ab04419d7365a7cda433990d0eaa620d2623a1f106aabb8c76fc589d3ac974 |
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | 396cfd6ce74284881967ae2cc9688f59 |
| SHA1 | 7b5e9b7ea9b9502ec458dac6d85cc012bf72dd77 |
| SHA256 | d02d192842a2bbd3567cbfa7ba26986a282f17b754b81f14f84f314aeecbc98e |
| SHA512 | 586ebff4a533825283c2a1d378e18f644f83689d4feb91d64044314335afa61f9b24c8e212e61c0ca85cf838502653fc6b2c10cb545d01549ae5890b48d29737 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dbbd280ee1d1e6d73ed6e15b07251828 |
| SHA1 | 4549cafa01b4e030a6be4c76d5dc080184bff357 |
| SHA256 | a3c37ade2592ff3111b58557aec250af8f0ac875d0b80e1935d33ad14703d524 |
| SHA512 | 69b7d392da9398b18ee0d7735d611d841c67f16c0b5347adeccca3d5b251ad483d3daaacac84f06888705a8d03fd99fa51e9d14c5bce4b24e060103ab85edfee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 722d3a1280747d7e2365af84a627fb05 |
| SHA1 | 02a648756a695d4f8d46a785a2fbdcf135472f17 |
| SHA256 | 951dcd4e0152c1108cfb9eac32732dce926ce610438aec306b5f4df86e79eb15 |
| SHA512 | f188e941737d000b2f15ec0ab95a796903969bfe7f7a6c82099f5b2559d9e67129ad9514d7a11d4364b9c83ef5565d50a983a1f8f507f265339d7ae30a1aff4b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\906f450e-2fd3-4c76-80d7-11707bc3020e.tmp
| MD5 | cd6bc7859a6b739a4b543085c5a77d41 |
| SHA1 | 9f22c6cdf4f0bdb0a1527841960b26a0822a2efd |
| SHA256 | b7e8a26eadb7e5bb9b8c04dd8c64523408d88f8e1a76ec47d1ea9254c6dc2db8 |
| SHA512 | 9addd8812c5315f6f8b68d75cee92be151d4c1afea0d85bf7fd56e0ea88794d448421d2d2fd8dffec2e3d904a89b954e594205f1fa731bd0d5becb1f983f1710 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a268e09f07c70a3ee9281107ee3e27d8 |
| SHA1 | 94d22209cdf28988d03d56e156455d1f3961c3b6 |
| SHA256 | 2c85dbf32b276e5194ab2236fe7b7d4bc3581d466f1190dd1ecf2debfa51637c |
| SHA512 | b8ea76e1f70168b25dce40b3678957540485cd988c3a34bd3f1acd53a10edac0b182327e8ad8827a234a3464db0c756ba1fb66b5323fcbb9d8bdf740a6b8bb2a |
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | 38fb0784ebadb266994ec4564b92a5ed |
| SHA1 | b35b9479199344288aefd9c026abb5ee6a92627b |
| SHA256 | 1bea86bb97d0b42ca3ea1ea7aef271861bd1707eb1cd6915aa5237faa6444754 |
| SHA512 | c3942a6b0863b044b7f3b768aad29868d5138412224e63da091e43fe0c598fbaad28042b9a6759b44dec72fac2de47b273056546dbacb8f65a37fe1942f0b1b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 09fbc04ad5e8884a53ce2bcf4bca1c13 |
| SHA1 | 252d37d89a16d629d5ab8999d0d16d159ff41f7c |
| SHA256 | ad9169788fe02d9e7533c525fe7151de4320fa0720c193ce8f67272e52a64311 |
| SHA512 | c3a3ffac07764ad27333671b33f61f67b4c866322930a3437a939b08e96e723cb5d2fc39747e1840504409ed5f75336d19b57ca5253593a357ffe17d744e9b9d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2c9bb33a555686d93f5ad162310ae500 |
| SHA1 | 7b12292338d8fead896cdc7535add3f6145c4455 |
| SHA256 | 8e6139043141f205d93f75f44faf6fc4e06dbb7ec22d3bdda38467f5e21614b3 |
| SHA512 | ff75e3d9669b833ca9f36075bfa9358134d7163bba550f3442763c4980ccd5a4e747023b97357466453968318bfa0474e0843604164925c3d6cba46789ae0dc1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7c26439673e8b7cef2d6e37c19edc273 |
| SHA1 | b05048c9eaad8e910c95d18c4312f4247b977467 |
| SHA256 | 8529f6e35f9561733d6962c749c44eda8927ece71ab6bd218f2b75416ec4a232 |
| SHA512 | cd9f8e0224789ad4f649f3f610cdfe80b7014b9d60ab6ec4eaeb426fe1cfe8aed41abb4fb57bff2ba97fd747ff542871a9908b1f857dd4b6421d1dea0b216e8a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c99611c5355762b9e35ff33237eb182e |
| SHA1 | fd12820fa9e5158bd4d630a55e44051fe68b6a68 |
| SHA256 | cd6a2d95aa22ee6aad8356faf2b33b20dde4fe8be799d4258f5d93cad2380a81 |
| SHA512 | 0cf7cbaa7bcabea994f520cacebae443a75780159d06c3ecb92ca0604e609980d945c401a0e1a3ea710312c54c44e079b0265acf1dc8f4f5b4b511e0476ca1cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fa4c988c2eb58e3db8d9bc154e1016e4 |
| SHA1 | a784c1d6bbf924adc599f1f3a3b37711e3847e9b |
| SHA256 | d4549f3d25787e30141a617b3c1ffc12e513a4de4fbf772e28b0b82a2bc45bc9 |
| SHA512 | 72facc328570c9fead7596d3669c108c0eb0ad2c1d300dfaaff2ea45155d54fb73a20808bca072e8ac3d8e09b0a0df109be782b9aa892fa0748992edbd86f2c4 |
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | d0caef7f7b9aa89f73edba2464a37455 |
| SHA1 | b6d9822089a710db0db66a0b26ebfd1a83e9048f |
| SHA256 | fbf1716e914f07c797b07c11b66deef8c8771e42af48b11f760a485dc4607368 |
| SHA512 | 34c2e65876edf8babd53073c48538433914e342c1d432bf7cb015af431c5600c22b0e3ad3deac03963d40782efcebf102b79e5985acc92707179094ce2fd2f43 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3056e620acc0df36f0925e06099011b7 |
| SHA1 | effbc610405c4f931041b48c2ab8f62303b0c9bf |
| SHA256 | 556ff6b13f96a027beaca5d950c6b9a45e05ac97120c615f98c4994e4152f948 |
| SHA512 | 263f9af6e7fc98d3808dc727a2a63a4d83ddfe9ec6b4e6a12692313f7bfcc3958d9f05b9c064a23c2208dd8eb629dfe6d696486d01511f45d4de3ec42f4d84f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4c98bba8652639f575a4d1761a7d7b3c |
| SHA1 | 3380dac84625e042181f6cfd3439f9fbc4274abb |
| SHA256 | fbbbf4f40cdcf987f9ba0fd8175db55a9f15fde79478cf1c3114c5c9f63caeb9 |
| SHA512 | 5419f5c44a65612cf455c83d9267853bf3c7c3d9d51d8719ee18d6fb2fbbbf89b15fd609cdc4388cb9e7a21ab17b82c3db7212bdde4c2f3ed43f73b1e841d51c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bd9261160cddfe83c1a12f98c5f2dacf |
| SHA1 | f13a66ed271f8961e3f82659ca66ee66fdcef353 |
| SHA256 | fdbeccfe3ce5870612fa3cb7e197e93ee9587cd807088317a8450472430dc8b4 |
| SHA512 | 710a65b5eb9225965da1f084f183ea537d5e29fb7ac628312035d0d293d1f234a7ab2c92b59c6161c3bf0352fbb3e2f0637fe2549e5e2b707cc466e74919bfef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4e25a7b2fc051bce882ae2da25d95475 |
| SHA1 | 1dfec78a1e36923dad436dcaf977dae83a663f1c |
| SHA256 | 956a45c48aa8ba19aa17f78048de893a769c4be27c95d5ecea17c97a5b9d4cc3 |
| SHA512 | 02ff8cd3e787563ed9f130598125c89f82eb4c99bf97fc5a3e66f2c7e67b2b308749b8679a9e18d22af38bbfa35013e3561a12c361685c41b59a0ad7e1bb1957 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 364777079b9e3d0a9ee158f8608890b7 |
| SHA1 | cb133187b151d1c8d75b34e96ac0864c488919aa |
| SHA256 | c530801d05a9df3e0f42247d5d3c62b422cede2c6013f00c4f8a7e8a8baaf01a |
| SHA512 | 91c3e182cef2a67bc2b016b811108f9d3132eee1b691d7beaca02192b0da0d2460e5223b3448ad5216458d945de4552a2334fc790ff6b04d56a5eab7e6b8679a |
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | c882df34ef59ea49801480f4af2278fc |
| SHA1 | 2b7c3b9b817ebd063091e63a5471f483717e21a2 |
| SHA256 | da1d09bd61125360cc0d734c8cc51b6f0489d3630cced8fc02efdf0d0522fc66 |
| SHA512 | 8b443ec917a949639251abb6b32c9a9e045fb24f5fe24816697d77c0d35c2dfd6420722ab8d4a26ccc94ad6b61977b451dfdf11b8bdf9427d0c49e347ee08f37 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 16a5bf652e003f14e125d33ca714f00a |
| SHA1 | 5e118f434fb2f48832209e77583c95edc2eccedf |
| SHA256 | 51c13dc45e4f77f8d335ffeb9e99696ee9f2ec0fafde6990eeb54195a1a1ed55 |
| SHA512 | bdf65063c3c9f8e98d9c4e4b67b04ac595dd19d8088e3865128515f04e3023421b18faf0a62bc01ea540f3ba9658f3bc899ff3aba537bc3c2584dfb390132ae0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | af3aa91b6b4df1b97aec2c68037ea2fb |
| SHA1 | ddfc894e9b2d3246685adaa755d1fbfe553b375d |
| SHA256 | 3b19eb9f8ab8d518d3be9e573b48a8be50d7f6de3dc86ec6b24691b3a2b7cd99 |
| SHA512 | eeedbe68d66509817fa1513468fe5147aa949ae1931966afc0b845b61d3be6c9ecd8e2d3018dec1eac9c224d266d707543e17c614709a046839e82e86d953b71 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | afa3ad8b67ceeffa71731284b01a56f1 |
| SHA1 | 995f05e71cf2c99523e2556fe722c0ced07415f2 |
| SHA256 | bf5efa929e63b1970fd713d34c70ef1491486939667788e3f5476735c5f246e0 |
| SHA512 | 010aab995b497260cf9bcfa2245e643f92fd2f4ad11dbbca6e19066f645afc3fc86a6e05fdadab948076500280666a3345e77f9a4e999daed60c9b6235a953bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 671b4295492750153500b22a8aa9e8b5 |
| SHA1 | 804d36a3b6c5cd264c3b11072c8d9083041af990 |
| SHA256 | 8c9d25c42013e4524e047c6e432647a475a61d96b18dbcc07e9920d0e141010b |
| SHA512 | ed15f6840f228f49866dc8bdc197395d575a53cd672152e8c5bd94cbdd7efbd0f4cc20fb6e89c31946ea3770e357b4a69a0ba4efdd5d9673695287f95b2dcc2b |
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | a01a4a674c3e410629c85d242e944775 |
| SHA1 | a620757cfb705700bde3373d589b07c53c9b2726 |
| SHA256 | e2741f305eb40e8da1f208b533c2e3ec7ffdbd9fdac092174392b434647cfd9c |
| SHA512 | a6c6a0ceeee1f6b47a3699f9787bac65f6696c3f9e24a7668ac54f178992dd4e9dfa3c8f7c7f130f2374562860daea70b1760cfb2a3901a8146a09de0d8345e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5439f946986488333cec9892a40e9fae |
| SHA1 | 8262ce74543bac751e9e68c9ccb6a186624268b2 |
| SHA256 | 0456fe7f8d4099a35478d4e5c60d4d72238ace4bcfa0cd5834bf06a86a3d9dca |
| SHA512 | b21f791e9eb003f757273ed190abc0a208b9ed69e1df266cc63d77457939cd85044ede196bb6103ad3c481dbef80d20b3d9ab25935b3d8d6fd550fba722dbe4b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b152ade83d2244fae1fe86220ffc800d |
| SHA1 | 9eaa662371a520e23f07dcd0bdc1cb343dce4c88 |
| SHA256 | c4b87692d6a356d05e6698d0cd87eff819d044bcf38b61330f054da392ec3a16 |
| SHA512 | d96f1c940d5b26148b8d9b4ddf8503fef62eb8717b39a5abde11d5e9587c8f96e3d9afbd02cff625b89079f52bbd9bd4e680711cc299f094ba09ef19327ba828 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cae0dca23717c6d0a7cd83574b4fa796 |
| SHA1 | 7ed65426bd09c8aa8d5b0f837ee8340900de876e |
| SHA256 | dcb8033efbadd317abe17ff5ea4603dc4fdbe7d5bbb81f071433ec5dde8241fb |
| SHA512 | ae5f76ae5236ffbe8d7b4243ee203e336692708fd42be10793453fcc0088f67c2f436840cec1fc39b84661a57470f9473fecc96985afe7914c934fba74a5940b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bb568112d8a6f8b2433ea0fe6569677a |
| SHA1 | 11e26d561e1745b27a6f6d12a253cf0b0404336a |
| SHA256 | b4e953f8d3b19e4aa5e9039dc994a19cce39fd013024cb68bcf1492da147420d |
| SHA512 | 457e21a49c019832dd2c4e4529fe93c20cb24210c32ea94f0760456437e46f975126f156aec49bdbf17628f84aede5c065bb9987785efda679d7b911fb3e4f0b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c2dba38af61dea6998c1a852e21954cc |
| SHA1 | 7e85c0c961dfe4eccc52ef6bf1036116fd9b8026 |
| SHA256 | 6754ec2b3902aebbcd501aba5cf8f503f1cc760cbd2d4a1aba3ac4030acb45d1 |
| SHA512 | d5fe16a852e8133676694e0edcd9bb4be396d502d4d8c38962e8083e21720091685c902a30de813223da0fbba67305f3178be55d4e3436a1a977053c7b887bc3 |
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | 5bec5b54402b8711dbe50eeb8331b175 |
| SHA1 | 5b8be5f05cd871c407209deeba771c4a5da13fc5 |
| SHA256 | 4bbe09a41ddf48af92c4a6d3b9079f214197008a8e14e4e597b3ea3ae50c93b7 |
| SHA512 | c59c4637f704dd2d55ade1f6e459cd3be28a42cea24d5900d2a2d568c828de061e617d0bb4aa4eb130ca38b30871506d036327ce31bec61989d7d1e216658e13 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0f7e4eb4eeeb53b60bcfa2208bbc6bf3 |
| SHA1 | 631bd9ee1efa5e5037df769e0ef0ebb5be5548a1 |
| SHA256 | f66192405ff5ad8a6468021494cbd8271b5ce321ea54d59014290d376cfbeb08 |
| SHA512 | b1fc6d9bc67f77cd220007553f54ba35f40246f9e2cd3feeded0ee28fd84545418cd504fff9ee06f16409ec1e8f370634c7122d4aedc52c3e3a51c101ce31d33 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 597feda603d1ca02cc776531bcce7fdf |
| SHA1 | cf12b3f19c4990d3aaf6567028c633feadbe74e0 |
| SHA256 | 2349aabb439c5a88a52152f78b8df33edc491fc4a9878e6e8eadb17003182526 |
| SHA512 | 9ab531df508df511df54d67003736118069830ffe61890dc6bb13c62bec0d1f0497a8360cadebd4669fd41003d816d9dbf20c5f12b7265db83bc9e7f787b00ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 03063808203ff2847d633d76a662926d |
| SHA1 | 430f05f0148f26c83bd68f903f20da33b00dcec2 |
| SHA256 | 14fc7351a075c89e1e95fafb4b6bb33d6701b47004fe38af2e200199db96a9a3 |
| SHA512 | c2ae6df8080864a6ea5371b51efc7531fed79a36a2be65e10285295d0b39ef7ffd71f1bf90ab16fca4308db7c3e448201a91acd2cce2ff2be4d3b6e331b3bfce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2610200cacd5e8c281a44ace28a2ca91 |
| SHA1 | 6436f7a31a37030f205ae25fd1adbdbba0cb6de2 |
| SHA256 | 77a8d0c46a9c6efd53416c3b14671d263c528b9b2aac2130aedf4111c7dccb3b |
| SHA512 | 2c40064a047e0c182ce496c2138a5e70ec19a6b4e2de34fa2313edc80e7c332d75400a073566164e41a36c526b77b2d3effa92143b55672387e4dc6cf48bc02f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ecaf1595ffaf729748dae5681a0da3de |
| SHA1 | 566520b0922e525705da956352a8bc5aa1932073 |
| SHA256 | 8ce3b345c11699f01353fa711a4a86bad45fb3115d05d422b85867f480fff992 |
| SHA512 | 3b0141912505d69fd9304d75197a681fe4b71f15cf50e11d52bb7b2327444e9bb3094d98bddc10271576eeca430c2cefb05f0c06e172ddf408dd8f608a9baef2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 385e035c432d3bcb3c81815333848d45 |
| SHA1 | 96a3d8624f50c132d8b8fa3ac41739d35a1dd3d0 |
| SHA256 | c27436a707687ccebd3266e12e65dcfd0365f1e3eef9bb886b15d20237bc03ce |
| SHA512 | d4439d2d638dbac3d1fb9ce82866e9cfc8aec57844a57bb5faf656719c6a765b86d4476411df9a74a8193f6e61756f9adc3b177ad210b9b173922db721574a1b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3f2c08f9f4b1870e265b7f3565a687ef |
| SHA1 | 55d46ab07ffdcf7a482ea0db75b3ae51fd1c0f63 |
| SHA256 | a57ab3b3e921128e2000388b968b53a640377ff1dcba41fdd62b4473a2204af5 |
| SHA512 | 8502b4bf600721ba2070a9ff494d51df7e26c8c951c75e41c8e13f9d26457138f04471f41fd3fa5481c78652a2e522979e36e8911230d523c2177df78b55c57c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cae114fbf3856e511aeead37d0c4caa8 |
| SHA1 | 2d67d52f6fd88450cd11d8d2d037f8868d47fd83 |
| SHA256 | f354b32f5bea1789806888ca594ba4a360617267d093c3853761230de53d8d0c |
| SHA512 | 78b1e05b6253de85461e21ab8f98d85aca2a387297e8a1724a8a40a888e8b6961500d8e91c3037dabc23bb7d19f80ee2e7f004378e14b4d7533596c359d5bfc6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d5b2dbd08ddbc9a49fe900a79e62755e |
