hxxp://itch[.]io

max time kernel
1500s
max time network
1496s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
09/11/2024, 18:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://itch.io

Score

8^/10

steam discovery persistence phishing

Malware Config

Signatures

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: =@L
phishing
A potential corporate email address has been identified in the URL: oLdCV!RgBOAChi@ZKxIr
phishing

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe

Executes dropped EXE 21 IoCs

pid	Process
2024	SteamSetup.exe
752	steamservice.exe
1116	steam.exe
12448	steam.exe
12508	steamwebhelper.exe
12540	steamwebhelper.exe
12872	steamwebhelper.exe
13520	steamwebhelper.exe
18728	gldriverquery64.exe
17820	steamwebhelper.exe
17736	steamwebhelper.exe
16332	gldriverquery.exe
16088	vulkandriverquery64.exe
16012	vulkandriverquery.exe
18220	steamwebhelper.exe
17224	steamwebhelper.exe
16840	steamwebhelper.exe
14756	steamwebhelper.exe
13220	steamwebhelper.exe
6396	SONIC.EXE
5988	Sonic7.exe

Loads dropped DLL 64 IoCs

pid	Process
2024	SteamSetup.exe
2024	SteamSetup.exe
2024	SteamSetup.exe
2024	SteamSetup.exe
2024	SteamSetup.exe
2024	SteamSetup.exe
2024	SteamSetup.exe
2024	SteamSetup.exe
12448	steam.exe
12448	steam.exe
12448	steam.exe
12448	steam.exe
12448	steam.exe
12448	steam.exe
12448	steam.exe
12448	steam.exe
12448	steam.exe
12448	steam.exe
12448	steam.exe
12448	steam.exe
12448	steam.exe
12448	steam.exe
12448	steam.exe
12448	steam.exe
12508	steamwebhelper.exe
12508	steamwebhelper.exe
12508	steamwebhelper.exe
12508	steamwebhelper.exe
12540	steamwebhelper.exe
12540	steamwebhelper.exe
12540	steamwebhelper.exe
12448	steam.exe
12872	steamwebhelper.exe
12872	steamwebhelper.exe
12872	steamwebhelper.exe
12872	steamwebhelper.exe
12872	steamwebhelper.exe
12872	steamwebhelper.exe
12872	steamwebhelper.exe
12872	steamwebhelper.exe
12872	steamwebhelper.exe
12448	steam.exe
13520	steamwebhelper.exe
13520	steamwebhelper.exe
13520	steamwebhelper.exe
12448	steam.exe
17820	steamwebhelper.exe
17820	steamwebhelper.exe
17820	steamwebhelper.exe
17736	steamwebhelper.exe
17736	steamwebhelper.exe
17736	steamwebhelper.exe
17736	steamwebhelper.exe
12448	steam.exe
18220	steamwebhelper.exe
18220	steamwebhelper.exe
18220	steamwebhelper.exe
18220	steamwebhelper.exe
17224	steamwebhelper.exe
17224	steamwebhelper.exe
17224	steamwebhelper.exe
17224	steamwebhelper.exe
16840	steamwebhelper.exe
16840	steamwebhelper.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	SONIC.EXE

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_touchpad_swipe_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\613220_icon.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_rtrackpad_click_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_color_button_x_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_color_outlined_button_x.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_l_ring_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_r_left.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_dpad_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_l2_soft_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\uk.pak_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\controller_config_controller_switch_joycon_right.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0513.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_rstick_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\471710_library_hero_blur.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_l3_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_touch_tap.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_outlined_button_a_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_button_plus.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_rt_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_rt_click_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_dpad_down.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\icon_button_forward_over_sm.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\steam_controller_hungarian.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_up_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_ltrackpad_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_r5_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_dpad_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_gyro_roll_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\sounds\deck_ui_toast.wav_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0528.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_settings_mousedown.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_dpad_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_070_setting_0303.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_l_down_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0509.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0409.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\gamerecording.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\vgui_koreana.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\hp_m2_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_rt_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_dpad_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_dpad_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\controller_config_controller_ps5.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0365.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\avatarBorderGolden.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_rstick_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\sourceinit.dat_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\icon_hlicon1.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_lt_soft_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_button_minus_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_r_up_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\mssmp3.asi_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0405.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_080_input_0130.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\rampUp_2.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\1364960_library_hero.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0360.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0520.png_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\2305790_library_hero_blur.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_button_share_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_rstick_touch_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\layout\login_dialog.layout_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_030_inv_0304.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\friendsui_polish-json.js_	steam.exe

Drops file in Windows directory 13 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12508_286166288\_platform_specific\win_x64\widevinecdm.dll	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12508_286166288\_metadata\verified_contents.json	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12508_286166288\manifest.fingerprint	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12508_286166288\_platform_specific\win_x64\widevinecdm.dll.sig	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12508_286166288\LICENSE	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12508_286166288\manifest.json	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SONIC.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sonic7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133756495982807322"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steam\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steam\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steamlink\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steam\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steamlink\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steamlink	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steam	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steam\DefaultIcon	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steamlink\Shell\Open\Command	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steam\ = "URL:steam protocol"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steamlink	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1669812756-2240353048-2660728061-1000\{ECF703C5-6C81-46F1-91D4-97AF4C75A57C}	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steam\Shell\Open	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steamlink\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steam\URL Protocol	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steamlink\URL Protocol	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
12284	vlc.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2628	msedge.exe
2628	msedge.exe
3452	msedge.exe
3452	msedge.exe
4444	chrome.exe
4444	chrome.exe
4456	chrome.exe
4456	chrome.exe
2024	SteamSetup.exe
2024	SteamSetup.exe
2024	SteamSetup.exe
2024	SteamSetup.exe
2024	SteamSetup.exe
2024	SteamSetup.exe
2024	SteamSetup.exe
2024	SteamSetup.exe
2024	SteamSetup.exe
2024	SteamSetup.exe
2024	SteamSetup.exe
2024	SteamSetup.exe
2024	SteamSetup.exe
2024	SteamSetup.exe
2024	SteamSetup.exe
2024	SteamSetup.exe
2024	SteamSetup.exe
2024	SteamSetup.exe
2024	SteamSetup.exe
2024	SteamSetup.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe
4744	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
12448	steam.exe
12032	OpenWith.exe
12284	vlc.exe
5988	Sonic7.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe
14116	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeTcbPrivilege	3792	svchost.exe
Token: SeRestorePrivilege	3792	svchost.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
3516	SystemSettingsAdminFlows.exe
12448	steam.exe
12032	OpenWith.exe
12032	OpenWith.exe
12032	OpenWith.exe
12032	OpenWith.exe
12032	OpenWith.exe
12032	OpenWith.exe
12032	OpenWith.exe
12032	OpenWith.exe
12032	OpenWith.exe
12284	vlc.exe
5988	Sonic7.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3452 wrote to memory of 1008	3452	msedge.exe	81
PID 3452 wrote to memory of 1008	3452	msedge.exe	81
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 1620	3452	msedge.exe	82
PID 3452 wrote to memory of 2628	3452	msedge.exe	83
PID 3452 wrote to memory of 2628	3452	msedge.exe	83
PID 3452 wrote to memory of 1936	3452	msedge.exe	84
PID 3452 wrote to memory of 1936	3452	msedge.exe	84
PID 3452 wrote to memory of 1936	3452	msedge.exe	84
PID 3452 wrote to memory of 1936	3452	msedge.exe	84
PID 3452 wrote to memory of 1936	3452	msedge.exe	84
PID 3452 wrote to memory of 1936	3452	msedge.exe	84
PID 3452 wrote to memory of 1936	3452	msedge.exe	84
PID 3452 wrote to memory of 1936	3452	msedge.exe	84
PID 3452 wrote to memory of 1936	3452	msedge.exe	84
PID 3452 wrote to memory of 1936	3452	msedge.exe	84
PID 3452 wrote to memory of 1936	3452	msedge.exe	84
PID 3452 wrote to memory of 1936	3452	msedge.exe	84
PID 3452 wrote to memory of 1936	3452	msedge.exe	84
PID 3452 wrote to memory of 1936	3452	msedge.exe	84
PID 3452 wrote to memory of 1936	3452	msedge.exe	84
PID 3452 wrote to memory of 1936	3452	msedge.exe	84
PID 3452 wrote to memory of 1936	3452	msedge.exe	84
PID 3452 wrote to memory of 1936	3452	msedge.exe	84
PID 3452 wrote to memory of 1936	3452	msedge.exe	84
PID 3452 wrote to memory of 1936	3452	msedge.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://itch.io
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffd386e46f8,0x7ffd386e4708,0x7ffd386e4718
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,6084295997568056253,3052602554398671683,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,6084295997568056253,3052602554398671683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,6084295997568056253,3052602554398671683,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6084295997568056253,3052602554398671683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6084295997568056253,3052602554398671683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6084295997568056253,3052602554398671683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6084295997568056253,3052602554398671683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6084295997568056253,3052602554398671683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6084295997568056253,3052602554398671683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6084295997568056253,3052602554398671683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6084295997568056253,3052602554398671683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6084295997568056253,3052602554398671683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6084295997568056253,3052602554398671683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6084295997568056253,3052602554398671683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:1040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4932

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3792
- C:\Windows\system32\dashost.exe
  dashost.exe {e9e3772c-3ed0-4709-8c509ba30b3abbfa}
  2⤵
  PID:4500

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:4536

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" EnterProductKey
1⤵
- Suspicious use of SetWindowsHookEx
PID:3516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffd29facc40,0x7ffd29facc4c,0x7ffd29facc58
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1844,i,8311587864462924818,13710788146827968785,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1840 /prefetch:2
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,8311587864462924818,13710788146827968785,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,8311587864462924818,13710788146827968785,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2480 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,8311587864462924818,13710788146827968785,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,8311587864462924818,13710788146827968785,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4456,i,8311587864462924818,13710788146827968785,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3720,i,8311587864462924818,13710788146827968785,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4696,i,8311587864462924818,13710788146827968785,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4688 /prefetch:8
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4832,i,8311587864462924818,13710788146827968785,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4836,i,8311587864462924818,13710788146827968785,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:3928
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x298,0x29c,0x2a0,0x274,0x2a4,0x7ff776834698,0x7ff7768346a4,0x7ff7768346b0
    3⤵
    - Drops file in Windows directory
    PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4728,i,8311587864462924818,13710788146827968785,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:3268

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2512

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ffd29facc40,0x7ffd29facc4c,0x7ffd29facc58
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1896,i,17262650598822370522,15371633593459899300,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2004,i,17262650598822370522,15371633593459899300,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=2036 /prefetch:3
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2300,i,17262650598822370522,15371633593459899300,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=2580 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3176,i,17262650598822370522,15371633593459899300,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3212,i,17262650598822370522,15371633593459899300,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3760,i,17262650598822370522,15371633593459899300,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4736,i,17262650598822370522,15371633593459899300,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4728,i,17262650598822370522,15371633593459899300,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4992,i,17262650598822370522,15371633593459899300,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4788,i,17262650598822370522,15371633593459899300,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4760,i,17262650598822370522,15371633593459899300,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4080,i,17262650598822370522,15371633593459899300,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3428,i,17262650598822370522,15371633593459899300,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5640,i,17262650598822370522,15371633593459899300,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3392,i,17262650598822370522,15371633593459899300,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3600,i,17262650598822370522,15371633593459899300,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  PID:1116
- C:\Users\Admin\Downloads\SteamSetup.exe
  "C:\Users\Admin\Downloads\SteamSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2024
- - C:\Program Files (x86)\Steam\bin\steamservice.exe
    "C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:752

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4856

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:1116
- C:\Program Files (x86)\Steam\steam.exe
  "C:\Program Files (x86)\Steam\steam.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:12448
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=12448" "-buildid=1730853027" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - Checks processor information in registry
    PID:12508
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1730853027 --initial-client-data=0x28c,0x290,0x294,0x288,0x298,0x7ffd354baf00,0x7ffd354baf0c,0x7ffd354baf18
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:12540
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1572,i,9479876543913543945,1911035327944861886,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1576 --mojo-platform-channel-handle=1564 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:12872
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=2180,i,9479876543913543945,1911035327944861886,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2184 --mojo-platform-channel-handle=2168 /prefetch:3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:13520
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=2800,i,9479876543913543945,1911035327944861886,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2808 --mojo-platform-channel-handle=2708 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:17820
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,9479876543913543945,1911035327944861886,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3132 --mojo-platform-channel-handle=3124 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:17736
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3848,i,9479876543913543945,1911035327944861886,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3852 --mojo-platform-channel-handle=3844 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:18220
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4044,i,9479876543913543945,1911035327944861886,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4048 --mojo-platform-channel-handle=4040 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:17224
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4204,i,9479876543913543945,1911035327944861886,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4212 --mojo-platform-channel-handle=4412 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:16840
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=4524,i,9479876543913543945,1911035327944861886,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4528 --mojo-platform-channel-handle=4540 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:14756
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4656,i,9479876543913543945,1911035327944861886,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4608 --mojo-platform-channel-handle=4612 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:13220
- - C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:18728
- - C:\Program Files (x86)\Steam\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:16332
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:16088
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:16012