| SHA1 | 1767e4f4374088b224a121daa22b22381f1217c4 |
| SHA256 | 13e48a65a0581dd631333fc5468069a3de4beec27e4e43233141070136eaa1ed |
| SHA512 | 722eca16c8a934378a7f085af8636d8acc3dc22b3bfc1bdf30b1308a7d7e9aa8fbfd4050a0cbcbd0d63996722a96020ac446946c69a3d3b1f6268459b379db85 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 791d38806abfc6d4213a3c1522d9668c |
| SHA1 | ed61b4ea631144e4328a4c2dfde8a97c02fd11fa |
| SHA256 | e5965fe92affb32f0445f6f15fcccda5927785c25bccd2109c2c98e5a01149d6 |
| SHA512 | 73f215d7ce5c8f9e55ba86aaf94533fbcf8bd53cf08ded181e5b8fa815a470156698d0b079acf9c6b6a1ec78e6149d2c98f575a33c0060e1639ec4fcb392ba28 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ceebc258173205888bcb93775e4a1d58 |
| SHA1 | 4d21d0f4d92aef91448bec0680a5bb4daf9d1c8c |
| SHA256 | e3c6e46f8e02ab26799367147cbeb9b57f78133951b32fbe5ee1e3174b86ede0 |
| SHA512 | 52fa9569ee7fa96a54462a1136ab675bf287a2374108c5c9ef29cf1fb5d1cfa5ec496e201a7523dd591148e44842ca7f1ad03ea8b9d0d38b181b91a0e01fd82f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cd509ae902947d21106b1cb7aec293bf |
| SHA1 | 17bd619552ddbb9c81e3dfac8ffd7e501526b19e |
| SHA256 | 2f224bc684610b2ab1d4d9e9e1d67b6d6fbcb1c7e49e70dfd65ae8ab609ad22d |
| SHA512 | fd02cae6c410c311618ce322afeea2c1300502528fcbf7b31805062e32581f7d1e565ca331df3be96fa439a0c97516b802acc3197aadd3a519b94121024cbff9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | db3cff168dbe4559888b749fa0227a6f |
| SHA1 | dcee06fcdaa7fb64cf823c96d88a0883a969f557 |
| SHA256 | 87e15a336a64b4dae26a2cf6b1b5d46b92a946624195405e05952c355fe49a85 |
| SHA512 | 6001e2ac29a02ffbe2f1efb25afc00db426408eb3c4703cc6c839f6662dd1a789e0f26995fa14009fd3d4dc26ccee8eee7050b81f44cb45d7e3c057f7015e00c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4a06cb6fdaa64b02024f1f0fab2a407b |
| SHA1 | 7b855b614b0b7cf015adb0af39ee4ec080be5952 |
| SHA256 | 2afe74da803e0f340575a69235857d9824108afb4859337c4e249bf25ff57b9d |
| SHA512 | ac52d6eb576c698ef83583894c62304323d04d7a1c7c469b8cd8bec1ada1ff4876f72c8dac87c188502d1f3c8be2cbf74aeae2027dfc0739cfeed740bc6d9cad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 528977a7ff77246f7a1f1c85f2ff74dc |
| SHA1 | 9c40c9c7f49df408b37b3d33b76dcf7c0fdbbdca |
| SHA256 | cbd4008dbcccdcd80eac090c8cb4ef4913b0909ba544a977089c8f9fe97d7709 |
| SHA512 | 943d82a8f9686f0fd4f0a45aa52cd5307d6e67a50adcd24d18475f39267ddf38218d62f0b38fc8d74f40bf48451e8c9d74cfa036e7f7abf47a947a3217a679bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ff18f74f41a2139622065559fc68c3d6 |
| SHA1 | f2e00f9d2e239b16296913c1578e65d12b1ebd88 |
| SHA256 | 5067730fa589afbfe5d499896fcba96e92e41548f03c0484a36b2c227d0f6e23 |
| SHA512 | b256ab85f538899abe84ba371b86f00e85993c54cffd0beb6f9701c84d381ed1bd1a5946ccc2eacd374036f8df5d9349fd3b7e04ed684651d596019a673346b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 72112b25a3389ecb505361e1a6ef4aa3 |
| SHA1 | ec63f30a2918f5b627af794a557f79b9aa3e7965 |
| SHA256 | 2eb13af892b029f8e5941c90c37dd26a33676fc1c9652b367f72f085b5d7ae52 |
| SHA512 | 2e11d4e844537e922c8e48a99ae956b1651bab3a2e706d493f24b89afb9f7b2beec38af39fd7bea1396b94f59b5634114086cd1c9b44596ac0d2eda8b859bfe1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4e7d7c5f45991fae2018d3b1061efc52 |
| SHA1 | 4548feb47674102715a40ddf14555e3186c90815 |
| SHA256 | 4ca900ccf9cf668a4ee624b045575ca8b911bd454e17ccb30edd9387731ae068 |
| SHA512 | 25ca034c22e6b913565df786766380ef9029cdcf36c3bb95f5804b3bc3eb40f2884d61aea10f4c1dcb6e13a9503e7e2aeb13f2315eb90bd022a7dc95d8c8ade4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c121e1eec8896fd4cf440d094aec390b |
| SHA1 | 695f2b9f3d09b2ccff6f57ebd52ceb62be6a141f |
| SHA256 | 9712a0dbfefa9de8f5dac7b6db84ec589b8622cdd1f96261c73c6b0c08f9eb5f |
| SHA512 | 01d3a7b11d240b13c56990ab2332d758fb4fe1548dce72b6f8d2754d4db2ade94fc90c4ab608a724ae5a63cef237cdcafad395255e0d0e8dd01e4ebe6c4baac5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f0af6a95d74c3e86b0d73b95805b3cfd |
| SHA1 | 3d20d11c221249b9d69e46d613f90f7083a1d4cc |
| SHA256 | 2dd48a2aa26ac51545dc21f92c41eac33089800ebd440e8d20424f4b1ba8f1be |
| SHA512 | 16d289ac3a3d6d532a87504a07b2f493ba16546c47d607e6c9e99dfb1eb3264c4726c116dc51a0dd6f667d8876fad728d7877de4a667246f8f8402482f5e4588 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1d1396057fd276ad22ad434a5946aab7 |
| SHA1 | 00a8cb32fe93e268b1929cf9cfc6f86848fb0cbf |
| SHA256 | 2f84c54e018b8cd4af8c5cf3f41d62bbca3f137fb7eb03555675b02106075f53 |
| SHA512 | f9824c5735202009a26d134993e8fe480c839ea4b36f3e2bbc14e15b1d1438ae91fee77f3203e2f886bcb6bbac35d9ca6ec441d52ce7633631ad800a31f79758 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a7e25ae4-2f38-4693-94ba-8482414db6f5.tmp
| MD5 | 38e18d54c19a2c25123d1bd9d84978ce |
| SHA1 | c158930fa2676a7d82707be34df79d345d133bae |
| SHA256 | e6cc050218eca8039c9bd5a219bad30ca915a763cdb4ad61ebcda997dcdb584a |
| SHA512 | 3b8fd9da654b67c89fef85db44be55e070b7ff288614de83b353fcc114d32183046ec2141d09ed65a5f575b39888898f3ad412bc5dc9ac171f55d49328504f9c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 80adc62efc7a682912b0eae8d7e9fcb6 |
| SHA1 | 76adb17a24290336a9fbc8e5ecd11650e5b4a026 |
| SHA256 | 76e54dff6eba052fbc1bbec98ebf70ce2a101123e3a708b056a17e90ed5886f6 |
| SHA512 | 932ec08608bbd28f6650183a5ba855a329f37acfcf8a5ec5daa0d557b581712cd404c2267dbfcaa432f7539aa29fe3b1b67474aedb9509e20e20a83137ce4dc3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c46b4122ba855cb99422d5ddf9c66c0f |
| SHA1 | f97fb462076fcc44e5dfc37901e84ff2c6bfaca3 |
| SHA256 | 3f3768c2c6b51d8eda230d739b4dd3533ab59fac02e55909115256b14fb922f4 |
| SHA512 | 16e2fcc54df148856149bf5f6fc503ba07ed14af552e27b9307f3312738ea70f8aa878afeca0025353d4d5caa5e08790f8722835c4b2e5942c8311b7c57ef739 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 60d190dc9911097a4eaea22a1b788d7f |
| SHA1 | 65a94107c2abcde926a919e28bd6876ac02ae3a5 |
| SHA256 | abbf560421178663404100ac2100ba5f1407b44032cd4ee120a8c5597ec6cc16 |
| SHA512 | 99e388277885c2ccd3ca5da8bc1f17b99bcf749dbcb87b36489f39f6c753d3e5532b34f74d4b8a20552c82dafac4f462c397e9a4369e362df7a2c855d221e249 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6f433ba9f91b219491639d3fe686257b |
| SHA1 | fe60c26f8c684dee7517bcb9d27ea242998ac625 |
| SHA256 | 96fd2a58696d97647a7a52df0e1d9d2475b9c30f6d5edf7320f79f62b11d53c1 |
| SHA512 | df5071e7fd9b928bd8bcda77005321ddc8cebab6c5072f6dcdff8d77df6c71b11b1e4bc21438cfaeadc120b093d7346bcabe04e8c16f099d6b2bfcc569e64bfc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 443cb2510deb8cc9932d3bf4197f6e2a |
| SHA1 | f6effc987cf5a3aa29ce3696b097fe5c8a989702 |
| SHA256 | a43127700689cf1538a82a555164d7dba4d0d711e222b0ff132e787a6eff8bc6 |
| SHA512 | 5b7e3f4d4e82d7b321b2cbbd8d7878bf4d3503caa696234c2135fd9a0a8c1345a00b9ba563c1330faf2f06765e6bbff712ce3a70d936deb35154b001785e4478 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 220bd6d8a9f1d4b01052bcf557ee0223 |
| SHA1 | 0b2873ab9036275fef755b0580e0c071a1e93326 |
| SHA256 | f85c43391c31d216a6e193693f3b4d4f3beaf816239686b095732c5285801e61 |
| SHA512 | ace8eab518415f4846e91448ece2f6884f6a1379e1b69eb4e09af01079bc441f2f4f61fb5a7384007bda443426a6518b32c7a4112bc2837abfd74fc6afbdf2d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e5b84b6ffbd01d4d3e486b9e5b7b180f |
| SHA1 | 8234d447cdedeef9bd56fcb199359ccba7f614fa |
| SHA256 | 58d561513a378238d81f4423561981fb74978597895d89665417899e87dbda3e |
| SHA512 | d853b487221e9731a500a1f7282b47286f5502f4aa505f2df994e9c5345fb1bae1af58c4b58a35be1cd5e4322e069f4508fc56ca46baf5b9736557a57ce2182a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 41639ee666534688b24deac6468e37fe |
| SHA1 | 2a3240dec70a9a7590283944dbaad197e5672479 |
| SHA256 | 164a62f62855de3e678980c61bec4503ac84daf1d161864e2525acdd8c7d271f |
| SHA512 | 2db8cb7fe2661fc37ed43626342fe4f76de4981b1feb2327112554305da8d4895703a841c15310d986f8d5a7c1111fc2df107648f9456b392bd8b138f1b0b98c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5beaff1231e70fca5336d723c6e0d091 |
| SHA1 | ce97c8d95953123b586cbcba94511b312f4bdd13 |
| SHA256 | 6086d41fdfb2d9adba9de03ec314a957f73336b9246feda85eb22e1070586213 |
| SHA512 | a4628fa6a8ad1f2c58590afa2a06991431e3e10696f9e8a4c17149653f1129b15cf6fe8ecc75226b02d48c76d2e52fff662f8c666287045ac57e8d5818dadea4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 05076fce1cdc0819a9ec5b4dd71cb293 |
| SHA1 | e2b69fd31719797fde85655ec906af8c3190afbb |
| SHA256 | 87c433a76c2e426d3564c0b0f66284af86afd94241de67fa0018a87b092a22ac |
| SHA512 | 14653eaed418851f3d53d82b40e24f34a02b966c4a4286286afc2dc2de19f81e59dd60a299a0f335b50e0bb868cbfe6c25536a7eb241cbe952f982dda5365ec0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 19f7f128e9b0914dc2611476facc7987 |
| SHA1 | a5a44ac5d63011498ee4b81b64de87f7c3ccfec6 |
| SHA256 | cdb3cfa89d470b8c551655615fa300613a4d0e021a108e6a074e63a6175f97fc |
| SHA512 | 0a90262ac51c6c4cf81f71c4c77f77e9568d0f22306d118cdd4a4edecbd371a0af0d2a05b89f6305c0510715eba15b885a50f9d256bf1870cc87f3ed3763d96f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c63e72a13682014b18ed868b62bb8691 |
| SHA1 | 796beed2b7954b6f914044668f6bdc10ca61f78c |
| SHA256 | af67d0a0e9773008d68902a34f4ac5e4d3d54c579497f6d8a427facefa17161e |
| SHA512 | a18a52270891650650441d2aec9379f4cb64060e62a2a42a265bf769c2dc9c00db98fd669615a0c6adb34f6c25bd705ca8739e1e510f93f562efd48fee3d67a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 370aab3267d41c63d393640e2d52420b |
| SHA1 | dba88e81b710d3977fc9fd24ea81509f09b22528 |
| SHA256 | ab31ec212c3bca6ec0f4e464616bf7330324e45c4ac42436fd5082a7f381ed89 |
| SHA512 | 8de234c9102cde2bff50f3e1751335944792a76f99ca25c186e38eca0b9be3f5fc34a7dde7b3fa6f8fa45a1d9432a140bd80130c218bc04caf63d3fd1d1f89d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 73440e53bddac345b8d9be71d0868930 |
| SHA1 | be137320c6386967173abc1b19c06697412ac905 |
| SHA256 | 3addc0c59a217ceb57ca69f674aed14d3b82031930e6ada9417ed1b0c79380e2 |
| SHA512 | f6848fab07d98b6d210f60369359cd06d6b3f2746a189896af12bc41d09be056dec5918c8b0715f98980eebd0acf02463e270d2783b640a232e9462df658d8af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6aca176b3b19e71d2975eee62b923ff4 |
| SHA1 | 4fd633706cb72f6726c27d71486c53ada89a0f5d |
| SHA256 | ebfb7bac7b5f9adcf19f97fbacc40c035b1f5fa071487c4b4503450079779cd5 |
| SHA512 | 7c8742c574ab85a0f5655f80422f8ac23ad5a489e9039ac3fa76398999a73b3d8ca2942fdc12e77d9c92b0aef7df14f40ac97892930fe1c8b212545115e25a8e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1ba106068471154cc7f659cf58a8cf81 |
| SHA1 | 8e9ff13e507c3c24d18094d82aa2fb18522aa808 |
| SHA256 | 0ecbad4446ea7e70c8df2da4c2e1214580385e17fb1c945e0301c34eee624c69 |
| SHA512 | c5eb38e5fbec6a415d6d8cc68b8b16269d4f0e27f98ad483862d33bdb1ecaa3f55162f06f5eb91b713a160243232d07704140dfd62fa5169ae03298523ac5954 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8b3f274fecdea63f6ea2e24e37878640 |
| SHA1 | f83ec7bfeb7e75aab3349e8285735cc994602da4 |
| SHA256 | f5cae31883226c8202deca1b3a7289d7913569ab0958bb6b795b11a69062f57f |
| SHA512 | 943473991f388b233d3dc0d2775af5c66b47e42c4c1dc3d6a571738b4a6ed301c9768f6c76150118b4828245eca09159ba02258f532ad36a61d4dbc9ec82673e |
Analysis: behavioral26
Detonation Overview
Submitted
2024-11-06 09:02
Reported
2024-11-06 09:35
Platform
win11-20241007-en
Max time kernel
1797s
Max time network
1494s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| N/A | N/A | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| N/A | N/A | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| N/A | N/A | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| N/A | N/A | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\vcredist_x86.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656} | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000 | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257" | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| N/A | N/A | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| N/A | N/A | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| N/A | N/A | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| N/A | N/A | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| N/A | N/A | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| N/A | N/A | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
| N/A | N/A | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1132 wrote to memory of 2168 | N/A | C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\vcredist_x86.exe | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe |
| PID 1132 wrote to memory of 2168 | N/A | C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\vcredist_x86.exe | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe |
| PID 1132 wrote to memory of 2168 | N/A | C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\vcredist_x86.exe | \??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\vcredist_x86.exe
"C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\vcredist_x86.exe"
\??\c:\1bd0bec39972b19d6bfc30eb\Setup.exe
c:\1bd0bec39972b19d6bfc30eb\Setup.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
C:\1bd0bec39972b19d6bfc30eb\Setup.exe
| MD5 | 006f8a615020a4a17f5e63801485df46 |
| SHA1 | 78c82a80ebf9c8bf0c996dd8bc26087679f77fea |
| SHA256 | d273460aa4d42f0b5764383e2ab852ab9af6fecb3ed866f1783869f2f155d8be |
| SHA512 | c603ed6f3611eb7049a43a190ed223445a9f7bd5651100a825917198b50c70011e950fa968d3019439afa0a416752517b1c181ee9445e02da3904f4e4b73ce76 |
\??\c:\1bd0bec39972b19d6bfc30eb\SetupEngine.dll
| MD5 | 84c1daf5f30ff99895ecab3a55354bcf |
| SHA1 | 7e25ba36bcc7deed89f3c9568016ddb3156c9c5a |
| SHA256 | 7a0d281fa802d615ea1207bd2e9ebb98f3b74f9833bba3cb964ba7c7e0fb67fd |
| SHA512 | e4fb7e4d39f094463fdcdc4895ab2ea500eb51a32b6909cec80a526bbf34d5c0eb98f47ee256c0f0865bf3169374937f047bf5c4d6762779c8ca3332b4103be3 |
\??\c:\1bd0bec39972b19d6bfc30eb\sqmapi.dll
| MD5 | 3f0363b40376047eff6a9b97d633b750 |
| SHA1 | 4eaf6650eca5ce931ee771181b04263c536a948b |
| SHA256 | bd6395a58f55a8b1f4063e813ce7438f695b9b086bb965d8ac44e7a97d35a93c |
| SHA512 | 537be86e2f171e0b2b9f462ac7f62c4342beb5d00b68451228f28677d26a525014758672466ad15ed1fd073be38142dae478df67718908eae9e6266359e1f9e8 |
\??\c:\1bd0bec39972b19d6bfc30eb\DHTMLHeader.html
| MD5 | cd131d41791a543cc6f6ed1ea5bd257c |
| SHA1 | f42a2708a0b42a13530d26515274d1fcdbfe8490 |
| SHA256 | e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb |
| SHA512 | a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a |
C:\Users\Admin\AppData\Local\Temp\Setup_20241106_090458509.html
| MD5 | b83b7d0196094cd91dc0b0081d3711ba |
| SHA1 | cd4e7b92f985d0077940c4b985a81b804939f0b2 |
| SHA256 | b8ade83dea0111b400bb6f1d29b4ab3c1df03a8b33cd95bb4c605650151b198b |
| SHA512 | d70ddb8d34df2eb19062a16098d94ddc70f1674583c5175329e3a1dab49e2c0d9075900d6cbccfa2f1546327288c94b17f80283bdb9f78359b612a0be2908309 |
\??\c:\1bd0bec39972b19d6bfc30eb\UiInfo.xml
| MD5 | 812f8d2e53f076366fa3a214bb4cf558 |
| SHA1 | 35ae734cfb99bb139906b5f4e8efbf950762f6f0 |
| SHA256 | 0d36a884a8381778bea71f5f9f0fc60cacadebd3f814679cb13414b8e7dbc283 |
| SHA512 | 1dcc3ef8c390ca49fbcd50c02accd8cc5700db3594428e2129f79feb81e4cbbeef1b4a10628b2cd66edf31a69ed39ca2f4e252ad8aa13d2f793fca5b9a1eaf23 |
\??\c:\1bd0bec39972b19d6bfc30eb\ParameterInfo.xml
| MD5 | 66590f13f4c9ba563a9180bdf25a5b80 |
| SHA1 | d6d9146faeec7824b8a09dd6978e5921cc151906 |
| SHA256 | bf787b8c697ce418f9d4c07260f56d1145ca70db1cc4b1321d37840837621e8f |
| SHA512 | aba67c66c2f3d9b3c9d71d64511895f15f696be8be0eedd2d6908e1203c4b0cf318b366f9f3cd9c3b3b8c0770462f83e6eea73e304c43f88d0cbedf69e7c92b3 |
\??\c:\1bd0bec39972b19d6bfc30eb\1028\LocalizedData.xml
| MD5 | 7fc06a77d9aafca9fb19fafa0f919100 |
| SHA1 | e565740e7d582cd73f8d3b12de2f4579ff18bb41 |
| SHA256 | a27f809211ea1a2d5224cd01101aa3a59bf7853168e45de28a16ef7ed6acd46a |
| SHA512 | 466dcc6a5fb015be1619f5725fa62ca46eb0fb428e11f93fd9d82e5df61c3950b3fb62d4db7746cc4a2be199e5e69eaa30b6f3354e0017cfa14d127fad52f8cf |
\??\c:\1bd0bec39972b19d6bfc30eb\1033\LocalizedData.xml
| MD5 | d642e322d1e8b739510ca540f8e779f9 |
| SHA1 | 36279c76d9f34c09ebddc84fd33fcc7d4b9a896c |
| SHA256 | 5d90345ff74e177f6da8fb6459c1cfcac080e698215ca75feb130d0d1f2a76b9 |
| SHA512 | e1e16ae14bc7cc1608e1a08d3c92b6d0518b5fabd27f2c0eb514c87afc3d6192bf7a793a583afc65f1899f03dc419263b29174456e1ec9ab0f0110e0258e0f0d |
\??\c:\1bd0bec39972b19d6bfc30eb\1031\LocalizedData.xml
| MD5 | b83c3803712e61811c438f6e98790369 |
| SHA1 | 61a0bc59388786ced045acd82621bee8578cae5a |
| SHA256 | 2aa6e8d402e44d9ee895b18195f46bf90259de1b6f44efd46a7075b110f2dcd6 |
| SHA512 | e020f93e3a082476087e690ad051f1feb210e0915924bb4548cc9f53a7ee2760211890eb6036ce9e5e4a311abc0300e89e25efbbb894c2a621ffbc9d64cc8a38 |
\??\c:\1bd0bec39972b19d6bfc30eb\1036\LocalizedData.xml
| MD5 | e382abc19294f779d2833287242e7bc6 |
| SHA1 | 1ceae32d6b24a3832f9244f5791382865b668a72 |
| SHA256 | 43f913ff28d677316f560a0f45221f35f27cfaf5fc5bd645974a82dca589edbf |
| SHA512 | 06054c8048cade36a3af54f9a07fd8fa5eb4f3228790996d2abea7ee1ee7eb563d46bd54ff97441f9610e778194082c44e66c5f566c9c50a042aba9eb9cae25e |
\??\c:\1bd0bec39972b19d6bfc30eb\1040\LocalizedData.xml
| MD5 | 0af948fe4142e34092f9dd47a4b8c275 |
| SHA1 | b3d6dd5c126280398d9055f90e2c2c26dbae4eaa |
| SHA256 | c4c7c0ddaa6d6a3a1dc260e9c5a24bdfaa98c427c69e8a65427dd7cac0a4b248 |
| SHA512 | d97b5fe2553ca78a3019d53e33d2db80c9fa1cf1d8d2501d9ddf0576c7e6ea38dab754fe4712123abf34b97e10b18fb4bbd1c76d3dacb87b4682e501f93423d9 |
\??\c:\1bd0bec39972b19d6bfc30eb\1041\LocalizedData.xml
| MD5 | 7fcfbc308b0c42dcbd8365ba62bada05 |
| SHA1 | 18a0f0e89b36818c94de0ad795cc593d0e3e29a9 |
| SHA256 | 01e7d24dd8e00b5c333e96d1bb83813e02e96f89aad0c2f28f84551d28abbbe2 |
| SHA512 | cd6f912a037e86d9e1982c73f0f8b3c4d5a9a6b5b108a7b89a46e6691e430a7cb55718de9a0c05650bb194c8d4a2e309ad6221d638cfca8e16aa5920881ba649 |
\??\c:\1bd0bec39972b19d6bfc30eb\1042\LocalizedData.xml
| MD5 | 71dfd70ae141f1d5c1366cb661b354b2 |
| SHA1 | c4b22590e6f6dd5d39e5158b831ae217ce17a776 |
| SHA256 | cccda55294aeb4af166a8c0449bca2189ddf5aa9a43d5e939dd3803e61738331 |
| SHA512 | 5000d62f3de41c3fb0ed8a8e9c37dbf4eb427c4f1e3ad3823d4716c6fe62250bac11b7987a302b8a45d91aabcf332457f7aff7d99f15edeffe540639e9440e8a |
\??\c:\1bd0bec39972b19d6bfc30eb\1049\LocalizedData.xml
| MD5 | 0eeb554d0b9f9fcdb22401e2532e9cd0 |
| SHA1 | 08799520b72a1ef92ac5b94a33509d1eddf6caf8 |
| SHA256 | beef0631c17a4fb1ff0b625c50c6cb6c8ce90a1ae62c5e60e14bf3d915ad509c |
| SHA512 | 2180e46a5a2ea1f59c879b729806ca02a232c66660f29c338c1fa7fbee2afa4b13d8777d1f7b63cf831eb42f3e55282d70aa8e53f40616b8a6e4d695c36e313d |
\??\c:\1bd0bec39972b19d6bfc30eb\3082\LocalizedData.xml
| MD5 | 5397a12d466d55d566b4209e0e4f92d3 |
| SHA1 | fcffd8961fb487995543fc173521fdf5df6e243b |
| SHA256 | f124d318138ff084b6484deb354cca0f72296e1341bf01169792b3e060c89e89 |
| SHA512 | 7708f5a2ad3e4c90c4c216600435af87a1557f60caf880a3dd9b5f482e17399af9f0b9de03ff1dbdd210583e0fec5b466e35794ac24d6d37f9bbc094e52fc77b |
\??\c:\1bd0bec39972b19d6bfc30eb\2052\LocalizedData.xml
| MD5 | 52b1dc12ce4153aa759fb3bbe04d01fc |
| SHA1 | bf21f8591c473d1fce68a9faf1e5942f486f6eba |
| SHA256 | d1735c8cfd8e10ba019d70818c19fa865e7c72f30ab6421a3748408f85fb96c3 |
| SHA512 | 418903ae9a7baebf73d055e4774ff1917fbaab9ee7ed8c120c34bb10e7303f6dd7b7dae701596d4626387a30ae1b4d329a9af49b8718b360e2ff619c56c19623 |
\??\c:\1bd0bec39972b19d6bfc30eb\SetupUi.dll
| MD5 | eb881e3dddc84b20bd92abcec444455f |
| SHA1 | e2c32b1c86d4f70e39de65e9ebc4f361b24ff4a1 |
| SHA256 | 11565d97287c01d22ad2e46c78d8a822fa3e6524561d4c02dfc87e8d346c44e7 |
| SHA512 | 5750cec73b36a3f19bfb055f880f3b6498a7ae589017333f6272d26f1c72c6f475a3308826268a098372bbb096b43fbd1e06e93eecc0a81046668228bc179a75 |
\??\c:\1bd0bec39972b19d6bfc30eb\SetupUi.xsd
| MD5 | 2fadd9e618eff8175f2a6e8b95c0cacc |
| SHA1 | 9ab1710a217d15b192188b19467932d947b0a4f8 |
| SHA256 | 222211e8f512edf97d78bc93e1f271c922d5e91fa899e092b4a096776a704093 |
| SHA512 | a3a934a8572ff9208d38cf381649bd83de227c44b735489fd2a9dc5a636ead9bb62459c9460ee53f61f0587a494877cd3a3c2611997be563f3137f8236ffc4ca |
\??\c:\1bd0bec39972b19d6bfc30eb\1033\SetupResources.dll
| MD5 | 9547d24ac04b4d0d1dbf84f74f54faf7 |
| SHA1 | 71af6001c931c3de7c98ddc337d89ab133fe48bb |
| SHA256 | 36d0159ed1a7d88000737e920375868765c0a1dd6f5a5acbb79cf7d97d9e7a34 |
| SHA512 | 8b6048f4185a711567679e2de4789407077ce5bfe72102d3cb1f23051b8d3e6bfd5886c801d85b4e62f467dd12da1c79026a4bc20b17f54c693b2f24e499d40f |
\??\c:\1bd0bec39972b19d6bfc30eb\Strings.xml
| MD5 | 332adf643747297b9bfa9527eaefe084 |
| SHA1 | 670f933d778eca39938a515a39106551185205e9 |
| SHA256 | e49545feeae22198728ad04236e31e02035af7cc4d68e10cbecffd08669cbeca |
| SHA512 | bea95ce35c4c37b4b2e36cc1e81fc297cc4a8e17b93f10423a02b015ddb593064541b5eb7003560fbeee512ed52869a113a6fb439c1133af01f884a0db0344b0 |
memory/2168-97-0x0000000002E50000-0x0000000002E51000-memory.dmp
\??\c:\1bd0bec39972b19d6bfc30eb\graphics\print.ico
| MD5 | 7e55ddc6d611176e697d01c90a1212cf |
| SHA1 | e2620da05b8e4e2360da579a7be32c1b225deb1b |
| SHA256 | ff542e32330b123486797b410621e19eafb39df3997e14701afa4c22096520ed |
| SHA512 | 283d381aa396820b7e15768b20099d67688da1f6315ec9f7938c2fcc3167777502cded0d1beddf015a34cc4e5d045bcb665ffd28ba2fbb6faf50fdd38b31d16e |
\??\c:\1bd0bec39972b19d6bfc30eb\graphics\stop.ico
| MD5 | 5dfa8d3abcf4962d9ec41cfc7c0f75e3 |
| SHA1 | 4196b0878c6c66b6fa260ab765a0e79f7aec0d24 |
| SHA256 | b499e1b21091b539d4906e45b6fdf490d5445256b72871aece2f5b2562c11793 |
| SHA512 | 69a13d4348384f134ba93c9a846c6760b342e3a7a2e9df9c7062088105ac0b77b8a524f179efb1724c0ce168e01ba8bb46f2d6fae39cabe32cab9a34fc293e4a |
\??\c:\1bd0bec39972b19d6bfc30eb\graphics\setup.ico
| MD5 | 3d25d679e0ff0b8c94273dcd8b07049d |
| SHA1 | a517fc5e96bc68a02a44093673ee7e076ad57308 |
| SHA256 | 288e9ad8f0201e45bc187839f15aca79d6b9f76a7d3c9274c80f5d4a4c219c0f |
| SHA512 | 3bde668004ca7e28390862d0ae9903c756c16255bdbb3f7e73a5b093ce6a57a3165d6797b0a643b254493149231aca7f7f03e0af15a0cbe28aff02f0071ec255 |
\??\c:\1bd0bec39972b19d6bfc30eb\graphics\save.ico
| MD5 | 7d62e82d960a938c98da02b1d5201bd5 |
| SHA1 | 194e96b0440bf8631887e5e9d3cc485f8e90fbf5 |
| SHA256 | ae041c8764f56fd89277b34982145d16fc59a4754d261c861b19371c3271c6e5 |
| SHA512 | ab06b2605f0c1f6b71ef69563c0c977d06c6ea84d58ef7f2baecba566d6037d1458c2b58e6bfd70ddef47dccbdea6d9c2f2e46dea67ea9e92457f754d7042f67 |
memory/2168-102-0x0000000002E50000-0x0000000002E51000-memory.dmp
Analysis: behavioral25
Detonation Overview
Submitted
2024-11-06 09:02
Reported
2024-11-06 09:35
Platform
win11-20241007-en
Max time kernel
1467s
Max time network
1492s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | \??\c:\d1be4c58693ed0466e86\Setup.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | \??\c:\d1be4c58693ed0466e86\Setup.exe | N/A |
| N/A | N/A | \??\c:\d1be4c58693ed0466e86\Setup.exe | N/A |
| N/A | N/A | \??\c:\d1be4c58693ed0466e86\Setup.exe | N/A |
| N/A | N/A | \??\c:\d1be4c58693ed0466e86\Setup.exe | N/A |
| N/A | N/A | \??\c:\d1be4c58693ed0466e86\Setup.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\vcredist_x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | \??\c:\d1be4c58693ed0466e86\Setup.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | \??\c:\d1be4c58693ed0466e86\Setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | \??\c:\d1be4c58693ed0466e86\Setup.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | \??\c:\d1be4c58693ed0466e86\Setup.exe | N/A |
| N/A | N/A | \??\c:\d1be4c58693ed0466e86\Setup.exe | N/A |
| N/A | N/A | \??\c:\d1be4c58693ed0466e86\Setup.exe | N/A |
| N/A | N/A | \??\c:\d1be4c58693ed0466e86\Setup.exe | N/A |
| N/A | N/A | \??\c:\d1be4c58693ed0466e86\Setup.exe | N/A |
| N/A | N/A | \??\c:\d1be4c58693ed0466e86\Setup.exe | N/A |
| N/A | N/A | \??\c:\d1be4c58693ed0466e86\Setup.exe | N/A |
| N/A | N/A | \??\c:\d1be4c58693ed0466e86\Setup.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1184 wrote to memory of 4080 | N/A | C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\vcredist_x64.exe | \??\c:\d1be4c58693ed0466e86\Setup.exe |
| PID 1184 wrote to memory of 4080 | N/A | C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\vcredist_x64.exe | \??\c:\d1be4c58693ed0466e86\Setup.exe |
| PID 1184 wrote to memory of 4080 | N/A | C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\vcredist_x64.exe | \??\c:\d1be4c58693ed0466e86\Setup.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\vcredist_x64.exe
"C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\vcredist_x64.exe"
\??\c:\d1be4c58693ed0466e86\Setup.exe
c:\d1be4c58693ed0466e86\Setup.exe
Network
| Country | Destination | Domain | Proto |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
C:\d1be4c58693ed0466e86\Setup.exe
| MD5 | 006f8a615020a4a17f5e63801485df46 |
| SHA1 | 78c82a80ebf9c8bf0c996dd8bc26087679f77fea |
| SHA256 | d273460aa4d42f0b5764383e2ab852ab9af6fecb3ed866f1783869f2f155d8be |
| SHA512 | c603ed6f3611eb7049a43a190ed223445a9f7bd5651100a825917198b50c70011e950fa968d3019439afa0a416752517b1c181ee9445e02da3904f4e4b73ce76 |
\??\c:\d1be4c58693ed0466e86\SetupEngine.dll
| MD5 | 84c1daf5f30ff99895ecab3a55354bcf |
| SHA1 | 7e25ba36bcc7deed89f3c9568016ddb3156c9c5a |
| SHA256 | 7a0d281fa802d615ea1207bd2e9ebb98f3b74f9833bba3cb964ba7c7e0fb67fd |
| SHA512 | e4fb7e4d39f094463fdcdc4895ab2ea500eb51a32b6909cec80a526bbf34d5c0eb98f47ee256c0f0865bf3169374937f047bf5c4d6762779c8ca3332b4103be3 |
C:\d1be4c58693ed0466e86\sqmapi.dll
| MD5 | 3f0363b40376047eff6a9b97d633b750 |
| SHA1 | 4eaf6650eca5ce931ee771181b04263c536a948b |
| SHA256 | bd6395a58f55a8b1f4063e813ce7438f695b9b086bb965d8ac44e7a97d35a93c |
| SHA512 | 537be86e2f171e0b2b9f462ac7f62c4342beb5d00b68451228f28677d26a525014758672466ad15ed1fd073be38142dae478df67718908eae9e6266359e1f9e8 |
\??\c:\d1be4c58693ed0466e86\DHTMLHeader.html
| MD5 | cd131d41791a543cc6f6ed1ea5bd257c |
| SHA1 | f42a2708a0b42a13530d26515274d1fcdbfe8490 |
| SHA256 | e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb |
| SHA512 | a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a |
C:\Users\Admin\AppData\Local\Temp\HFI8619.tmp.html
| MD5 | 7eb5b3f8c2ef12b0b3e97223cf378432 |
| SHA1 | 2f600b54fc828253d7fda828fe79892c05abd66f |
| SHA256 | eb346fb7bcd69ea4589aa095fb1725a08ac360f4ece6feb81f8f5c1c50e8f066 |
| SHA512 | 169d4898e04b75ba790de8075f523ee6e8c178655851d4f42e5452e624c2a562c1155fce707e71476b4abafdd0ceec2308720ecdd370363a50bb682e9250f232 |
\??\c:\d1be4c58693ed0466e86\UiInfo.xml
| MD5 | 812f8d2e53f076366fa3a214bb4cf558 |
| SHA1 | 35ae734cfb99bb139906b5f4e8efbf950762f6f0 |
| SHA256 | 0d36a884a8381778bea71f5f9f0fc60cacadebd3f814679cb13414b8e7dbc283 |
| SHA512 | 1dcc3ef8c390ca49fbcd50c02accd8cc5700db3594428e2129f79feb81e4cbbeef1b4a10628b2cd66edf31a69ed39ca2f4e252ad8aa13d2f793fca5b9a1eaf23 |
\??\c:\d1be4c58693ed0466e86\ParameterInfo.xml
| MD5 | 03e01a43300d94a371458e14d5e41781 |
| SHA1 | c5ac3cd50fae588ff1c258edae864040a200653c |
| SHA256 | 19de712560e5a25c5d67348996e7d4f95e8e3db6843086f52cb7209f2098200a |
| SHA512 | e271d52264ff979ae429a4053c945d7e7288f41e9fc6c64309f0ab805cec166c825c2273073c4ef9ca5ab33f00802457b17df103a06cbc35c54642d146571bbb |
\??\c:\d1be4c58693ed0466e86\1033\LocalizedData.xml
| MD5 | 5486ff60b072102ee3231fd743b290a1 |