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
PID:4744

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4b8 0x4a4
1⤵
PID:13744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:14116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ffd29facc40,0x7ffd29facc4c,0x7ffd29facc58
  2⤵
  PID:14144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:5708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2036,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=2056 /prefetch:3
  2⤵
  PID:14332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=2276 /prefetch:8
  2⤵
  PID:14400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3216,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3636,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4640,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=4648 /prefetch:8
  2⤵
  PID:9024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4760,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:8960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4816,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=4720 /prefetch:8
  2⤵
  PID:6112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4992,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5040,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:13876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4404,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5336,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:6356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5408,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:6820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5092,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=4364 /prefetch:1
  2⤵
  PID:7100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5604,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:7328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5728,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:18636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5568,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  - Modifies registry class
  PID:17572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5968,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:8724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6080,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:11352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6208,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=6228 /prefetch:8
  2⤵
  PID:11792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6024,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=6368 /prefetch:8
  2⤵
  PID:11908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5060,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  PID:12372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6056,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=6372 /prefetch:8
  2⤵
  PID:11276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5760,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=6224 /prefetch:8
  2⤵
  PID:11168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6232,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:14584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5320,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6072,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:18972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6604,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:16876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=4480,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:16196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=4464,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:15904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=4536,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:15752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6412,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:15792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=6576,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:15720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=6820,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:15504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=6816,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=7304 /prefetch:1
  2⤵
  PID:15600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7180,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=7480 /prefetch:1
  2⤵
  PID:15380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7628,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=7644 /prefetch:1
  2⤵
  PID:17220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=7800,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=7784 /prefetch:1
  2⤵
  PID:11120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=7956,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=7608 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=7972,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=7948 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=8236,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=8264 /prefetch:1
  2⤵
  PID:10700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=8400,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=8076 /prefetch:1
  2⤵
  PID:19432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=7192,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=6952 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=7932,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=6916 /prefetch:1
  2⤵
  PID:7508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=6976,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=8744 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=9028,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=8704 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=8992,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=8976 /prefetch:1
  2⤵
  PID:19412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=8940,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=9000 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=8804,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=9228 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=9480,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=9368 /prefetch:1
  2⤵
  PID:6320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=9592,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=9444 /prefetch:1
  2⤵
  PID:15328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=9684,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=9460 /prefetch:1
  2⤵
  PID:15244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=9832,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=9420 /prefetch:1
  2⤵
  PID:15196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=9836,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=9964 /prefetch:1
  2⤵
  PID:15172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=10092,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=10124 /prefetch:1
  2⤵
  PID:15064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=10248,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=10276 /prefetch:1
  2⤵
  PID:12248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=10420,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=10404 /prefetch:1
  2⤵
  PID:14972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=10548,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=10388 /prefetch:1
  2⤵
  PID:18456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=10704,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=10736 /prefetch:1
  2⤵
  PID:14836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=9948,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=10844 /prefetch:1
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=11000,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=11020 /prefetch:1
  2⤵
  PID:14700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=10144,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=10684 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=10996,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=11284 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=11432,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=11440 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=11568,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=11592 /prefetch:1
  2⤵
  PID:15692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=11720,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=11740 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=11760,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=11880 /prefetch:1
  2⤵
  PID:15448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=11900,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=12024 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=9824,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=9364 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=11240,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=11616 /prefetch:1
  2⤵
  PID:13152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=10984,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=12624 /prefetch:1
  2⤵
  PID:13196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=12692,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=12300 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=10700,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=12728 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=14492,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=14468 /prefetch:1
  2⤵
  PID:13372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=14232,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=14420 /prefetch:1
  2⤵
  PID:13380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=14196,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=14268 /prefetch:1
  2⤵
  PID:13904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=13584,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=14204 /prefetch:1
  2⤵
  PID:13940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=13508,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=13340 /prefetch:1
  2⤵
  PID:14040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=13384,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=12056 /prefetch:1
  2⤵
  PID:14036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=14628,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=13484 /prefetch:1
  2⤵
  PID:16948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=10872,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=12788 /prefetch:8
  2⤵
  PID:17068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=10404,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=10948 /prefetch:8
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=12376,i,11262597856082565505,10297071415436774133,262144 --variations-seed-version=20241108-130108.678000 --mojo-platform-channel-handle=12732 /prefetch:8
  2⤵
  PID:2540
- C:\Users\Admin\Downloads\SONIC.EXE
  "C:\Users\Admin\Downloads\SONIC.EXE"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  PID:6396
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Sonic7.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Sonic7.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:5988

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3112

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5516

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:12032
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\Bad Parenting.rar"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:12284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\appcache\librarycache\1161040_icon.jpg

Filesize
638B

MD5
7ecdaf8a54ec52b20640a88527512903

SHA1
3133a4d748ad3be61fe9db759339cd5de73339b5

SHA256
7bd8b75aec0a4d4a377f3ca3a023fd8b7c5fc7dc6a2a66d17f8cdfe5b731ab0c

SHA512
60ae2031eed0c38264f0d8db22a9b6efeb3f80c791e916e15a1730853162d56e0da014dbd93a5479bae4f3bdd5705ca89be70c90574a524abd1c276ed5c55a2d

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
17KB

MD5
53914dc2fa77a5182b39df72a7d604ee

SHA1
b976ffc4579be8b3a4c52f85a6d48dfe81229661

SHA256
6e8ffdd28929777a094bf05bfeb9b1db96c11bae002cea9b39789532ff496e79

SHA512
e742457b8b09404db214cbb01f1521c0d6e52282e536dea5eab7b6da6845233ef41266b10090ab98c17a60643e3ad0d7b2063d10482d805993ef1cd07f170aa1

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf~RFe5daf0f.TMP

Filesize
184B

MD5
3cdebc58a05cdd75f14e64fb0d971370

SHA1
edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe

SHA256
661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7

SHA512
289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files (x86)\Steam\resource\filter_banned_english_cached.txt

Filesize
1KB

MD5
009ca439b8e68dbdb83850d51b07c736

SHA1
b8dd1986d15aef3dcba09c954577c780b549c582

SHA256
4bfbbfd0114ee78d7795835c64aae6dc6b525547748c5dd1150d7d1ff8757c43

SHA512
25e90b8b737b30879ec9073457cc7b30bdc46ed71b8885ce14f9c1946476d65c6bbdd0ddc19bb09c406cd9439837aec5c8ad007dbb5a4378842e1634429b093e

Download Submit
C:\Program Files (x86)\Steam\resource\filter_banned_english_cached_timestamp.txt

Filesize
29B

MD5
5bdf7c0eb730aad3cc9871da418b9b66

SHA1
e852366f44e2b06f7b4bba5ce3f382fdfbcd7dea

SHA256
59ec931c86ddb5075d0bd7a3697e2ac245c59ef915f75bc17ddf3ab4c97f81ce

SHA512
715166180a9ff0a3bd8823f2f29c3a9729ab4a4bd495501c6dbf9e094a8b6146f3ba0130c79df7afb8f2f03ab4a8e0c4e317ac79ea3f7eb75174ae30ced0d247

Download Submit
C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached.txt

Filesize
2KB

MD5
0b8f38d6f219adb6af9a46e34c8b55c5

SHA1
abfb7eea3e2073ef536ef4c020b79dce54028174

SHA256
c6cced2a542c64817209699a48ba5c17f32ad47a5bb799d395d707f665378de8

SHA512
4a4dcd5efb3433f23848b7bcc18a430f05107985e48f280874f0058eac863b3ddac9f849ab55271f619c026a6282387f553f1ec25e16eba7cb68c850f314beea

Download Submit
C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached_timestamp.txt

Filesize
29B

MD5
88241b51553b9bcfd111a261c8791813

SHA1
a681a4e7e14012d1a56576653e052fdf933b35b2

SHA256
a0c0ba4e849f98bfab2e8430da5a837c278ee52d23eaf05a8bc93d10201b2033

SHA512
4d84191fde461a646f681a1f67aaea5b250dafa96bef72625f586880ddf87e0ecaff25dc1f2ccff7fbc6e874c40108ac3f21c329119343c70df857bd32e7862d

Download Submit
C:\Program Files (x86)\Steam\userdata\1514914830\7\remote\sharedconfig.vdf

Filesize
164B

MD5
64a561eabd7dff37617d1981c337574f

SHA1
91a58139adfcc910f0299bf2ccfc6bf7cbdcb24e

SHA256
10a64da200753d8c3a859fd4407d1ae86c0495e65b2b6b880aaa7ef5048db466

SHA512
e20def98bfdc0b7adb8236f125d78c3dcbae03360ceeffecfae466ef29fb7c80ecaee9416c4169c4505e54989bccef60b1049a492d565c1e568eb218d628100b

Download Submit
C:\Program Files (x86)\Steam\userdata\1514914830\config\localconfig.vdf

Filesize
32KB

MD5
501886d69e73dfd1e94a0ca9c7f9afa6

SHA1
b8119ac572d861d8ce644e6fbd8289dbbeb1563f

SHA256
9906e4fb0e8d82df668f5261af69a2626260a8afb08f06fa939b069661a54994

SHA512
fb32bf322cd6903ca23711889fba47de222416e1b1c00e38cce77b2ae94fec90289b2d4b15cd8481f519b25e0078a450e90ec66bd79bcbfc3a94f7336742f725

Download Submit
C:\Program Files (x86)\Steam\userdata\1514914830\config\localconfig.vdf

Filesize
3KB

MD5
b8da0a6ae1505cb7e6c5ae2c65406dc8

SHA1
71e0c8cc18e46b05c2df2487567db9ce7eba3852

SHA256
7309bc0d2b953e1e91872042743bc9d7bafb0aee03bb98852d21704c571a430d

SHA512
9a2eeccb9613936f0fd550e2cb9e7c91efce0c97ecbeacf79ec6138c674689d0dae33cd5caf409e3c4aa2cb49a755f4689042ea2a728017190c8b338c80fdc42

Download Submit
C:\Program Files (x86)\Steam\userdata\1514914830\config\localconfig.vdf

Filesize
3KB

MD5
195e0d9475d62ea765e4b9e9fc2f854a

SHA1
0c07c695447f9bb197b6b0b4888e4f206538bf3d

SHA256
2fda324a9aa6917e38eb65da7425f664d74d74fb06c5eea62b58b33b9d1a01d8

SHA512
49b25e3c06db9f9df1ba2e848d4951955220719b7cda811ac2d600d5e186fb286492219d6762c4a8ed3c52a2a1ba9e5186a466a862511df853bead4e74dc1240

Download Submit
C:\Program Files (x86)\Steam\userdata\1514914830\config\localconfig.vdf

Filesize
5KB

MD5
4e7490ad1535daec863d342965392292

SHA1
d0dc899c5edba37825f0abec9c4816d466ba85b5

SHA256
99818f0f55d2244159aa94124ab25f32b9da098440441e9335b79d1e7df8de14

SHA512
fd514ea2c91c88974cc8f09817804ecc6bd1685a774cd6e052ba43bd2739d6cbe101207bd84b89a6559669fbf710284da43ac6f0ee5ed7e79b31aa60f205563d

Download Submit
C:\Program Files (x86)\Steam\userdata\1514914830\config\localconfig.vdf

Filesize
32KB

MD5
193b299e9dddeae442aa0aded92000d5

SHA1
f0ab9ec0458dd3a2d3cc5a5dfc26740256eee420

SHA256
28eb2932048dd76ccd997481ba37734e62ddf7d844b49e44845e25f424dad1ca

SHA512
142171eb7392422fdf49f292b080235c795980ab218bd0afa90a558f191fe5dc4c03bea507520db7e68b07bdcf314058056951cd007055713f9e70904b987aea

Download Submit
C:\Program Files (x86)\Steam\userdata\1514914830\config\localconfig.vdf

Filesize
3KB

MD5
433d364656ddbd3ba2b54e7188984b32

SHA1
f3af45b32de94d1e6c5b0eb01bc667919e53e9b7

SHA256
aed25cd918c7c472b7e633206aea1209a38196e7ea6d3a329178e03909e4a957

SHA512
1920fd2efe59460234fa85a11684bb39767fe4c2cac18fa0e750a98017514753746209f70ef71796ed90448a41052f2d631863567ded5eac99c88c007edb719a

Download Submit
C:\Program Files (x86)\Steam\userdata\1514914830\config\localconfig.vdf~RFe5e6261.TMP

Filesize
233B

MD5
f7cfc1fe6eac856fc9e565c159ef6023

SHA1
08269b0479c3513dfd04e2ec79f797cc3c620cf9

SHA256
71308748f17e7f12d399aea248c17d54f71328d811951a8649e30b7fce16665f

SHA512
86bfb7d7b1c68c184d4c43cfa58c3ca51b8c0a08286d7e37248d3fd331a0f0af7cf8ac85426764e5135a912ad1d7028f5698929b8d775ffa94eaff3122a606b0

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
3cf0c95904448d72c20a139d73722a1f

SHA1
2895131bc91a4215149f65b53b22f6f37ad7a65b

SHA256
c781eb6070e825688fbad716cb313006f3017a74d37a29f0e480cf4e4e196d26

SHA512
65a682c5e63e93064535a6556dcf51cdd80197b73e92dada908773457d7e32436e466ef43c9295623949da0b8164e05b3e2ecf3922a12cc57bec9e6a32703b46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
fb8ff47842953fcca3bd904cce678f14

SHA1
e2384c705e54f79304e02c3e52737ba1083cf45f

SHA256
f2aadcc449349b30d5f915414f9023f35b9d7f3740afc75697d751d77a705b58

SHA512
6cdac65322561d10f037af012bedad7ff84b81dff5fd1d120a8e4fbc776fb8cad81c9947ac54231eda0c41669f6fc97c0a309f9ed052607122277b2c84782854

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
90154e05a9cbbbec7649b3ed3b450ba1

SHA1
07482e08896f85fb1152a3a9fe58ec370fcb9925

SHA256
e1e7f4e75b86a3c26b8d7ac05e0bc15bd82d67fc4b94dbf305c4731e563b036b

SHA512
492cf826328fe8c8cd3ecf7e1253f851f6c9a20d9beb61a237275a482734c34f3659204574477b5b44688ac9b517e0e582613197c130f0bfd363eaf7f3206db3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
19KB

MD5
0de1096411b23f842fc5b77e1a8f583b

SHA1
b925a681867ac101b8441bf6a529d6ac1e3c8acb

SHA256
082e648875ab240bcb7d0120319d7ba61addfa99de84ccfde03d2f81bdda9929

SHA512
282e1fa329824a9383601dc81d5ee4301a4e301e7ab3fb129b106eaaac972a68287d12cf691a967c547a2b5111a372d62794482d8895275ed7a5dc216a852e5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
24KB

MD5
9fa060a599b0ee1912f2073ed59df3c8

SHA1
eaaeef616747d09506c6ed1d96901d2c8d1ad4e0

SHA256
7924474a8f327264982347dc932997ed49890ea4114925024ba678fba2d4e90c

SHA512
93837c0d1bf848ff603073bce6ac252f770a35fad094b294609682e11b04b463292c74c8440891e89741f28fa67a888ed6fdc1575fda99a3c2b6065ccc4e7b47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
78KB

MD5
544a6e4b1b34c5132739a0d2ba39b18d

SHA1
683d474bf1ef4998ae5e37bdd219f34f15a12eb5

SHA256
369ca10d1b319a8fb94a6cd6143f4a524833faec18688d733508dd2c4f6db7e1

SHA512
efa73011d5933b27c23282e0e3caaaec3485d6db3b92212106fa6636b18365704904e7cc444a8b51d0e32d3a29c13e1bc2dc296214c492675b912de85824d4c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
17KB

MD5
f222656f7796794674f732c474a033ac

SHA1
cea879731968ace9befe205c55679924f033464e

SHA256
2d9259afe79e20ac65865133ee69f28563201da61bbd8142cd964fd0097170d5

SHA512
9a2b31a325d8030a2aa6b5a932a8c56476a7bf995ac61d419e81477a0c7ecf5e92d5d4884a3d3fd9a67bd33dc619665d5e3bc05c3784c3bc51333abe4332b449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
213KB

MD5
56f52dd9560ee8ba83285a6a1f1fe8c1

SHA1
a4ef79a25f44c3cdd064e81a3bf7cd0ffdb6bda0

SHA256
2396ec52c9324a26c7e9871d5e22b2671b33378563c68e86b84897407a8bb665

SHA512
9cdf26985f66103930c3ac2c913c1019160d1268d7b80272483685ff42196428fa854a019d38da30488c44a4100002b7fec36717bc85d020c0d72771c5a2f429

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
167KB

MD5
4d9ecc70dde56858a3451017cd7fd8d9

SHA1
88189cff695c454384884888ea46d9c11060c811

SHA256
e10acc2425b736f904ca0ec762a77b516ce7cea7391354841199e55750eee287

SHA512
dccdf161353e3fbd904b63f646ebf616e9eb977d23933575a307336aed6bb044902e11dc5990aa217f7b8cc16e190a968fc9077fe74f335c195c72de46c6f60c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
22KB