| SHA1 | d8d8a1d6bf6adf1095158b3c9b0a296a037632d0 |
| SHA256 | 5ca3ecaa12ca56f955d403ca93c4cb36a7d3dcdea779fc9bdaa0cdd429dab706 |
| SHA512 | ae240eaac32edb18fd76982fc01e03bd9c8e40a9ec1b9c42d7ebd225570b7517949e045942dbb9e40e620aa9dcc9fbe0182c6cf207ac0a44d7358ad33ba81472 |
\??\c:\d1be4c58693ed0466e86\1028\LocalizedData.xml
| MD5 | 12df3535e4c4ef95a8cb03fd509b5874 |
| SHA1 | 90b1f87ba02c1c89c159ebf0e1e700892b85dc39 |
| SHA256 | 1c8132747dc33ccdb02345cbe706e65089a88fe32cf040684ca0d72bb9105119 |
| SHA512 | c6c8887e7023c4c1cbf849eebd17b6ad68fc14607d1c32c0d384f951e07bfaf6b61e0639f4e5978c9e3e1d52ef8a383b62622018a26fa4066eb620f584030808 |
\??\c:\d1be4c58693ed0466e86\1031\LocalizedData.xml
| MD5 | b13ff959adc5c3e9c4ba4c4a76244464 |
| SHA1 | 4df793626f41b92a5bc7c54757658ce30fdaeeb1 |
| SHA256 | 44945bc0ba4be653d07f53e736557c51164224c8ec4e4672dfae1280260ba73b |
| SHA512 | de78542d3bbc4c46871a8afb50fb408a59a76f6ed67e8be3cba8ba41724ea08df36400e233551b329277a7a0fe6168c5556abe9d9a735f41b29a941250bfc4d6 |
\??\c:\d1be4c58693ed0466e86\1036\LocalizedData.xml
| MD5 | 4ce519f7e9754ec03768edeedaeed926 |
| SHA1 | 213ae458992bf2c5a255991441653c5141f41b89 |
| SHA256 | bc4ca5ad609f0dd961263715e1f824524c43e73b744e55f90c703b759cae4d31 |
| SHA512 | 8f2ff08a234d8e2e6ba85de3cd1c19a0b372d9fca4ff0fc1bba7fe7c5a165e933e2af5f93fc587e9230a066b70fb55d9f58256db509cc95a3b31d349f860f510 |
\??\c:\d1be4c58693ed0466e86\1040\LocalizedData.xml
| MD5 | fe6b23186c2d77f7612bf7b1018a9b2a |
| SHA1 | 1528ec7633e998f040d2d4c37ac8a7dc87f99817 |
| SHA256 | 03bbe1a39c6716f07703d20ed7539d8bf13b87870c2c83ddda5445c82953a80a |
| SHA512 | 40c9c9f3607cab24655593fc4766829516de33f13060be09f5ee65578824ac600cc1c07fe71cdd48bff7f52b447ff37c0d161d755a69ac7db7df118da6db7649 |
\??\c:\d1be4c58693ed0466e86\1041\LocalizedData.xml
| MD5 | 6f86b79dbf15e810331df2ca77f1043a |
| SHA1 | 875ed8498c21f396cc96b638911c23858ece5b88 |
| SHA256 | f0f9dd1a9f164f4d2e73b4d23cc5742da2c39549b9c4db692283839c5313e04f |
| SHA512 | ca233a6bf55e253ebf1e8180a326667438e1124f6559054b87021095ef16ffc6b0c87361e0922087be4ca9cabd10828be3b6cc12c4032cb7f2a317fdbd76f818 |
\??\c:\d1be4c58693ed0466e86\1042\LocalizedData.xml
| MD5 | e87ad0b3bf73f3e76500f28e195f7dc0 |
| SHA1 | 716b842f6fbf6c68dc9c4e599c8182bfbb1354dc |
| SHA256 | 43b351419b73ac266c4b056a9c3a92f6dfa654328163814d17833a837577c070 |
| SHA512 | d3ea8655d42a2b0938c2189ceeab25c29939c302c2e2205e05d6059afc2a9b2039b21c083a7c17da1ce5eebdc934ff327a452034e2e715e497bcd6239395774c |
\??\c:\d1be4c58693ed0466e86\1049\LocalizedData.xml
| MD5 | 1290be72ed991a3a800a6b2a124073b2 |
| SHA1 | dac09f9f2ccb3b273893b653f822e3dfc556d498 |
| SHA256 | 6ba9a2e4a6a58f5bb792947990e51babd9d5151a7057e1a051cb007fea2eb41c |
| SHA512 | c0b8b4421fcb2aabe2c8c8773fd03842e3523bf2b75d6262fd8bd952adc12c06541bdae0219e89f9f9f8d79567a4fe4dff99529366c4a7c5bf66c218431f3217 |
\??\c:\d1be4c58693ed0466e86\2052\LocalizedData.xml
| MD5 | 150b5c3d1b452dccbe8f1313fda1b18c |
| SHA1 | 7128b6b9e84d69c415808f1d325dd969b17914cc |
| SHA256 | 6d4eb9dca1cbcd3c2b39a993133731750b9fdf5988411f4a6da143b9204c01f2 |
| SHA512 | a45a1f4f19a27558e08939c7f63894ff5754e6840db86b8c8c68d400a36fb23179caff164d8b839898321030469b56446b5a8efc5765096dee5e8a746351e949 |
\??\c:\d1be4c58693ed0466e86\3082\LocalizedData.xml
| MD5 | 05a95593c61c744759e52caf5e13502e |
| SHA1 | 0054833d8a7a395a832e4c188c4d012301dd4090 |
| SHA256 | 1a3e5e49da88393a71ea00d73fee7570e40edb816b72622e39c7fcd09c95ead1 |
| SHA512 | 00aee4c02f9d6374560f7d2b826503aab332e1c4bc3203f88fe82e905471ec43f92f4af4fc52e46f377e4d297c2be99daf94980df2ce7664c169552800264fd3 |
\??\c:\d1be4c58693ed0466e86\SetupUi.dll
| MD5 | eb881e3dddc84b20bd92abcec444455f |
| SHA1 | e2c32b1c86d4f70e39de65e9ebc4f361b24ff4a1 |
| SHA256 | 11565d97287c01d22ad2e46c78d8a822fa3e6524561d4c02dfc87e8d346c44e7 |
| SHA512 | 5750cec73b36a3f19bfb055f880f3b6498a7ae589017333f6272d26f1c72c6f475a3308826268a098372bbb096b43fbd1e06e93eecc0a81046668228bc179a75 |
\??\c:\d1be4c58693ed0466e86\SetupUi.xsd
| MD5 | 2fadd9e618eff8175f2a6e8b95c0cacc |
| SHA1 | 9ab1710a217d15b192188b19467932d947b0a4f8 |
| SHA256 | 222211e8f512edf97d78bc93e1f271c922d5e91fa899e092b4a096776a704093 |
| SHA512 | a3a934a8572ff9208d38cf381649bd83de227c44b735489fd2a9dc5a636ead9bb62459c9460ee53f61f0587a494877cd3a3c2611997be563f3137f8236ffc4ca |
\??\c:\d1be4c58693ed0466e86\1033\SetupResources.dll
| MD5 | 9547d24ac04b4d0d1dbf84f74f54faf7 |
| SHA1 | 71af6001c931c3de7c98ddc337d89ab133fe48bb |
| SHA256 | 36d0159ed1a7d88000737e920375868765c0a1dd6f5a5acbb79cf7d97d9e7a34 |
| SHA512 | 8b6048f4185a711567679e2de4789407077ce5bfe72102d3cb1f23051b8d3e6bfd5886c801d85b4e62f467dd12da1c79026a4bc20b17f54c693b2f24e499d40f |
\??\c:\d1be4c58693ed0466e86\Strings.xml
| MD5 | 332adf643747297b9bfa9527eaefe084 |
| SHA1 | 670f933d778eca39938a515a39106551185205e9 |
| SHA256 | e49545feeae22198728ad04236e31e02035af7cc4d68e10cbecffd08669cbeca |
| SHA512 | bea95ce35c4c37b4b2e36cc1e81fc297cc4a8e17b93f10423a02b015ddb593064541b5eb7003560fbeee512ed52869a113a6fb439c1133af01f884a0db0344b0 |
memory/4080-97-0x0000000002E60000-0x0000000002E61000-memory.dmp
\??\c:\d1be4c58693ed0466e86\graphics\setup.ico
| MD5 | 3d25d679e0ff0b8c94273dcd8b07049d |
| SHA1 | a517fc5e96bc68a02a44093673ee7e076ad57308 |
| SHA256 | 288e9ad8f0201e45bc187839f15aca79d6b9f76a7d3c9274c80f5d4a4c219c0f |
| SHA512 | 3bde668004ca7e28390862d0ae9903c756c16255bdbb3f7e73a5b093ce6a57a3165d6797b0a643b254493149231aca7f7f03e0af15a0cbe28aff02f0071ec255 |
\??\c:\d1be4c58693ed0466e86\graphics\stop.ico
| MD5 | 5dfa8d3abcf4962d9ec41cfc7c0f75e3 |
| SHA1 | 4196b0878c6c66b6fa260ab765a0e79f7aec0d24 |
| SHA256 | b499e1b21091b539d4906e45b6fdf490d5445256b72871aece2f5b2562c11793 |
| SHA512 | 69a13d4348384f134ba93c9a846c6760b342e3a7a2e9df9c7062088105ac0b77b8a524f179efb1724c0ce168e01ba8bb46f2d6fae39cabe32cab9a34fc293e4a |
\??\c:\d1be4c58693ed0466e86\graphics\print.ico
| MD5 | 7e55ddc6d611176e697d01c90a1212cf |
| SHA1 | e2620da05b8e4e2360da579a7be32c1b225deb1b |
| SHA256 | ff542e32330b123486797b410621e19eafb39df3997e14701afa4c22096520ed |
| SHA512 | 283d381aa396820b7e15768b20099d67688da1f6315ec9f7938c2fcc3167777502cded0d1beddf015a34cc4e5d045bcb665ffd28ba2fbb6faf50fdd38b31d16e |
\??\c:\d1be4c58693ed0466e86\graphics\save.ico
| MD5 | 7d62e82d960a938c98da02b1d5201bd5 |
| SHA1 | 194e96b0440bf8631887e5e9d3cc485f8e90fbf5 |
| SHA256 | ae041c8764f56fd89277b34982145d16fc59a4754d261c861b19371c3271c6e5 |
| SHA512 | ab06b2605f0c1f6b71ef69563c0c977d06c6ea84d58ef7f2baecba566d6037d1458c2b58e6bfd70ddef47dccbdea6d9c2f2e46dea67ea9e92457f754d7042f67 |
Analysis: behavioral15
Detonation Overview
Submitted
2024-11-06 09:02
Reported
2024-11-06 09:34
Platform
win11-20241007-en
Max time kernel
1467s
Max time network
1498s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3856 wrote to memory of 3024 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
| PID 3856 wrote to memory of 3024 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\steam_settings\force_steamid.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\steam_settings\force_steamid.txt
Network
| Country | Destination | Domain | Proto |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-11-06 09:02
Reported
2024-11-06 09:34
Platform
win11-20241007-en
Max time kernel
1474s
Max time network
1490s
Command Line
Signatures
Checks installed software on the system
Drops file in System32 directory
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\OpenAL\oalinst.exe | C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\oalinst.exe | N/A |
| File opened for modification | C:\Program Files (x86)\OpenAL\oalinst.exe | C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\oalinst.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\oalinst.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\oalinst.exe
"C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\oalinst.exe"
Network
| Country | Destination | Domain | Proto |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 54.120.234.20.in-addr.arpa | udp |
Files
C:\Windows\SysWOW64\tmpAA7B.tmp
| MD5 | 694f54bd227916b89fc3eb1db53f0685 |
| SHA1 | 21fdc367291bbef14dac27925cae698d3928eead |
| SHA256 | b8f39714d41e009f75efb183c37100f2cbabb71784bbd243be881ac5b42d86fd |
| SHA512 | 55bc0de75a7f27f11eb8f4ee8c9934dfe1acd044d8b7b2151c506bdcbead3ab179df7023f699c9139c77541bbc4b1c0657e93c34a6bc4309b665c6cb7636a7e5 |
C:\Windows\SysWOW64\OpenAL32.dll
| MD5 | 235355a8dd26903e75d5e812ecf50e53 |
| SHA1 | 8316319341a0f9054e19e4a7b21df3dc49386fee |
| SHA256 | 1797d150a2e23af4f390f5c33eb598c6f58d0454011d74941f5316add900bbdd |
| SHA512 | 5beb9343028790f993d0acb1007fd112b7e2ef6f9fbedfdb62b0140d2bbadf3b6368417ea19edb0bc8674d19418e5784fef4430ce1c329de8e83c304706d39ac |
C:\Windows\SysWOW64\wrap_oal.new
| MD5 | d494267bc169604fac5e3679b9a97fed |
| SHA1 | c093ce5a4f7dc40f7f604945bd1facfb2c805c4b |
| SHA256 | a4e46e6d09c4b0966824a2f6628ebf738e813672692a52a0d63d982e1030ef4f |
| SHA512 | 7cfcfb570ecfa974054b5285c7d6ad3bccf502866ea70789750c3748394cb0991d1fa6dec9c50a506dbc697953663ec2605277a4451098bb8cd6699c4e506040 |
C:\Windows\System32\OpenAL32.new
| MD5 | 2ad7b4f3c8d2bb686d231edff404b7a4 |
| SHA1 | f29676b96d04bd2765925a3834d9babfdce6a0b3 |
| SHA256 | 87802322c8e63555c26fe473ce234ce7099745ccb28c02766c2224c726454039 |
| SHA512 | 51a6c8cfe30e34c37437e6c5f8c602aa0759b65559a82521e2dbcf8a9865b826077854acb6497df6085d67b4c66083ae5f0f192b743a4b6f77ce7b18f01bf528 |
C:\Windows\System32\wrap_oal.new
| MD5 | 549347bcd4aacd63243d78e8f869dbb1 |
| SHA1 | efc00d2a7c5acfe17b8a58023826e6840aef39a6 |
| SHA256 | 5379373cf3eff41cdd8c912c65e27e1bd492bd84238d19a093aa846c9b1ce909 |
| SHA512 | c6789376d05deb8c5050225c37c023055c107a72b49afddfd3f91e7e7429d38db9346e2e5d38986c2000c3828389cfbe5d74d80423a79eebd0367bcc81137cd5 |
Analysis: behavioral23
Detonation Overview
Submitted
2024-11-06 09:02
Reported
2024-11-06 09:34
Platform
win11-20241007-en
Max time kernel
1358s
Max time network
1159s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\{DE82871D-8CA9-42CA-BF4F-4DE1CE8D40CB}\.cr\vcredist_2015-2019_x64.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\{DE82871D-8CA9-42CA-BF4F-4DE1CE8D40CB}\.cr\vcredist_2015-2019_x64.exe | N/A |
Checks installed software on the system
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\vcredist_2015-2019_x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\{DE82871D-8CA9-42CA-BF4F-4DE1CE8D40CB}\.cr\vcredist_2015-2019_x64.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1748 wrote to memory of 2944 | N/A | C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\vcredist_2015-2019_x64.exe | C:\Windows\Temp\{DE82871D-8CA9-42CA-BF4F-4DE1CE8D40CB}\.cr\vcredist_2015-2019_x64.exe |
| PID 1748 wrote to memory of 2944 | N/A | C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\vcredist_2015-2019_x64.exe | C:\Windows\Temp\{DE82871D-8CA9-42CA-BF4F-4DE1CE8D40CB}\.cr\vcredist_2015-2019_x64.exe |
| PID 1748 wrote to memory of 2944 | N/A | C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\vcredist_2015-2019_x64.exe | C:\Windows\Temp\{DE82871D-8CA9-42CA-BF4F-4DE1CE8D40CB}\.cr\vcredist_2015-2019_x64.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\vcredist_2015-2019_x64.exe
"C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\vcredist_2015-2019_x64.exe"
C:\Windows\Temp\{DE82871D-8CA9-42CA-BF4F-4DE1CE8D40CB}\.cr\vcredist_2015-2019_x64.exe
"C:\Windows\Temp\{DE82871D-8CA9-42CA-BF4F-4DE1CE8D40CB}\.cr\vcredist_2015-2019_x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\vcredist_2015-2019_x64.exe" -burn.filehandle.attached=560 -burn.filehandle.self=556
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Windows\Temp\{DE82871D-8CA9-42CA-BF4F-4DE1CE8D40CB}\.cr\vcredist_2015-2019_x64.exe
| MD5 | 843288fd72a1152b50b4e4b7344bb592 |
| SHA1 | 648416c53721a85666abaf71c6682fcc1da70b48 |
| SHA256 | 82c3e3423e48bafcdd726624eb7fd3e00674e50e4b6acdcac408fe8fae43b022 |
| SHA512 | 04b61bb0a6e748ab78b1037db68bc9ec1745bb3efaca0b8fb6d99e01abbe08a67168cbf3f714b72daf00da26084ec6f6f707c3cd08fa8243023e6924719a4e41 |
C:\Windows\Temp\{38B81693-3D30-43AE-B086-27734147D4A2}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
C:\Windows\Temp\{38B81693-3D30-43AE-B086-27734147D4A2}\.ba\logo.png
| MD5 | d6bd210f227442b3362493d046cea233 |
| SHA1 | ff286ac8370fc655aea0ef35e9cf0bfcb6d698de |
| SHA256 | 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef |
| SHA512 | 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b |
Analysis: behavioral6
Detonation Overview
Submitted
2024-11-06 09:02
Reported
2024-11-06 09:35
Platform
win11-20241007-en
Max time kernel
1453s
Max time network
1477s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\godotsteam.x86_64.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-11-06 09:02
Reported
2024-11-06 09:34
Platform
win11-20241007-en
Max time kernel
1463s
Max time network
1479s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3272 wrote to memory of 3696 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
| PID 3272 wrote to memory of 3696 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\steam_settings\steam_appid.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\steam_settings\steam_appid.txt
Network
| Country | Destination | Domain | Proto |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 54.120.234.20.in-addr.arpa | udp |
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-11-06 09:02
Reported
2024-11-06 09:34
Platform
win11-20241007-en
Max time kernel
1494s
Max time network
1502s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\dxwebsetup.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\directx\websetup\dsetup.dll | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\directx\websetup\SET9AAB.tmp | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe | N/A |
| File created | C:\Windows\SysWOW64\directx\websetup\SET9AAB.tmp | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\directx\websetup\dsetup32.dll | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\DirectX\WebSetup | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\directx\websetup\SET9AAA.tmp | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe | N/A |
| File created | C:\Windows\SysWOW64\directx\websetup\SET9AAA.tmp | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\security\logs\scecomp.log | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe | N/A |
| File opened for modification | C:\Windows\Logs\DirectX.log | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\dxwebsetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2292 wrote to memory of 3828 | N/A | C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\dxwebsetup.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe |
| PID 2292 wrote to memory of 3828 | N/A | C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\dxwebsetup.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe |
| PID 2292 wrote to memory of 3828 | N/A | C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\dxwebsetup.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\dxwebsetup.exe
"C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\dxwebsetup.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
Network
| Country | Destination | Domain | Proto |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
| MD5 | eaa6b5ee297982a6a396354814006761 |
| SHA1 | 780bf9a61c080a335e8712c5544fcbf9c7bdcd72 |
| SHA256 | d298fd82a39b2385a742ba1992466e081bea0f49e19ece6b2c87c7c262e1fcee |
| SHA512 | ebdc887b6b334b7560f85ab2ebd29dc1f3a2dedac7f70042594f2a9bc128b6fca0a0e7704318ed69b7acf097e962533b3ce07713ef80e8acfe09374c13302999 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.inf
| MD5 | ad8982eaa02c7ad4d7cdcbc248caa941 |
| SHA1 | 4ccd8e038d73a5361d754c7598ed238fc040d16b |
| SHA256 | d63c35e9b43eb0f28ffc28f61c9c9a306da9c9de3386770a7eb19faa44dbfc00 |
| SHA512 | 5c805d78bafff06c36b5df6286709ddf2d36808280f92e62dc4c285edd9176195a764d5cf0bb000da53ca8bbf66ddd61d852e4259e3113f6529e2d7bdbdd6e28 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dsetup.dll
| MD5 | 0a23038ea472ffc938366ef4099d6635 |
| SHA1 | 6499d741776dc4a446c22ea11085842155b34176 |
| SHA256 | 8f2c455c9271290dcde2f68589cf825f9134beecb7e8b7e2ecbcabeab792280a |
| SHA512 | dcc1c2ea86fd3a7870cd0369fa42f63d493895c546dcdd492ee19079a0d0696d689bbfe7b686d4fa549841896a54e673fc4581b80783d7aa255dfad765b9dc88 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dsetup32.dll
| MD5 | 7672509436485121135c2a0e30b9e9ff |
| SHA1 | f557022a9f42fe1303078093e389f21fb693c959 |
| SHA256 | d7ea3cf1b9b639010005e503877026597a743d1068ae6a453ce77cc202796fea |
| SHA512 | e46ff68c4a532017f8ab15b1e46565508f6285b72c7a1cbe964ed5e75320c8e14587d01fee61b3966f43636bfe74cebd21f7665b4a726281e771cf9230e69863 |
Analysis: behavioral24
Detonation Overview
Submitted
2024-11-06 09:02
Reported
2024-11-06 09:34
Platform
win11-20241023-en
Max time kernel
1466s
Max time network
1478s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\{FEC0A75B-EB65-4C87-80EE-D846D11901A9}\.cr\vcredist_2015-2019_x86.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\{FEC0A75B-EB65-4C87-80EE-D846D11901A9}\.cr\vcredist_2015-2019_x86.exe | N/A |
Checks installed software on the system
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\vcredist_2015-2019_x86.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\{FEC0A75B-EB65-4C87-80EE-D846D11901A9}\.cr\vcredist_2015-2019_x86.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4136 wrote to memory of 1020 | N/A | C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\vcredist_2015-2019_x86.exe | C:\Windows\Temp\{FEC0A75B-EB65-4C87-80EE-D846D11901A9}\.cr\vcredist_2015-2019_x86.exe |
| PID 4136 wrote to memory of 1020 | N/A | C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\vcredist_2015-2019_x86.exe | C:\Windows\Temp\{FEC0A75B-EB65-4C87-80EE-D846D11901A9}\.cr\vcredist_2015-2019_x86.exe |
| PID 4136 wrote to memory of 1020 | N/A | C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\vcredist_2015-2019_x86.exe | C:\Windows\Temp\{FEC0A75B-EB65-4C87-80EE-D846D11901A9}\.cr\vcredist_2015-2019_x86.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\vcredist_2015-2019_x86.exe
"C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\vcredist_2015-2019_x86.exe"
C:\Windows\Temp\{FEC0A75B-EB65-4C87-80EE-D846D11901A9}\.cr\vcredist_2015-2019_x86.exe
"C:\Windows\Temp\{FEC0A75B-EB65-4C87-80EE-D846D11901A9}\.cr\vcredist_2015-2019_x86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\vcredist_2015-2019_x86.exe" -burn.filehandle.attached=580 -burn.filehandle.self=560
Network
| Country | Destination | Domain | Proto |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
Files
C:\Windows\Temp\{FEC0A75B-EB65-4C87-80EE-D846D11901A9}\.cr\vcredist_2015-2019_x86.exe
| MD5 | 2f9d2b6ce54f9095695b53d1aa217c7b |
| SHA1 | 3f54934c240f1955301811d2c399728a3e6d1272 |
| SHA256 | 0009d3f27837c3af3f6fff7973faf07afaa4b53119846f55b6f2a79f1759c757 |
| SHA512 | 692857f960f26039c7b0af6329e65a71e8588ff71eaac6b956bd6e437994a8d5a470c7e75dd776e0772e473967b64d5ea0e1d8396546691316daf4d6b8ccc237 |
C:\Windows\Temp\{34AE5D3A-AE48-49BC-B82A-84AA3140C5D8}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
C:\Windows\Temp\{34AE5D3A-AE48-49BC-B82A-84AA3140C5D8}\.ba\logo.png
| MD5 | d6bd210f227442b3362493d046cea233 |
| SHA1 | ff286ac8370fc655aea0ef35e9cf0bfcb6d698de |
| SHA256 | 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef |
| SHA512 | 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b |
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-06 09:02
Reported
2024-11-06 09:34
Platform
win11-20241007-en
Max time kernel
1389s
Max time network
1156s
Command Line
Signatures
Processes
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\Windowkill\STEAMUNLOCKED » Free Steam Games Pre-installed for PC.url"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-11-06 09:02
Reported
2024-11-06 09:35
Platform
win11-20241007-en
Max time kernel
1461s
Max time network
1493s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 396 wrote to memory of 2700 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
| PID 396 wrote to memory of 2700 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\steam_appid.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\steam_appid.txt
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-11-06 09:02
Reported
2024-11-06 09:34
Platform
win11-20241007-en
Max time kernel
1455s
Max time network
1475s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3600 wrote to memory of 3772 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
| PID 3600 wrote to memory of 3772 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\steam_settings\force_language.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\steam_settings\force_language.txt
Network
| Country | Destination | Domain | Proto |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-11-06 09:02
Reported
2024-11-06 09:35
Platform
win11-20241007-en
Max time kernel
1467s
Max time network
1490s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\discord_game_sdk_binding.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-11-06 09:02
Reported
2024-11-06 09:34
Platform
win11-20241007-en
Max time kernel
1797s
Max time network
1500s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| N/A | N/A | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| N/A | N/A | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| N/A | N/A | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| N/A | N/A | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\dotNetFx40_Full_setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656} | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000 | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257" | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| N/A | N/A | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| N/A | N/A | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| N/A | N/A | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| N/A | N/A | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| N/A | N/A | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| N/A | N/A | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
| N/A | N/A | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\c3afa77bd1f0f5b476320500\Setup.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4896 wrote to memory of 1836 | N/A | C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\dotNetFx40_Full_setup.exe | C:\c3afa77bd1f0f5b476320500\Setup.exe |
| PID 4896 wrote to memory of 1836 | N/A | C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\dotNetFx40_Full_setup.exe | C:\c3afa77bd1f0f5b476320500\Setup.exe |
| PID 4896 wrote to memory of 1836 | N/A | C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\dotNetFx40_Full_setup.exe | C:\c3afa77bd1f0f5b476320500\Setup.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\dotNetFx40_Full_setup.exe
"C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\dotNetFx40_Full_setup.exe"
C:\c3afa77bd1f0f5b476320500\Setup.exe
C:\c3afa77bd1f0f5b476320500\\Setup.exe /x86 /x64 /ia64 /web
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
C:\c3afa77bd1f0f5b476320500\Setup.exe
| MD5 | 006f8a615020a4a17f5e63801485df46 |
| SHA1 | 78c82a80ebf9c8bf0c996dd8bc26087679f77fea |
| SHA256 | d273460aa4d42f0b5764383e2ab852ab9af6fecb3ed866f1783869f2f155d8be |
| SHA512 | c603ed6f3611eb7049a43a190ed223445a9f7bd5651100a825917198b50c70011e950fa968d3019439afa0a416752517b1c181ee9445e02da3904f4e4b73ce76 |
C:\c3afa77bd1f0f5b476320500\SetupEngine.dll
| MD5 | 84c1daf5f30ff99895ecab3a55354bcf |
| SHA1 | 7e25ba36bcc7deed89f3c9568016ddb3156c9c5a |
| SHA256 | 7a0d281fa802d615ea1207bd2e9ebb98f3b74f9833bba3cb964ba7c7e0fb67fd |
| SHA512 | e4fb7e4d39f094463fdcdc4895ab2ea500eb51a32b6909cec80a526bbf34d5c0eb98f47ee256c0f0865bf3169374937f047bf5c4d6762779c8ca3332b4103be3 |
C:\c3afa77bd1f0f5b476320500\sqmapi.dll
| MD5 | 3f0363b40376047eff6a9b97d633b750 |
| SHA1 | 4eaf6650eca5ce931ee771181b04263c536a948b |
| SHA256 | bd6395a58f55a8b1f4063e813ce7438f695b9b086bb965d8ac44e7a97d35a93c |
| SHA512 | 537be86e2f171e0b2b9f462ac7f62c4342beb5d00b68451228f28677d26a525014758672466ad15ed1fd073be38142dae478df67718908eae9e6266359e1f9e8 |
C:\c3afa77bd1f0f5b476320500\DHTMLHeader.html
| MD5 | cd131d41791a543cc6f6ed1ea5bd257c |
| SHA1 | f42a2708a0b42a13530d26515274d1fcdbfe8490 |
| SHA256 | e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb |
| SHA512 | a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a |
C:\Users\Admin\AppData\Local\Temp\HFI7FD0.tmp.html
| MD5 | d3ea98a51e822f916e1f1303d953b513 |
| SHA1 | 272a978bd66a70a07942eccf51bb0bacf9a08c73 |
| SHA256 | 0a9b4c4a0b4a1171b3a8e7e04b78a10d11eff5cece4877cb7650bc0fc1c848a3 |
| SHA512 | 41e91eedfa4302bb2c19ae3d1407029c67062a7492127bcd398d209c513380181fd5ee7892d1bb1cfdd61864b67eabddccd7e78f23773dd7887c4ed6260ba6ae |
C:\c3afa77bd1f0f5b476320500\UiInfo.xml
| MD5 | 8b8b0a935dc591799a0c6d52fdc33460 |
| SHA1 | ce2748bd469aad6e90b06d98531084d00611fb89 |
| SHA256 | 57a9ccb84cae42e0d8d1a29cfe170ac3f27bdcae829d979cddfd5e757519b159 |
| SHA512 | 93009b3045939b65a0c1d25e30a07a772bd73dda518529462f9ce1227a311a4d6fd7595f10b4255cc0b352e09c02026e89300a641492f14df908ad256a3c9d76 |
C:\c3afa77bd1f0f5b476320500\ParameterInfo.xml
| MD5 | 7213da83e0f0b8ae4fea44ae1cb7f62b |
| SHA1 | f2e3fcc77a1ad4d042253bd2e0010bcb40b68ed3 |
| SHA256 | 59e67e4fb46e5490eee63d8b725324f1372720ade7345c74c6138c4a76ea73d9 |
| SHA512 | 86186ab0f2cb38e520dd1284042eced157f96874846eb9061be9cf56b84a1cab5901a4879e105a8b04b336bbc43b03f4bdf198d43af868be188602347db829e0 |
C:\c3afa77bd1f0f5b476320500\1033\LocalizedData.xml
| MD5 | 326518603d85acd79a6258886fc85456 |
| SHA1 | f1cef14bc4671a132225d22a1385936ad9505348 |
| SHA256 | 665797c7840b86379019e5a46227f888fa1a36a593ea41f9170ef018c337b577 |
| SHA512 | f8a514efd70e81d0f2f983282d69040bca6e42f29aa5df554e6874922a61f112e311ad5d2b719b6ca90012f69965447fb91e8cd4103efb2453ff160a9062e5d3 |
C:\c3afa77bd1f0f5b476320500\3082\LocalizedData.xml
| MD5 | 2d54fe70376db0218e8970b28c1c4518 |
| SHA1 | 83ee9ac93142751f23d5bb858f7264e27ea2eab0 |
| SHA256 | d17c5b638e2a4d43212d21a2052548c8d4909eb6410e30b8a951a292bcdbbedd |
| SHA512 | 20c0fb9a046911bc2d702ab321c3992262ac0f80f33ddda5ec2ccafe9ef07611774223369e0dc7cb91c9cda1cbd65c598a7e1c914d6e6ca4b00205a16411be30 |
C:\c3afa77bd1f0f5b476320500\3076\LocalizedData.xml
| MD5 | 967a6d769d849c5ed66d6f46b0b9c5a4 |
| SHA1 | c0ff5f094928b2fa8b61e97639c42782e95cc74f |
| SHA256 | 0bc010947bff6ec1ce9899623ccfdffd702eee6d2976f28d9e06cc98a79cf542 |
| SHA512 | 219b13f1beeb7d690af9d9c7d98904494c878fbe9904f8cb7501b9bb4f48762f9d07c3440efa0546600ff62636ac34cb4b32e270cf90cb47a9e08f9cb473030c |
C:\c3afa77bd1f0f5b476320500\2070\LocalizedData.xml
| MD5 | 7fa9926a4bc678e32e5d676c39f8fb97 |
| SHA1 | bba4311dd30261a9b625046f8a6ea215516c9213 |
| SHA256 | a25ee75c78c24c50440ad7de9929c6a6e1cc0629009dc0d01b90cbac177dd404 |
| SHA512 | e06423bc1ea50a566d341dc513828608e9b6611fea81d33fca471a38f6b2b61b556ea07a5dec0830f3e87194975d87f267a5e5e1a2be5e6a86b07c5bb2bddcb6 |
C:\c3afa77bd1f0f5b476320500\2052\LocalizedData.xml