MD5
757750902210ff3c0d12dee4dc5165c6

SHA1
a3599ca4bd5da9fb9c83e26813ef62327c541566

SHA256
72ff7d67ddc7bd23885cbba07f3889be27b50cb597ba41fd546343416676ba67

SHA512
ef5cb66e561d5f208a872c65b6732bdaa082d421f9815c8a5a439d5e749890e032c2309c1d7ec66d93d1f897941bb5e2c5f860fd9cf8e13adfbf1ab60aeca27b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
66KB

MD5
3c056e8e74a88874e293547911ba706f

SHA1
fc8d54feef9863e346fba55d897bd3c44b9cbb48

SHA256
b895edff081369f33e0600ef5e5d3098b7d0f258d0c689802f9165001eda6bdd

SHA512
b3826f0201e9eccea56153a1e82ab49e6a63a0b995a64d69a72e9b0b422f8b37083a0a242f99bb08dc27e29ca4f73f2864b71ad6c9d076add1d4752c62e1b245

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000080

Filesize
20KB

MD5
eb77bc2800d9fc63ab6d008de39ba433

SHA1
e272c72645ea3f7881411a7447c09d1ce8223c5f

SHA256
4d896cdece4dd4e55114383fa239d45106f2be70ded3a20f7277bcd561737d92

SHA512
8a9e30e8a419b06114fd65c2e550ec3927fc6bafd98849c4ad79f8c3ba19f101d9cba7aa7c8f0bc06e9eeec851b4033917ffb0e906292b4f6bcc7bb4381ab00c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b3

Filesize
80KB

MD5
4cdd99ad4e6e3e5dce7d575a0206b72c

SHA1
721a89e90c9f7a9d42c10617bf62ca8cd1334b84

SHA256
392dee3d530e16a3487f39a0c9c6f11e9b2bbb002a283bf0b689f9873ef880df

SHA512
146b1c15773c620aadf9d2cb18ae9b3f30f61e66df4cfec3e6aa8a2ede1ebc87966c042dbd4a746b2d405c694b973067d903234e75e123aebc955c2da1aff4f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b5

Filesize
43KB

MD5
790c81db9bf945fc2a3a3912c2a5b6ae

SHA1
bcaeed70f5e969e369dd2303df53da089a81bb8b

SHA256
5dd15e15b2c3f3537c06e593e5700225dd28f13678e9649866c7d3c477efaba4

SHA512
7693db525ca06118bc1907e9962ba691f1973bf5639986cb303c03894440dfb9252a2e9633d5bfff58905f8b0fd9dd63d75b48991412ccc4f0277127a08365d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b7

Filesize
33KB

MD5
22429e0c7c71b071b510ed9a6329331c

SHA1
f0a6336f4bfb5df113a8a3c820d76d55d815b73f

SHA256
2db439cd553d2e2c0faa7cd6e2f0fac7120de1d52153c0b9ed298498f3dbd3e1

SHA512
f49ae1bb9c3480a1b6e373caae4a52da2e853cd0ab379d3a50f75f47fa1d84d337003a834015f97bd42dfdab5422ed0e8d2f56e45c76e9bf5601d8c4ea26f81f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b8

Filesize
98KB

MD5
70fc5adfa92fd4585fe3213411009ae0

SHA1
343cc593fe5ffe5840002d4fbad2862d42910caa

SHA256
045c592ba80d7004ca7adea9fb3cee5bb52987b1774b202fbdb628e37cdd3b1d

SHA512
5270cddd379469bdff7309412c11da2faf28b14508ea363f18fca0f1b45fdd02b575bc3af1429c786c7e32d4f0b5c1efcbb8dc3ab467147be87b0b419f3afa6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b9

Filesize
21KB

MD5
365139c81098a7d1a09be5ad35636cc9

SHA1
1ea3cc8cd2e4af315129ad24f4788e7b5ae48b74

SHA256
a8afb3784cafc474c077c92a5e640ad01bb8b8ddfec1db4908e9291fa3d48ba1

SHA512
1934dff330d81f0b576522350f655bfcfb10d4dea9b23b4a0c7581ade4044d7c8a81e62caf5c3ab1009fc1bf99d083ddfdd2c1a17f748a1566320868db1516eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ba

Filesize
22KB

MD5
cae0a3bff6c55245d9c41f31ffb59d80

SHA1
ebd40dab223720af9a3f7f6fd8a1d979a50ffa92

SHA256
0373c3d6ccd255a22794c4d134d7072a5eec32cd132571889538389959075abe

SHA512
f0fd812b0c5db1655a224729c1d2f8bca5dbd797f333ddeb4c8779a0c7db7e142f02bbbb209971ba324613bd6c467f2dde4f940c246236752cf47e9c53fc73e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000bb

Filesize
22KB

MD5
8edeb5a220fe2ebde6e724ec46a47b01

SHA1
4cda11549a4866dda172d7e9eda415ce3f84fa3c

SHA256
25426e5097ffb53fe93f88b9e6fd457aece2c01ae06c9cc02aa6d0f59e04b7a3

SHA512
279187e4788378c7b27a7d606293622be31423a76a749d9ae03c2b359b91482f937c466b1288545f8d2251b8df306ada2c30ba5d1d186b63946aa42327000118

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000bc

Filesize
48KB

MD5
18a64802714cd620582e3070cfe247b6

SHA1
8b07b5a18b9378816ad4ea50545aae6c28796262

SHA256
c920432f90cdfb91ca4074cf59d22871407e1d2ac429b95c5ca46690ea4314f2

SHA512
f8a66354bf3b6ac887994f48e84d5d35fa38684c0c621f90fc9c846074518ddec7e3f89ca6a924456c1f54f8323ed2d5649893bc2d62061724e281a9a9028ab9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000bd

Filesize
32KB

MD5
d51156aefe1bb617bea2b80267421bf6

SHA1
21f5fb668da9d0a0b6b71f2c4f4c2b6ceada50d2

SHA256
add2bee75d3c9389bfe4ccafa5f08a9f1d3ab2f644c7ea02255070479d09bc72

SHA512
fdcf53ba59bc5e72954c6f13183e248354fbf6be8a51ee4bb7f4c9d01ca39c27c1eeed184572900caa4f48d279acd2b1c3ae0878285a46832f0724093898d8df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c1

Filesize
50KB

MD5
258e004ecafda290f6007fbfcbefeac5

SHA1
ceb03d36597c7f77e68b4c85dc659678cebce4ac

SHA256
745bbee63267b68f0c10253ab0cb56e8e706ce1ad401e37ec0f198f0772211e8

SHA512
4af726fdc5a36e2f0a6b9ae30f54399e69051527a2a9732cd19115f08a5bb3db0d6473abcce2015bebcf2b3cc7e34585adc339a9b16de5d2f7abbbbac4aa9990

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e6

Filesize
104KB

MD5
74b0257571f5b3f6dbb82e9652d52ef7

SHA1
018ebdf454dbbbeaaeef9539da5c99c811d3f518

SHA256
88bf5bf5859fedd800ace29b4f0c5620d2b13b3c0ed771bc0bf07ac5e2f0a14f

SHA512
ec36cf00b7f69ed07477d33023f6fbf6159b632b2fbe6be693f05f7d4e7761f7b485f52d06a09523669bbc1892a4e9b578a97a034f71bfaa9e302ee7383a11f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000f5

Filesize
243KB

MD5
db89506f3fe7621085a0d9eed5872611

SHA1
d34a16a4d2636b75188f207847564d95445439c9

SHA256
dcac3d0eb3591a130a3de367cd8fd5fa94f84ef5053d40155eb22cae0002d313

SHA512
4ad0547ea9082bd62fbf9c7f9514fa1b804c5014a7d0e6c395834e05df01469fb3b7b240c7fbfdc95508db9644a4c35b48d9ae4623f462e14b2ffdbc7253a124

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0001ff

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\997979187dcda089_0

Filesize
475KB

MD5
cc75e5e5f294aaecd5b9823599496254

SHA1
d7aeb59df698837ab86a023468b8360c3e0bec93

SHA256
4faeec73592c1ba47c0851d01f3117117a10a140d4a7a029a8e99931eefff7e1

SHA512
1f8f957f83cc1d685e2f0ace8e368a1cc953ebb49bb3832c6c32d360d44b4a659c5fb1b268beeb8b94badac494f45277ef740449a8ff12ebdf24e6e827b0479c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\df13cfb31cb0046d_0

Filesize
258B

MD5
ffc0f96cd38438a9c4d3cbaff4df8408

SHA1
57dd0b4197d19c37690dd9f545e66a9ddd75d35e

SHA256
85ea62bf87cf369f022972e23349997b949f3cb33027834c01881e6b05bd50ab

SHA512
ced1ca03f36f57e9e0fded9f08175d8e77184870d0d6d448ac15f80bc167d8aa6f3eb293f7392ca6ee4f9bd4169ec0c5edc0317f4ecad976b73cf65537778c63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fefda03bcfe2ebec34bb5a4f73c0e120

SHA1
b9918955b5241f42b87a05000304c97c57182637

SHA256
a89bb2945b3fed1dfa51feb51652fcd832b8ebfe3cba4957f82a3d7470055beb

SHA512
67be313cf0cdd50fa87a4d66a234c55a9fe7361c501c853a6facf365d77cc4916a9550a44d89ccfe50ab512a346e3b1ca602eff04b5eda77422e3fc9368a1370

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
46b2c66ff73610d8e51f8dce68194ae0

SHA1
c8813e8a1158baa81d50f8695600e20cfc9affaf

SHA256
70946b588e83f552d6b208f52e814c9628c1a98ddbc308481c2dbcc00f13285d

SHA512
dd84615e964da90ee88152df751b5d017dc617f69db17f6cedb3901ff64e2e49c2d4989f341ceef8604e593ce974308cbb4e0dfca19b0333dd2f7b8e84bf89d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
2df1c8c0fc566ed8460c339fbfb5a943

SHA1
61ad683667663b6f6fcdc9d366419510cf7f8632

SHA256
9d4948cead931fbb4f9656a47de395805c3864249736918f34b74d5068260985

SHA512
c269de37f127c87735f8276409251968de9af3e707eff1cbf381d712c5ab48cf4e3c5fc6f60dec14fc9f80c3494fe7171501023c6672c584057cd69cbeecdbcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2c24f97cf5e67b7bbd93b102407330b5

SHA1
f0390c7d87eb9d4ff54add999bec1563b5d66ad4

SHA256
21e0bd7425ce05297c3f555f792f3cf10584419c3e5fc9e4cba447deba4f820c

SHA512
99343588a1e4f2232e5442b49f28193aeef725bf2b9d29c8c0267856ffedcd52dd96425db9962f7ce943258ba99f25f2927c40270df1911c5aae740080be4832

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
0bc0cf15d8e6cabefcfffc8c0cd40170

SHA1
3a8da930d9c7a952d4599d9ed77c33b5c843f106

SHA256
cd9e65545b27547513d1cf602aa84bee2e0a7128798edfcdf1343b3979984453

SHA512
f37003222b9f283271850ac0be63517bb6a621122a1d23120086f33291b723549f679d1f201c11f9a58795ef8e12bd17ff89394cb56f56b4c9a276fa14bef6e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0e6153c05b7ee0f144a1187c2a7f291e

SHA1
57461eb8ec002422886cd09ad61b2ad6619bbdb0

SHA256
b95e03dafeff44605bde9cd49b7cee3f0d60cd067a7059c9ea2d2a488c17add2

SHA512
006419f84b85518b375c80e83e54b71dd7e00cf42b16a15a1da7b9fdbd94a6b50c5c635ad2947b29ce000f5afab30c2a3f49e388a062b9486c0da1d184caaea0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
83bbc5ae7418dd6ddeb4e750ea104855

SHA1
6fc5d3f07c16b807ba0361b68a86573d213f2586

SHA256
7ae088cd7c42fc41a7f94b4eaada87d38b8c1c9b9e549c9965c8956de79b41e1

SHA512
a26bff41916c76da1feea2744ccbaf43c5f15d3f4487532d5e61d7dc1d5a726138f3000274af91c7a7c0bc862a805a5e30a1021e0e064a5c8206360d7787e50b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
48KB

MD5
c5df1b358de764fc11b81c40ab24031f

SHA1
132e820b038366f7acfa289ea13b77768de6fda5

SHA256
d5964908ae9496c98dcd4ef16aeab3a101682b5d14a2ee1da8313f8f0c27a450

SHA512
9c5e0c070bdac234da2db0666c06d471f186e66ed6cf708b6f137c7a500023455ab070e71b0a11cd9e67fb8d3b5f1ccb90939c10df41cbc86276e78f8170ce57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
49KB

MD5
72f5e9055f631d1f8778441daca2ad20

SHA1
9ef5a641a65b8950b4cf9253bcd5e58a1f7f648c

SHA256
e94b9ff596cbd066bd4758773ae1a5858df47362da2c60b5e5d249bd812bff1f

SHA512
ffa265bb6cbc4735111e9b32018c0fb9b17cec939cb7651d585958900d838212753234866de2c903da5368cebeffad51be3644ea1410b80d619fcd7bea529b4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
96ad73eaa6b108061d13779c049b25ab

SHA1
bbd9c0b6cf2394661d7984962864a47cebeeb7e9

SHA256
d0ca8d76c12eb7639cf1b119eb0004e8370ade4b90f247ec2021e47268a0d46a

SHA512
0b3207da49db4b6ddf9c8cbb96c42203e10a0c2e8793a6c3b906ecb567bb65fa275df1d85572c1561a74d6e4c0bb9480901c2bb6e6152de6a27169b0ed067ee1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
e7d819a1407c181298caa7a163a8e510

SHA1
22b9b7e43008321655d7a22fe7bc24666fae2737

SHA256
c525b8b6034619f38ccf5640dbbb0c0f4ef20c2c9e8c0111fabd840b441a0356

SHA512
600f1480cc44eb927796d6a1f78250b297dde556fc5fb8cbdc0365ddac7f99f8277f0112372f0c2588ea79b02b73178237a0edc8c589258929afce055e4c237f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6589beace061070a27f784dd0fa3f03b

SHA1
fe23ee522fc1ec4fa6f3fc24b7c97919d629c956

SHA256
7f4bdf02f0a629177c6f62df0d96267d572c6ac77b72e2e6a32fbdd5a4852d68

SHA512
940f07c6c4e8aeceeb1e1bd0604d879cbc8d2aff7c7f72a48c0daace371e159b994393c124237d3f40ee15682fdc625f08c9dd0d7f8da96f48876d4dd8c3a5a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
1f44f4cb88df47a93347102a150c0a6e

SHA1
2ed597df9ef4d23878fed2c5231f29b27573befc

SHA256
e6b1009a929527f6de9ca2f5ddf2bba2e1b0644eeb36d20729be40af91e0b822

SHA512
4fcf19f832035835af429ad00b890899a182e84bb5b380d4050c286305855b8ecc47f3a3efdbb2f55bc61afe3a90723e2eaa5fecc0eb265037aacfb7171a7911