| MD5 | 10da125eeabcbb45e0a272688b0e2151 |
| SHA1 | 6c4124ec8ca2d03b5187ba567c922b6c3e5efc93 |
| SHA256 | 1842f22c6fd4caf6ad217e331b74c6240b19991a82a1a030a6e57b1b8e9fd1ec |
| SHA512 | d968abd74206a280f74bf6947757cca8dd9091b343203e5c2269af2e008d3bb0a17ff600eb961dbf69a93de4960133ade8d606fb9a99402d33b8889f2d0da710 |
C:\c3afa77bd1f0f5b476320500\1055\LocalizedData.xml
| MD5 | 65e771fed28b924942a10452bbbf5c42 |
| SHA1 | 586921b92d5fb297f35effc2216342dac1ae2355 |
| SHA256 | 45e30569a756d9bcbc5f9dae78bda02751fd25e1c0aee471ce112cb4464a6ee2 |
| SHA512 | d014a2a96f3a5c487ef1caddd69599dbec15da5ad689d68009f1ca4d5cb694105a7903f508476d6ffec9d81386cb184df6fc428d34f056190cee30715514a8f7 |
C:\c3afa77bd1f0f5b476320500\1053\LocalizedData.xml
| MD5 | b3b1a89458bec6af82c5386d26639b59 |
| SHA1 | d9320b8cc862f40c65668a40670081079b63cea1 |
| SHA256 | 1ef312e8be9207466fbfdecee92bfc6c6b7e2da61979b0908eaf575464e7b7a0 |
| SHA512 | 478ce08619490ed1ecdd8751b5f60da1ee4ac0d08d9a97468c3f595ac4376feca59e9c72dd9c83b00c8d78b298be757c6f24a422b7be8c041f780524844998bf |
C:\c3afa77bd1f0f5b476320500\1049\LocalizedData.xml
| MD5 | 349b52a81342a7afb8842459e537ecc6 |
| SHA1 | 6268343e82fbbabe7618bd873335a8f9f84ed64d |
| SHA256 | 992bf5aeb06aa3701d50c23fa475b4b86d8997383c9f0e3425663cfbd6b8a2a5 |
| SHA512 | ef4cbd3f7f572a9f146a524cfbc2efbd084e6c70a65b96a42339adc088e3f0524bc202548340969481e7f3df3ac517ac34b200b56a3b9957802abd0efa951c49 |
C:\c3afa77bd1f0f5b476320500\1046\LocalizedData.xml
| MD5 | a03d2063d388fc7a1b4c36d85efa5a1a |
| SHA1 | 88bd5e2ff285ee421ccc523f7582e05a8c3323f8 |
| SHA256 | 61d8339e89a9e48f8ae2d929900582bb8373f08d553ec72d5e38a0840b47c8a3 |
| SHA512 | 3a219f36e57d90ca92e9faec4dfd34841c2c9244da4fe7e1d70608dde7857aa36325bdb46652a42922919f782bb7c97f567e69a9fc51942722b8fd66cd4ecaf0 |
C:\c3afa77bd1f0f5b476320500\1045\LocalizedData.xml
| MD5 | bdb583c7a48f811be3b0f01fcea40470 |
| SHA1 | e8453946a6b926e4f4ae5b02ba1d648daf23e133 |
| SHA256 | 611b7b7352188adffd6380b9c8a85b8ff97c09a1c293bb7ac0ef5478a0e18ac8 |
| SHA512 | 27b02226f8f86ca4d00789317c79e8ca0089f5b910bed14aa664eeab6be66e98de3bafd7670c895d70ab9c34ece5f05199f3556fddc1b165904e3432a51c008d |
C:\c3afa77bd1f0f5b476320500\1044\LocalizedData.xml
| MD5 | 120104fa24709c2a9d8efc84ff0786cd |
| SHA1 | b513fa545efae045864d8527a5ec6b6cebe31bb9 |
| SHA256 | 516525636b91c16a70aef8d6f6b424dc1ee7f747b8508b396ee88131b2bb0947 |
| SHA512 | 1ea8eb2be9d5f4ef6f1f2c0d90cb228a9bb58d7143ccafe77e18ce52ec4aca25dde0ba18430fd4d3d7962d079ccbe7e2552b2c7090361e03c6fdfb7c2b9c7325 |
C:\c3afa77bd1f0f5b476320500\1043\LocalizedData.xml
| MD5 | 6506b4e64ebf6121997fa227e762589f |
| SHA1 | 71bc1478c012d9ec57fc56a5266dd325b7801221 |
| SHA256 | 415112ae783a87427c2fadd7b010ade4f1a7c23b27e4b714b7b507c16b572a1c |
| SHA512 | 39024ea9d42352f7c1bd6fefe0574054eceb4059f773cfaeb26c42faada2540ae95fb34718d30ccb6da157d2597f80d12a024461fbd0e8d510431ba6ffa81ec2 |
C:\c3afa77bd1f0f5b476320500\1042\LocalizedData.xml
| MD5 | 78c16da54542c9ed8fa32fed3efaf10d |
| SHA1 | ad8cfe972c8a418c54230d886e549e00c7e16c40 |
| SHA256 | e3e3a2288ff840ab0e7c5e8f7b4cfb1f26e597fb17cfc581b7728116bd739ed1 |
| SHA512 | d9d7bb82a1d752a424bf81be3d86abea484acbb63d35c90a8ee628e14cf34a7e8a02f37d2ea82aa2ce2c9aa4e8416a7a6232c632b7655f2033c4aaab208c60bf |
C:\c3afa77bd1f0f5b476320500\1041\LocalizedData.xml
| MD5 | 64ffa6ff8866a15aff326f11a892bead |
| SHA1 | 378201477564507a481ba06ea1bc0620b6254900 |
| SHA256 | 7570390094c0a199f37b8f83758d09dd2cecd147132c724a810f9330499e0cbf |
| SHA512 | ea5856617b82d13c9a312cb4f10673dbc4b42d9ac5703ad871e8bdfcc6549e262e61288737ab8ebcf77219d24c0822e7dacf043d1f2d94a97c9b7ec0a5917ef2 |
C:\c3afa77bd1f0f5b476320500\1040\LocalizedData.xml
| MD5 | eda1ec689d45c7faa97da4171b1b7493 |
| SHA1 | 807fe12689c232ebd8364f48744c82ca278ea9e6 |
| SHA256 | 80faa30a7592e8278533d3380dcb212e748c190aaeef62136897e09671059b36 |
| SHA512 | 8385a5de4eb6b38169dd1eb03926bc6d4604545801f13d99cee3acede3d34ec9f9d96b828a23ae6246809dc666e67f77a163979679956297533da40f9365bf2c |
C:\c3afa77bd1f0f5b476320500\1038\LocalizedData.xml
| MD5 | 89d4356e0f226e75ca71d48690e8ec15 |
| SHA1 | 2336caa971527977f47512bc74e88cec3f770c7d |
| SHA256 | fcbb619deb2d57b791a78954b0342dbb2fef7ddd711066a0786c8ef669d2b385 |
| SHA512 | fa03d55a4aafe94cbf5c134a65bd809fc86c042bc1b8ffbc9a2a5412eb70a468551c05c44b6ce81f638df43cca599aa1dd6f42f2df3012c8a95a3612df7c821e |
C:\c3afa77bd1f0f5b476320500\1037\LocalizedData.xml
| MD5 | 16e6416756c1829238ef1814ebf48ad6 |
| SHA1 | c9236906317b3d806f419b7a98598dd21e27ad64 |
| SHA256 | c0ee256567ea26bbd646f019a1d12f3eced20b992718976514afa757adf15dea |
| SHA512 | aa595ed0b3b1db280f94b29fa0cb9db25441a1ef54355abf760b6b837e8ce8e035537738e666d27dd2a8d295d7517c325a5684e16304887ccb17313ca4290ce6 |
C:\c3afa77bd1f0f5b476320500\1036\LocalizedData.xml
| MD5 | 1dad88faed661db34eef535d36563ee2 |
| SHA1 | 0525b2f97eddbd26325fddc561bf8a0cda3b0497 |
| SHA256 | 9605468d426bcbbe00165339d84804e5eb2547bfe437d640320b7bfef0b399b6 |
| SHA512 | ccd0bffbf0538152cccd4b081c15079716a5ff9ad04cee8679b7f721441f89eb7c6f8004cff7e1dde9188f5201f573000d0c078474edf124cfa4c619e692d6bc |
C:\c3afa77bd1f0f5b476320500\1035\LocalizedData.xml
| MD5 | 1aa252256c895b806e4e55f3ea8d5ffb |
| SHA1 | 0322ee94c3d5ea26418a2fea3f7e62ec5d04b81d |
| SHA256 | 8a68b3b6522c30502202ecb8d16ae160856947254461ac845b39451a3f2db35f |
| SHA512 | ce57784892c0be55a00ced0adc594a534d8a40819790ca483a29b6cd544c7a75ae4e9bde9b6dc6de489ceceb7883b7c2ea0e98a38fcc96d511157d61c8aa3e63 |
C:\c3afa77bd1f0f5b476320500\1032\LocalizedData.xml
| MD5 | 3bf8da35b14fbcc564e03f6342bb71f2 |
| SHA1 | 8f9139f0bb813bf95f8c437548738d32848d8940 |
| SHA256 | 39efe12c689edfea041613b0e4d6ec78afec8fe38a0e4adc656591ffef8f415d |
| SHA512 | 31b050647ba4bd0c2762d77307e1ed2a324e9b152c06ed496b86ea063cdc18bf2bb1f08d2e9b4af3429a2bc333d7891338d7535487c83495304a5f78776dbc03 |
C:\c3afa77bd1f0f5b476320500\1031\LocalizedData.xml
| MD5 | 8505219c0a8d950ff07dc699d8208309 |
| SHA1 | 7a557356c57f1fa6d689ea4c411e727438ac46df |
| SHA256 | c48986cdb7fe3401234e0a6540eb394c1201846b5beb1f12f83dc6e14674873a |
| SHA512 | 7bcdad0cb4b478068434f4ebd554474b69562dc83df9a423b54c1701ca3b43c3b92de09ee195a86c0d244aa5ef96c77b1a08e73f1f2918c8ac7019f8df27b419 |
C:\c3afa77bd1f0f5b476320500\1030\LocalizedData.xml
| MD5 | 69925e463a6fedce8c8e1b68404502fb |
| SHA1 | 76341e490a432a636ed721f0c964fd9026773dd7 |
| SHA256 | 5f370d2ccdd5fa316bce095bf22670123c09de175b7801d0a77cdb68174ac6b7 |
| SHA512 | 5f61abec49e1f9cc44c26b83aa5b32c217ebeba63ed90d25836f51f810c59f71ec7430dc5338efba9be720f800204891e5ab9a5f5ec1ff51ef46c629482e5220 |
C:\c3afa77bd1f0f5b476320500\1029\LocalizedData.xml
| MD5 | 0b6ed582eb557573e959e37ebe2fca6a |
| SHA1 | 82c19c7eafb28593f453341eca225873fb011d4c |
| SHA256 | 8a0da440261940ed89bad7cd65bbc941cc56001d9aa94515e346d57b7b0838fc |
| SHA512 | aba3d19f408bd74f010ec49b31a2658e0884661d2efda7d999558c90a4589b500570cc80410ba1c323853ca960e7844845729fff708e3a52ea25f597fad90759 |
C:\c3afa77bd1f0f5b476320500\1025\LocalizedData.xml
| MD5 | c5bf74c96a711b3f7004ca6bddecc491 |
| SHA1 | 4c4d42ff69455f267ce98f1db8f2c5d76a1046da |
| SHA256 | 6b67c8a77c1a637b72736595afdf77bdb3910aa9fe48d959775806a0683ffa66 |
| SHA512 | 2f2071bf9966bffe64c90263f4b9bd5efcac4f976c4e42fbdeaa5d6a6dee51c33f4902cf5e3d0897e1c841e9182e25c86d42e392887bc3ce3d9ed3d780d96ac9 |
C:\c3afa77bd1f0f5b476320500\SplashScreen.bmp
| MD5 | 0966fcd5a4ab0ddf71f46c01eff3cdd5 |
| SHA1 | 8f4554f079edad23bcd1096e6501a61cf1f8ec34 |
| SHA256 | 31c13ecfc0eb27f34036fb65cc0e735cd444eec75376eea2642f926ac162dcb3 |
| SHA512 | a9e70a2fb5a9899acf086474d71d0e180e2234c40e68bcadb9bf4fe145774680cb55584b39fe53cc75de445c6bf5741fc9b15b18385cbbe20fc595fe0ff86fce |
C:\c3afa77bd1f0f5b476320500\SetupUi.dll
| MD5 | eb881e3dddc84b20bd92abcec444455f |
| SHA1 | e2c32b1c86d4f70e39de65e9ebc4f361b24ff4a1 |
| SHA256 | 11565d97287c01d22ad2e46c78d8a822fa3e6524561d4c02dfc87e8d346c44e7 |
| SHA512 | 5750cec73b36a3f19bfb055f880f3b6498a7ae589017333f6272d26f1c72c6f475a3308826268a098372bbb096b43fbd1e06e93eecc0a81046668228bc179a75 |
C:\c3afa77bd1f0f5b476320500\1033\SetupResources.dll
| MD5 | 9547d24ac04b4d0d1dbf84f74f54faf7 |
| SHA1 | 71af6001c931c3de7c98ddc337d89ab133fe48bb |
| SHA256 | 36d0159ed1a7d88000737e920375868765c0a1dd6f5a5acbb79cf7d97d9e7a34 |
| SHA512 | 8b6048f4185a711567679e2de4789407077ce5bfe72102d3cb1f23051b8d3e6bfd5886c801d85b4e62f467dd12da1c79026a4bc20b17f54c693b2f24e499d40f |
C:\c3afa77bd1f0f5b476320500\SetupUi.xsd
| MD5 | 2fadd9e618eff8175f2a6e8b95c0cacc |
| SHA1 | 9ab1710a217d15b192188b19467932d947b0a4f8 |
| SHA256 | 222211e8f512edf97d78bc93e1f271c922d5e91fa899e092b4a096776a704093 |
| SHA512 | a3a934a8572ff9208d38cf381649bd83de227c44b735489fd2a9dc5a636ead9bb62459c9460ee53f61f0587a494877cd3a3c2611997be563f3137f8236ffc4ca |
C:\c3afa77bd1f0f5b476320500\Strings.xml
| MD5 | 8a28b474f4849bee7354ba4c74087cea |
| SHA1 | c17514dfc33dd14f57ff8660eb7b75af9b2b37b0 |
| SHA256 | 2a7a44fb25476886617a1ec294a20a37552fd0824907f5284fade3e496ed609b |
| SHA512 | a7927700d8050623bc5c761b215a97534c2c260fcab68469b7a61c85e2dff22ed9cf57e7cb5a6c8886422abe7ac89b5c71e569741db74daa2dcb4152f14c2369 |
memory/1836-267-0x00000000029C0000-0x00000000029C1000-memory.dmp
C:\c3afa77bd1f0f5b476320500\graphics\setup.ico
| MD5 | 3d25d679e0ff0b8c94273dcd8b07049d |
| SHA1 | a517fc5e96bc68a02a44093673ee7e076ad57308 |
| SHA256 | 288e9ad8f0201e45bc187839f15aca79d6b9f76a7d3c9274c80f5d4a4c219c0f |
| SHA512 | 3bde668004ca7e28390862d0ae9903c756c16255bdbb3f7e73a5b093ce6a57a3165d6797b0a643b254493149231aca7f7f03e0af15a0cbe28aff02f0071ec255 |
C:\c3afa77bd1f0f5b476320500\graphics\print.ico
| MD5 | 7e55ddc6d611176e697d01c90a1212cf |
| SHA1 | e2620da05b8e4e2360da579a7be32c1b225deb1b |
| SHA256 | ff542e32330b123486797b410621e19eafb39df3997e14701afa4c22096520ed |
| SHA512 | 283d381aa396820b7e15768b20099d67688da1f6315ec9f7938c2fcc3167777502cded0d1beddf015a34cc4e5d045bcb665ffd28ba2fbb6faf50fdd38b31d16e |
C:\c3afa77bd1f0f5b476320500\graphics\save.ico
| MD5 | 7d62e82d960a938c98da02b1d5201bd5 |
| SHA1 | 194e96b0440bf8631887e5e9d3cc485f8e90fbf5 |
| SHA256 | ae041c8764f56fd89277b34982145d16fc59a4754d261c861b19371c3271c6e5 |
| SHA512 | ab06b2605f0c1f6b71ef69563c0c977d06c6ea84d58ef7f2baecba566d6037d1458c2b58e6bfd70ddef47dccbdea6d9c2f2e46dea67ea9e92457f754d7042f67 |
C:\c3afa77bd1f0f5b476320500\graphics\warn.ico
| MD5 | b2b1d79591fca103959806a4bf27d036 |
| SHA1 | 481fd13a0b58299c41b3e705cb085c533038caf5 |
| SHA256 | fe4d06c318701bf0842d4b87d1bad284c553baf7a40987a7451338099d840a11 |
| SHA512 | 5fe232415a39e0055abb5250b120ccdcd565ab102aa602a3083d4a4705ac6775d45e1ef0c2b787b3252232e9d4673fc3a77aab19ec79a3ff8b13c4d7094530d2 |
memory/1836-274-0x00000000029C0000-0x00000000029C1000-memory.dmp
Analysis: behavioral19
Detonation Overview
Submitted
2024-11-06 09:02
Reported
2024-11-06 09:35
Platform
win11-20241007-en
Max time kernel
1462s
Max time network
1486s
Command Line
Signatures
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\windowkill-vulkan.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\windowkill-vulkan.exe
"C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\windowkill-vulkan.exe"
Network
| Country | Destination | Domain | Proto |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-06 09:02
Reported
2024-11-06 09:34
Platform
win11-20241007-en
Max time kernel
1465s
Max time network
1480s
Command Line
Signatures
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\discord_game_sdk.dll,#1
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-11-06 09:02
Reported
2024-11-06 09:35
Platform
win11-20241007-en
Max time kernel
1462s
Max time network
1484s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4548 wrote to memory of 2632 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
| PID 4548 wrote to memory of 2632 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\steam_settings\depots.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\steam_settings\depots.txt
Network
| Country | Destination | Domain | Proto |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-11-06 09:02
Reported
2024-11-06 09:35
Platform
win11-20241007-en
Max time kernel
1468s
Max time network
1491s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
Drops file in System32 directory
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DSETUP.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\Framework\v4.0\XnaNative.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\Framework\Shared\xnavisualizer.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\Framework\Shared\XnaVisualizerPS.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\dxupdate.cab | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\dsetup32.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\Feb2010_xact_x86.cab | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\Feb2010_XAudio_x86.cab | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\APR2007_xinput_x86.cab | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\Framework\v4.0\EULA.en-US.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\APR2007_d3dx9_33_x86.cab | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\Mar2009_d3dx9_41_x86.cab | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\Feb2010_X3DAudio_x86.cab | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\e582ab5.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF4B7420F8DDFC0B15.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\89SR6EDM\Microsoft.Xna.Framework.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\UD1MDNWR\Microsoft.Xna.Framework.Xact.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\3PVVT3AF\Microsoft.Xna.Framework.Input.Touch.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\CGD4BHPP\Microsoft.Xna.Framework.Storage.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\NZQ891MC\Microsoft.Xna.Framework.Video.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\0AA7CFB2C445A3E47869763FEB56B59E\4.0.20823\F_CENTRAL_msvcp100_x86.DF495DFD_79F6_34DF_BB1E_E58DB5BDCF2C | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}\ProductIcon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}\ProductIcon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e582ab5.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\4U7ZDCU5\Microsoft.Xna.Framework.Game.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\0AA7CFB2C445A3E47869763FEB56B59E | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF9D4C1AF4EED35CE8.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\Z8A99YCM\Microsoft.Xna.Framework.Net.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF1B9C340D34C4D0CE.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2C0C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\NIGNBZFX\Microsoft.Xna.Framework.GamerServices.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\M56SZ8TW\Microsoft.Xna.Framework.Graphics.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e582ab7.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\0AA7CFB2C445A3E47869763FEB56B59E\4.0.20823\F_CENTRAL_msvcr100_x86.DF495DFD_79F6_34DF_BB1E_E58DB5BDCF2C | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\GACLock.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\tmp\H0VNEXZX\Microsoft.Xna.Framework.Avatar.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\0AA7CFB2C445A3E47869763FEB56B59E\4.0.20823\F_CENTRAL_msvcr100_x86.DF495DFD_79F6_34DF_BB1E_E58DB5BDCF2C | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Logs\DirectX.log | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI36DB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF2634A62ABF4B6BFD.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\0AA7CFB2C445A3E47869763FEB56B59E\4.0.20823 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\0AA7CFB2C445A3E47869763FEB56B59E\4.0.20823\F_CENTRAL_msvcp100_x86.DF495DFD_79F6_34DF_BB1E_E58DB5BDCF2C | C:\Windows\system32\msiexec.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
Loads dropped DLL
Enumerates physical storage devices
Event Triggered Execution: Installer Packages
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000235a573f571b962e0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000235a573f0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900235a573f000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d235a573f000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000235a573f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\TelemetrySalt = "0" | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27} | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\DirectShow\MediaObjects\Categories | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Xna.Framework,fileVersion="4.0.20823.0",version="4.0.0.00000",culture="neutral",publicKeyToken="842CF8BE1DE50553",processorArchitecture="x86" = 6c00660060002e003200510046002b00300041004c0048005600370077003800680027002100740058004e0041004600720061006d00650077006f0072006b005200650064006900730074003e0065006a0036002d0051005b002d0065003900400060004a003d006e0079005e005b005d002a00710000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Xna.Framework.Input.Touch,fileVersion="4.0.20823.0",version="4.0.0.00000",culture="neutral",publicKeyToken="842CF8BE1DE50553",processorArchitecture="MSIL" = 6c00660060002e003200510046002b00300041004c0048005600370077003800680027002100740058004e0041004600720061006d00650077006f0072006b005200650064006900730074003e0050006a006300540058005b0053007b00610039003700380070002d005d0061006c0065004900260000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Xna.Framework.Video,fileVersion="4.0.20823.0",version="4.0.0.00000",culture="neutral",publicKeyToken="842CF8BE1DE50553",processorArchitecture="MSIL" = 6c00660060002e003200510046002b00300041004c0048005600370077003800680027002100740058004e0041004600720061006d00650077006f0072006b005200650064006900730074003e00550048004a0055006e0053003d0052005d00380048004d005d00250038005d00400059006900750000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\ = "XAudio2" | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d} | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d}\ = "AudioReverb" | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\Version = "67129687" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248d8a3b-6256-44d3-a018-2ac96c459f47}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_6.dll" | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\DirectShow\MediaObjects\a8122ff4-9e52-4374-b3d9-b4063e77109d\InputTypes = 6175647300001000800000aa00389b710100000000001000800000aa00389b71 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A8122FF4-9E52-4374-B3D9-B4063E77109D} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0AA7CFB2C445A3E47869763FEB56B59E\DXRedist | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248d8a3b-6256-44d3-a018-2ac96c459f47}\InProcServer32 | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\ProductIcon = "C:\\Windows\\Installer\\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}\\ProductIcon" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0AA7CFB2C445A3E47869763FEB56B59E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d}\InProcServer32 | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Xna.Framework.Avatar,fileVersion="4.0.20823.0",version="4.0.0.00000",culture="neutral",publicKeyToken="842CF8BE1DE50553",processorArchitecture="MSIL" = 6c00660060002e003200510046002b00300041004c0048005600370077003800680027002100740058004e0041004600720061006d00650077006f0072006b005200650064006900730074003e006000490066005200610038006c007d006e00400064003100700042005b00330060002c003900350000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Xna.Framework.Graphics,fileVersion="4.0.20823.0",version="4.0.0.00000",culture="neutral",publicKeyToken="842CF8BE1DE50553",processorArchitecture="x86" = 6c00660060002e003200510046002b00300041004c0048005600370077003800680027002100740058004e0041004600720061006d00650077006f0072006b005200650064006900730074003e0055006a0064003f003d002e00310076002400390053007e005a00340068007b0055006f007a00690000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248d8a3b-6256-44d3-a018-2ac96c459f47}\InProcServer32\ = "C:\\Windows\\SysWow64\\xactengine3_6.dll" | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\DirectShow\MediaObjects\a8122ff4-9e52-4374-b3d9-b4063e77109d | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Xna.Framework.GamerServices,fileVersion="4.0.20823.0",version="4.0.0.00000",culture="neutral",publicKeyToken="842CF8BE1DE50553",processorArchitecture="MSIL" = 6c00660060002e003200510046002b00300041004c0048005600370077003800680027002100740058004e0041004600720061006d00650077006f0072006b005200650064006900730074003e007a00770076007100640077006800410066003d007a0027006500360077004900760034006700560000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\DirectShow\MediaObjects | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A8122FF4-9E52-4374-B3D9-B4063E77109D}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A8122FF4-9E52-4374-B3D9-B4063E77109D}\InprocServer32\ = "C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\XNA\\Framework\\Shared\\xnavisualizer.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\PackageCode = "CC1B48CD503865840BBC69BD0DED73A5" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A8122FF4-9E52-4374-B3D9-B4063E77109D}\InprocServer32\ThreadingModel = "Both" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\ProductName = "Microsoft XNA Framework Redistributable 4.0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\SourceList\PackageName = "xnafx40_redist.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\InProcServer32 | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\DirectShow\MediaObjects\Categories\f3602b3f-0592-48df-a4cd-674721e7ebeb\a8122ff4-9e52-4374-b3d9-b4063e77109d | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\InProcServer32 | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A8122FF4-9E52-4374-B3D9-B4063E77109D}\ = "VisualizerPlugin Class" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\500BB8FAD5F3D2A4D9EFC01E0702D939 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0AA7CFB2C445A3E47869763FEB56B59E\XNAFrameworkRedist | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_6.dll" | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\DirectShow\MediaObjects\Categories\f3602b3f-0592-48df-a4cd-674721e7ebeb | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Windowkill\\_Redist\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de} | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\ = "AudioVolumeMeter" | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_6.dll" | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\DirectShow\MediaObjects\a8122ff4-9e52-4374-b3d9-b4063e77109d\ = "XnaVisualizerDmo" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\Windowkill\\_Redist\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248d8a3b-6256-44d3-a018-2ac96c459f47}\ = "XACT Engine" | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Xna.Framework.Xact,fileVersion="4.0.20823.0",version="4.0.0.00000",culture="neutral",publicKeyToken="842CF8BE1DE50553",processorArchitecture="x86" = 6c00660060002e003200510046002b00300041004c0048005600370077003800680027002100740058004e0041004600720061006d00650077006f0072006b005200650064006900730074003e0058003600520051006200610026006500470040005b002d003200630041007600560064007300740000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Xna.Framework.Net,fileVersion="4.0.20823.0",version="4.0.0.00000",culture="neutral",publicKeyToken="842CF8BE1DE50553",processorArchitecture="MSIL" = 6c00660060002e003200510046002b00300041004c0048005600370077003800680027002100740058004e0041004600720061006d00650077006f0072006b005200650064006900730074003e00440072005900520072006c002d004a003d0041006b00390052007a005500210029006f005e00380000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\500BB8FAD5F3D2A4D9EFC01E0702D939\0AA7CFB2C445A3E47869763FEB56B59E | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Windowkill\_Redist\xnafx40_redist.msi
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe
"C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe" /silent
C:\Windows\syswow64\MsiExec.exe
"C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\Framework\Shared\xnavisualizer.dll"
Network
| Country | Destination | Domain | Proto |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
Files
\??\Volume{3f575a23-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{3632d725-f53d-4fc3-ac1b-b2efbf803066}_OnDiskSnapshotProp
| MD5 | c6dcdcbdc110d6e630d06ee56bbb6fe2 |
| SHA1 | c9bb0cace736a199992123c8c92c6acd6455adc3 |
| SHA256 | 52fdca28143d7625a5c874c17cce4195a7df86b0c5c9120bc014f2d46c34147f |
| SHA512 | 7acf583c70f7bbbbde59df076049257cc90fdaa5fdc97b713b440222d94c6331cd1be31bacf1bbacf1b95251c72176834fdf58e7d8f29cd395a9be7c00d85a58 |
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
| MD5 | 7a4cefa1d7a539ed137f822be6103ee7 |
| SHA1 | 2c6d4fc0d125412b317edc74121dc09b101b7d7e |
| SHA256 | ed1011f1e09fd9b305e62a8658e9db5c8e7ea0f0ffadeecc3ead20d8017e0dea |
| SHA512 | 7c0761c540b7c9a4a4db511c12207aded7704936e13b71b81f6a66953dc1de7bcb84a55e2d5ee5f2edc2c99043f839c2b20d5742d86b6098b3aff31daafd375e |
memory/3612-25-0x0000027044830000-0x000002704483C000-memory.dmp
memory/3612-28-0x00000000002C0000-0x000000000036A000-memory.dmp
memory/3612-31-0x0000027044860000-0x0000027044878000-memory.dmp
memory/3612-34-0x0000027044880000-0x0000027044898000-memory.dmp
memory/3612-40-0x0000027044840000-0x000002704484C000-memory.dmp
memory/3612-37-0x0000000000370000-0x00000000003DC000-memory.dmp
memory/3612-43-0x00000270448C0000-0x00000270448D4000-memory.dmp
memory/3612-46-0x0000027044850000-0x000002704485C000-memory.dmp
memory/3612-49-0x00000270448A0000-0x00000270448AA000-memory.dmp
memory/3612-52-0x00000000003E0000-0x00000000003F6000-memory.dmp
C:\Windows\Installer\e582ab7.msi
| MD5 | 97c2eebb30c5a88c68c8f24f37183f1d |
| SHA1 | 49efdc29f65fc8263c196338552c7009fc96c5de |
| SHA256 | e6c41d692ebcba854dad4b1c52bb7ddd05926bad3105595d6596b8bab01c25e7 |
| SHA512 | c9d1017b274ceb1b4ee624cf7e628787c32a727c64f715fbce1f1ae929d9114f8fe1291e34583cec615619b0128c01206b07efc878e7a5c57b792453f73fd0da |
C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe
| MD5 | 11dd6e8ab9759d1ac91ffe0d0e4949cb |
| SHA1 | 2a86774d0c87050d5c7aa9738cc3975303a40d0e |
| SHA256 | 16953a202265db5655b3dd972b855619728da76545a2f94bcbb6c43262f48d5b |
| SHA512 | 06828f51b3866f7c2b29861707bf8552b742e366783115b3062f08a9c0005c96507ecf1fff92ad41dc0318ad715176c39c84ff0424372b080bf7c031e4f307de |
C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\dsetup.dll
| MD5 | 4d48dbe4d3a06c497435014e5c583f34 |
| SHA1 | 159cbc37080b7ea3ceae8d25125b99f9f4948341 |
| SHA256 | 9d47b4fa2dcce6a02a51324cfb97f5e153086c2eb8832b211e175cbe5fb850b3 |
| SHA512 | b8029bde36e4d6581916c131ec51d74f4a2b03abf5a238c503e1c7b19980d0946606375f0b4c3bd10b9c514e084368c356be8536b282bee887037d7d7f139732 |
C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DSETUP32.DLL