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1ca7992edf93b744ad16d6e7041fee30

SHA1
e23b34b5c31c4a792a5c9064f96e1e50c4783547

SHA256
646a51d01caf284b496904d321814855b72b569623e8bff879d0d818fe187fd2

SHA512
4f2b73d05614851926cfbb8729eb53ebc39c09d956f1db6ce541d7b7fa1bc45a66586850ff051d660d03af219a83a1f6b0631c4f843ca3c5b70d2367d7788157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
405662cccc7b6ad1927bf39bc5b98f44

SHA1
604aaf671a67729fc34aaec8efbecafce8d20a01

SHA256
82da028d1f8d7b486cbaa44208533e253d18d5a1c00cc8388a54e0aa2096f5af

SHA512
1dbf6b57e68577da86c5ad31ee503fb421e9144a8f1a843d13e4527fd0ef25aa8ee8f8dc86ccc372cc27bd887e228137a67d9580cb2007a73bac2fdc5069304d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ce359c0a07a4f8cebb8ac1a421341ab1

SHA1
740cc759f84ed9e7c8a5140f832381e2a3f94faf

SHA256
13194ea3c8448aaf8060f9f4d43340c8cc9469ed24efd10d6dcbe9b8498a49f7

SHA512
f3d5e61255e11805376ebd49c4629b8e7e8b6ed72b382a8084568446ecb72258be2e6c7a9c81d8d4f96c74bd103c50c938b6c100bcbde8a020253e2fe3fdbf5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fc44989a16c28bd447966190f7908672

SHA1
c8ac7b2c462e417b325dd28205df2a81d45e4cde

SHA256
1d1010f2ffdc6ab526580ae07a23a20d863ff5f1d293d2beb17fdbf6cb5a0d31

SHA512
9aa5b8cf09c3b3dbbd24b9e88d20fa8b42d505cc38fd93605068000ceb63bc983e8824b94d90bc078d325f66fdfe4c4fc115dddfe38580028b990f20540ced32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
318de08ce51a7a7f13353c1efc4ece86

SHA1
eebf19a21c24bef6be756051aaded314116ca3f1

SHA256
ddd389e2cd8b2be3656cc73ecf9ff3f4cc81c9d27664498a06b370509c027e84

SHA512
21cfae524cc382eb7d218a7cc831db658c3e328d7660ba221a5f5c765719dbcf37af014628b9c66f67f690439c1526d948a0998e6564c229b04bae1f767d3a3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
fde9f78786c40236d1c652749f7ac3cc

SHA1
7bd0ba0ab2df041334ec95262a65a80deb1c9d3c

SHA256
d927123643f65a4b0689cbca0c18f28dee1e3288d551a4a323c1a0316758b5db

SHA512
84e0fa0b75583a220696eb35b0843cbb84515d6003bd7918e2fc7cd2cac0ed995b74db703768fc3bfcf143e1275dcced97d723e4ba2698d6f63e932d8f3297e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
255e4ca6d6f7ed02cd4776990447ce9f

SHA1
acb46a3f131dbe9605e05ed85b79006be2887f35

SHA256
c97e687b0b8db8c18a1c4485b61de848487c83354916c010f5deced616ff3c3b

SHA512
3885b824291d92880401de01a7ade910c56a274ec3e855d3a809469dfaee5ae97438eb876224b42bf9b46c791ac8bf3eb47248cca15325bff36af79e3f636a8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
8afcfa0e36c7e84a3638598bd4aab4fe

SHA1
86d89ff8495da295bccff0cb4379499b7d06ad95

SHA256
a58cadcfe93be95787e606290b1cc20e62c59f1954c2fd1c7ce6bb7d93fac230

SHA512
89438d3f4d533408ade2b2c24798e71dbc04fd925a7bb7b5ebb0b2c4b74dafb85a0b3cd2b85beb54062671ff24d4308b6885c85b445e63843892a3825126cc47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
983eb205dc3c8a1f367122bca51167c0

SHA1
b2153ab1e3b390d33c940e4ffea6b3f24c4cd958

SHA256
a7085b3db4caecc9c6554e3bdfeef7d513fddf9eaa5dfbac637e01bcbd8b0f94

SHA512
b1641113d12a40ba2dcc930217562212b9b9077b365810b8094c8710411a898ca4b77ce124566b7aa09403541e37078548e541bfe999dcaa7a3806bbcdde0f52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
fbf9f9ce7fe16227d5195c85cf09bf54

SHA1
856ae623bcc023bcd0f10b5dee2188605070bf7f

SHA256
ba13df08aba1e6604994d3c6981685c3d5a420f730ba43fa12194b3a580f55ff

SHA512
8b4077fe303f9b6b3b593b67b197a6c0fe6031d8efa29feb2eb66b5a550e3a96686a9ba77894af948c60792a33001c99b6f9772feb86ddd90f1a8f40f8b629c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1d74712538a3208423466327568635bd

SHA1
61a959535a8c0adfc92f6bad8f751793686a4f23

SHA256
feced9a5c77cf431f784bd3ef7a3f981087758056024e2739b52a52f5e9efae9

SHA512
67724d831c2701820d851bd312afbc8bd304a5d2bf24e73c94151cc4d631f55ed36dd45cdfe2c8484bd0e01ce470dffdcc0ca9f70500a0339edb6907bfa5bccd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
d63f08f0e0935cd5de008d06affcc52c

SHA1
03bbf8d0c6e74060245e0be8b1a8b28f000c419b

SHA256
900a116189efaa7d37f3110bd885b011d62d76a34516b0991b7c021881febbff

SHA512
de29b60a958ec4489ca3f6010d03a98c5381b513fed272cb2d5f7e50a46ae5448251ddab532cb085edfc42a567b8fc3e9e30ed14b875c127ad88535442b19e72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
19745fae754a26a9733e7cd4654c83ce

SHA1
7d78daabecc3575032566d3d6b2fde255ddf5237

SHA256
d14026581f6ed6de3f535923197285437fc56c7a01200ede40ba66ab5f21785e

SHA512
2885efca80907a6de93ed15bd6afe5be43ddfb98ab07d406fdfc4b23f6e581ac60672b9829a77b7a5ede8c5ca717e86346145681e5d69427e9d2c94598d783cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
56009d67fc8227ca04baa22514ce52e7

SHA1
e11d0710e9636bc78a938e4031e2be3ae5f75b7a

SHA256
b5262d03e61e3ab5158d71d3b1c2d91c3e0848a544450063cb5dadbb34b0988a

SHA512
6df76592e271f0a731802a93882325d7f5d52f6ac17f48bbcf6c40edc142c7fc40922b318a8eb587b907e90797416c3bdd23765dc9648bb9675e0ee8152102e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
a88fb15b28b4a52980d7f0f76ee252a8

SHA1
0de8af585d4564614f21d820ddc386d5cfe8182e

SHA256
3e3f87563b5d7a881deb95a97201d99560d42415770913c6066dc3dad79b6323

SHA512
263f64d518d68a2d09da772590db0d00bd93d38f38c0053494d0a0b591b3c43c873bd8cdf864d55f43a61e61cf3ac3161eb86a3c69340bdaf748adafee127560

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
6e93e18a3911ab2a6809f6d14f9ef337

SHA1
15fcdbe5d42b2f33fc047a044a2d7bd2328bbc35

SHA256
57a27067429c4373c598ab055cdc7b2c890754819e1260afcb5d610afbd7dabe

SHA512
e6e005dfe09b2d13707fdd3a95adc8de97c58ddc41a114f4a159728ddc81e82ee6655266aaf899d807b926f1f628456b92067212e92c49a475068b89a037859b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
18aa44c18f5015fa74ec708b2eab05c4

SHA1
bafda3727da89b2fe0bbae5697cc6ffc64478267

SHA256
61704d07a40c8d230875f79a1fb179de4c572ee666238e45c42664b50506802e

SHA512
176cf455ef51a10da019fbf4e74ccd45e600eb762a4ce4794870eee53cc9225a3063c9645390b98436a467ec18a38132eeb231457d91ce22854484cf3c0eea6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9ba1f680b3c311ef195107ea3e8b6f73

SHA1
714d7a735092746d01cd960656a2736990028324

SHA256
7045ed79aa89e9b42ad86c10bdaea3a1f4b5da85fffa7a2bc7e10edb3cb376bd

SHA512
dd655a226e31c6112c707050350f1fcdc160d668c1c440dfe9480c5fca03257517c734717838e01ce918689d9421f1aa76c35128b6adf45298abd42224eb0b7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
379be869c42ea4d23e10850bd3e85edd

SHA1
9998b9757887cd8cf84d18029c76b29445a68938

SHA256
908f8004046414513a855c6ac9b9c6f10b6030dc2a391750350029ef372f46d6

SHA512
fc08b38671aaa31b11fd938d7fb8ce31f87e9f195bf73feca2fad704fe8b7c65f491ad1f378e28464499191668de0a0705399020a41d7139e19186838ffcb92a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
16e4eba6c30171ed8af647734b81ed1c

SHA1
d77a3f52e97141ae2a7e59cb1b29d7aed99b5ecc

SHA256
45ba8d3783ace69eb7e4a64d3890214702017b9811952a17c5e5a99fc4ad01aa

SHA512
5812685d4dd83abc8fd389f88871b070ab9fd285b34b9180effbb55e24a1b934dffe85b3e39edb1ac0cbf602dfa623aaea23e94b364e7b1d601d3e0a1d39690e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
0b2c49e569bbbec6cc5d528293777296

SHA1
ee92280505372f4413e0c8303cd9e16e6f45ebcf

SHA256
1968d4cb548f6ddb8f2745df7651c08202b7f3b718414f8cfb17425ff0bd4377

SHA512
38615330b9d08a9cabd751ca5a3b5d82c713b4322418cff7606228d457ddef7c301e71447da400fa61dd2efa6c11e4afedeebcff25f81d4e49c5dfe205889dea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
66027fd82744b4e4cb6b209eb3e62a12

SHA1
7dd92318b60ae7e592cddb60c9694027ddb3a02f

SHA256
84ed448792835e3dda8c7c021326d51d59b424c7b9a8235f8eaec040e9201a62

SHA512
79dae8a9c02f96ea207c02bb7f39486d290204f40b05e2d66c11b18fcc3eb6635a440978c5b15126ea9f27579a045164bd191ce3899452a402b04ec932fb8dcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
88b06ff096567fb6b155bdbd7cdba97d

SHA1
dbadfb122aaa012e06e4994180ace98bd18065ac

SHA256
b16c23d03b6b41c30895a91402d3c2801c60a185608973efe8f55899ed1bdf93

SHA512
6d528a9ee31394afe9e2d619f44310e141b92aa4867c8932b4c2f6c1f957c6dc78964900f3e4d38d68957ed63e3355d349d964d9948313b2604783a60e253678

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
140B

MD5
00ff71ee07bebed9db5c954aac711eee

SHA1
58422849594f9188fef049f648a52c94453f6b6d

SHA256
40c6238646a9577cd1f2b5be9cfb50043a00e69d3d90d04a9e9e68531a3ff61d

SHA512
1bbcefdc8b4e2c8d7754b56831f74cff10a8bee07beb8038d22f599edc19d80761278f2759b8d1145210ebd267d0d5d28f080231c1d4d4477710b265f1b47992

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
140B

MD5
03d1ff3cfbd7266cf4459430220b420e

SHA1
7e898540ef658d254c9cd06729ad00c6aad1a982

SHA256
be31344a391b6d2c54134333b3fcf099d1c74110185cd06c8d85e90165088cbf

SHA512
58fe1669528b58f7c8cd3fbb5e7761b1a47c2e1c909eafb5c6fae655c8fbb9518fee31655fa655f0227a5ae032050c7df7d96a72f8ced96d63b8a828d8263671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\84dec4d3-c9b6-4d86-b0f7-b2b492732d09\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt

Filesize
137B

MD5
cf515803a760bf9ccc08c68a7effcd83

SHA1
b437a433ebdd1041c4eda2b96c51f83b9832a89a

SHA256
9d7c05c1ea6cca6351af68634d114ffa8e630c772a7c7d8a46b79d09b0860b59

SHA512
a9f73a3b11ddb3198c64b1dd7d44a746e80d1a71cb1377876cb538e1df96d4455a0a155d2e0de9e7d2a0955529efb5935a4ba008f1c84d6744f1eeaabc85cde9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt

Filesize
73B

MD5
eabef125304ed56696f07d27dc0a4760

SHA1
f7b1959eaad9661d26183f0a39602128c7770501

SHA256
16f2e733956a69caf3cba9a7984df8a9072d616051880ec52649d5a25de0b733

SHA512
39ec79f7f17cc61719521fc98f8b1f25f58c611763ee56fad334f92f8d372156a636f7630dd049e7c55894d8952af5e7888725220d46d382715c693ce7c9e896

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt~RFe602abd.TMP

Filesize
137B

MD5
2403af63c00e27c17a1d973977a93e49

SHA1
d64093c9d222aca106fa7722448178ee6b2b6463

SHA256
25abda5c7b9964f37d7a9ba421c4d8e8fa3fe11d228c100abbe65fcabf91fc3b

SHA512
78a2b1e454b01b1d8d7ede7db7cc082ebbf4cac7ad6b9f0b28bb844be95db887c77e237bae8c3b88ec6afb24171070275e72b8f4ec48e36b8a9ce8b4d3f10542

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\IndexedDB\indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f67db825-da44-44bf-85a3-c1c8fff08f40.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
d6cd9587ca407194ee1f307df0c7bf09

SHA1
152d11956437fbbd51749cdc4f773906ab76339e

SHA256
578b34d46360ee3cac26ea310fe179d6a62058a5d7ef0bacfb26ef7a8b5fe040

SHA512
0a379d28d26f96ccef370124769364b4970e312d9fcd518d303ab7941fdd88df914bce1f2c83b28a10146e068b028182a3546fa6cebda04199880a99d1c03ba8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
970f70029cc02b38aff47b802c162bf6

SHA1
1ba714571cb68acaf1cdda4c370e1aeff8eacee4

SHA256
86b1998730c9d17f3bbc59cb60b108ecf9f6f1dda3a5954707ff9873743fdcd0

SHA512
55a17451f89a68ed3b63d478d931f42e7b2622bc08841bf376b9af78081f71981d3eb900998b0efbf3e9d6b7487f07f94c0e4846f9ad617dfdbab209e0b868f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
9c4b31b1819a01b36c8757b4d25c0886

SHA1
8101b3fd652394d97aae0eeb89295a977561d6f2

SHA256
d3ce0341aee4886f74c0dd19971ad056163dd43514e3526baf4dcad26cdf4a0b

SHA512
a6e8d81786c5884c10fe92794a801877344a332a240faa14814aad7e646872d6a97d1e7bb69f4f4f267dcc25cf7f58074299b7e70e8235b4beeec0290f18e316

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
2bf71f117f3a332e392191c84be452b8

SHA1
0b7d8b2d8e8063578a9c3898d8fe335180f07db1

SHA256
24eb1af49d8b20d39c48ac9ec0699daf33d562ad6db7014bc77b0901fde82d26

SHA512
1cb085502ce2fcc82b9895cd20c03a546b56e3bcd7e4db790448b9bc553b630f1eb04e368cdcfef4c571a749f22aef439e8df6faed67e5eb5812ce64ebc93e88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
ae2512f2588e2438b890adedb61506ef

SHA1
f0ecedec3d952eb2d82deb872f96a0bf02ef20ae

SHA256
cc1aa0b02028103dd3f2ba8535f88eb6ac8ecd90bf91043af184640ecfa7701e

SHA512
605eb9109aebeb14f443942513a307f86ef3d1349a4efb24f5edf8f939c23770c9c0c72df7b3b5c96d14714b735b794448943c4e79414d528adc0951dba1985e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9fc751d5fa08ca574eba851a781b900

SHA1
963c71087bd9360fa4aa1f12e84128cd26597af4

SHA256
360b095e7721603c82e03afa392eb3c3df58e91a831195fc9683e528c2363bbb

SHA512
ecb8d509380f5e7fe96f14966a4d83305cd9a2292bf42dec349269f51176a293bda3273dfe5fba5a32a6209f411e28a7c2ab0d36454b75e155fc053974980757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d9a93ee5221bd6f61ae818935430ccac

SHA1
f35db7fca9a0204cefc2aef07558802de13f9424

SHA256
a756ec37aec7cd908ea1338159800fd302481acfddad3b1701c399a765b7c968

SHA512
b47250fdd1dd86ad16843c3df5bed88146c29279143e20f51af51f5a8d9481ae655db675ca31801e98ab1b82b01cb87ae3c83b6e68af3f7835d3cfa83100ad44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
d35a444c79dbe89cf5fa25516ce1c791

SHA1
a84b31842ab1e6ba7eae062e927c24f06377afc4

SHA256
b998bcdae62558feaed50133e04cd364788b1368785e9db00cd4c3def6665178

SHA512
c107ddbcfb01f5fc8f4443e321669fe48b877704fbbd6b94f656e4915a1d924fd1164133462bd6f9858794138c1383ee045d7155800c7f4b9b48696a389ffafa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cb283429e4b04c264475fb4b9d4e1ab1

SHA1
00567e8485d8884b7d24b43b3f3e388ace6e34ec

SHA256
d4561cd8765652cd4511f6fcbc4b580cf7cc32342b8b95812d0acdea708ce0b3

SHA512
3641c3243feeaef0855fa3ad264e4231099e199a522ff2584c3691906ed010e74911cf2bd5ea6a1d333cec32f3808911956285ffe13b6d671cab5d4316551751

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9cd079734ba8332d1734e296e2e2d4af

SHA1
87f5f904053a6b4771ac2206abecfe89c36296b9

SHA256
b9510955a95fc4d2f9565fb454a86b99bce4560bb05e36a37ebc82f7f0ef8199

SHA512
87e750804855a1e2f0c08b60a7dee0bb3c6a99127f2b0c0ad70f575a65f03d5568d8dd3dd12a0d62225f8fe043d5907178f9ce71de066e37074b54a37dcaff00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe57f0e8.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9c07255be6bc99e17aab694c9dbf81ee

SHA1
eadedca26da6709d740fb9a50d19cd1c15c89604

SHA256
c17519ce47b1e8dda4e26bb61504ea6311277cfce9f965308b1fcd544a8855f7

SHA512
1da3915304bc24f46cc8ac3910da7ca3b5aabbcc428e209424191f5b8adae35fa3995dd081aa663ee0992156dd17609af8388c3d89b1bc1a757f88271a9626c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3d502b1444b4ccd555a5f16b0fd9b623

SHA1
e2fe2c45625adf8506d77fa6a07c5f154e8b1a1d

SHA256
d61d13ccbc24619c9a125d18613a2568f88e48c222b4fe86f20777554ef39067

SHA512
9743857857cfc6d0533b6ed51482d2b653e22fd6bb29e242c65efcd270fa4feeb00fe4cf03a6fde71ebc9a2cac7658f23270b29aa98b5ef9aed76f4aeaddd5d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5a4e0b5aad995482f67600f0d6904b54

SHA1
f5814078aadb82fa020d9ff274bca235e0ff6c93

SHA256
c7736a4e4634b24d9932311536d1463466aa77fee39567dcc66c14ac1b8557e3

SHA512
ba36b3f7f984cf3c0d78d66c4b92ce609419fb6f383ce367f47b68bb5044be31ea9a9c242a7126f1dec9ca5d934d7e0dc1e35a59a4f146a38f90b9ea24f80403

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f9055ea0f42cb1609ff65d5be99750dc

SHA1
6f3a884d348e9f58271ddb0cdf4ee0e29becadd4

SHA256
1cacba6574ba8cc5278c387d6465ff72ef63df4c29cfbec5c76fbaf285d92348

SHA512
b1937bc9598d584a02c5c7ac42b96ed6121f16fe2de2623b74bb9b2ca3559fc7aff11464f83a9e9e3002a1c74d4bb0ee8136b0746a5773f8f12f857a7b2b3cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d3412a01d4c3df1df43f94ecd14a889a

SHA1
2900a987c87791c4b64d80e9ce8c8bd26b679c2f

SHA256
dd1511db0f7bf3dc835c2588c1fdd1976b6977ad7babe06380c21c63540919be

SHA512
7d216a9db336322310d7a6191ebac7d80fd4fa084413d0474f42b6eff3feb1baf3e1fb24172ea8abcb67d577f4e3aea2bc68fdb112205fc7592a311a18952f7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
504e5f19a7803c9ab187dab88c779287

SHA1
0208e5e8af9fd439098c85f1b4af12820c127240

SHA256
78e6f0c7ec9f8cc0582fa33f8f05e17c3204597dc16fa0c7785ec48e9119cfe9

SHA512
9c63523bbcf77d763b7d76911260488d1876557fdb5f9a3af1363e1d7f03995695c562275e47529b5068e335a4be3cad7146e05204b8c1399817d9dd419d13fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f0e8.TMP

Filesize
1KB

MD5
aacc356a67130149833716b80945594f

SHA1
702a0c7fa759757267a63d2012087e5e993acd56

SHA256
ebcb811cbfe937a686092dda04fef9b1da629db1a38453a38d11237ae8ea5483

SHA512
d89c8ba9404d688c5d2df16ef6f707f2b88b40330a7b1a97dfccb64260da70e82c66e749eb27596f49da413346471a8e03ee89f741cff8bdf10d0beca7da1c9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
281c858ee170ee6ed7f4563f4215d921

SHA1
b72d088de0cbe8318cab282a83789467f83897e5

SHA256
99a29a2a7845e63aa6749436ab5f3857aa050b2dbca98eb6650867ca5a3aa0c8

SHA512
574b04d74fa3228be3d9cc2934a889f7491551cb7c7d2552b574b35232c07501a29080d6871f22cb87c0a091ed2097acbf3d2a439aca6f745f387f607610f8e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e5b052ad4c01b7499de601ca2736b6a0

SHA1
e6fc556690a15328ba72a20f5420c8c95564bcef

SHA256
35fab3fee8d5895b6895ef5293b84186fad9083db44758afce0876a362b97b03

SHA512
32eed5df4a5cddcbd1eca10f014ca424f2fadaab584914f661e7cd44670c784cb40f163c136c436409de6d407cb8541fc1906c194d82181a98d18e7d3d263b8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000003

Filesize
19KB

MD5
45886a6a9aace3fad669a79bc3191ce5

SHA1
c24b4a569c0fee533ca9db199feea061ccda03f9

SHA256
99d8caa7d664ce601c1e90e2b94cd63c6c5ff70f3d9871223f356f89341a43a5

SHA512
2dfc402d0c3f39bac280ea49bcbf9edcf7d849c23ab97422ddc0c46d2a18250e90bc66a6a407e437defa1eff3ea745ea657fc2a21f6211525e35a560a31c59ff

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000006

Filesize
32KB

MD5
e13edde4a25e96e573f37bdd11e020aa

SHA1
84a0c3cc6cd74b149cc27de2b0fe48bc2acb70d2

SHA256
45b526e6aa5356b278aa37e67593a25d09c9653e8a0e71fb8e155111d3b7a515

SHA512
9ba4cce47994f949731e594538f56f423ee46a8e602fe922ab6e1d173b87831ae5a80d967d695fc45a08b25aef5c494518b43cde6b4709db690e904b2cc1c053

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000007

Filesize
36KB

MD5
ef94e26e09fd6962f86f29c1c30f7447

SHA1
c574353d60b5973522a96fe726b0d26092167386

SHA256
2c3a7f1d3f5524c76c35942871974ee222eb012c65ec7f19d83c392f87b50847

SHA512
77abdad3b1f76fdd8eaa4cb3b2dcb9e5e0c00f46f25b52420e24129c4b178b34103329de52c15b130c3dec214c77e25eecbd2294855c1b3ca39936c8c94a5b26

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000008

Filesize
19KB

MD5
c9e90bc8ec6a09d8a69f4a4dc6fe8b6a

SHA1
f099ace175891bb8b81eea2595bf8de8027bec6b

SHA256
8fa6b37e750ce1df8e880691ea6dcd4aa922b55a722aa0b1df8ed6302aaf723e

SHA512
c4bda62806935165c94191234b8782408876f1336279a26d58ab3a75f41c51433ad24516c0354a8a047c1e743c4fbb8989938b6a1ff29ae0585b3fd08230a497

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000009

Filesize
19KB

MD5
fb8a686df2e4d5987c9e43e10b480df7

SHA1
bf85d7c64d6c23fb859989f0229c083aa857197c

SHA256
b6b6c978ff263141e66d878ec683c0092f651fb874a21556d921e62e6c7ad887

SHA512
e21e7287672434bfdeb7de3cc63bf98ebf923fc709941364f68a8fe4ff19259c7518ebef4aa1ae5218ae845450deff5d10dfcc114f562bceeb24b0244900ee57

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000a

Filesize
481KB

MD5
cc039445c6c92d32fb74a942a2876d71

SHA1
71cc9c01cf705b61ba163bceaa62651865ef5ee6

SHA256
1a71cffdaadd8f15a6268dfd76f3524409eb5fbad791ce30def403ea13a373a9

SHA512
1834c2c6d6529e69746be6ef8b441997a7e05b00303b10cd2dbc16b0d18cf89a6ead9fb943732f56f7f9b74e347b1bb889a71f08baee17b6b69afbc7350311ba

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000b

Filesize
279KB

MD5
b507567f09861406425726176430b282

SHA1
ef31ff9a5a918797c76752018a667e29e415e580

SHA256
4390634070a440bead4ea3dc609984097da973983ac140b094149b4bbed1349f

SHA512
23e8a4e14a2a8608c817b88080fabce226ef7c280f5c87baa27780dc1307d60f75d215a91c3de6651f17e6df71219b3e51f2665ce9553c71f427a38e7c81d65b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000c

Filesize
39KB

MD5
d285b525b70a051564f76ca71504e368

SHA1
333744cde9de37b4936c98e90f5a38b1d90af845

SHA256
bce39f57831630e2ac08ef2cc9bcb6cf6395149ebe4c487bd136cf8881591637

SHA512
5739f18afd9c2f07723e4e1ed9526d90ac2e541284a57efc51b464e0eb3f9ac7ebb58304d453d300e98110efb881ef0d3f8673847f01162bca0b02290c1cdfdb

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000d

Filesize
54KB

MD5
af5256dcf1ad35a9c186d180372e992d

SHA1
d3f93c5db0aa41589e9d525624ff518c9343b459

SHA256
035328de83fba90fccf87a4c8ba797fd4f841b08a7b5cdd8cda582a396daeb86

SHA512
2934d2de8cd9fbe94b0b179d7a460c2e671f726c1f93e3a04cef15c52ee437f6c3810c2402caace0fba2225f1d727dd3178630ddde83c51b55a3fae8b49d3637

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000e

Filesize
17KB

MD5
daf4bc548bc47e46ac4221c35e57b3e6

SHA1
232e6919b20457c5564cfb4d5510582a15073b27

SHA256
d2efa5f3652a92740b4f9349f4fdcfa550c0564f99c8eec357518b6ae8c9ebae

SHA512
45125729ef6cc2fe403545f096872b0470be4d932da283aa708ff9323fa0da18157b586efe7243aaa30480c0d7d2bd0606ce78644beae976ca81c350e134ff36

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000f

Filesize
24KB

MD5
e0b66abd08331c9af1034ce915a5e1c7

SHA1
3010e55c0566a30cb0c71d6a182e09af7df3cbc1

SHA256
15442d410e832f6d63c620956d87b7c50346fa6b6e6ba233052d2785ecb5212b

SHA512
25f553bda1bd5ddfa028b708260c4b98675fd6f199495374051e74c955c56c80fbfbf2ed40d11e8a136e4aa6c1a3f25895712c03065b539f742c5a031efe54c3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000011

Filesize
19KB

MD5
adeb7b3fca1a167d6b93c6695ac0d152

SHA1
aa1ff582a0033c5c86dc2226662511f8041597e9

SHA256
3ccd5bec0c1a503e2dc928146655fc3a4ad47d7ecb3cf4b5ec9e2b03d27ee6f9

SHA512
5ee897864e63d51998cd7c7c124ae7ab34fad921168545a29994d42c4b552622da5139fb85ae539c00878d02fba9bddcec621e21b3f7856ebeadba0000ded982

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000012

Filesize
25KB

MD5
01c77e9159c431639c9b7d0f0f5a70d1

SHA1
0a83c781b26049e4acc8a399aecffb4b0915b6a3

SHA256
7732ed8be7d615811cc9d7678d76addfb31c472893a9a409d671d66f04f0a4de

SHA512
9a380945143bc0ca087ae42a13eb3a300f78ce318c3d78a78b7fb4e4502ab03fcadded773526e8e0df5def7b119f02eb9104c21504f7c43015e04eb2d4a6eb28

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000014

Filesize
157KB

MD5
1d7363064d454b57f9c84df28f566ce7

SHA1
773b8a0f0c6cbda10b0c2ba62fb53d323946e311

SHA256
f2f4d59a808653e110b074ab0dc600b249e7451cc609eeeff3efda1e32ccf7d8

SHA512
f8a9e4c39d6c3e12ad9d01db9c0318fcb82b5dbe97b57ca6576a482ce157f456786752825e397122ea45fbce77e6c3cf62a2671c1973e40dcbf3cf26852cd49c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000019

Filesize
29KB

MD5
5ad546ad9c2ac076d63b1c532ac648f1

SHA1
b0ccfde1733205a7a0f6ea680b5a0e89a878e7b0

SHA256
b6b304ddde0736c47fe893bb42478e9b71874268bfc6b7efc53e8335c66c3bb8

SHA512
9de99aaef4e433f6eab2f72f58a635bc757fd9fee2cb208f671174ab0ccc295874abf6b1632a5aa968bfae50d799bc67b64e5993882809a490d5f03ab18a453a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00001a

Filesize
28KB

MD5
b9789ec5a995ac5b468c1460b44b496e

SHA1
97fe97fd7c640075f53a32331c938925ca8b733a

SHA256
9eef3d0096151e7d772b6c08617a58487ddf7702795b39bdbd5d8d6c664f65ee

SHA512
f73184de17b23b3b3025749bb63ef6142324be18840918b6076f5d33a835c36089840f982cbc0fcbf520992637011ad02a63aa316446339b98f3202ae466b23c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00001b

Filesize
36KB

MD5
713f499ea5f19b5166ed139e2e21e8a6

SHA1
bbf149acfb6d9b018bcc18081fe0827e1fc2df63

SHA256
c625d27b44468eb07ab99870a3f566979fcafba918577521baa1cff5679d22ed

SHA512
c38080b5c6cfde1f56a969ace5e2bbe47e25274bf35cc7d038605d447365ccac180ea9e10efca1d2ae12611e4acf2619984a74186a470212546881c3c20bad80

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00001c

Filesize
57KB

MD5
671916453ab949980b138759527ffe64

SHA1
5fcf8426cd880f00a09b33792e67a9b1ca4c0c16

SHA256
b4b977a7c4da152221ec00ffe16d1753f31d6cea3a5edeee77dc98e5ab95dbf2

SHA512
9806addd783f743ef7c5e0628b52dc4225448a6d34e3bc8f844f0694888a08c5d0d7519273ec7dcead7c38df1a7dcedd0e905cb786135945a250e033ee38391c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00001d

Filesize
32KB

MD5
e3f293b6e1c4eea4b329777e0f26bd61

SHA1
f4025fe4da4393243c6137b1b628c68ec5fdc24f

SHA256
69ab09b101882dd62e40360cf1dc540b07fef3965a15d27d1d0461e0f1a2e858

SHA512
ff995bcc0c1191c55d95fd67d1f1ce1ca45960b34db75c5e0b6f83dec4de392e8f5f34561069adb0f65ec0fa466d33ec7f1ae600a58d5af064e59178acf5c3be

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00001e

Filesize
45KB

MD5
cfde6e8e3c7fc9d0d2d485a1d3c10b74

SHA1
3d4791e27847ec1a7d8e9c7ee3a90033af429fab

SHA256
8b4583091bfc491fb7326c7459d7fc272fd2c0421e25f073e549a47a76bc399d

SHA512
7bb6597a4818763341c3f67b045b3b7950a95f010b293ee74e690bb2070a6bf4f199263f7ae0f02db6d3492ea680c091a5170ef230b5dc26dcfc740e2c12bc55

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00001f

Filesize
27KB

MD5
481ae6cb8c0d357a35facbc79645a34d

SHA1
942ab50f69215068386e38f95b85af093b9c35fd

SHA256
106ec5c23c6d9052e253884e39251a820044d838632816c535822147c425fc7d

SHA512
2f775773d7c21f73e83fc35ae7e785999ffb8b25cd1857f9ed92dcd19d366eb1d09de7cfbe70c72327d64c043d2bdfbcb7898313ed44f0668b57976be68c9107

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000020

Filesize
36KB

MD5
c26ca0d11e530ee88c374c2b70c82a2f

SHA1
38e12424ac700f49b6751176b0d4f3269f048dd3

SHA256
21f67f03d77a1e19fc7b17051415d27c238880f5a92ae07b182855f6e47de5bc

SHA512
254519652200d1671d992d116e373f4471f37a0eb1eb38cd90250cb3dbb99ae73618a9c1bd0ec39fe599704fef380d6460f67b8900eebd4b492a3ea804863fe7

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000021

Filesize
56KB

MD5
005c44c3895ba5f5a2c09bca6944ce4e

SHA1
e7ab853cf8d09d8c9f4c11f66f5921c0571c40e9

SHA256
cdcbbdffd1ad968eba778dab890ee15611d3db6619a496e81301a89e42e4bc4b

SHA512
84e7b277c9e30ad8f61908a14be9a3cc000e8af6bf3461f9509adf7c0f9cc7dd94dd513d9c83578911b0c9d1aff70791d118766a92bd6f063d22627868b65b9f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000022

Filesize
63KB

MD5
81106ad2a8e425db984e2e4174967ac4

SHA1
d87ab3291f6c27f843b47a6a860b3d06cc693d10

SHA256
a874f9a100e58ce0256d71f68b1c901e91dfa772a0c0c3413be45b04c27bb1e8

SHA512
076075589da1fdcd6874587c8be201440afd0ed39180acff9a92c6381bd4bf19249e626aa087fb15793954807880f7e1b6fe88ad44663352dd5543465cd35b99

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000023

Filesize
70KB

MD5
02a0adb8033eacfb33fba9bb1b771b71

SHA1
be35a2af2aec81b8d1c7b091713446c841964948

SHA256
0fd28202e936544c1119cfcb0696ecc75576d64d7a12ac04912b9c9a1ad4612f

SHA512
37f93baafd7502d1143f98298d5e94225c4cfc4ec8347c23d3bacf11ba3817e3883dff5dc502ac25be0dcea2e534a29e2814e718540cbff2be38a5b9867fed67

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000024

Filesize
53KB

MD5
355368c09ae89434b648d473ec54f5f4

SHA1
36ffe749e3c296d6e57da59f463cd2aa8f69b0d3

SHA256
af611344e2754103acef3e836d8cdfd1970391514324a3495cc04128cae9b672

SHA512
390540adb50f913669816189b8b215f76d005489e87d073132d4f958fed52c5d0a49590499a14fea6b2a1863efe7dfd4046a087e61661b9edf8805423021b22f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000025

Filesize
131KB

MD5
ed96af112ae58cc87d257e3a15a15058

SHA1
2fb2963ca13d8e2dff6bc71e9ead9b0fdc686cd0

SHA256
fc76b07c4a37f312ff1883efefc994e48bfc407942abbe823d665d46c2a883d2

SHA512
16adb69862af3c24cbf37be97c366d441112222fb4f39938295e89cee92344914c346f5672d146a1edf0008eed491eb66cd91615318374a4a9e12598ee48224e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000027

Filesize
120KB

MD5
6168553bef8c73ba623d6fe16b25e3e9

SHA1
4a31273b6f37f1f39b855edd0b764ec1b7b051e0

SHA256
d5692b785e18340807d75f1a969595bc8b1c408fb6fd63947775705e6d6baa66

SHA512
0246cee85a88068ca348694d38e63d46c753b03afadf8be76eca18d21e3de77b495215ed2384d62658a391104f9e00df8605edb77339366df332c75691928efb

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000028

Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000029

Filesize
499KB

MD5
d07fe0483acbc3805f1e48cb971c606d

SHA1
a8d9fcde781b5045cf6572297dab853097a2178d

SHA256
1b8a56da98c2552790865d9295586b5116c9f2f08cdf69bb4479432f249c6380

SHA512
03cf0c25ea172525572ce45687207854a3a5d9c7a69d44b2de295529da7205322846d611baf9f2dcaa48235796eeee4568439cc201ea9fdfd53cfb19f2001232

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00002a

Filesize
716KB

MD5
25081476466948e2df11adc8c9937804

SHA1
a8bb6209d8264de390513e4e44df781260ce6c32

SHA256
40d8df14959a05ab2648d03121318a336d5b346b997619dc4c76423317b04476

SHA512
9b274130212f0c07c1befbe3702febe0457faa5455a64455cb8f1372cd7108a6ab7d9192ca2f8fbf4cb121d826a345df7049cccbba28b848abc9fb9e3bf228d3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00002b

Filesize
119KB

MD5
d45f521dba72b19a4096691a165b1990

SHA1
2a08728fbb9229acccbf907efdf4091f9b9a232f

SHA256
6b7a3177485c193a2e80be6269b6b12880e695a8b4349f49fccf87f9205badcc

SHA512
9262847972a50f0cf8fc4225c6e9a72dbf2c55ccbcc2a098b7f1a5bd9ea87502f3c495a0431373a3c20961439d2dae4af1b1da5b9fade670d7fcaed486831d8c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00002c

Filesize
130KB

MD5
07247cbd12d4e4160efd413823d0def8

SHA1
517a80968aa295d0a700a338c22ba41e3a8b78a7

SHA256
41464efd9a32a5967b30addc21fe16cd0a35870fda56658b531a9a2434b4d829

SHA512
27e0e7505d41891e70bd06733f96e82e45061d621a1d20bbc524fc89c5406a799cf53d98c0fa256cb4ebfc19750c9a05531a8d273cebc260d48948edffdf6244

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00002d

Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000038

Filesize
30KB

MD5
7efe2571e6d1f00576975ba39e0f6f54

SHA1
209fe8ac936806c1e5293d0e60030a391e06b164

SHA256
39045f0a16d04376aa1af1df87abbce442905f511e6ef58b0b1ea07cb560ae1c

SHA512
b29347ae1fda1e48c18eec7663c7e16c7465b919c88cd9443f32095d9060becb3804f8a019009e6801167ae0dcf53e6e86b654c96535e6c4e55c1b01f33742dc

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000039

Filesize
115KB

MD5
ce6bda6643b662a41b9fb570bdf72f83

SHA1
87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8

SHA256
0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6

SHA512
8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00003a

Filesize
31KB

MD5
b793c166998283b2893389fd108ad543

SHA1
056b61953b1a932b4fd0c1ba8bffa3a7ef0552e9

SHA256
97ffbcf7a68f4470bbf2dcdc8f0d3146ab93fa4c84dbcf5d76f3c15225f2cc3e

SHA512
b42c6a32ccc3a4874bc2a127e47fade81b1d7680a89ee0625121daaf5b24f773ac93d3737f040b37a897c0fe1d08910f5f63d7f1bbf2826b6d3d51fb733bf727

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00003c

Filesize
43KB

MD5
7407db3910278ea9d6b1ab26de160d2d

SHA1
eddc0231570b111f2d13bf3a01e17eac3dd65fca

SHA256
94e6e2cba49292eeb4aa7bfea43b626560cbe286434efa7b17dea3cdcf480c70

SHA512
8ec4bc9e05871eef398424c3e74dcd0e50ee3b34175f3a48da02ccf7a319ada3f5d5721729c1243aacc3fa32a91eb93547fa928b1cf678b161de309a9c64a46b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00003e

Filesize
46KB

MD5
e565620504ad4eacf2b99471facdf15a

SHA1
d076de5f4bba78f08e90811c23d237fe5d4eb4b8

SHA256
888718794e07c6e72b7e1612d65d7e31c9e252160ec1898ad3992701e5dbfbae

SHA512
eee92b3dc99b4049b959ec179131dc3911681390be0ae60f70a23b0476699fef80af4098b2fb59bd52cd39f5e45c56f4655764bbb622c7dc353f4f1cf30948ef

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000079

Filesize
36KB

MD5
47d88f0e30322831ac51429e321af624

SHA1
0a3a50ae8c9d61a6d96b872f91b4694187be0bcb

SHA256
ff066f3e1ab3028b7bf326825772da1a50d4c9bfe92ec0abcb52f17ed996482c

SHA512
416fa132223c396c6ec4ba581383ff0859ee02a7e73acca4836df0e8154600cc9cfa4249832d0370fc7c45232e0114994e7da36d094cd459a6f3c77be539cece

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00007a

Filesize
20KB

MD5
1cd9f819fae888ce4860b7f6093347f1

SHA1
04f78da120741f1198d595af811b2c42ca9d5406

SHA256
d90bde2cee49d26d93cc149da64ebfe3b57b6f391c1fe84c696a2d5e3f33b3ad

SHA512
2f7e22a0b36ed64c6be176f48f91663bbaca60d7a4ea862a6a81678fadc1d8df31c59a3266d1097654fb52345e0d2e292b8bf48e9497be9c3e3be89cf43bf90b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
f172a6c9828dd5b5789535d373ccb976

SHA1
6c5974e3e4f75d2225b9839aab42782822c62432

SHA256
a22529ad25cb9374de9bbd875899342a19073ef29f7368de9f68f7494662fd31

SHA512
155c8b0ab4f0a9d5469aacffa10c66749080d0ec71aeb87aca8375815ca10df413ff0ac84dcaf6a38f7dbe6b2a573a50ed48fcf5de3534d6e6bdbb19b413ceb5

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
1d397dfc9ae074fe1ae28b6b10057162

SHA1
e73503e4a04ebdc1841b1a123ea5f6fcf76744f4

SHA256
0ed67df9d3eac84317cc6842510e1d0b5581dd626cbed5143e6a9365a6bfe83d

SHA512
5ba33220166d703f2b26ae49fdbecfa59db6a869c6270ad78540b270b62eeb0310d1da8b31150b462ca737d87d0c5b618a7855e76fa81d4115e0bd45939fd258

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
6b779cdb3f18b3b516398e996557179f

SHA1
02a0a61fca5192fbc319872ecc2bc414ed93c472

SHA256
acb341d8c530206eba56c37a8df90c70b5e8fae43cb52980121f5ab505597711

SHA512
6160ab032035ce87b6557e82397e93a53f2494c86d018b97b16839be55fc892a8ad5793eeac04bdbb0e04fa0d0b904e4d9962ef75b31b1ad6bdc314f941e7c8c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
69b15fe20fb62f4a9f9bce26e9786ccf

SHA1
1d721fb20c285ea3dd86d0329019da792e8635f3

SHA256
dd6f9c1d67188a0f16e7a24891aa6606e9916b935750d464f4f2a58b54d7e90a

SHA512
f4eef35eca4695a351ab75bba1c5e570268d56dac8bd1d235fcc30a3ff46d70d8e4201f28b77287a70aba6d472f7cc40e3573e5753e34a382ce511bf8681eb39

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
744B

MD5
0ecf82b8a2047a80e61dc1d01adcd225

SHA1
7e5215df2377082eaede35a8db95ce62b6a398a2

SHA256
d397030addbfb8e7c3b41fe94259f56d4804a716c11dc8f9ca93ff238ad465a3

SHA512
09450fad64dcb907d1ca2bf359c5af68580ab90fe4f5c46c6656b729f51c9b43e5e04b3db47ea4f6dcac88287899c6ac8160a0db3e7f8cd2bcd1a115b9521c7c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
856B

MD5
e84a8d44dc6f72208dea91731d87716c

SHA1
ea10f0000a1a5c2ad500d1536144b89658e748a3

SHA256
ea304ba3514a04481482c49699a0f3369c2a6d1885c8dab1a0fd1cfc6c0cc652

SHA512
21fbb3dc0a3ed37f961860133b2c6a97fa66c48d2fdc11cc5be1a579e400f50dae5de0cc2a7f2f98d22e028ec7fb38d0e82e443992a476f956fcf7aede970f61

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5ebc59.TMP

Filesize
529B

MD5
1cc13345996e813cc95f74d740bb92ad

SHA1
61048fc6b99f0c6900b9e7db781d197c0d944990

SHA256
c562ab6dce584292ee3318550862c7c020192e6f0b7098a464acf88d455e18b9

SHA512
ce847d36ef0dac285ffad1bb2585e55561a2df746534a1272483b3b286e578a418f09ea56660135be77c6bfc14efd5b29b736a15f56f0c35b6a502dc177f9833

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
8b33cc0530de5fd672d2f470cd44950e

SHA1
e1c1350e67b5ac5fd3bf94e03f520dfc58fe60ba

SHA256
1f2f1ef7233915e53419bafd6fefabef2637ee0c41ca1087aed0b4cfa0e0f293

SHA512
b928627cb8d8597cfbcdb3250fb9a9c6b0ce4c6d3147b0d3048392a69abdc8fc00484d08a5cc14f846c52d41c2b2f397230d083cf503202ec8268c6ab4b5e152

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
f290ceb512f931f533f27f45bdf7fa8c

SHA1
24e305b598ab0c51d1680bc5180eea373525b2c5

SHA256
f73aac70140aab9cd04ce0b4a4bb0741293b501a382bd74534138aba372cd224

SHA512
f36ad49c1e3a386318173aee70f61395a23fd5efb11db35a43348a69f97cba61f318c7103b12b6379ba4bb19cf441861d44c252b96475e4a6af34521071a45a1

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
158703cc8daffd7038c0ae4fa2bbb252

SHA1
b102859d54d5f19621dbf27e94918dbed3d07073

SHA256
f848f78b6e037331b85d61d61681af37e66e6f62e94f3525ce882fcad3ebc32a

SHA512
66199ecc328add9553a850a9e068ae09a02c3002da93dc273f1ade481af7ff1b62b765d03019e0d1100d98e5ec0602f09f8534409dc77eb0e88a7e3c8ac24a01

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
242627eeec11e2402b53cd6791504a6a

SHA1
ffc3a47f397da765044a74a6609bfe6b7c150f0f

SHA256
cbded25137d6c4145bab04528c019630453cdcac910ff47c9626f54ee92e3038

SHA512
377d4763e6fd43eb7af700c9e77ce9dbecbc59bbc823ab9352c250bfea482b3196f44304eb6eafcef3219e21a5e21dba886570845d2b2c8a882d9af82631065f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
3f347547e92384997f2418f83aa183b0

SHA1
e25143137bfa6d09dab92075412cf129ccc89a73

SHA256
542041aae9e802841da3f957bd9f000db7ca89bb8243ab150f4ebda05d91ae36

SHA512
b783048469af64a84215417ea9cb0715cc01adbc35270dc67ec7fdc682c7f9611209f6b7395648e3116170fd05d421d564ab7f6b3c8ec9b6aaf9d44462d92e88

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
34369d159d3741c4d36872449ea9bd4a

SHA1
c1332d44ee9322750a3588ec49a76426ee7aee25

SHA256
622595b37ebd18c4b9a24a2f1f70224b5b95c8774c111e7c14950eaf1ac40491

SHA512
b2d3a94b1286f8223c4b92b4e769833b12ce606ddf5d4ce0237bcc27e4b64a2d51644bf550b7f9509a7bfadf7837e0f2e03c1a31f4d717f95aabc79fd2b30293

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
188B

MD5
04ef5271da873050718718eee37116ce

SHA1
d4e46c11cd9456f0308192a3d5ab9b76ed4acb00

SHA256
d329016c3fbd8aa645f429d912b0897377bcf4dadf76842bfdc5e2320c4cc33c

SHA512
e18e12fedd11cfbddf9249c98809339c04e6a1f13e61d4cad81c37e3a33ff0ae295fe71d1100e351114d9e9ffb5c175848a4794e84a55211e7f5201ec42eb7e1

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe5e1cbd.TMP

Filesize
188B

MD5
b4d7105a593cce7fa5487b9c23ab65e6

SHA1
2c2519a0191dbfdbca95c7c8e8c4839cd4cb6c98

SHA256
74631fc02d58c36b6f046b98e822b20914e7298b28a91e2220a0fdecaa3f13b4

SHA512
449c426dea240145ebeb8f6e99029849ca7f598e65e2fdd79acec61eed79b8fe961c79086b37541f63890d6e1766ed7518244ce518e67a78c75b5a74e7f39135

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\ShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\ShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

Filesize
2KB

MD5
602c49f9246967bdcff45b4f43cf2fb0

SHA1
4c5796e0c724bbd7a9244cc8a0fc9e8f40181f2d

SHA256
a3ad9649c1038078038be1abd591cdba73b4b4f5cf30e11bb6cb7a432b746114

SHA512
2f273c0dd0127071f4c768cfe7277c6efff84c1ef4f4271c1326db3658c84261794b106af3198717f349fbaaaf276163700bbb50ae20fe52ed0a88a192d46f77

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe5e1cae.TMP

Filesize
2KB

MD5
68b20851ccb9834d21fb32615e42bd43

SHA1
88fab935f0b9484994097c08f785e9ecb7d68127

SHA256
a954b528dd65ad6c4c2091fa32f17abdb7a49454ce88e10bb6c377734c70c26f

SHA512
dcb0771120c8fe35213d60e9abf4b242af807324759e3c99e9b2569c00a941d885d53ef6fadfe69e6b740e0b52a6008602605d643801190a2d29175a7d065e15

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswE6E4.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswE6E4.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswE6E4.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswE6E4.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
c43a9bb9aa611f40eb78d4b1b0e6c341

SHA1
a69b85438c6ab6846f3c99cb4ffc1b7958b34c25

SHA256
b24617f7b8b6c2c0b53a3ab0c5b27505ed47b2f2a0f2fbbb136f7421fb8f4c9c

SHA512
86c044132d16d3960a93e95af9154baa309c65beec4b9e3076563c1eddd1b5db04b98edea450a9ec31425f400a1b53643619b5f155f6bedb859e3257ff81e52a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
31abe8fabd2e9c512779bfe80bfc2efb

SHA1
6f4dce4a3dc206fc2a57a6a56c7f3f753f415080

SHA256
74122a3f7528dc6f9adf3a1bb663b237163e50819af91a0a2381493dd75759b8

SHA512
ff35bc2fd4bb692fcda4a5d070b36ad5512651dd44d57c8f0ad9d16263ce43ea88aa47a37214703ae75c05d4abb19e884639fe6816e2389ff90fe07bf96741d4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
ee6bf504a5958fe6a8c18bb103f0c80b

SHA1
56ac1d086fe9ff1ca31d17c448c6712fc443de41

SHA256
203f74de15b5777e397ffed68cdf027f71afc7f44a9b1f555eef3fbf35d7c0f5

SHA512
80483d522dab74c9e9ec3ad579dd3fce87946d1eb77b00a126fce0c0170cc4cac59863d57c19a5d1da72259856a23d9f66ae4f8dc33454f6b080caea570e6213

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
a99eb8ef66e3adb2b0b3699163c27ca5

SHA1
60b5aa580a6d1e4e21a687e28e584d325bc55c69

SHA256
af3edc2b34d5ab02f422e7ade16d6f0f39060bcdbdfaa7f33303a01e388404bf

SHA512
9486ef1def780b968aa818b81080219606bf2cd9412f27cfb619b1da07cd21d7516a8c8be102a5579e2be09443fe2c4d06dd50b1329e413b5c929cb5b9127bde

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
3e250f55d2dc24b278797835e51481de

SHA1
55bad0c1a9d9a11fb88fc88352e0e762a846ae0d

SHA256
347146d6a8ddef2f9601374e887898c8968aac2cf40b3808b864ffc272359f89

SHA512
0444b237f0ab2cfd123eb64a3737327f38dad54fb805d20e3aab7e3bf0c226f2097de15dfe6731e7aeec7e64928c7eb610164942862697e6aaf8b6c747846ff9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
3794149ab78aa82473cb20a672748651

SHA1
f39ed972f667c7d13fb25906fe94985afd216b0c

SHA256
c80e55fbb40d033ce189d539ede2e5565ecbc00aed15ff2c5ee31ed6173d14c7

SHA512
62dc58610e42f3954aafb5fc89f099f84e6f5ad6c1435d7fbc6ea8f8cab38bd7048750f39097d03f1d67096cec41dc38dbfd009336e428c6cc2b4b9f231b3885

Download Submit
C:\Users\Admin\Desktop\AddStart.ps1

Filesize
363KB

MD5
9dc0cde6309ff0c76fe90ab1973135b2

SHA1
f0072ae022a661f9cb3dc807bc0e0b18230b9d63

SHA256
8658f71017f92362e00bf2fdb3020e6ec6cd5d39c033840debf7a881eac5f741

SHA512
cb016ddc5e9c2ee035e58bdb2b2d90914f9f01d01c237fd20432165f547d4f2bb0cca51223a2ea4ef0cc1c4e04e0bd79bfb0a77b357bfa0e847489cc4526bbb8

Download Submit
C:\Users\Admin\Desktop\AddWatch.mht

Filesize
410KB

MD5
d7ee7394fcd8ab3f398fc31caa16350b

SHA1
1dd72f6375c102a989e40c2f5f801829a598de2d

SHA256
9d34f8fca3fbd96b4b2183b618a19e24e83b701b8e9fb6fa4dfc87d9d92b2cfa

SHA512
35fe37e1eee4bf60dea4cb3a58bf17d639688340fc1bed28268e105689e64b0f98fab3b5f4f0eb930879f9f6816a701c44a1341ed837dc0f867955c5768a1c30

Download Submit
C:\Users\Admin\Desktop\CompressInstall.emf

Filesize
209KB

MD5
a07c05a45d18f515bd812e295f68945c

SHA1
5b31ef3f958d44902f36edc8bbacc734266a35e6

SHA256
2b9dddd35840ca33ff1043e216b7bfe2c794cca02fae64b4e592e52de5d4173f

SHA512
5b03791174d2ea0bfb28bfb5aa091143e38e97ba0d95e7acafdf1f4710b7deef5222e7e7271ec03068b6a5b9a86c031c5ec10c9fa055eaaf4573a1ee17a5e6de

Download Submit
C:\Users\Admin\Desktop\ConfirmOut.docx

Filesize
16KB

MD5
767c6b3ab874bea6cbd45b9125d80254

SHA1
7e1d5fd74105154ae88da27c3f92293b6515f274

SHA256
fb5143556325cea9c3422a1c1fee9890d0727c450d4f68665e236091b1017be5

SHA512
4603373c00bc0a26288470fb744ca6813f10b6b948cdde4eca376bbb565ed559ef4a4071c92247dc9bc2bb00d29c6797cf7197af6cdc0abc8c1aec8188680d3a

Download Submit
C:\Users\Admin\Desktop\ConvertFromStop.tiff

Filesize
240KB

MD5
766ba567a1592bcd47c347a58cbd9c7b

SHA1
c60ceec202f8ac524d43f2e297c963ee2266ed18

SHA256
f6669f4e2e7395dc68f99617adde86c0aa46ae7a9694662b08d19893873aae01

SHA512
e18b6c16512ef0dea040d4be6e1b63a61dc73a21c196776dcc5ce3c3aff5748ad20f6398e85bf54ddf31898a318d226257c88b9b37cd0873e144af946475dfee

Download Submit
C:\Users\Admin\Desktop\DisconnectRemove.docx

Filesize
15KB

MD5
a286fd1f8c4077196f29940be1c8af79

SHA1
e1af0b0178425df787e08f82e577263415e590fb

SHA256
00b5adf3bb3b7b82c97409c1370afe9fec67d09f40feb5a1815defa0fe771183

SHA512
70ffc292d74cac2a2e4b68f3637fd7aa4aff9b6c35504b918040098f2a20bac7a370329380194b77207a55191c9fbcdb25bd58bef66bdd83a0ab9377f6a228a8

Download Submit
C:\Users\Admin\Desktop\DismountSend.dotm

Filesize
503KB

MD5
7b2e138ad59ee2cd902ef57eed1eac28

SHA1
ac7c47c78a46ccc50a80e1173d9f36494be5cd46

SHA256
160defe399d9b86c24c9ad1984aea40618dcb63bb10038454fecb119469dbaff

SHA512
40d60efaf3f018fb9572c49ac14217f37acaf9f508716935faabeaa9b3651a7b4994160666513e4a1be4490eca3bba2db7d7307cafb52952d9c7dab96635790a

Download Submit
C:\Users\Admin\Desktop\EnableUnblock.vbe

Filesize
487KB

MD5
90a34cf1109ac93752b98dab3399393f

SHA1
13811ffc851daa209fd3f08406a5848bc60db220

SHA256
c4907b5259e56f5f79401c05ffc6ce222aa270d608d36747972e1ef2987b58f8

SHA512
b14ecd5875a60e0dd6b5fdeeae5eee149cc5b208e0e299deb67ffd8718c897b72c1de1a177d9d5e13230cf5f005730c951f390859b108a338d0744ec10858c1b

Download Submit
C:\Users\Admin\Desktop\GetProtect.ram

Filesize
178KB

MD5
31a11f517b04d717e0c64847548a1593

SHA1
c7c311480379f1b1b8d057e47232f183da948f7f

SHA256
df59ba8b6168031b5b332b72dfa33e11794b3878a44ab815368ec21d34287b5b

SHA512
89a5a9610a281be4cb0a46387cb3529cb9a449df2dba14bd617b5adeb77f1e12ab4a1b32604641e5bab135d78651ff8469f138897231bc561c3931480e44ee4f

Download Submit
C:\Users\Admin\Desktop\ImportRevoke.xlsx

Filesize
10KB

MD5
19796dce25d11d8cb0f6983b8754d7ad

SHA1
32f754d6fab27b3b4e9e444b56b37fa340a25913

SHA256
f25fd6affc917fec30e3c1fb84e4c907c64aa185c6edf0be48545fcb0f77442e

SHA512
fd7d9c583b2b01e5db0ea91cc9cda2bdbe6b0af88ab8853f8f985856d4fc3a97b3f6d126a7e444053c897c6584f425e243238b2ca95758ba485d8589203819d4

Download Submit
C:\Users\Admin\Desktop\ImportSelect.mht

Filesize
270KB

MD5
fa5c20efa7b77f79982e814fded31451

SHA1
4228ec041f2888e900b3e50b017e1e0dec061b1c

SHA256
a31806e5a6ff815edb22f293d4a145b23185398e0771c9cede8faad081392ba7

SHA512
15df4d63f60fb49449a1d23afbf185acc36490deb58b12a71334cffa6afd645bd367e6656459e8c740e6ca462c3840e694adc098e1c9393cc29d846449ef8da3

Download Submit
C:\Users\Admin\Desktop\ImportWatch.vdx

Filesize
193KB

MD5
c6ca00fd29f82ec48a90db9d408d1a4f

SHA1
3249bfe4992e384e44b3d1c07bcd3a4525e8b617

SHA256
a9422ea08c8a31a561b852d343b31ed54d521e2d350a9dc1ee5ea6f03dbb1cc2

SHA512
c0a308fcfbef500538d1014037d845aa6c9b8ed91e9517a177d2dd5d3b01204eb82f7e985640ee95f53ed0885dc6d92c018b756003b129614036ed04081f61fc

Download Submit
C:\Users\Admin\Desktop\InitializeRegister.easmx

Filesize
317KB

MD5
4b0cf2fc34de0eb4e9d615f4ee7a351d

SHA1
fcefe58140a7dfc5d8f7f6304cefaeea01aabcfa

SHA256
e2034b8502d68120c60948e31ec9a7b1b270ba5d2eecac6a8b1623c0f736e12a

SHA512
6f5d1087a547e2a86c00271b1a534d1e2e3c849e8dd3ea61638ab4e0c6cfdd49c077f84c3a7d7a11fa2a24a5ea12205e3d931f411bd43164b66d9b7b0a11a18f

Download Submit
C:\Users\Admin\Desktop\NewDeny.docx

Filesize
18KB

MD5
e78a91c9ce19f37d94bbc59956e6a87c

SHA1
a7362e9e85e78fecb6a5451708f734063308570e

SHA256
9bf47ee95eb403894ad9da29887e5fb4f12c43590a2ae6bc6dc4365fbc98515f

SHA512
2acca470a629db455469df99a9f09f31e8a283d42c4e1c7cc93cbaabcbd47164bef54c80b65dbce8ae5bd60c4088640e7d325d5fb931b893b1114f30f35d9797

Download Submit
C:\Users\Admin\Desktop\ProtectOpen.otf

Filesize
332KB

MD5
ca153e268692e9de8f25f2be96b85542

SHA1
abf17273dbe4ba77e7e4958dc6e9684d534378d1

SHA256
e7dbdc751153eda41274ea2a6eb696459fc01f0d056a7fae43891c2ea5083127

SHA512
d3321ea94dd186aefe6d610aa8bc66474f73bc5986069ac94cf5300ae50155725fc6a578b00df64805241a2701bb91083f26966f0ed468c92019acef01a12e0d

Download Submit
C:\Users\Admin\Desktop\RedoUnprotect.jpe

Filesize
301KB

MD5
fe8a467fe76c73211ef2019c4ad9de23

SHA1
5c6cf65a9fa47bea2bbd0bd6db396512a03010c8

SHA256
bc70567442bb80fb0a61e96b592c1c284bf6aaf8b8c0c121ec43bd93fe68ec06

SHA512
ef9943f209b265918d42d69fe07d0f62f8fe8415f6e726a8614fc2a27fa47ca3440f9508d1416eb570b4239aee417f2bd76467f9b6461be5a709f67674d0ca77

Download Submit
C:\Users\Admin\Desktop\RegisterConfirm.xlsx

Filesize
10KB

MD5
bb81f10d4579f229e24faa579cefa05e

SHA1
802007e66cf0b82772ee294e9f757664d7a2d00f

SHA256
bb92e42ce9d4bc1ef12d97e16e447f15d2e2c3758275cdf72c4c29ae8f1538f8

SHA512
cca68272e1fda604785f78155823b7787c1e69f5add037fdd1b85c258f439721ab107006e88e50dad6a2027b3868a26742142351422f9344ab4aa902e65efed6

Download Submit
C:\Users\Admin\Desktop\RenameResume.csv

Filesize
697KB

MD5
9117241036895aa0a5c66e25c2238d2a

SHA1
22d52e489b2b8a4233e2bec7f0f9f97cd0d0d405

SHA256
3337fb6adc1034b454a6164c2e4f28af7bd7d485127b2079921a0e936c698671

SHA512
bb3c691c40e2029681438d14206c914db74865696b68acf4a07ad27cb013927f9dddf1a041baa2c0b96674c82f06ec30c2ad30dd3b46031fb56a60e603faa718

Download Submit
C:\Users\Admin\Desktop\RepairConnect.wma

Filesize
472KB

MD5
1b6cd6ebaa06e8b8fcf032719ab3b2c7

SHA1
2c3e6b1a4138dace73a0bafbca419ed64489c01b

SHA256
8d02fdb6d56c8c28f0ca59d81f2d06dad7a13ee16cfea1e68a2ff747d6dce29b

SHA512
7e57cd7e0261168a7861bbe4a21c5b40af7bd5f36310b0455a10aa2e7a1049fa2d11527da0b8b69c71da37455c32f4a7cf7455760619626183bc3abc9074a412

Download Submit
C:\Users\Admin\Desktop\ResizeRevoke.wmf

Filesize
394KB

MD5
80c1e59f1f1f14b6860a42d3ba8f68a4

SHA1
172007f509d4d3b66c08fa267a3b0d24b5e16d56

SHA256
69fd091a214e19996493fdee6a1814a5ef24c6392bf0cd548c11473ebcfa2257

SHA512
6910a6060de4606e151bfaa74a9e9d2fe5ffd680d5868dbd771c25a694edb21cd93af498be88e2963255edbb79ad660641baa77fff51cce55781fc5145211c6d

Download Submit
C:\Users\Admin\Desktop\RestoreCompare.dxf

Filesize
441KB

MD5
0b4af8ad80c19f6c5ab35d33e3559828

SHA1
287ec12f35b52d02ed73b8ce65df5e3f9e019c9f

SHA256
32466bd92d2de76f67a867fadce28802f18d1034614ba2bb03bed0ffbf351550

SHA512
c720443440596584df8db8cc733fea7ec3483cc21c69606f40f6002437c1ed77beb6b69482e37c5038d05b6ec705287e99937f090b1701c7f9727027a3fe03ec

Download Submit
C:\Users\Admin\Desktop\ResumeSkip.mp3

Filesize
425KB

MD5
474b7d917d89bd5d1d6da1e348bca9c2

SHA1
09994ab2cb54b3a389ac01a7b4565242a1427da6

SHA256
856a9ba4987406091a38d3e2b77fc17ffbf0b895fe844161eeedcb763d9b216f

SHA512
6b874128111835b04208dca91bd766546e24031716c5ee641ea483adea88fe66e33071c3706a807a3225930b17d8df34e28f3032ce68e80f72b5474105b44d66

Download Submit
C:\Users\Admin\Desktop\SearchOptimize.wav

Filesize
255KB

MD5
a435b3ad05738136300d265443175885

SHA1
97366176a5164c224b6a94b91f561f9cdae8afde

SHA256
0fea57ac92fd4a6cff9a7d0cd13c26f3efe3145b0740a674a8f436d140e703a7

SHA512
f841d4bfa0a98a9d10a329e5beeb9a99afcbeffd0ddb00b09a30f63593584f49e948ff7606122da44f87ee210b13441c7959b3d894dc65a91671ab4ab2dd9ff7

Download Submit
C:\Users\Admin\Desktop\SendMount.bin

Filesize
456KB

MD5
8094f8500e1d60db6155e55d1d4c7e6f

SHA1
698909f34b78978f90ab745e8ea4e77861e193c4

SHA256
5e58a902c8cfd66403b93ba2d2d14f2a0e7b379d7a6325402bad5edc4fe06b55

SHA512
0ad080c7e03d480b9b21487d88411d2a5daa4510c1860947c01fa281ea8eda7a093d5da0cf5c1ab6cd851d00d2e3a258c12027812c097c1340717ab1c6242426

Download Submit
C:\Users\Admin\Desktop\ShowSet.docm

Filesize
286KB

MD5
037d970d6dc725ad98605c634c04072f

SHA1
38e133ab3a4ccc2dd999cb2754c38dac014f35e8

SHA256
7b42872f8f42aff5e89b7ae43a2fa7d5d4357e357215288a9ea267a61bf360f1

SHA512
162feb2f00741d1d6216c09540681aa93b11d1b341f0f6e50f74e7849495f4b2acf99a99735e1fc02a5b3c26b16d361068042aa8dc2ed996df5dc11dfdcc17f2

Download Submit
C:\Users\Admin\Desktop\TestUnregister.png

Filesize
224KB

MD5
a7b864316bc4777d646c2045c1c4f26d

SHA1
3cd5084fe82e415db76f5f8cfc31974f378d5a74

SHA256
f45ba5dad5b8a0183a406470a44f145766ff7e9fc33f6da4aafcdd22f01deea1

SHA512
a61e0f27284ab53dfd1fb7a73b75264494778988edd8d443e74d04180d52f8defb48ab46022da50a6ba30bd6aebd0ccb060978b928cae2116f3952f611251938

Download Submit
C:\Users\Admin\Desktop\UndoGroup.cr2

Filesize
379KB

MD5
fbabc55a370b1e0959fbcacada779c48

SHA1
629e6c10acbee9814a218405bf4f4375995b7aac

SHA256
3b2df1910fe5a4b332566686325b37441812c594b49484c5941f4766288f48c4

SHA512
429fe8eaf30b49b115402c6a68002463997ad15cd6e991a971d50ef4dfe5066a517b6d54f9a3aa95b6adbaa62963f7998247a76118f0044ddfc206ae6364aaa3

Download Submit
C:\Users\Admin\Desktop\UnpublishGroup.xlsx

Filesize
12KB

MD5
8062cf4ae4c2eadfdf37eda61232db52

SHA1
32f14ff5d2a0f49228b84e2860d04a35cdcd0c70

SHA256
bf465d07bacf361ae27bbabd26502892ce8fa589a67cfbfd28feed04c3508edb

SHA512
18a8616b2fcba41bfb9c575180c992212fe19e89af1681f346148b7f5780147a91078c0866a0180e8ee6013c5f76a175e23fbf7c6356e50881706905ecf3c8a9

Download Submit
C:\Users\Admin\Desktop\UnregisterUninstall.TS

Filesize
348KB

MD5
e7d3a6098fdc881fb71c1f809e2b2a0f

SHA1
ccda5e13262a103b51fa03168340c73afa929abc

SHA256
9bf10cceaa702defa166bd4f8bb54367026c97896d50c9edb280bfda29b46710

SHA512
19e1cfd31bd58aa70f2225b2292c529a7661347f825177157777c23897155db2d14ef4424c6ab70162e33c6cec8061c1f9d7c5abc2f6ce9d9e5debc95263a27f

Download Submit
C:\Users\Admin\Downloads\SONIC.EXE

Filesize
47.8MB

MD5
c8aac36721c9a3ea8f6d6b538819380d

SHA1
4df0660796ee1b75a67cdd6b6c86a5218db85b61

SHA256
c648e72f2d223792a076026f1532b2545b61bd19bbd3a18c22722b95bfae5cb8

SHA512
d020a2b7aaccad419a654da4578bc87c283de68945621d788655e5f8be4f144fa1a42b41d84c0948b35c61c4e63f9dbb5801ebb81dc8738408b3b40696cfbeb5

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 808544.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit
memory/1116-13463-0x0000000000B30000-0x0000000000FE2000-memory.dmp

Filesize
4.7MB

Download
memory/3516-685-0x0000023AC4C80000-0x0000023AC4C90000-memory.dmp

Filesize
64KB

Download
memory/3516-686-0x0000023AC4C80000-0x0000023AC4C90000-memory.dmp

Filesize
64KB

Download
memory/3516-683-0x0000023AC4C80000-0x0000023AC4C90000-memory.dmp

Filesize
64KB

Download
memory/3516-684-0x0000023AC4C80000-0x0000023AC4C90000-memory.dmp

Filesize
64KB

Download
memory/3516-687-0x0000023AC4CA0000-0x0000023AC4CB0000-memory.dmp

Filesize
64KB

Download
memory/3516-690-0x0000023AC4CA0000-0x0000023AC4CB0000-memory.dmp

Filesize
64KB

Download
memory/3516-689-0x0000023AC4CA0000-0x0000023AC4CB0000-memory.dmp

Filesize
64KB

Download
memory/3516-688-0x0000023AC4CA0000-0x0000023AC4CB0000-memory.dmp

Filesize
64KB

Download
memory/4744-1453-0x000001E190250000-0x000001E190251000-memory.dmp

Filesize
4KB

Download
memory/4744-1447-0x000001E190250000-0x000001E190251000-memory.dmp

Filesize
4KB

Download
memory/4744-1455-0x000001E190250000-0x000001E190251000-memory.dmp

Filesize
4KB

Download
memory/4744-1456-0x000001E190250000-0x000001E190251000-memory.dmp

Filesize
4KB

Download
memory/4744-1449-0x000001E190250000-0x000001E190251000-memory.dmp

Filesize
4KB

Download
memory/4744-1457-0x000001E190250000-0x000001E190251000-memory.dmp

Filesize
4KB

Download
memory/4744-1448-0x000001E190250000-0x000001E190251000-memory.dmp

Filesize
4KB

Download
memory/4744-1454-0x000001E190250000-0x000001E190251000-memory.dmp

Filesize
4KB

Download
memory/4744-1458-0x000001E190250000-0x000001E190251000-memory.dmp

Filesize
4KB

Download
memory/4744-1459-0x000001E190250000-0x000001E190251000-memory.dmp

Filesize
4KB

Download
memory/12448-13739-0x000000006E450000-0x000000006F791000-memory.dmp

Filesize
19.3MB

Download
memory/12448-13673-0x000000006E450000-0x000000006F791000-memory.dmp

Filesize
19.3MB

Download
memory/12448-13618-0x000000006E450000-0x000000006F791000-memory.dmp

Filesize
19.3MB

Download
memory/12448-13633-0x000000006E450000-0x000000006F791000-memory.dmp

Filesize
19.3MB

Download
memory/12448-13668-0x000000006E450000-0x000000006F791000-memory.dmp

Filesize
19.3MB

Download
memory/12448-14144-0x000000006E450000-0x000000006F791000-memory.dmp

Filesize
19.3MB

Download
memory/16840-14300-0x000001F9767B0000-0x000001F9768D3000-memory.dmp

Filesize
1.1MB

Download
memory/17224-14118-0x0000027C81B10000-0x0000027C81C33000-memory.dmp

Filesize
1.1MB

Download
memory/17224-14121-0x0000027C81980000-0x0000027C81988000-memory.dmp

Filesize
32KB

Download
memory/17736-13627-0x000001D148BF0000-0x000001D148D13000-memory.dmp

Filesize
1.1MB

Download
memory/17736-13628-0x000001D148AD0000-0x000001D148AD8000-memory.dmp

Filesize
32KB

Download
memory/17820-13626-0x000001A071890000-0x000001A071898000-memory.dmp

Filesize
32KB

Download
memory/17820-13625-0x000001A0719D0000-0x000001A071AF3000-memory.dmp

Filesize
1.1MB

Download
memory/17820-13498-0x00007FFD46F50000-0x00007FFD46F51000-memory.dmp

Filesize
4KB

Download
memory/17820-13499-0x00007FFD47150000-0x00007FFD47151000-memory.dmp

Filesize
4KB

Download
memory/18220-14287-0x000001DA2F690000-0x000001DA2F7B3000-memory.dmp

Filesize
1.1MB

Download
memory/18220-14288-0x000001DA2F540000-0x000001DA2F548000-memory.dmp

Filesize
32KB

Download