| MD5 | 7c7cc9feb1026678c48bbabe84ea57c2 |
| SHA1 | 4fe9c466fc65cf07af0e1440743b1822ab65849b |
| SHA256 | a5c6df12f9fe2edab2a22fe7abf3cb17eac110a6fd469f2570ba04afc88ad767 |
| SHA512 | d9cca6dfd5966d45342b87afb6091bc8ad3beff039f9bc9c523f8118dc6723337c279cd652c19624250ed3934d8f4a2b15670652867c0114b7e785bbab4212e0 |
C:\PROGRA~2\MICROS~2\XNAGAM~1\v4.0\Redist\DXREDI~1\dxupdate.cab
| MD5 | c187448c8104d30087f3f25a9d112014 |
| SHA1 | b64ac3e44f2f38a3bf8400f11a40a39039fc9caa |
| SHA256 | 54d68f154058433865708ee0dbf3ecf2d609ffbd618e84a1056440379494d9fd |
| SHA512 | 9148cece409557444eeaf66dee58e2a6043a64d7b76b91e6c4074a5ba0d066cd1ebb2c60d44e1c7a40ca1dc63d72aa7afcc410202901d5afbf2116e3ba8b0f11 |
C:\Users\Admin\AppData\Local\Temp\DX318B.tmp\dxupdate.dll
| MD5 | c4842e139fca422e265c91c44a1341d6 |
| SHA1 | 299a5ab4644fe7302b515aa10ef0f1715046275c |
| SHA256 | b1f954cd75dc3c9d5bc57f1a4c28720ee3639aa8a4306f3da7b27d3c361ff8f5 |
| SHA512 | e85a35164e0feafa73a676dacf67d275b8e8aa5be40d861743662a7d1ac8135625c2d59a73e5c77fe1e3e8bd8523d9c823c89137aa4cb1b32d392cd9a1b59989 |
C:\PROGRA~2\MICROS~2\XNAGAM~1\v4.0\Redist\DXREDI~1\Apr2007_d3dx9_33_x86.cab
| MD5 | 3676d740157493e80e7b8641289c003c |
| SHA1 | 8135aeeab67151dd4e2418d4907077f646e72873 |
| SHA256 | 219441f975c200352a12dc3d8f82811fc7b53ed28d63761327933afbb660f876 |
| SHA512 | abfc5ea36a7368a34193c8f3771ae4e36c0d570ae0a20b11892184cd4e384d6abe6542769e3c890293b4e640faecf6392f84f5733017d8d86c65456caa24c6f7 |
C:\Windows\Logs\DirectX.log
| MD5 | 168fa1fe3040f72665146195f1df54f5 |
| SHA1 | 017d4c8d75b18e4fd02ff4eb8ca9ace28a7acc95 |
| SHA256 | 4176823878feb67dee16f765501cc1b05c9cd5bb6d25db41ab0d4e9b2f29721b |
| SHA512 | 13a9c5c0671459ae88fc7f4c8150d92e8783ea214443bcb74d4785d751e3bcce390bcb37380838b8a0c56608a635bc949f4b33d939b56c4f518e52103fb969ec |
C:\Users\Admin\AppData\Local\Temp\DX318B.tmp\dxupdate.inf
| MD5 | 8c281fcb5546d1ed3cdaf6e3f7303139 |
| SHA1 | de342a17f2df0386f6584e2f55ae43c558ceb6c4 |
| SHA256 | 7530c6e18dbb522c5f4fbf6714962c185ea318f9eab7aeb833b0cc07cd2fe656 |
| SHA512 | 344ea0a375c8851fcf413f441a1cac3013b3748d1630a4d677da72e98f41823bf9427d896de7e1fe35bf868279538cf3b8322aa6ef20025bff48a6bb7f8c42d3 |
C:\Users\Admin\AppData\Local\Temp\DX318B.tmp\apr2007_d3dx9_33_x86.inf
| MD5 | 044cae9c30c88bda73727243f5e5206d |
| SHA1 | de744e349cf4ea458b10657d510966d21ad08d67 |
| SHA256 | 349a09a2791d697bffffc61410a536cdcf258f0d7c86dda44a297e8aec4bdf00 |
| SHA512 | 18e501142004afbcd28b41bdd3a9b19e2eebc047d7858ee11a9135f19759cfd8c643ff074a51e937bbcab7162888fd95effc146be21fe63dfc300ef03ed44056 |
C:\PROGRA~2\MICROS~2\XNAGAM~1\v4.0\Redist\DXREDI~1\Apr2007_xinput_x86.cab
| MD5 | f83f54f45ac15a32dc17614c4f6882d4 |
| SHA1 | fc8542fcd33bb9e669806409f677edec9bfb64fb |
| SHA256 | 5ab7bb15394e4ece850da5453413ab1de2ea97d5c93f86482b75073aaa05da9c |
| SHA512 | e4dcccc3a4299d262b94b24ff4b29394bed71e211b80a8a457acc4ab89325500082e6a9b597bc7b1dbc35746d01a9aa038a9c3a401aa42a426fcc3d15f410c9a |
C:\PROGRA~2\MICROS~2\XNAGAM~1\v4.0\Redist\DXREDI~1\Mar2009_d3dx9_41_x86.cab
| MD5 | 0fdd6e4e5dfc5d913261355746402214 |
| SHA1 | a80c28755c9d3ca163bd377d1bd951a1c111733c |
| SHA256 | 5146e15d4c65590704286bfcfbbcc31e98a6832f8a7cc3bfdcb1e7fa5a647bb1 |
| SHA512 | 9eb85c4507881fc1004c906ee954273bfbea8979d70b2321f197a3cf82121734225103e4239a9bfb591a980b70400a5d19b93482abc108c46614a20476a81f90 |
C:\Users\Admin\AppData\Local\Temp\DX318B.tmp\apr2007_xinput_x86.inf
| MD5 | e188f534500688cec2e894d3533997b4 |
| SHA1 | f073f8515b94cb23b703ab5cdb3a5cfcc10b3333 |
| SHA256 | 1c798cb80e9e46ce03356ea7316e1eff5d3a88ccdd7cbfbfcdce73cded23b4e5 |
| SHA512 | 332ccb25c5ed92ae48c5805a330534d985d6b41f9220af0844d407b2019396fcefea7076b409439f5ab8a9ca6819b65c07ada7bd3aa1222429966dc5a440d4f7 |
C:\Users\Admin\AppData\Local\Temp\DX318B.tmp\Mar2009_d3dx9_41_x86.inf
| MD5 | b37a5ff044eb65521a290c79ba1a3e00 |
| SHA1 | ed505464894bd3e52654834487f3821ae117edfe |
| SHA256 | bd29711cc2ecd924990167ffa95f48842e24aeed3acef1023717040240b4bbb6 |
| SHA512 | eae4408cfa7f9c39b101489688cc570a184b8a57f3d20d3b0452a581fb80c4f485dc2f512a39669a92a5bde81fbf474e1585f566ff482e87610780c23126c21e |
C:\PROGRA~2\MICROS~2\XNAGAM~1\v4.0\Redist\DXREDI~1\Feb2010_X3DAudio_x86.cab
| MD5 | ed093ce20bddc7c42ede4daf772ed5aa |
| SHA1 | 21beb0ef8130be1c62b8467dfb67bf3f7548cea1 |
| SHA256 | 7fbf09682fd15d721ff2c5cb110b5ffcf5982cd2dd8d72b708cf3cd0bc4fa250 |
| SHA512 | 734e397f4ed2554944e1d1f6f799794c4027792a06e9da25bab58e6e4ff58146058d8b45ff0cb9c861f77989cad029164945f22ffcb459432e1d3a2c7172525c |
C:\Users\Admin\AppData\Local\Temp\DX318B.tmp\FEB2010_X3DAudio_x86.inf
| MD5 | e84adf38d499ae39090ad60fd76d76e3 |
| SHA1 | 6af4d58bc04aac2723e8b97649f1b35fb1aca84c |
| SHA256 | d4da3e530982812d1e2a31570b80af541fac1b13c72997d2aad7ea3bfeaf4a4a |
| SHA512 | 6714992e7aee7bd0798fbec68f92c97ee502127580e21e1b6693ed6737312b44dbc9fd9ef579fe552590e9e5a4904df94e4116334265a34699a04aa76ab87c24 |
C:\PROGRA~2\MICROS~2\XNAGAM~1\v4.0\Redist\DXREDI~1\Feb2010_XACT_x86.cab
| MD5 | 5cf3585c99a59319ac10e18cc92f0024 |
| SHA1 | c48c25e6b7094eaf337fa986960f9895e5f465ba |
| SHA256 | 0ba00c41443639dea9b816fa2608088ccef5dbe850531dff4c1e7993804b0b60 |
| SHA512 | 26b8213a5105b37912632c8abc1a07381210836e620f8f70d77b3b412a406e2e38df7af037001fe27f2da874e143c59aa7dbff90a9183e7619a8e5af0a23b158 |
C:\Users\Admin\AppData\Local\Temp\DX318B.tmp\FEB2010_XACT_x86.inf
| MD5 | 82c10b720e33be099f69e4010d44ecd2 |
| SHA1 | e95a2eb23db3fd610d71089500aad523f93c9469 |
| SHA256 | e850fdb84bcac0f667927e53fee943efd3f43be6c6a0ae1e17f3fff83ddb2635 |
| SHA512 | 853261c439b26cdc8991ac289b9f9925976452ed613481b0cf09e75444882805ffa15633eba441d8e1a04641f5f6378b68e2270a6a48d3911d7f9c2c0b1235bd |
C:\Users\Admin\AppData\Local\Temp\DX318B.tmp\FEB2010_XAudio_x86.inf
| MD5 | e6e942a2cfbb587bfcc4203b5bb34fd4 |
| SHA1 | 2e0172ea1936911a98e11a6e98990703e24172c0 |
| SHA256 | 74c827ef94881099761e04397ef8f162fd0ccaf4876a5503c4b53a5216d2acca |
| SHA512 | 3d70d76e6f459819a1703c5019a2e10fe518ee6e8eb5d3313fe57d3d1b6313b52c4904398a26841c78a9ecf9d715e1201e834ab3df47265e070ec94417a78e4d |
C:\PROGRA~2\MICROS~2\XNAGAM~1\v4.0\Redist\DXREDI~1\Feb2010_XAudio_x86.cab
| MD5 | 5da6e4a80fa53568d2fdde31cbff2979 |
| SHA1 | 9606fda70427cd9f4eb8e67b625417e2775e6876 |
| SHA256 | 281bb0e12f617e9ae7fe3301a7d4a08201b377caa0311a886e8cddc2526f734a |
| SHA512 | 649fc2578388064267ebe8e55daada29d2e51ae6422b10088b6bfacd229bc0439aafdc4f9af7b3b5e187df179c72b4d85f70839a8c91505d17da06d53a40cf3b |
C:\Users\Admin\AppData\Local\Temp\DX318B.tmp\d3dx9_33.dll
| MD5 | cdb1cd22baff21f48606b3c1a18b000b |
| SHA1 | 9315b5db975a34dbebdb4dcae652ba1db01c482c |
| SHA256 | c6b7b2ad7742dde5dd8d1a35fdc1c185e586e551ad9c74d3fb21759cd8ca4da8 |
| SHA512 | c5fb24de8f1ee6fc1ed6e74580b5d22599ea4eb6c3589645fff0b15dc8dca051c4917e60fbc00ca86542dd63a8f5e40da92ea77e24826c0c6bdba9b58c36d4db |
C:\Users\Admin\AppData\Local\Temp\DX318B.tmp\xinput1_3.dll
| MD5 | 77f595dee5ffacea72b135b1fce1312e |
| SHA1 | d2a710b332de3ef7a576e0aed27b0ae66892b7e9 |
| SHA256 | 8d540d484ea41e374fd0107d55d253f87ded4ce780d515d8fd59bbe8c98970a7 |
| SHA512 | a8683050d7758c248052c11ac6a46c9a0b3b3773902cca478c1961b6d9d2d57c75a8c925ba5af4499989c0f44b34eaf57abafafa26506c31e5e4769fb3439746 |
C:\Users\Admin\AppData\Local\Temp\DX318B.tmp\d3dx9_41.dll
| MD5 | 3fa06cf5079b84155d18b05c08f7131b |
| SHA1 | fafe52876151a08f39dbb6b4aa137dd85558ba5f |
| SHA256 | 6ac4df203af419d3f3b7d9a99e14a3490ea3ad307c474bfe36baea642b1421f6 |
| SHA512 | 24d29c3ffb6532da860fef4dd93e61f7532cea3af94928495a3af0231e7dff6db5cad25713451a2e722c076462b94818cd6969a1c7d8905585b0f64e12174d1e |
C:\Users\Admin\AppData\Local\Temp\DX318B.tmp\X3DAudio1_7.dll
| MD5 | c811e70c8804cfff719038250a43b464 |
| SHA1 | ec48da45888ccea388da1425d5322f5ee9285282 |
| SHA256 | 288c701bdedf1d45c63dd0b7d424a752f8819f90feb5088c582f76bc98970ba3 |
| SHA512 | 09f2f4d412485ef69aceacc90637c90fad25874f534433811c5ed88225285559db1d981a3ab7bc3a20336e96fb43b4801b4b48a3668c64c21436ee3ea3c32f45 |
C:\Users\Admin\AppData\Local\Temp\DX318B.tmp\xactengine3_6.dll
| MD5 | f81c4678a55ffee585ac75825faf5582 |
| SHA1 | 8fb2e6cf2a022eaed2ff5e3e225b3ca1e453d1cc |
| SHA256 | 8a7e7c5ac2e6230f0249d46751522e7ecf85e7490cf7491ab73bf2e7e59e4c0f |
| SHA512 | 8c8071bc2640d5c0fcf140ad68d4788cbb0706d17313c3cb74e25624a748b282acbf77eda678cf0d5fecf2ec3d583508c6f4eaf5c84073909b616f59b4f4e5fe |
C:\Users\Admin\AppData\Local\Temp\DX318B.tmp\XAPOFX1_4.dll
| MD5 | e4ce2af32f501a7f7dddd908704a0ee6 |
| SHA1 | 9dc2976efb15b6fba08bebdeb98929b6961063a5 |
| SHA256 | 0aee44b12913a95840ee6431d90518b0d72c54a27392e21ee6995e2151554a06 |
| SHA512 | ec14a58414d595a36c6b575cdae690f11481cd3f0b35fd2f4c6a6d162a6272882cfe03da865e09a34972775790529f51c80b69056a2fcb909f25b549ed2f7f01 |
C:\Users\Admin\AppData\Local\Temp\DX318B.tmp\XAudio2_6.dll
| MD5 | 4976243bd70fae3d1d24e49739ab2710 |
| SHA1 | 6ef27b10bcf4e697fe77c3e964b326be11e4444f |
| SHA256 | 61b57170f7c6365714396072d22cb98746718c0f44c9f0d5c62fdb1b218639c7 |
| SHA512 | af2d6aaad44bed880a1a2ee947618b142c76a5eca42d4608196b74df9108a9649059d8207e84a58b76ad43aefe9b66ffcc519f8126667177011cf4199f163e83 |
C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Xna.Framework\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.dll
| MD5 | 343f79fe3dcfe0828f7ac2a13f8f7210 |
| SHA1 | 8daafd2b9e44f0b46b2dc6ba4607ef155964db0e |
| SHA256 | 8b7aa4c4939f243b21432747281cc8aacdcda56191a16d9eaa036b4136cf0da4 |
| SHA512 | 651d7acf8effe6a77ce094c88163adb950830d2f5779f900129391f2f9ca7393163749084e861fbd742e26f61c350225107d64dcf888c0b5d4ac9de8ae99d44a |
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Xna.Framework.GamerServices\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.GamerServices.dll
| MD5 | f1e460b7805cbc4901c410f2767912ab |
| SHA1 | 01e7f335e58af5140bc7953518739f43c59f1c98 |
| SHA256 | 627e84c06cc4e409870b068c9ec9149adba425e47e64185f92d839db2aa35484 |
| SHA512 | 3f34bb839deb6af6b68946aaeac17fa3a1e419d2f8310f37d1f460bda329c2bd46e380fe18f883389dcc64e482e596a0b31e0291b202abefe1c6976d5dec8751 |
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Xna.Framework.Storage\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Storage.dll
| MD5 | 17c4074e1d0977182060959ec63e18a6 |
| SHA1 | af73bc4b90899793525ca472a1b90312c33063e9 |
| SHA256 | 7edbb80c699ce3ead8aee5a512ee34c7718cb5dceeb1d0577e788ad8d0ad9383 |
| SHA512 | b7d7fc7b21f3fd480e6ee40cfb3682b898382ad2397cc38ef7258db68dcac31de0f64b8adae5ac92d0b31c3cf85c2489a04dfa77675104134d874fb4871e91b0 |
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Xna.Framework.Input.Touch\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Input.Touch.dll
| MD5 | 911fbe5496efbaed4ea67497fa63c633 |
| SHA1 | 570911a579cd752ceedbe9b07efc1c8c832cfda9 |
| SHA256 | 2191bad4540b50723acbda55bd2c6e5d80cc6f84ad989ff89ddda672348577b2 |
| SHA512 | 6ffc30116c62f9a91e5d6fee4133e87417df14aafdf5443f7002b46c20ddbf0eca242ea54f8711b31defb42ad0ef3f5f11b16e699ce3dbdaa728ec1661e00d7d |
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Xna.Framework.Video\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Video.dll
| MD5 | 94b8554692a89f1955b9219e0f26442b |
| SHA1 | cd34862740a30b2f0fd391fa16b082edb79d155b |
| SHA256 | 63c7673c936747abd9ebe779e8837c8b8add2c078a31216684fbf8c6bcab2745 |
| SHA512 | 9a6762e9cd8bd26dd347c8166dc59b31159c9e5295d39773c69228d73b5f3f850bbd41f733b1f880623bcd4c929f13d66e2168f2e1972842a6e031d069ec92b4 |
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Xna.Framework.Avatar\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Avatar.dll
| MD5 | 7b26de335983eb8b800a67ef5ff077d5 |
| SHA1 | f614672dd8b25985a417ed339a6a6532c9e57800 |
| SHA256 | 7688ebdffc98433eef8aada293a8c4beec6d6acfc0e1f91ca8eb2f1c350e7cec |
| SHA512 | fc14dcda0703c8ade152bee32b4c4175c37e98500cc1370d4de0ffd0eac398edae3a42d29711e6ec841231fab0eed228fc6eba69347b54a8e125866ae6822043 |
C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\Framework\Shared\xnavisualizer.dll
| MD5 | ba187b4db5dae1bee29e6f18b7775b8b |
| SHA1 | efce87100c26165cfd7eb627534e42cb72ddb5b7 |
| SHA256 | 11bcc9f47d9b0397f6d78c08e7208ee812cbef54bb02a8c3a681608879471c8c |
| SHA512 | c9c2c3760e495c611a925bb5ae162d4c4ac90f53e2c0a9d20f68085ab43cc0f0a7ad1d201564649e4cf67ef4402d874626c6911f01f8a055da0b993730afc12c |
C:\Config.Msi\e582ab6.rbs
| MD5 | 683a327af03687415b24f1a09b738b8e |
| SHA1 | b8d498bcb58143646216d0ec909dfe1566fe5b34 |
| SHA256 | c082a4f25def64f955882e537fb87a832a46090eff4b30d7dc79db159463ea7f |
| SHA512 | 9d89eaca56428fe8bbf8d7553ebe2557a703c7b49f9f723e5ad9949b58a793c8f70edbb015574c5a242d5b33220e9bd04ca4ee64a86429517228763dbaada8e3 |
C:\Config.Msi\e582ab8.rbs
| MD5 | e7adfa64294c5a63d7c66b927a393177 |
| SHA1 | af7e8a42325ebd6a9a061ed78a5885ade1451059 |
| SHA256 | 975cfb89537f143b27efd81c04d44e34d29987524685806c0888698ba9e097a4 |
| SHA512 | e0f9344a3e2ed3478126eb26ad2146cf36e80bb1425022ab5883ba76d6dac19e40e2911ac3d351e2afa2e4aef88046f3df01adc00d4c5079e49b0e0edff1ed7f |
Analysis: behavioral14
Detonation Overview
Submitted
2024-11-06 09:02
Reported
2024-11-06 09:34
Platform
win11-20241007-en
Max time kernel
1463s
Max time network
1480s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 568 wrote to memory of 3040 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
| PID 568 wrote to memory of 3040 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\steam_settings\force_listen_port.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Windowkill\Windowkill\steam_settings\force_listen_port.txt
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |