07a90755798be371ecf9a8c6a12ffb8783f8e3754abfe618c5e8410cef1b3cdc

Analysis

max time kernel
1693s
max time network
1715s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
15-11-2024 18:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-11-15 12.46.42 PM.png
Size

229B
MD5

e34a2a74a48dc57fb67ee665bc837ba3
SHA1

580b5b5d6dc5d17a50a8ae08473bfed3cdfdd608
SHA256

07a90755798be371ecf9a8c6a12ffb8783f8e3754abfe618c5e8410cef1b3cdc
SHA512

db41adbf69f4e25a8cde03c6a8116121a7bd89316ccdfe95d50c73605bf84b8f0db4a3a3421e968027a5777527e40f29ff60b60edac8855464333ede98175889

Score

9^/10

steam discovery persistence phishing ransomware

Malware Config

Signatures

Renames multiple (51) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
phishing

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000\Control Panel\International\Geo\Nation	cmd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe

Executes dropped EXE 27 IoCs

pid	Process
4520	SteamSetup.exe
2144	steamservice.exe
3116	steam.exe
864	steam.exe
5964	steamwebhelper.exe
3060	steamwebhelper.exe
4392	steamwebhelper.exe
5228	steamwebhelper.exe
3544	gldriverquery64.exe
3308	steamwebhelper.exe
772	steamwebhelper.exe
1280	gldriverquery.exe
5276	vulkandriverquery64.exe
5072	vulkandriverquery.exe
4160	Steam.exe
2172	steamwebhelper.exe
1740	steamwebhelper.exe
2504	steamwebhelper.exe
3892	gldriverquery64.exe
6048	steamwebhelper.exe
4744	steamwebhelper.exe
1100	steamwebhelper.exe
2580	gldriverquery.exe
1692	vulkandriverquery64.exe
3616	vulkandriverquery.exe
5128	steamwebhelper.exe
5828	steamwebhelper.exe

Loads dropped DLL 64 IoCs

pid	Process
4520	SteamSetup.exe
4520	SteamSetup.exe
4520	SteamSetup.exe
4520	SteamSetup.exe
4520	SteamSetup.exe
4520	SteamSetup.exe
4520	SteamSetup.exe
4520	SteamSetup.exe
864	steam.exe
864	steam.exe
864	steam.exe
864	steam.exe
864	steam.exe
864	steam.exe
864	steam.exe
864	steam.exe
864	steam.exe
864	steam.exe
864	steam.exe
864	steam.exe
864	steam.exe
864	steam.exe
864	steam.exe
864	steam.exe
864	steam.exe
5964	steamwebhelper.exe
5964	steamwebhelper.exe
5964	steamwebhelper.exe
5964	steamwebhelper.exe
3060	steamwebhelper.exe
3060	steamwebhelper.exe
3060	steamwebhelper.exe
864	steam.exe
4392	steamwebhelper.exe
4392	steamwebhelper.exe
4392	steamwebhelper.exe
4392	steamwebhelper.exe
4392	steamwebhelper.exe
4392	steamwebhelper.exe
4392	steamwebhelper.exe
4392	steamwebhelper.exe
4392	steamwebhelper.exe
864	steam.exe
5228	steamwebhelper.exe
5228	steamwebhelper.exe
5228	steamwebhelper.exe
864	steam.exe
3308	steamwebhelper.exe
3308	steamwebhelper.exe
3308	steamwebhelper.exe
772	steamwebhelper.exe
772	steamwebhelper.exe
772	steamwebhelper.exe
772	steamwebhelper.exe
4160	Steam.exe
4160	Steam.exe
4160	Steam.exe
4160	Steam.exe
4160	Steam.exe
4160	Steam.exe
4160	Steam.exe
4160	Steam.exe
4160	Steam.exe
4160	Steam.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_r_ring.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_rstick_left_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_r5.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt	SteamSetup.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0407.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\chkUnselFocus.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\vgui_tchinese.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_dpad_down.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_dpad_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\templates\controller_switch_pro_gamepad_joystick.vdf_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0408.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\libcef.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_buttons_e_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_l2_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_touchpad_touch.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_100_target_0050.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_list_down.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_workshop.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\steam_controller_thai.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_l2_soft_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_mouse_5_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\filter_banned_tchinese.txt.gz_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\sk.pak_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\fossilize-replay64.exe_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_rstick_right_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_lb_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_r2_soft_md.png_	steam.exe
File opened for modification	C:\Program Files (x86)\Steam\.crash	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0312.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\tabSquareBottomLeft.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\vgui_french.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_l2.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_button_a.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_color_outlined_button_b_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_l2_soft_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_r_up_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_r4_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_lstick_right_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\genesis_b.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\steamdeck_left.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_lstick_right.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_mouse_5_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_r_ring_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_lstick_click_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_buttons_e_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0050.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_030_inv_0320.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_color_button_a_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_buttons_n_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\libavif-16.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\friendsui_vietnamese-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_dpad_down.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_l_left.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_r_ring_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\Receipt_CDKey_InvalidKey.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_l_touch_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_lfn_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\SteamOverlayVulkanLayer.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_r2_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_l_down_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_lstick_touch.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\broadcast\icon_close_default.tga_	steam.exe

Drops file in Windows directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2172_1370621687\_metadata\verified_contents.json	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2172_1370621687\_platform_specific\win_x64\widevinecdm.dll	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2172_1370621687\LICENSE	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2172_1370621687\manifest.json	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2172_1370621687\manifest.fingerprint	steamwebhelper.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2172_1370621687\_platform_specific\win_x64\widevinecdm.dll.sig	steamwebhelper.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 26 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 49 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\steam\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\steamlink\Shell\Open	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1263212995-3575756360-1418101905-1000\{3DBC704C-CFBF-45E0-8225-D2D91FAE55B4}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\steamlink\URL Protocol	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\steam\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\steam\ = "URL:steam protocol"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\steam\Shell\Open	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\steamlink\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\steam\Shell	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\steamlink\Shell	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 215717.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 66022.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4424	mspaint.exe
4424	mspaint.exe
4464	msedge.exe
4464	msedge.exe
2768	msedge.exe
2768	msedge.exe
6104	identity_helper.exe
6104	identity_helper.exe
5944	msedge.exe
5944	msedge.exe
3408	msedge.exe
3408	msedge.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
4520	SteamSetup.exe
4520	SteamSetup.exe
4520	SteamSetup.exe
4520	SteamSetup.exe
4520	SteamSetup.exe
4520	SteamSetup.exe
4520	SteamSetup.exe
4520	SteamSetup.exe
4520	SteamSetup.exe
4520	SteamSetup.exe
4520	SteamSetup.exe
4520	SteamSetup.exe
4520	SteamSetup.exe
4520	SteamSetup.exe
4520	SteamSetup.exe
4520	SteamSetup.exe
4520	SteamSetup.exe
4520	SteamSetup.exe
4520	SteamSetup.exe
4520	SteamSetup.exe
6028	msedge.exe
6028	msedge.exe
6028	msedge.exe
6028	msedge.exe
864	steam.exe
864	steam.exe
864	steam.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
864	steam.exe
4160	Steam.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 50 IoCs

pid	Process
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1100	taskmgr.exe
Token: SeSystemProfilePrivilege	1100	taskmgr.exe
Token: SeCreateGlobalPrivilege	1100	taskmgr.exe
Token: 33	1100	taskmgr.exe
Token: SeIncBasePriorityPrivilege	1100	taskmgr.exe
Token: SeSecurityPrivilege	2144	steamservice.exe
Token: SeSecurityPrivilege	2144	steamservice.exe
Token: SeBackupPrivilege	3588	vssvc.exe
Token: SeRestorePrivilege	3588	vssvc.exe
Token: SeAuditPrivilege	3588	vssvc.exe
Token: SeShutdownPrivilege	5964	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5964	steamwebhelper.exe
Token: SeShutdownPrivilege	5964	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5964	steamwebhelper.exe
Token: SeShutdownPrivilege	5964	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5964	steamwebhelper.exe
Token: SeShutdownPrivilege	5964	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5964	steamwebhelper.exe
Token: SeShutdownPrivilege	5964	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5964	steamwebhelper.exe
Token: SeShutdownPrivilege	5964	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5964	steamwebhelper.exe
Token: SeShutdownPrivilege	5964	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5964	steamwebhelper.exe
Token: SeShutdownPrivilege	5964	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5964	steamwebhelper.exe
Token: SeShutdownPrivilege	5964	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5964	steamwebhelper.exe
Token: SeShutdownPrivilege	5964	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5964	steamwebhelper.exe
Token: SeShutdownPrivilege	5964	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5964	steamwebhelper.exe
Token: SeShutdownPrivilege	5964	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5964	steamwebhelper.exe
Token: SeShutdownPrivilege	5964	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5964	steamwebhelper.exe
Token: SeShutdownPrivilege	5964	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5964	steamwebhelper.exe
Token: SeShutdownPrivilege	5964	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5964	steamwebhelper.exe
Token: SeDebugPrivilege	2772	firefox.exe
Token: SeDebugPrivilege	2772	firefox.exe
Token: SeShutdownPrivilege	5964	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5964	steamwebhelper.exe
Token: SeDebugPrivilege	2772	firefox.exe
Token: SeDebugPrivilege	2772	firefox.exe
Token: SeDebugPrivilege	2772	firefox.exe
Token: SeShutdownPrivilege	2172	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2172	steamwebhelper.exe
Token: SeShutdownPrivilege	2172	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2172	steamwebhelper.exe
Token: SeShutdownPrivilege	2172	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2172	steamwebhelper.exe
Token: SeShutdownPrivilege	2172	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2172	steamwebhelper.exe
Token: SeShutdownPrivilege	2172	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2172	steamwebhelper.exe
Token: SeShutdownPrivilege	2172	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2172	steamwebhelper.exe
Token: SeShutdownPrivilege	2172	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2172	steamwebhelper.exe
Token: SeShutdownPrivilege	2172	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2172	steamwebhelper.exe
Token: SeShutdownPrivilege	2172	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
1100	taskmgr.exe
5964	steamwebhelper.exe
5964	steamwebhelper.exe
5964	steamwebhelper.exe
5964	steamwebhelper.exe
5964	steamwebhelper.exe
5964	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
4424	mspaint.exe
4424	mspaint.exe
4424	mspaint.exe
4424	mspaint.exe
4520	SteamSetup.exe
2144	steamservice.exe
864	steam.exe
2772	firefox.exe
4160	Steam.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3896 wrote to memory of 4424	3896	cmd.exe	82
PID 3896 wrote to memory of 4424	3896	cmd.exe	82
PID 2768 wrote to memory of 3312	2768	msedge.exe	101
PID 2768 wrote to memory of 3312	2768	msedge.exe	101
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4148	2768	msedge.exe	104
PID 2768 wrote to memory of 4464	2768	msedge.exe	105
PID 2768 wrote to memory of 4464	2768	msedge.exe	105
PID 2768 wrote to memory of 1428	2768	msedge.exe	106
PID 2768 wrote to memory of 1428	2768	msedge.exe	106
PID 2768 wrote to memory of 1428	2768	msedge.exe	106
PID 2768 wrote to memory of 1428	2768	msedge.exe	106
PID 2768 wrote to memory of 1428	2768	msedge.exe	106
PID 2768 wrote to memory of 1428	2768	msedge.exe	106
PID 2768 wrote to memory of 1428	2768	msedge.exe	106
PID 2768 wrote to memory of 1428	2768	msedge.exe	106
PID 2768 wrote to memory of 1428	2768	msedge.exe	106
PID 2768 wrote to memory of 1428	2768	msedge.exe	106
PID 2768 wrote to memory of 1428	2768	msedge.exe	106
PID 2768 wrote to memory of 1428	2768	msedge.exe	106
PID 2768 wrote to memory of 1428	2768	msedge.exe	106
PID 2768 wrote to memory of 1428	2768	msedge.exe	106
PID 2768 wrote to memory of 1428	2768	msedge.exe	106
PID 2768 wrote to memory of 1428	2768	msedge.exe	106
PID 2768 wrote to memory of 1428	2768	msedge.exe	106
PID 2768 wrote to memory of 1428	2768	msedge.exe	106

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-11-15 12.46.42 PM.png"
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3896
- C:\Windows\system32\mspaint.exe
  "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-11-15 12.46.42 PM.png"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4424

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:4988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffa520946f8,0x7ffa52094708,0x7ffa52094718
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,10686673769082431443,5231491378850186825,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,10686673769082431443,5231491378850186825,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,10686673769082431443,5231491378850186825,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10686673769082431443,5231491378850186825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10686673769082431443,5231491378850186825,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10686673769082431443,5231491378850186825,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10686673769082431443,5231491378850186825,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,10686673769082431443,5231491378850186825,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  PID:5892
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff7c01a5460,0x7ff7c01a5470,0x7ff7c01a5480
    3⤵
    PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,10686673769082431443,5231491378850186825,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10686673769082431443,5231491378850186825,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10686673769082431443,5231491378850186825,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10686673769082431443,5231491378850186825,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10686673769082431443,5231491378850186825,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10686673769082431443,5231491378850186825,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10686673769082431443,5231491378850186825,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10686673769082431443,5231491378850186825,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10686673769082431443,5231491378850186825,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10686673769082431443,5231491378850186825,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10686673769082431443,5231491378850186825,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10686673769082431443,5231491378850186825,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10686673769082431443,5231491378850186825,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2192,10686673769082431443,5231491378850186825,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6136 /prefetch:8
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2192,10686673769082431443,5231491378850186825,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6888 /prefetch:8
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2192,10686673769082431443,5231491378850186825,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5940 /prefetch:8
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2192,10686673769082431443,5231491378850186825,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6920 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2192,10686673769082431443,5231491378850186825,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,10686673769082431443,5231491378850186825,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3528 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2500

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1100

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2300

C:\Users\Admin\Downloads\SteamSetup.exe
"C:\Users\Admin\Downloads\SteamSetup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4520
- C:\Program Files (x86)\Steam\bin\steamservice.exe
  "C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2144

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:3116
- C:\Program Files (x86)\Steam\steam.exe
  "C:\Program Files (x86)\Steam\steam.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:864
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=864" "-buildid=1731433018" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SendNotifyMessage
    PID:5964
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1731433018 --initial-client-data=0x28c,0x290,0x294,0x288,0x298,0x7ffa62f9af00,0x7ffa62f9af0c,0x7ffa62f9af18
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3060
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1584,i,8794996876075669503,14183126169316146844,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1588 --mojo-platform-channel-handle=1576 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4392
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2212,i,8794996876075669503,14183126169316146844,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2216 --mojo-platform-channel-handle=2208 /prefetch:3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5228
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2784,i,8794996876075669503,14183126169316146844,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2792 --mojo-platform-channel-handle=2780 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3308
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,8794996876075669503,14183126169316146844,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3136 --mojo-platform-channel-handle=3128 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:772
- - C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:3544
- - C:\Program Files (x86)\Steam\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1280
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:5276
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5072

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3588

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x2d4
1⤵
PID:2976

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:436
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240401114208 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c010a09-8dc6-4203-bf11-952b10f2eb69} 2772 "\\.\pipe\gecko-crash-server-pipe.2772" gpu
    3⤵
    PID:5716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2364 -parentBuildID 20240401114208 -prefsHandle 2340 -prefMapHandle 2328 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b085d63-5107-4adf-bcf4-f9028f375e99} 2772 "\\.\pipe\gecko-crash-server-pipe.2772" socket
    3⤵
    - Checks processor information in registry
    PID:4384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2904 -childID 1 -isForBrowser -prefsHandle 3212 -prefMapHandle 3288 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0056561-7687-417d-9d2c-0c3eba40e896} 2772 "\\.\pipe\gecko-crash-server-pipe.2772" tab
    3⤵
    PID:5744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3700 -childID 2 -isForBrowser -prefsHandle 3724 -prefMapHandle 3720 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a2282e5-5218-4b43-bb2d-e0dfbfe2a3f2} 2772 "\\.\pipe\gecko-crash-server-pipe.2772" tab
    3⤵
    PID:5876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4992 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4984 -prefMapHandle 4980 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8137708-1e12-44e6-8b4a-7ef104bd34d1} 2772 "\\.\pipe\gecko-crash-server-pipe.2772" utility
    3⤵
    - Checks processor information in registry
    PID:436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5664 -childID 3 -isForBrowser -prefsHandle 5652 -prefMapHandle 5648 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e784797b-b50d-49ac-93de-889675a7dd87} 2772 "\\.\pipe\gecko-crash-server-pipe.2772" tab
    3⤵
    PID:3996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3144 -childID 4 -isForBrowser -prefsHandle 5576 -prefMapHandle 5564 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {611bbafb-6461-4379-ad97-67c37eea5843} 2772 "\\.\pipe\gecko-crash-server-pipe.2772" tab
    3⤵
    PID:5924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5652 -childID 5 -isForBrowser -prefsHandle 5772 -prefMapHandle 5560 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af22cea6-d14e-4ab0-abb5-d5cdf3841100} 2772 "\\.\pipe\gecko-crash-server-pipe.2772" tab
    3⤵
    PID:3792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6264 -childID 6 -isForBrowser -prefsHandle 6220 -prefMapHandle 6256 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a806a2a4-7bcd-4652-9039-2de5353c7cd5} 2772 "\\.\pipe\gecko-crash-server-pipe.2772" tab
    3⤵
    PID:2348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5552 -childID 7 -isForBrowser -prefsHandle 4492 -prefMapHandle 4536 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b102bc6-33c2-4df9-bea8-220a33a8b729} 2772 "\\.\pipe\gecko-crash-server-pipe.2772" tab
    3⤵
    PID:5360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffa520946f8,0x7ffa52094708,0x7ffa52094718
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6032 /prefetch:2
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1720 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2264 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2252 /prefetch:1
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2264 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:5612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6816 /prefetch:8
  2⤵
  PID:5776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  PID:188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=2016 /prefetch:8
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2016 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2060,11008880247591987811,1938567801528480333,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4120 /prefetch:8
  2⤵
  PID:4128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1148

C:\Program Files (x86)\Steam\Steam.exe
"C:\Program Files (x86)\Steam\Steam.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4160
- C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
  "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=4160" "-buildid=1731433018" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\Steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in Windows directory
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  PID:2172
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1731433018 --initial-client-data=0x28c,0x290,0x294,0x288,0x298,0x7ffa62f9af00,0x7ffa62f9af0c,0x7ffa62f9af18
    3⤵
    - Executes dropped EXE
    PID:1740
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1580,i,14469964579794818970,13341585372969034329,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1584 --mojo-platform-channel-handle=1572 /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:2504
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2204,i,14469964579794818970,13341585372969034329,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2208 --mojo-platform-channel-handle=2160 /prefetch:3
    3⤵
    - Executes dropped EXE
    PID:6048
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2820,i,14469964579794818970,13341585372969034329,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2828 --mojo-platform-channel-handle=2816 /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:4744
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,14469964579794818970,13341585372969034329,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3208 --mojo-platform-channel-handle=3200 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:1100
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=3752,i,14469964579794818970,13341585372969034329,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3772 --mojo-platform-channel-handle=3836 /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:5128
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3444,i,14469964579794818970,13341585372969034329,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3504 --mojo-platform-channel-handle=3996 /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:5828
- C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
  .\bin\gldriverquery64.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Program Files (x86)\Steam\bin\gldriverquery.exe
  .\bin\gldriverquery.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
  .\bin\vulkandriverquery64.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
  .\bin\vulkandriverquery.exe
  2⤵
  - Executes dropped EXE
  PID:3616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2352

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x2d4
1⤵
PID:1564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\bin\SteamService.exe

Filesize
2.5MB

MD5
ba0ea9249da4ab8f62432617489ae5a6

SHA1
d8873c5dcb6e128c39cf0c423b502821343659a7

SHA256
ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d

SHA512
52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
14KB

MD5
afa567f617eff0dae88f2582a4883d00

SHA1
a7a8eb70be5110ac02a7276a7ee577a41ac80b25

SHA256
6e67592e11c7dbb2e349737d9d2655ce92865e2d3ecd025d70474acec05e19a8

SHA512
3a8e7d03d44c7a7d6f6854523541de2bcab5428bab7b4d2993323a3865854b1c8a65031d0c75d0c9e31e80aad6ffdc1cb30582f646b976bc85e4ca795596c90d

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
21KB

MD5
b1a7dd27c15fa48e0ba995c67de57cbd

SHA1
ffa8c90ddcae83b6c2ed097791bfe66c74301beb

SHA256
d34b6541c338b02b3dbbba6f3836e2e7996bd43aa345aa07c8c4da5d22160b12

SHA512
ed52e3ccc152ba7f4bcc7f848f87d336643d57583a40002bbbdc14d437a9bc511f460d6b49a18909734f095f18e435b5f8a08314a30c0bb0c2892ac883325ab3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
18KB

MD5
8dea4d273c4202a5fc215fec9578a16a

SHA1
a5b5c6142a128a33102c4c3603771bcc077302e1

SHA256
d4666f1ea24dadac6ac7472d10c5597ee45dcd034e806253ab21fd1a65479aff

SHA512
5da6e65e438f4d6da751902ea5b7d7c2e06a747da9609f940814a6c7ab52bc4aac4065d6d3340ab1202716522fcd11518a5fd47151b9e8390fd91a7974d560fe

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf~RFe5ba034.TMP

Filesize
184B

MD5
3cdebc58a05cdd75f14e64fb0d971370

SHA1
edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe

SHA256
661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7

SHA512
289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

Download Submit
C:\Program Files (x86)\Steam\logs\cef_log.txt

Filesize
823B

MD5
1d8b9aa72bb747adb349554e7799acb6

SHA1
85b00a6cc4a1f20891a6587079104d986a1c5abc

SHA256
aa0c5db2e9de6c14ac2fed3f823677f061071150833cdc505de7566cc5b75717

SHA512
7938a103cf85ec70ef9d5e85546f83563b0c6a2eacc7ef22c67b48a60555ee963da7ffebf774d0b87876d48dd9f62f72ca2ab726a51b92075b3541311c783a11

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

Filesize
4KB

MD5
0340d1a0bbdb8f3017d2326f4e351e0a

SHA1
90d078e9f732794db5b0ffeb781a1f2ed2966139

SHA256
0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544

SHA512
9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

Filesize
6KB

MD5
4c81277a127e3d65fb5065f518ffe9c2

SHA1
253264b9b56e5bac0714d5be6cade09ae74c2a3a

SHA256
76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9

SHA512
be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

Filesize
4KB

MD5
2158881817b9163bf0fd4724d549aed4

SHA1
c500f2e8f47a11129114ee4f19524aee8fecc502

SHA256
650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7

SHA512
f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

Filesize
4KB

MD5
03b664bd98485425c21cdf83bc358703

SHA1
0a31dcfeb1957e0b00b87c2305400d004a9a5bdb

SHA256
fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115

SHA512
4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

Filesize
4KB

MD5
31a29061e51e245f74bb26d103c666ad

SHA1
271e26240db3ba0dcffc10866ccfcfa1c33cf1cc

SHA256
56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192

SHA512
f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

Filesize
4KB

MD5
da6cd2483ad8a21e8356e63d036df55b

SHA1
0e808a400facec559e6fbab960a7bdfaab4c6b04

SHA256
ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6

SHA512
06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

Filesize
4KB

MD5
9e62fc923c65bfc3f40aaf6ec4fd1010

SHA1
8f76faff18bd64696683c2a7a04d16aac1ef7e61

SHA256
8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7

SHA512
c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

Filesize
4KB

MD5
10c429eb58b4274af6b6ef08f376d46c

SHA1
af1e049ddb9f875c609b0f9a38651fc1867b50d3

SHA256
a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13

SHA512
d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

Filesize
4KB

MD5
5c026fd6072a7c5cf31c75818cddedec

SHA1
341aa1df1d034e6f0a7dff88d37c9f11a716cae6

SHA256
0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382

SHA512
f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

Filesize
6KB

MD5
189ba063d1481528cbd6e0c4afc3abaa

SHA1
40bdd169fcc59928c69eea74fd7e057096b33092

SHA256
c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695

SHA512
ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

Filesize
4KB

MD5
18aaaf5ffcdd21b1b34291e812d83063

SHA1
aa9c7ae8d51e947582db493f0fd1d9941880429f

SHA256
1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5

SHA512
4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

Filesize
4KB

MD5
1514d082b672b372cdfb8dd85c3437f1

SHA1
336a01192edb76ae6501d6974b3b6f0c05ea223a

SHA256
3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4

SHA512
4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

Filesize
4KB

MD5
8958371646901eac40807eeb2f346382

SHA1
55fb07b48a3e354f7556d7edb75144635a850903

SHA256
b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585

SHA512
14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

Filesize
5KB

MD5
7e1d15fc9ba66a868c5c6cb1c2822f83

SHA1
bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7

SHA256
fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265

SHA512
0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

Filesize
4KB

MD5
202b825d0ef72096b82db255c4e747fa

SHA1
3a3265e5bbaa1d1b774195a3858f29cea75c9e75

SHA256
3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314

SHA512
e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

Filesize
4KB

MD5
7913f3f33839e3af9e10455df69866c2

SHA1
15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25

SHA256
05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c

SHA512
534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

Filesize
4KB

MD5
58e0fcbee3cca4ef61b97928cfe89535

SHA1
1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b

SHA256
c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425

SHA512
99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

Filesize
4KB

MD5
9b0b0e82f753cc115d87c7199885ad1b

SHA1
5743a4ab58684c1f154f84895d87f000b4e98021

SHA256
0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32

SHA512
b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt

Filesize
4KB

MD5
eb8926608c5933f05a3f0090e551b15d

SHA1
a1012904d440c0e74dad336eac8793ac110f78f8

SHA256
2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04

SHA512
9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt

Filesize
4KB

MD5
6367f43ea3780c4ee166454f5936b1a8

SHA1
027a2c24c8320458c49cd78053f586cb4d94ee6f

SHA256
f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998

SHA512
31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt

Filesize
6KB

MD5
e04ad6c236b6c61fc53e2cb57ced87e8

SHA1
e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4

SHA256
08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e

SHA512
0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt

Filesize
4KB

MD5
56dcf7b68f70826262a6ffaffe6b1c49

SHA1
12e4272ba0e4eabc610670cdc6941f942da1eb6a

SHA256
948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f

SHA512
c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt

Filesize
4KB

MD5
66456d2b1085446a9f2dbd9e4632754b

SHA1
8da6248b57e5c2970d853b8d21373772a34b1c28

SHA256
c4f821a4903c4e7faea2931c7fb1cf261eba06a9840c78fdca689f5c784c06c4

SHA512
196c2282ba13715709ece706c9219fe70c05dd295840082e7d901b9e5592e74b1bb556782181cdbe35bd1ab0d6197fef67258b09491fabc6f27606dbed667d49

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt

Filesize
4KB

MD5
b2248784049e1af0c690be2af13a4ef3

SHA1
aec7461fa46b7f6d00ff308aa9d19c39b934c595

SHA256
4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690

SHA512
f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt

Filesize
4KB

MD5
194a73f900a3283da4caa6c09fefcb08

SHA1
a7a8005ca77b9f5d9791cb66fcdf6579763b2abb

SHA256
5e4f2de5ee98d5d76f5d76fb925417d6668fba08e89f7240f923f3378e3e66f6

SHA512
25842535c165d48f4cf4fa7fd06818ec5585cc3719eff933f5776a842713d7adb5667c3b9b1a122a1152450e797535fc7a8e97ebdd31c14b4d4900a33ede01f3

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt

Filesize
7KB

MD5
53f7e8ac1affb04bf132c2ca818eb01e

SHA1
bffc3e111761e4dc514c6398a07ffce8555697f6

SHA256
488294b7faff720dc3ab5a72e0607761484c678b96d6bcd6aad9ee2388356a83

SHA512
c2e79c2505a6fd075df113ffce92ad42c146424ca39087601daa4ed15a2b5528d478a093921d9d8a738c7b6b963275a0693ebe526b6e2135d14ced03639d0e70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fef1d650aaefbfdb3d3288be30bbd890

SHA1
92945eef98f78274539024ec94007add6a8bb5d2

SHA256
77c82a1c93cba87c54dcff2cf6eaa495983f3161085c371adbbe72f38d2acc1e

SHA512
4ba1792425040fb77fbb3d573b741a475e7413892a6ccf28facba78dc17aa9c5938940d54b946eb5f63beea7cbfd4a7c93e286093f370a4f8de57120756ca09f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3bcac44b9eb1bb4269c5977f31349ef4

SHA1
5ed06d7fc78d3f6dd137873634ea97e132077999

SHA256
c0b42a7995f1c6c40aa1c532b88f996f7fe507186f2336f9c3423d97c81184f9

SHA512
c60a08c199dad6ac2106706b19328b1dfdab98acbc88cb5e117a1ae1c2bc78878a442694555fc7fead2b2a6aa14bb63a52b70abf3e5813f714491ffbfb68b2c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4fb6d5c51d0d1454701df5cdde0fe971

SHA1
ec9c3f1bc947c980bea1aa395334f75da64ea59a

SHA256
26102cedd73bc9e0ac125dd0518b0bf2831d2ced72123f181c2e0c901cf8fe8f

SHA512
d02a7ee870b48f6a51867c9bfa58c492f5abb8a4cf93bce55b6b2c59352b645b439b2049a74d958bc4790fc8fbadb48e0ae7fdf696f67d2008f1c2b734bf912e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ef84d117d16b3d679146d02ac6e0136b

SHA1
3f6cc16ca6706b43779e84d24da752207030ccb4

SHA256
5d1f5e30dc4c664d08505498eda2cf0cf5eb93a234f0d9b24170b77ccad57000

SHA512
9f1a197dccbc2dcf64d28bebe07247df1a7a90e273474f80b4abd448c6427415bace98e829d40bccf2311de2723c3d1ad690a1cfdcf2e891b527344a9a2599d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
39191fa5187428284a12dd49cca7e9b9

SHA1
36942ceec06927950e7d19d65dcc6fe31f0834f5

SHA256
60bae7be70eb567baf3aaa0f196b5c577e353a6cabef9c0a87711424a6089671

SHA512
a0d4e5580990ab6efe5f80410ad378c40b53191a2f36a5217f236b8aac49a4d2abf87f751159e3f789eaa00ad7e33bcc2efebc658cd1a4bcccfd187a7205bdbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6c67f737-a5d0-43d9-90ff-f51166de7d54.tmp

Filesize
3KB

MD5
4650c11d0f831540bc4117c1ee606b51

SHA1
84d4c1b5aa18fc6bff7648a1bf3d660964fbbedb

SHA256
daac0cc295b93ed1b715a028c3ca0329e4096ea029a2555733451e7f41794204

SHA512
34772663e89bd66456d6ff726eef98d2f5ad61e7a1e436e862df0d0a24a8336061f6cc6c8a0850e6e7a1b025b24fbce3dba3185bf8ff4a617204d510703f841e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
92KB

MD5
f1fcbf737914d11658ea87e1ea414a59

SHA1
d23a24a28a0be6d0c68452c11810e92438ef1293

SHA256
1e029b0ebbb690ff04f1e17b62897562357ae6bce74ba8a85d97fa2cdfaeec29

SHA512
83514ef11151c71543902d01610141f0ad8984f9989595b879df49d7c314e4e1349e673ad25a6156e877f2c23ebef9c6b17d6ef9b3a3e7561f2370c1976be44e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008a

Filesize
44KB

MD5
0654d3fada1f1d0473eec1b0307cd5d5

SHA1
c10547a29c8ae5be2d442f48f46e9759ee256210

SHA256
24f7937ef51d5d77301ac1b1199050c47680b2743467eb57ab50dab265399d2e

SHA512
35550185bb28374b0c19a0c638b02bc1f262c965b0c2943807f20c0114b35ecc57bf7e6be3fdec7eee66f310424e9283998ce44135ff1d13876d069efa7d4298

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008b

Filesize
39KB

MD5
ef5fcc83ee6fb28f06e5503b2b016806

SHA1
9e571e76dfe624d7210aad95d78781cbf15a7079

SHA256
32007d4c9efc9889da70175f2624321aa8fddd12a5dd92ecf49de941d966e7fe

SHA512
4d260e5ea65f189a97637d04bd237ead2709567c7b31ff48688bbda82cc0240d0063f9c9036d79cf8879103c0bae0f288ddb1a156af30f85cb14a57fc83677f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008c

Filesize
80KB

MD5
7709df8d1b6e4a7c63a277a0be2148b4

SHA1
00095ad0403200a706477182c9396124ac780893

SHA256
f01d23a26eb64617f657fc3cdc84828636896a024c1c5b56c75af8984041add6

SHA512
807f4c9cb4aee50c37ec411eb21855c262e165f4159be021b533d96601a1ff52d6c2a210cd7cd54e5676979fd332b3ed6a6772db308dad333afcc99720f4cbe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008d

Filesize
76KB

MD5
3315a2f404f093d0965f7f8a408fe0a8

SHA1
fbb58e17237b5433c0396c6db7d651269628f2b4

SHA256
94fa01c66fd00f3c66c5fda6d06b737176a21c4f37e685158cd2676fbd0e2901

SHA512
d393b27f8d4bc134058b12a3bda2d6442375da304ec3242ef1023fd47c558ffb3264f0a4d6cbdb2d2d6a6ba3b22a5d4fa8ccf4ec7cf26cb569544eadf9920a8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008e

Filesize
43KB

MD5
80aba2ba842854f328fd9426915f42d2

SHA1
b8704e7b5c9015e2c49ca111106a1322f9d15adb

SHA256
961679b8eb5e1585d303b6c90b2442dfc3df040bb4334a55fd499b6d3d10f08d

SHA512
14578bc21d158f408b78101362e4eb5e6a0eed028c4ed971f1f32abfae0278244cd662305f43d9791e8f121560c7ca960f659fa21879484f5d72a997586e69d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008f

Filesize
30KB

MD5
75217847a8b2918fbebc05d2dc06dfeb

SHA1
fd1248be3efadfe1b0d467223378025d68a39dab

SHA256
3dfe65902adadaf1d8c16ef685241c4d58cdef1813c2e5f565da4ec2bc6c2041

SHA512
f884c14907388d0768e349d4ca70ad4ac49d4f100c5a6dc163b88d829aa16ba7c6b87e8638a800acff92a6d25fa9421a9c1da18d1681f4918d2a7087d3ef12e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000092

Filesize
25KB

MD5
f335da501cfd99192570413997b2a25f

SHA1
3904be43eb198f37da9c062c419ea9a34f9a4f79

SHA256
5277f062fb5b97ea85a244432d564f41d6e8b39fcc41bef053e6e007273e7fbe

SHA512
489f65bfac8e9b40564a26e27abf8aa6227514d330880c97490015bf5006a044cb7768796047dc7775d7116092c633a844543148b28a8e8cbd2736914613b474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
7KB

MD5
322f64acbf1620a8c5228b7bc62876a9

SHA1
7cd1e1a9da8fd97c472ec6b519025c465622e543

SHA256
87ed7de1270b4601507446700ee63252c673d2e39216f6ac4953b6f4ef7f51a0

SHA512
70bd59718e560a46925c3f40113fba83d8cf8b532ed763500757ccac83d453e28e4969d0354d9cecd67f90730efc8b63cd72e0bbb2c9c7330beb9634ac46eea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a577cb630ae8655a13ced4b5a13eb027

SHA1
b6d5b152d966625153c1de06694d8884ac9f2b4d

SHA256
d5a5dee9c74a5f3c96666a6bf1fdaeb424bf486743c5c880a6228e6aab0bb184

SHA512
272e064fecce54b3127ad8a87b48855f311b9e50a8f48a59cdb58693ea112e9382cfbdfd4a27dfa768d30a606c7dcf7b501b5a6f2ad406acc5d27f2cb5117d51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f9266076014e86585d3662e82ab92786

SHA1
d486f5080c1f49e9cc31f05ee68d73f4bea9ba14

SHA256
5c6192faaee50bab3af8806fa442621b3d854ac5a6d15cc34d24e5ca794c5134

SHA512
7694777f0a92ca85bbf8e844e4b2189b27c32b7340fc381a0c58609402ee4641ff8944f660dc8c3711ba77d7ffcf477470c03ef44bd54767b2f0687caea1158e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
d868e57f87e84cba25a8eab76f3c39da

SHA1
31a67660482b77e25cb54f7fc75622bd9300044d

SHA256
705f599bf1cb3650376b3c829ee7c2aeed5b307d51bc093fe611c7ad18919ab4

SHA512
e4be84df25578fed01845ae67b5c4142b1f04d6918f1750f25e3f829ef58888d5aeeca93849effa3af2b3e74536467875da5ced45bd849c6a1d671891e2edd73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
dff839e1f3f99c648f82bc813d90fc90

SHA1
2f55a44590011263d6fa11199ff9b9ab70e000cc

SHA256
6203973bd7c63408fde3eac8c2aecc0ea817e3c8d8562f674490193946430368

SHA512
57ab191047f04bb68baa6ac55d8fc6a60ac58843cd9700d8c6b1aacf30e3c2d347f566ed0843bbadda22e1629ad801aa3b9d77e2a477177503a77b6d58204c59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
cd9259eba64da34fb75d0fa6794fdd51

SHA1
20bf6f2eaa26a5638f23d50ff7a048f8aee00310

SHA256
8e79ffa1dca9dfbe7ad66c7d174f649a63b3242829666122c604f169ed2e0b19

SHA512
20490738a7e229cbcaec727e09a62b6c25b605ca05cadd05bda677492c82a94b5a1425d6976be3ecbbcf79bb177042273c2f6b91a5965e64516e9e4caf7d3681

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
33df88d88b74e0227a2dacc70355b9f4

SHA1
52a8038a038994f9bc66056f6540d6bfb7942624

SHA256
381d8d84b0bf8b6c9e46091e2a516f9ad589b0b3fcb5d05b08b91a17e0305074

SHA512
8bfc243d634c589d8bfeb72219a3ce61268c47866b552b00d8c4431cb95b89a790699f2c0062b7d8d9e415198fd12e55c7fc138f95abe6f0707d0e78af2ef965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
e74496a688eeefede23939cf2ab4fd16

SHA1
cd799f6fe1a8956733b8374a4d98fb1da2bc7353

SHA256
c1bfde824d5e843a759f735a5fd1d1e1139c92ed8df59c5e12438e6e89e15aa6

SHA512
859cb8f501900f6bd5ec3365f297844e90c1f6541c0e6707c567a9efc402a504e29d06179d79bd9f59e1a4dd1bd8a06322f8a9f8c078824070beeb31d8d4a5cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
64cd0ca6ae6fe3fb028a226c884fbffd

SHA1
cd3c9956d7a6eb4cddbdf3f87c76adb07ae019bd

SHA256
e09ce521beb0d4c11a6a4002c63965fb92e34c97c91e588846a775cc25104464

SHA512
b7e8904564ca143811c3f726313a66a4e9c3e954a78a967876694fea8aa98f1a10fb6cfc92d6e62865a8526596ad05a96936716c9fb2254a687e979527d2ccc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a60540ba9bf4de38b04ef9a8c18c39ab

SHA1
a9a7db3073a2fc32b663f43610126fb78716d970

SHA256
1fe289fcf1a6b9ff86edf10608bea2bc233f35edabfe0323c8583c61ec63ea5b

SHA512
bd13b3dffb6b1ad3b4e4b01361c827373450bc3088a1c137cf0accc9e47ff1bef603971a4ba716ee7c31d75e4965941f827087495e53affc38ac17e5ee44cda4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe585dcb.TMP

Filesize
48B

MD5
9762e2c826398f45a642867aa4c1afc0

SHA1
038a03b846a2885ba5034bbc77bb7fd68f6b8736

SHA256
ea3e683d3d2938ef6d0bc52e36e59ee98cefa35a47ec01a84de199e8cc80d5cc

SHA512
19b1a30957b5ae3e3b3a17f38680dcc1288b5e1fedc5b4ab201556a8fe755e5855675d3fd3b6426c93ed204cf4da92b238975d41c84d22bbcf9d777c1052d416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\000005.ldb

Filesize
1KB

MD5
cbd4452d0891ae0929d8e4078c21fe64

SHA1
14bc16c9fd64a9d86e67ead1fe1d671180fdb812

SHA256
c77d9a9c7bd1c8b5a5f8448736789c2b44370815e45a0255ce718df22f5f861b

SHA512
fca5def42a9aa8a3ee31e8fd4e48d06abb7c0c2e691d39ea7a7da14a9b271df97b473914bbbb17f81b3a17791de530c34e65f9ef74e7cbc85cb1f64a0acde3de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
389B

MD5
71ab32a964183aac22bd81414b969873

SHA1
21c6c5afbd6ba78d7fb48f5002ad86a4560d930d

SHA256
d85b0fae93c83e7f7ac6c9f530c6ddadefd7c21ba840afc721e81818274eab23

SHA512
18c028c258f60fc26d56990083f2a6d1356fe25ef4cbe4e97c23a5d6d35fa05aa0fcab4fdce5fb96bb09a31f3850a3155b2636068e42bf5fc03f2fcdcb94cc7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
392B

MD5
0e7493319728019386d5b1b2da89d098

SHA1
e3dd95637622d49df4921694b0b6ee94b786b688

SHA256
a4f431d2c2e17158fe2c62865abc0ae81ffb4c8d8f2f4c2015e5bca1ec621a9f

SHA512
2da1bfcdbe5193e13b187edb3fc30bf21ef7ed754bd38fe5ca5390594bb0a238ab8aa0f5a6ec227fa742ddd8874e6d9822230823e87286a4f6fe6ccb9cdc929d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
392B

MD5
30c79b51376be2b3bfd36c9bc7b27648

SHA1
13f381c524b55e91641708d27e588e369632929e

SHA256
d16b2e3a96459dc3ba391f179e1162f0c077ceab8d205442592801674ee1ed05

SHA512
0dec1038050aee30d6fe803d8f05aab80e28583b01af94365e6cfcfebeefbb922dc2016b4f6b7cfa2ba4a64d0d4c3a8f9f52d910731555cc970bda20a21e823f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe632233.TMP

Filesize
673B

MD5
d9e45e65b79d31d5865535effb58ab8e

SHA1
ff6ea91782a9168cd196cd8ab3eba36a960a22d7

SHA256
3928a52f94b3998937ebc29aa56a2090545aa4f582347f8ba053072e0cfa0265

SHA512
0d210d92be59007ae1f7311be2ac41ce91eaf71f89198614e7ba3b882f46397962983964f45be0b5f68bbd8763b3037ecfb75a95f33615793ef74f8cd7d5e52c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
100B

MD5
e2896794670f13dd2d4d13b86817b168

SHA1
58089c9c0955e754f116b29243b4c834e61e1570

SHA256
7a47c8951a8a2f9d0d66faa65fcb8653970dc9c8e08cc26287f6a9c2ec7cde7a

SHA512
2a14bdee064c729f2cacc90ac8f599cd355c02c0bdfcf7a543e1cbfe8626f3629626d3132810eae3eebd4685d71b306c9de99baa86be950f3698e48fa376f578

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1f9b56f7bb848f82e86b4f76fb874486

SHA1
34682449cdb3921af07f02fcf1dc3749ae3ccfe2

SHA256
58bed6e58af94e420c42bda3e28e62cf737a567b0e30b3c5da862e068a6b63b0

SHA512
44db515ad4e82ad2f7cf960f512ed293ef27951af81f45614173dd576729da4de02eca26c20c461724d55bd0fce386c354d5b36d235bc0c88095964fe1aca379

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
9c497da7dd89ecd40e063b22bd6a24b6

SHA1
98c0438c99066d60f314c2d508eee0e78752977a

SHA256
69be2bafcaa1dec3fb85add59810ba3e72f1a2bd0adf8713a5d74e665a606384

SHA512
af5317a5763988908730b2819023b2b1cbb457ee0e23bbdfe50e226abb0e88678d1843e6e328a61907ef67b28ae081d235eb19d21152d5013d96dec7022f8dbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
e2cb49191e1aa8550421325b06b9c612

SHA1
f218053c949532d8c14cfbb43fc0723a270b068f

SHA256
01e6eb56c3de528d77c35c42470abc7be92fd6a22d15edde87fc706f02a0b700

SHA512
dcbf9e2dce9a8002ca3b8dacce00b2f2486620b6be1c825d9937f42eb7405b4813fad209d3bf00025caebce4ec5a572b6a9eea2047d4de7330e8ece1cc10a40a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0d4996fa576e9af1f9f51c0349f7676c

SHA1
082ef6da0bd27aa669d9325231761df086d73e0e

SHA256
fb9fd8deca56b96102b0dfe9269c03dff4dad59ea83100a04e0d676d43bcd9d3

SHA512
1cb0920d45aa94e9740e776b8f31de8f373e05e398bf56995c7693141d730f0c51f184dc86f925c26f051b7401c04eee7acf8fb67e614aa02219edb40320f464

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
27eb10b1a7a391d4bcb25a91f257abb2

SHA1
f3adfcd3c6a2dc69e05faee3ac872b0770ccf592

SHA256
01ab59a7fa692a7c58cdaa82bae14448a407ef74210d638ea7f8d5be88ba2eae

SHA512
a930c5fc7c15907cf47645ae69e4bea276fe632e27cc39784ceede2fb610dee920fd456661aa306065b5f89b94fad0ff5c8e8d5ef92e9735d8ebd1b02637a6a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
06cffa1e0b177cfb985e5fe4f459b2c5

SHA1
e61cdfa25bdf3982d2c8bf1780e494fd80dd6f22

SHA256
26bb6a8920041aabad362a0c2ba0972349902a5035c15117b9535ae9bfcec64e

SHA512
713b094ff90cf92d155c65e2cd93ecf3c2cc19569eb5646711f653eed4b32bebf97b8ca4061dd4901913611af7faa59239877ddbe58eeeb552cc2caa9180e364

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
bf56af8bcd78244a8a476197a1b5024c

SHA1
2be3d1f706e64c49b8071acb8d5ed55eed33d189

SHA256
78af35eb48f25329e60333f6b30302c7a968be0641df40a91071a7338566cde5

SHA512
ac0f91b370a38d8bcbb08a7dc00c8bc2695be3c0eb646938db73d36999817667ac6c3f24832e6f0202ec70769f0e17db42980087bfa179f44cc1c1ccfbf92ace

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
ee8a30ece9cccba1b4fd011e01a612f6

SHA1
6e65e55165437d12935594f3c5011b7bbd866c1f

SHA256
fbedf30060b818ee924d06369eebaf94ea4978d6343ecf00909624f73f45fe9d

SHA512
625be432f93b74fc21c579f65319cb3e529d7fb18cbf64481249bf9399c54dd1d0c5ca68e026b4a779a058d0c16f3afea3802bf64a713983a782e23edc0a0093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1014B

MD5
7a1f3b587ec1db588e0b116490b68a0d

SHA1
f124f305c6a66810f8f6397e7cd53856a64c9b53

SHA256
e9e906f97459df49703c6aadef3b21e7941367d0be97df154d3b9d2e5033418d

SHA512
42da0db537781c5193b56bfa909d164b9abdee2d70692619f3f03e4dec3955cb1da8b2220a9a77fe5a50cf6ae2a852248a50d3fe8b4d34ff3ae85b9955b5f037

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7f282287609994e5bfbadffcc027506a

SHA1
82cb6bf0481964f54bb55ce59a43569cb7dc38d9

SHA256
6a3704fd2cbc9794661668091ba8fc6f54dedb1e69b345e5c9b6c5deeb4475ad

SHA512
049d9e8df0c058108928cb0d12bcd9831e7f3ff4029a405eb209eb001304527ec4b997b2dccc33613828fda5f14229a98c15b8f3ceda2c3fde1c719800753c70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe583330.TMP

Filesize
59B

MD5
78bfcecb05ed1904edce3b60cb5c7e62

SHA1
bf77a7461de9d41d12aa88fba056ba758793d9ce

SHA256
c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

SHA512
2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9e999d5e5671fe6dcc289a47a1a96384

SHA1
353b4f1968bfcb225be0d66b1207e6042ecad2c2

SHA256
04ffeed719d29308ea96819bd34c5ce6bef291d40982868df4436868c7e68dd4

SHA512
b3413f571bb196437e71b52fe01af2a96641be8b489ac94ee54b784f8f486c185363a522e2d053394b00b61ffd1f075919309cb6a8924a2df6593d1685cf9a7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
900dceb8d6eaab2c041bcfaeb24d0b7e

SHA1
9bd493aba47e0cb903b60fbdb6d35f57e3297a06

SHA256
135dedb33c31e91c212ceec1bad3363d89ba42375a63c77d18cf073a5b9aac84

SHA512
20d190f3950ea56b19145395e73fb694accd20a140426ae249449e7bf22eeb3584033cb6a90f267655b55f82ffc12442a930ea9fe8ce466db5b35b4f397fc098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cc6d721b6d78cf7fe5f52da9c24861c9

SHA1
31b05c80ddd635df05c6bda36506ecef987e8bc9

SHA256
cfc4dc8b446c414b758b81742c7e81841e4495686ef19272908bcc58291e97fd

SHA512
2be363f29d09422614e7efd6425057b9cefe1b796898bafb2a7dfa62f2f909c421443a1e0f03fe7e1219131921b36bee8ecdc16675e5d2e5b0d67ceb08e67e31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
09656bb7c6f855fdd35c46db485d4b6e

SHA1
897e1528e8af3b1d02e40cd70aa47bb6a7afb123

SHA256
61ee93aaab22d5c9c59cc20cb5d3c5f430c0e53a7fe666cdc205d5ec8ab312f0

SHA512
21c3b60be01e9fb47dd720a9a7f397045877a401ab4fb6f3fe458412a61efc7ac05efac16588f4ef06066b97ae3b14bffb8dbba1ed91786a27858e89b1501060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7d12124743db41a29bade2143192bd31

SHA1
d74d2d86f97bf7b033bb290f4a9f56266b2f5d79

SHA256
bbf4dbde5fa619bb54959c163717dcba866e6fb32fd4382c459eae4096bda6b7

SHA512
1db330ee07afdd4076e55205747f110d1ea2552f3c148246494a7343f529b911062164629bc295b5ebaa79b902148cd790cdcb3c76984bd61d3557d06790b5e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6f6941aa7505df1a62382d06aa4ee433

SHA1
4e70c587c84f2c779dea17d4692255bc5ee94e2a

SHA256
bbff338037cbd7afc92fdc9b09b6750338cc241e70a259767d887f535770f65c

SHA512
5580b13038187bdb711732f9f2143cf52ca8588c3bedc4d5d9c09a3a7aeebaf5b75064e375982385cc3c2686c9e4668c7eed4400d7f5b463d712aff1b27afb6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
00d700636866e6df14e16d4d09d9113a

SHA1
b69c7f986b33d4cf4e09ddc3207e1a3ab54505eb

SHA256
222352f481638c1d38b07c22b7ebb9d8b398f85021015ad1e55dbde3f0413f16

SHA512
5173472b3d0e10357c87cf294667d71cb840af8d125f3dae2f93f1370336bd6d0955c97efa8fc5c0b4891d014715a5892b5cbc67e1bb7a5ba7c73f771c4884b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
563f9c38051434f6a0f34d0412ffb569

SHA1
a4225cce023d968bbed8168ffbd21e16db67a20d

SHA256
811a5d0362488dc8efcc8d9f3117197f53b0f5e0f461551b8f8648d117725751

SHA512
6dfa0866460604439227f951174d95213bbcf630c7884f5365e2b8778ed66a24cf258ce2103a4b6a9b8dd913f401d077a34597391c216db4359ebfe9d22fc84e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
744edebc6e0b3a7e09b39e50748da28e

SHA1
7e655222dbe68c4ce4d739f362d2e9d880bb6706

SHA256
616e6a03d3da394b1787626a14fbbcf991a5fdc2208e0c8806f968c3df483142

SHA512
db9451f444fd4a484cbb41b495210e288f89dc780324d56f49c859911d40d404343dac81d43a7cc3a4544dcee2b6e48ca96b68ec79868876ba656d21d7333c24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
84f8f51eeaeaf6d2c609bef56b3956dd

SHA1
385cf3e11c3817d69bddcb931d0d1f779e129aae

SHA256
7b05fb5261f2a28ee54d0ceb5c71b876433dc114d2970789825373a58b447222

SHA512
2399f83310a405a7616b2d9c99fb82d2841040425a102425a165a04d91a8624fa5970c792d7f59183c80cb7269b4c57b5cac6d137823fc45f00387d36dc27f4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d0df44514952c78d2909c1adbf3ae87d

SHA1
af717f87653fc73cab9ade2d2dc69e9b544fc7fc

SHA256
26c74397fa5d3ce5f0e4d832484df2acced238e9f362a7c75f9c40080cbb83e2

SHA512
5b7e5d8c3824784c8e14fbd0733d9f8e991c9c2ad2bb470c58e7421d74158fee837450e60e3bdbe7622a4a8455e1b1e29e87b81d60f8e3b58ba703a6b41e8077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fb7b651e55cf08acd8381181e5ac8583

SHA1
8101a5edb4be2cc0e6fa8f9b8f55eca494c3c6e1

SHA256
802ca564551deba37fd7340186a93e203a043a3eb34b8eef9c79443cd0feead9

SHA512
a0fb804ef96387daf75b3175d001e33b05f50c895e57d7725196f49afb6268e9dc9f440797b0c314d0bd6251fe25f2f15c4a7847863c6504a491d05716a13036

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7a824b232ca39486245130c27c33f94c

SHA1
a9732e37bc38baed872935a49fb1c89dcf1d6fc4

SHA256
2cb2b16c4000a3ce7b383494b7b435bd228f3b8eacf43377b01c677a12daa805

SHA512
a87363a93bc244ed737bfd4024e9c9147fc11fdfd89fb41a4a687955a9c2047ad97acc104d2845fa1d41e9eebd458173866c87ae0fdbc3ecbbb5aee540706ac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ec36807df5a30812f7bd259b7a4a9058

SHA1
c0686ea98955904c002bb41a9fa37e6d5ee834db

SHA256
d6165a1e165aed7acd8bf1047a019f861d8b6ef33919e37c34d8e01e0571a9e3

SHA512
acfa2690802aa8c8482a965e1332136b315ea8981789a405b57719d2591f6ec445cf6182f185b987d302488d8a3443f1aa4d291399672ce049061cbc3b353fd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2fc04a6da91506c9f43d2a894edb8fcb

SHA1
5ba3c6d819245ea55edf07fb12255acab9ddf0e4

SHA256
8cbd608d5a1bcd241d6548760be033e1953e3aed58886a4e19d2270a62086112

SHA512
d575fd418169d1846ce9f7e29875bc2962f5f23ea52531c3be92372cadc0783e59ce1bdb618e3c1153a598719a9f8ad62d259f8c0c2e33ab77c5714f75a7f2db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fb3be574432d4d27a5e861c5860cde0d

SHA1
65c272a20767a46fdf2badd9076fbfd3b40a8ba0

SHA256
a55e676b86720ba9e2f4addc3c54f6b8ad09e383cf9606d706deb3716405fafe

SHA512
bb656b3dbde5aae825ac8b4b8a4a41e7004d9725bea693c670607e02b7ba4d9764c2807174871a2dba51c56b154c805e6d33c82c35efc7b07763ba8bc13fc770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c3e1d0dd7af684b95daf16088e7ef88b

SHA1
2a432792b25193022bf613a2117632575cd490ec

SHA256
338eddccdc6dd2aa6abd8c11f01895ec553d75c830dbfd80861406f96fd86551

SHA512
1e6e995f028d59aa2dc5f4a848611d0ccc94544006c7c7b3751e3b1c47051943551b252511b014b9483f5f0b9fa445060e6eacb1c80f9b2f2d678576601d8026

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
5be1d1e8e75026614f13c36a7ae20d0a

SHA1
006bfff3f2b010ee0a7e95e5a74b494ee716f2bd

SHA256
95538eb1be00cc9f9a631b3d6122d5514d2a3f21888803840a713e1e4635da9d

SHA512
8c7b8ff6f9a954bfe4b378d0818805b1efd122495ed61ad725162d2182326e250dc2f93606d69bb290d2aab92776ffa5efe69df70d73d617aa60fc3e02cbb027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
1e065987fe76484222b3713cde95d98d

SHA1
0b62bbbf5a8f3e2bedc48fe6a65a68b4b9cc22d0

SHA256
f529b6863dc3dc0d3f33a68d17d2787850afdc5caf819bcbca39226bbf18392d

SHA512
92b7be6ff37f651407ff336d6ce25b6bffbf8a472808685ea76c77d8484aa52a312515da1f98020267604a1c21ead4f0d9701542a450ce8376dd83da78ff9c8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d85a6caaec87ffcbf8f35c56f605335b

SHA1
82c6dc3f576bfddd9470927fd53dbeb65c03cad7

SHA256
00d5ba0f13833f83599f80515f4f1f4930a1ac955c3a555ed4bbdcb7b0e901b2

SHA512
8b782531fed53cb2450552942f1b1979aaaf405023e74ed6d9b917f7ea3544891cc25237865b09fc8767099b46cd6db41bdea187a7d430d6f55a9ec3219364f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
aab5eb084098b1f15412f442c8f8b615

SHA1
770ec8d0a0762cda3df8a2e558c46a6289bb0f60

SHA256
d08b8b69d9e75328ef63aaa8f84f70d7437658b657f59677cb52ecced596944d

SHA512
b63ead99e7855f018cd14c7822d0cd29fc97c017d30ea751ce445f8ac5c0a6899774eac0b07e557ede216925149835c88ea1ae3ef528fd90a3bd0de823205d94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ea35f4eb3852d16e428eb1e9d2d7f192

SHA1
0c94c8232458f8aa2975296d5f68ad1bba85b2b4

SHA256
03a54b1f50e1a214fdf2ccd8aad92dfb941831093d5001321bad968fd0958354

SHA512
7c8eb7facbfc1a318ab0009d1895bb80ece4e4ef41381b9aeb931d388698d7232d5da4c09c5845b9a83099c3012249836e24821c417c6ffa150a5fd37c0bb2a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
702962efd47b75700617fdfe7e99506c

SHA1
cb0ea8c30e13d1c3e1bb84a3f50cdc8b9d3526dd

SHA256
43a812c41280d04cbdbd6e04c2f54ff0ae37d29ff989baec6151121733df8203

SHA512
0fab3ca0b6bc9edb488042803963babe1e8dbbcb0f57ea6db88c87c077741229b2012c0b10b3425226d571905ce9fa990140c0508c4fca1495da25f22ca1da25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
60d82bd601d64fd00bb0373f5ecd65b8

SHA1
0e8bde426270dfa3ea285c2c5b7282ab37771d4c

SHA256
bdec91a5061c6a400ef33c2dca5b1d0c16c1fe9e464f8ec99a72442b752e6a97

SHA512
5ea1b33784438acd246c02c95716f72c78293bc8d8e8e6d71aeaab370ae9fc2063ba8ffa443bbfc26c96e45a95549b62894b846a459c986531b34a110d0be38d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0e98d1679e15688ad133f11eee8458ee

SHA1
a4b1a83f0a3f2867954d3146d95d314441950606

SHA256
8aa7eaf918f2969424996a8f3575478006d9d74b308a750f996fe4f5f045554e

SHA512
eb34d52a8df4992444000a93c8d0d11254069b5f43a68a6def21061be03a538f36c42b2e968a8637f12b93235de3140002b0212aa2cdebe0950fd115c04bc72f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\39ecd850-2a6e-4b97-8cdf-3bb7ed96b2e9\index-dir\the-real-index

Filesize
2KB

MD5
134795f3383be7d58a590aee0cf35f5d

SHA1
3dbefd8e78ddf3ca30dd82b3e949547275b1f160

SHA256
eefb2fa01abb22baf7b70f141cc6eef438501d18224bb103487c6b6d139189ac

SHA512
3271cdb73384032a5ae5a386e3b1f369e17b5251a3cfca35cffe46cc7bf548a2a48fb29b2b1e9adffc503043250915f90ecd801f7c619e888bd2efc5d00bd6b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\39ecd850-2a6e-4b97-8cdf-3bb7ed96b2e9\index-dir\the-real-index~RFe665376.TMP

Filesize
48B

MD5
0e73309b54f3e8d6a4f1cb9acef7bd6e

SHA1
f85568483652c878f3e8df8f59654fe28f58c505

SHA256
033e54030513aef264833e43b13f33e05c085683a99a38797aa6e65e8d48d41d

SHA512
7829a1060ae901489e0cd798edf6cfa92dece873e6b94c467d07f786bfd0fda7a5bd95ab630e0b393e54f3b4f0fd015f7ab1934bfc41bcc1f623a7b5372bbe19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9a5bbaa5-7c9e-4790-91fc-0fa60b4e32cb\655ef16afe9cd2cd_0

Filesize
2KB

MD5
fa433942bfab71059da872c9487175fd

SHA1
738cbd31c5bbf3e2bb6966984164ba555055722f

SHA256
b1c8165a5bab02df630bdac9843f4578af0fc423fc95d32798bf86717b6b2c6d

SHA512
e3ea20d5fe5467e0f999a280c809c7ff3db33f4baa390a232a39e15d81ec45d9c7ae8ccc7f0ffdc5012cbb6c65c0b9c46e6e25c78a7b99d8588da51e59ba0e5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9a5bbaa5-7c9e-4790-91fc-0fa60b4e32cb\index-dir\the-real-index

Filesize
624B

MD5
1cfca6c7bd0571e5f055aca6a3a96480

SHA1
a38c7cb0d633a52c89848f8b619943b603c39e31

SHA256
e0a4b531faeeb6baf8161071263cae778d855282e50c6231a82d4450c5ceaba1

SHA512
35d1b406d249cfef69528954deef5390123346fcdfd710d5bb0f585e2b3a3f3bc43cf845dfad7ebe295d1b796be43a96c26c4407128f76a4602ea1943ec03b2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9a5bbaa5-7c9e-4790-91fc-0fa60b4e32cb\index-dir\the-real-index~RFe6602d5.TMP

Filesize
48B

MD5
00af8c52f39a5e890fa9a2bf1be31d78

SHA1
94237e380af08a0d549093480a7692a4bdb7c26c

SHA256
fcf1571d807d0e2d2c8b9ee6bb1d95524b09284b84866430cb19cf757f876ba7

SHA512
b7f1af4b62f9874e5deef0b5580c8910a38dd1feb1dbc53581c42bbbe9f6d2633a6fbcfc47df9e857d2df3a6030e6a2b359e20c9207a9ce3b584d8a08727a88f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9b69a35e-5c0a-4330-82fd-0cf5e69b27ec\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
1ebff83991e4961116d08df4fa9cfd80

SHA1
dd5a96d1d7c8aed618de8e18ef7ae30ea0c67827

SHA256
0b094b1171c94dc7378f369060b1a77db66d7435a8318775de3d75978a5018b6

SHA512
a91d290a15fd85f76b4508594df7bc36991c9e1f18c6d1e5169e975fec21c7889d38e9c2d252056ad62e4d217499a8bbd0a9cd750704faf84771fe4c86621626

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
aa4cce56f33bc5f74b75dacb382fd0b6

SHA1
34aba76b1eea92155f1bd1b672b63de3e868ae0a

SHA256
ce8af8c64bfe5f575e911f7743783780d95187d6a47b259a575336b5da33f8b7

SHA512
f995a8e81fbcbb334ea33b9382e745961fb8161b65e76747a8461227ab6cbcc15ac5314af4fd57eb504cc0068c334bed23e15b51c2f7e228165b0a08a5acd4a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
215B

MD5
af6d43290a619f402c0b0f16b3f7ab07

SHA1
722c795fcbbf9d3533412fdef0e882754e47914d

SHA256
e65b453225e3892decda9a3c98de3095067047c87a9dac9abec8c60fb3459b89

SHA512
b950fe9f9c3080c299d152421155e8dfd70bce3c1a4cb8bafa7579ffcd9b2a5eb21767d61f0b8168aaa7dbf1c9212aa91ee3c0e3d2ba05fbbd600b9674aafdf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
75add1b82baa19a58605e8b69b0b2cdc

SHA1
d68fe0a1af388abfd4671f842d45235d75924a1c

SHA256
1b656dc73ee70b7aead2a18addecdbe36dbdd4cd16c8675a95d1f603a5a3af6b

SHA512
291791d5e8e71a122ff1348e0f0aeba507b38fa59dd468c8fcaf0981a1351200afac3f48810546ee81996163e1e3e03da7e265eebd88495beb180ff31fe94e8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
6c0d99d8602560d225ef3a9fa7d29f10

SHA1
72b740c9f5fc4a42d7121003de33bc879f08760f

SHA256
c049264223cb6a58da86d43b5dff277f37a23634c5d8aafd32886f263b0c1fb6

SHA512
d983abff225337867b15aab1da9e3e08d3918e031ec077a5068f56276dcab6f80b7f7bedb7db5c5ac09e00f005092aa9a3305a6dc5dd7fee0c57f04364b8f4c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
151B

MD5
7aa92b83e0cdce001f5bf02743cf88bc

SHA1
f9e8e97a8b921d297ec2ac913123e77f4fe4764d

SHA256
85d7b11cc993c39d692f9bf31e314283f6633ea8d2c014881324fbfd211ba5d8

SHA512
ef2729e0da558199b5ef90d4e88e16037f49fc1f30b31ead01ca5f786393b0ea7e4b470458293074d38dda69bf69b200ae7754558c29d4995b748a844bc0f4ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe65ad91.TMP

Filesize
89B

MD5
502358136ee263ea12e1e8b0fccddf13

SHA1
5d7eaf2ecf03b9451091319d60a8670a6e9261e1

SHA256
54ddf1c6b8a1cda5a800b96fee4007458d4833f5112050b4e68d18c0fe3dd9fa

SHA512
ddd3b14a68489aef219323c537fbdba3b2dd22ee035e9dc67ec905fdf86c07db226830ccdb178c65edac2c5da62e106f57efe94a4875f09c17e47f245003db89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
af805ab0c3989367635616c77bbb0c04

SHA1
145347ae2f3dd9d725c20453823bd4ce1b8d692e

SHA256
fbdee42a16b8eb37df3630b17611b233b88942a59f336f399b255f2baecfae6f

SHA512
e18e622608b6955540e86341ee93ab6db27420bb97ea13dd35b0f5f005d76aba830426c10661514015c6b6a08c36d754045e3cfa751f65f2d734fdc19812f1bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe65fcea.TMP

Filesize
48B

MD5
82520594db310977f3202241227f0276

SHA1
f15190e4c77cbed6fe721cf8c52ca289aa10dd3b

SHA256
f584be918293da0ec247fa3c1f2e4f65ffebd8a4f08098dbb9fbbab7dea509e1

SHA512
121c5223467ac1d72e4aceae3674f2d4b33e1440dd27e57e88453f8c4d2a93c565a711a8e44b180367c5f84743910db6fc3310894086756d195d13fa212680f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
285b8d367311bdeab7ae2d95b2018433

SHA1
5509fe4431268225c9f53bc6d59113799632a83e

SHA256
64e5258ac17f18925abe9d29a692902f3d307f98b400a8fc9bfe7798fd1f5fc3

SHA512
baf57df71653a2de89776f765630ac1042d6bb251cc51ab52429517596d5ce4698173a2b9348a6857d04371a63c4af81491bfbb910ecba3d4afbf9ffa5a1902d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e114e901e38f6e97042cd2abbc3b9ddd

SHA1
9d70c338594666b762845fe27d635f88aa982531

SHA256
40f8a4c41321eec3f13c01ff70d0afd2695afae69ccf2166bee1282ae8bd09ee

SHA512
04265a2fe924ac35dcf2889914b07aa9d57664207188e9fe7040274723b3c7c699bc585c83a7004f8c846ef60cb360e4ad68fc28ef9adc7360ff3cbfee90ac76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d9882edb6258659d94e8f24040534afd

SHA1
2defa5d37f37de6eb757513187e93cf05c4f2744

SHA256
7b45b38d3a57b03232ec66b3fc234531b21acdbf022f7ad2e00671896c9b4fd4

SHA512
18ebc22c8e393c9c058a6eb65e1893f66f4285580d4bb427e1e9e7338c9b8b2785ec1e45344efe2215878c613cf67fa342e1db186d8adb09575bba15aa28c91f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
53c4336b4b9d86f68077c4deeb75b020

SHA1
65bc25c9c155014407277d26c5f0c1b72679769e

SHA256
7b0d8b47b3d2cdf36ab94e430e27df756bf3c3baf0677f7d789ceffc686ab458

SHA512
fb8b0b69efca85d3f6e7989040a5ef3c6924cdb500000ad4a49e7294e1067bbdfddbff3a8c58668e17d0df9c2971575649ab42ae143bab0207e8fefd2c8d4c94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6afb7c8347a7138c748ace81357f093b

SHA1
75c6d4a8fc8890da170f783ec65957e1d4b0a1bb

SHA256
f0cf2c7b254d728ae5af57b4dcf3c2ef228e7689d7c8bcb5a005e865667f6234

SHA512
6088fe37ce5c6f200d11bec74d84e7f89f252c1f541077df0fcf439146cb9ee7b76f1f4885693e15d46c3ce836b8c1cffd70762415991e27455b04dea83515b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
2af66cd22ca11aea3b2875e7606ac761

SHA1
03351d7fe2351750d923773bb4751be1911cd417

SHA256
d2ac7291dced86ea8115d000918e9a0d865a6b0ef09010663e922f41175f890b

SHA512
16088459d703efbcc6c5713b138163cea8d8f02dad000ec53c26e60da4581b1e54164b88f546c551721cfab195c878da4c00e90db78034ec8f63db75755d6f63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
bdc51ec0e4dec1cd57576fd876b2f3fd

SHA1
693297d8b6782ceab51844bdb0b4f1e1f2eeef5f

SHA256
870641a7492e42a4d1dc1bb459d421faa140a6b72f6c8b053677be79b571d10e

SHA512
f4448833cf946b98b2fe69ed55b32e9089c48550755ed6fb2b3e89bff83b5abf73311208679a4161536c065cdda4496d5a48955f14f71e0289212f7bc45eaa1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
ea66fa39bdae52e21216a9ca94984cfc

SHA1
6a1afa0ae29031b5f5ad63d9a1e67cae803cb72c

SHA256
07fc34545f49871ccb4d52e6142a0e00be4502bd7ccb0b013b77120ec1993d2b

SHA512
9ee378f881fc78a1bf5d7042a5f3cf08fca988e675ec2c678773926bfbded106204df94bde6f29f46cdb7f7d011b34e95c01bad057466991d5cef235a0de9c4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e9429fcd706769dd6d2e20078192cdbb

SHA1
fab39959f5a53736faa31aa6fad7434e11bbf0cc

SHA256
603b4b19dffbfb7b975f5679c3e8723c36ffb8394c89d579f5ae39d033fb66d1

SHA512
f1b198e5e81575320e9c955675f3e4e077afbcae47315ffc9064acb227c3596f14c352a44717599b4fc6c51508ba47721d6684b234b44d98dcde1dda8c4629c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e97123fa2aab753df1e51f28fb8f1e5a

SHA1
f28127be900d3b0f173971f052a8d1bde6cc075e

SHA256
914bcbbeee76d1d177f0b88d2ebc3ff17064936d635e1ff1c1594c10dc84a407

SHA512
9da4e630232c4d88318e6d1b48489d77a4d554163c9da0338adc56fbde6f77d747f831e0a3d1dd7fe50eb00f530edd5c5d7114475a8b06975c44bbebe1830459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
dd0023da0c9953407141b486b76bc2fe

SHA1
e0ad7caf2c88277237edbd49a89ffc2e9edc0e53

SHA256
73b603f17c1d19bce702c7e78782884c465600c098178ddaf83cc16e02211dd1

SHA512
e291d5aee495e9a6ea9af4e53389b82b46fe369ca34f92ed93398bde4984e4263785cfbcb0547c42f9ffa56a7663e63dce1a14a207e5cf2c716356a727ab8d2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
389201661fe75fcd12f03669fa2470b1

SHA1
946de8cafaeb8c76a941ccc3f8ba9f4a824b7039

SHA256
14def8333f8761cc2949a300fa375b36b85d9a5eec121222f03d8887a062d092

SHA512
c12ca51eb4656c54ce31b41c79085d6898e2f0b8646c39c8812ed9c0bb37adac2765fba48b2cc1d9e9d0865d83580cfa53b63a4053498a6f64c26c23040186b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ddd2ff3c2869a32f9736dc24f1debdeb

SHA1
130cad8894f4c0b9a305f855c4bba7956816b6e6

SHA256
e969075d81fe23ca637cc63baf7280c365aca7a5d1f0bac8f5367901ced19e1f

SHA512
c5d7e6c39ed20c3792211f3e758826b26d6baa203d021d9c9816aa4867f7b3e2abbae02dc5dd27870e2787de2642f0fc7040d5fb3c96646d4cae7fd74bcde573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
796de1b2e37f1fb5eff8424004cc7392

SHA1
e383270ab176c22823d54958732b7f805c42026d

SHA256
b296350828b8097553a123dee951f0810b7414a6cbc143aa6e756df94c5b983f

SHA512
17b48051d11fd8e63081088b3015936ab7d59b0f675a9f4ffd8ed5baa7fe3566909600afd6fc251251e4133292d294ca537445195324fe6e97aa8fddc9691703

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
2e0045ef21a4343f01d3487d099b4f58

SHA1
99c22e3ad2f0584b10e08797c9cdb13d1d4dcf0e

SHA256
235e34c9407b5acc6eb15cd331643d45d987931c9cc86544f5e3fd1fefdc4f9a

SHA512
d4fd4df3a6c754c523a7bebf6b9edf4df0b1c4007f59dda9c61bb0998d7120e6abba4b777214fd5a2bdd8a79a5826ea080cee5549424445fb04af3db6777ca7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
52182eeac1aded1ab9481342ceedf9a0

SHA1
28f9a047b41f6e05f89ea65916ef1d76ce04ed31

SHA256
b75c9f75414b9a9ad3d503c3f5266a57af265f4a85ae695cdeea5c49003e6a5d

SHA512
fc01f6ad68dbb768f82e760614aa2784ae660196665e3f47d85daaa0f8dc9a67941e91b96340d3d2de5a873da1c0546e041a31a78a937132f0962016068312bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e4824201e8bda76db1bff4c4e983f40d

SHA1
5fca70272300cb52ed773d1b51cbcea7095a78b7

SHA256
92be1d0ebd5ca496eeb52f6c6ceefe39004ba98f87bae99ae05a75351d876428

SHA512
7fd3d433c25f41a4c304d8c8110f6adcbe2d7c55878db433b315bd80f78fd17c83fe3e8d557ea938e6fe452c9519dfb62ee1b0130baffea38d77cfc9f2c320f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fbfe79cc0fa297d09495513ad529d4c1

SHA1
93eb5e66b48dd65a92a9f1b6d08b0de04c2d3b63

SHA256
53ade0a26d4dd0a5627749bcd3ab58b99192029f64e353ed974dfe8088612350

SHA512
709c19dc4b950007d60574bdd5376b4cc8c801fdd9fedd7606c9442094a870b8c041ab200d37190c91304d9bde26c03802ef863c6019c57c199691020b96ca60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
be62e0e778d3031cfc6488e684c2a817

SHA1
b324122badb74e495219c5226adccd6ef9e23df5

SHA256
72e522c515197d08fe8a9c023dcfa721ee654dc91deb52387735932cdc4e0aba

SHA512
ee932aef79ef8a2a679b901c3ed6a2a8c5471b541dc19cf05503eb38766c2adc8ecb465263de2d8ec74252fc043831e5bee2eafdbe4e910c109a19d7650dc2db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ca9a78d1640cf6de679c5bc79d711a72

SHA1
105804b3ec26737e65c4c4785d1f68a209d55789

SHA256
56acbde51ce5e060b58077a23e788c32281fd2f6dd45264d051b26707c75649e

SHA512
adfd7d3fa7f6568dd2d5091310fe032d4e1f1ddb37b49e54a7ad51e8ddcb0a7889bf243a896070f6a2c8357f690770df896b38f64ce0d78ac748d29bbac6d3f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
339c0ec632862dea61264db28d45cb1f

SHA1
7ed99e870d691af0da20fb241b06a9e581704269

SHA256
35495d8089ac5af6b1b98784225f787bdbe2915493cc6d305315c0f71b3709c1

SHA512
57597f4a3849404248c0cef564d0d25308b314c6134f4e52d74005b3577f93cb1f3f75c100b9b0b5c1158bd1eade9ddddfa23d95f3704f7b98e4727b04f83783

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
31951cacea14716007bafdb324a6d10f

SHA1
c62ce86aa25bd1ce3369cdccc2a136931f89be0b

SHA256
ab13c815c36a10393a443e7847abcc90615637c7f11d7603fa0b2ff86d1c3bcf

SHA512
4ea52571481208e48d12ae36da3c39d93a23adc4f1f1ecaeaa1fcc7bfd8de7e1c210aa252f8d410e5b759a0d7795949d9c67d5873864cad25d3439c1d0c5f81b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
cb88837f1d70b92dccf3d419f07dacef

SHA1
a501de5dc25b429f5976a3c35f6a40dfa604968f

SHA256
657ebef300b2a35fe60e3eef0aee64fb136bf8770294009969d1c3349bc2b6d0

SHA512
5353e25ee845e073e631304e6338091dbf5f47a3ecacbbea7418656cde45eb66a2bba53f66304437bfc7cee3869b5fa8a05e501118022d798bdef281c271c9c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
597bb6857ef36d964e0f9e588e60826f

SHA1
ec7f36df9be82b3ee751d4c471c76c69bff69df9

SHA256
2e100119db70e717f3c04c8b3273ef847c90633e9222c7e171ac5dba89de7117

SHA512
728bb512f8b4cd42b07e52502ef93e0c74c0b0314fe10212cddce706afcd8c386d27e85a1896f9a44a1a0dd8e90a565b4ae9fdd0adb144462588efb6dc317bce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d7a84af00914a0a3945040c55f015cd5

SHA1
f36e843941b66672740e02cfc46390d2b033ec50

SHA256
50b66b7b3843be010598ea91fb4af69479f5d3b2903c38a17d182bb1ec3e9892

SHA512
0b157ea25c570ccc498974773a88f119d2b9fe0e65f2807bb5622dfe6f3bc9efc884d381b017ef54595209e6b6becfbdd86a2e6cbcffb8e3de6398d626486675

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
ca86e03c4f5910a9d50d60e19ebeff4f

SHA1
af5163a701b223d7cf28f967bb8e074185f75e1d

SHA256
e9ba42c2e00a85ce28ccc1640158b4d982aa69559fe3a050950c2e1618a9baaa

SHA512
e739cfc47d1955e521c964e886da3854b5001fd771fd0254edc22f50940662da3c581eb320d536c451f5f964d96d93bbbe80f2ae623733aeff5bf4e24d4889d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
0b91f01fa64973b3c5a2ef269f0a4557

SHA1
27b5b9551964204f99ef9b1d2307bcaa3e2f9ae1

SHA256
d54f7eade1f3d792e10d04e58af69f4549785f54a844d253ecdf52c6017c2b88

SHA512
610167c38951b5deff92d9a3d342b82252a67e912a21d39e32b7c0af837add58d423696329c8450c03e44aa05cc2dc2c23f80536d4cadbd7fef65a236884d219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
5f17cb9fd72cbc1936c0ed42ced1fc8f

SHA1
b3e5aa0b4dfeced55b95afa5d990f482e10a1164

SHA256
e5920d0a81843493fe4cb3c2af4a32d2f258f12e2e2ab7f95600de891d5a6a7f

SHA512
6e4596625a98e2baf723a510e04b833afd52e596bffb72dfcdb82e1cdc681549af1274b5e1f99ff4f6974952013b5c23c38f6f25a37fb21740041bb5bb595011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
95b7b4558802b6f2965651b6c87cc711

SHA1
8c58c5fa48ee4db658cba352bf0fa421ae88e144

SHA256
e624741bb9366339b603c9264dca785ae7034bd2b607d8f0ec41b23f71eb7aa8

SHA512
caf37919358edacf37621ea0f4f841e88ef6c586237c4bc0670b66924b83d929fe46103981bd426960f8ae5a642c659f0e3e42f0940bc02144ea021a19bb59b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
be46907ab399b9829eb09bda1f1f3498

SHA1
93d3cbcbddb536fc09fc0294d960b403fb12b92b

SHA256
15a67c611d43b5645db93dc16efe9b6dbff344a5398d12b7ff750cf40e0c398c

SHA512
08c22351ed75d12edf8d204928c60ca2680e455677bbf0963a5afdb81e0c855f8fe23a9a900aa0900b4ea8f36c058e161c2b33bb6a5d24994d69d55b7cc99576

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
40043fecf5cb68c2725cf20e3d7d2ae3

SHA1
ad73cef89b270c4f9df5d2475b1fb4218366874e

SHA256
4b00c21c4bb58d6c40c4fee30d9e272920d17779420aabfe7b6da4341f15dd0e

SHA512
a339f6a80aa0399e808f0274f58daa7340333bb10efc1c30aa128a56f2c3196f566746c693709e12519579681335908ce07ef31a1f2b33bba77e621aa02dc7db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
927a4217ed8540ebbe0ebcc30dc770fa

SHA1
f80d8e4c82b468b784c31064d5bdc26ec7a4b631

SHA256
ae9dac92b0ca826b664021ad0b805aa4f9f4f0cf2390795c89fec30df2274424

SHA512
d75263e029a38ed2ef2eeb6e42e6273a081b44da2caeb519099928f047e2bd53f5744ce8850b596f50f1df1815d433455b28f2637b1cbab58dcb321bda0db636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
d171a356a72b95b437357cf3ffd02642

SHA1
d48fe5d3ec3ec91038821a07cb0b77dae6edb5a3

SHA256
8017e9277524b422fbde6d75b3c20737b49428520e2d7311472be6fc779c5774

SHA512
a77f61a75d36ce663e7969f5aa2d6d4e7581c9d9603e6579f7ba69a1482d60c5a197f6a3a66ae2d746e876658cb603e5103a1f6bc375a84fd92d29b616804b52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
0686f7acadfc26e20605669b53420130

SHA1
3201c2af4a5ba590e7b2d4d481fb315cac7572ea

SHA256
105783c33c7474fee97269a34f3d311e14bf1ab8d0925b8577044c0e126dffeb

SHA512
bcc99b991047fdc0fcb42053c4bc80fed9a7b0e37285f9375cbbb8dd69e994b24f7a10b2db4d2fa90102a2dfba4a6194becf13d5745296fd798d3a323d50a94e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f32a.TMP

Filesize
706B

MD5
31bcf43c05163801b8fb454be97d781b

SHA1
078c2f59d2a03228a6464ae88cfa2ec38e899746

SHA256
b7a2b86d432a4e6e22ba67bdb334c6ec976e5fcd7f88024d566e1c17a7afd7a4

SHA512
ae6022f6a046208670f1225689cffdf7657f40cf5275c799ed2586ecf8ee4f3d7605d04ef5b34f31588a8ceb52236b66133e74a332494da9dded736e4ad22d64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f9274fc1bea3c0664e2aab00bb369328

SHA1
d1c167c8bf561a1726898060351c48c4cca2be03

SHA256
3c68cbb80550634bcad1ab31d459c2c98e430d463f8db50b0bddb6f77539208c

SHA512
832694053577dd4f7112b6850ba489c3f9a81e49045d261f021c13b5ef7c2fab263e10084ea04fa3d9556c38351ed0f639b7ce45fa033dcb3082c741059e7c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0dd8d9c909c35f5264c0c2d902506097

SHA1
100936ecd1f7b7151542d3b8fdce720af68ad7fe

SHA256
407c4142b212b3d96ab3c19dc1e2844d252859bb3deeefc6333a2c0425d74530

SHA512
aa839b0bde6c57aa074389461154f4853424b2fa3781456eaa6552883966befe1280fadcf65b88977b484fc01a742695c3a170e7b73052926704356a81b32675

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c837f8b72a78038d1c6b92fd86e9c919

SHA1
e14d1d6119c02b4275efeae6cd4e4f15dcf61ba4

SHA256
f93786ce5693135ec8a52456ee8da56bdad018f2af0a97b156eb94a355e5c2fa

SHA512
f6ac7514d71f466e52fa82b231ad4dd3bb8b15cb735f402605b414a74f7263ad8d17aa1a5162384facabd9d6a12d988b60a367d06f623dfe3ced5c6f88e6bade

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3c85931f245e44c59577da2a8d05fa17

SHA1
54ccaa4b71ff2c56e7c805293df278b980bab7d2

SHA256
e4ddbe3e1d5fdcb50c1855e31d29c9d8d771d289e8fb9958130ce64ff87ea5e9

SHA512
581dec5c870c23e1feb2538d3171dfa4d5c4f82eb56f3ef3b41f3a79e08c8a664395a105c464866711f7179496b71363b6a2597d7093328f79b427a8123b2a41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
943d953c70f8373051d4b500451d500c

SHA1
04975e93f6f06b0bbb72c5778c60b302823097b3

SHA256
eecdee75b247ab34146a588c130270fcf582a8db5ecb04e2f17543e774a464d6

SHA512
9171bf63e46900b23d37675519a7ef2f688c2ff8e3a3ec67c7451d97d1f8baf3efdd374a9a4df60c31330df79a044d73cf7c50d4ce1ccdd49f73dcc2a16d1a1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6b1f1760207b496d73eebcb5f80d345a

SHA1
e34c2a3efca93d1051d845028025eac349aed225

SHA256
d41e0fb7d287cd7df74920390f3e0b43ee9525e2c6256ec761193ab581a7d133

SHA512
375147f2580cdce7cb10d2aef8463188fd4d17409ae9ef246d27d10bdb6121662ed83c0649a3dfce9d3cf012ecae779373a607c2bb963d97f92fc25aa9d48dca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
1ea50e2e1cd27741e58fe4e756695036

SHA1
ff8c73edefe4d09b477f91191e0f19d0bd686e91

SHA256
43ef8cd9c321a5797c3171a996524eb3799bebc9f857e38a49a72d224e2edef6

SHA512
28c157f8e164789c63c3077f1703d21659c184ec766f85a29f69ba484c5ed4d7f3a45f7d4c3d3e765910ec54fdb3990f8642ec577c52f233f1b39aa608df5ab7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ld3ilkk.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
1c0798b8eab98666307a838f17422e7b

SHA1
afb6714feea2a15c4bd85af7b42476d43b010d8c

SHA256
d3948c0a74cfa267cb63d87b7cf147a9f1ee57a82bf8de53ad71c3a8a5a60adb

SHA512
cfa50af9450a15e3570326effe3ee64c0b0b443d65db6a349e01cd3dccab89400715b72debb7eb13039d32bd97731066ebecd8ff56924ee30dd202217620cc1e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ld3ilkk.default-release\cache2\entries\25D7C63DB3C95872A6D2F8D1792F468C1002EA0F

Filesize
61KB

MD5
fc27ab521a11e169a2dfff8648cc2e0c

SHA1
f375c970c7f82eee06454dc659ce2f91b3b5c2ef

SHA256
ae111dc72ddc2aca5fd2d1a2b1a7b2ad4abcf8e6e522edb247ba368c87e97987

SHA512
1bd9061da740ec62f4df79ab06e46a5ff5e7019aeabf78e120d79b9fa5d0b5d98eb0fa2b32b740c49ed48f8c203281ea5e93347107b7771e37a8d5ce66078a32

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ld3ilkk.default-release\cache2\entries\2B16ACC15AA680352D12943E950AB926A085A466

Filesize
224KB

MD5
1fca8b7558d4bd6b47e1967a014b4ee3

SHA1
99893a13e05af0a55e7f59db7ef44ff56d656d8e

SHA256
e4ded29fc04acf91bdda452479e46ab41e82dd7690f17dd41c4a3fa271a30cbe

SHA512
5782aedb542dc5afd16975d351a35b6137d4e9cc06e6fa9847ebd5f91d7002a882afa999b850254b73628291ac0288812a8b3577033b8b26474b25b5396f982a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c4dcb90c5cb2f701ec043fc705912a23

SHA1
aa070ac359c621fefab10782d425622c74e3faff

SHA256
0ea83b46ec848f8cb5521d1c703082c4d8dc02477563d414c7f492bf7c4e9877

SHA512
0c1144542610cee181fa17888cb474c7b19176152e8b34791beed7bcde6f5c77fe6f83853b1da8d3b2e8d59dbd4968c6051a2812f311fcecd8ac2bbbfc4c4219

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a5406ea8312b02c970711fde677f0dbb

SHA1
6092d3c01352395115b335a3cc5a74e706d4d026

SHA256
6bd7717206d85504c30c744152c438272085eef8ded34c84f7cd5b0799cefde2

SHA512
3213d14cd1a0dc898f205b732ce4fc12e630c563d2799fed289298ac619f4e662ad044da6dc04f152449db44fd848e63ab2f31c9ed0845cdf1c862d8e29a1aad

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_0

Filesize
44KB

MD5
aa3eaf2cb0b6c931d136a6f3d9a1e633

SHA1
a5c607530f93ddddce281bd78a82cc75f1f13377

SHA256
203c91789b54cadaa88acb673c9c73d8235e143eab6039ab3beb55453b56a1c9

SHA512
4a4484232abd93cda053a3e5df5c051d45523a6f237279c02d74c9d4a2a05e44847bd61420e4d66c09e955eb3b7ee6bb7c7631b457bcfd92c6b873f0a2274008

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
856B

MD5
9f4f905efccce673335ac4f409b751ac

SHA1
09ce3968ad9bd5f42527773f46363537f7750bc5

SHA256
fc1671e1926ba57beb069502fc655ec474388625d619ae9c2731df6794a65606

SHA512
a20b76d230e9c368e05571dca72966fab6d64ed2b12aef06ec2ce4ab9ba030feb0ea587f547106d00529a88c1a0bc7085276ec749b0276b68976794341d12318

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
744B

MD5
7b0742c3b5dcb8d9fb4da89d658829e4

SHA1
0734411e1f936bddf6ea67f9690eeeee35e6829b

SHA256
7f3ddfa4015fe6bdb6bb282b439d361cb9a376a28b9579b5b8715ead37d7be5d

SHA512
2785b52d977ff7453cc985772c6713a32cb642d8fd4f8ee416a63ec8ec9a3adcd13dbd3a620f0daff82e77b7d7c474e97d8a232a8f1a528a04e75bb5d68c359b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
687B

MD5
19f851db9bb412517b54b95f1a3fe5eb

SHA1
e89bd344c70811a60877a631deb2eeda22e3c349

SHA256
c012684a7cb373745730ea672e33b04ec18267096802285eda24b3ecd623f25f

SHA512
337811f29269f10bb256ab8e3c3177c28df155ff5dae3b4983e21f851342d1efee8de24dcdd22e4691d5cb3f7efde87ee4302497570adefdb2660c83d3ca51d3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
300B

MD5
434bf48cdd7363671e9061d8d8c167b2

SHA1
d524aed581e99efec545af3e2b0c2fcae165b256

SHA256
b45ab419cdc44f3f305b88ac52d7e004257005d0433ef99b0fc5b1039acd9e10

SHA512
74fe11d5a2ae064eb1b3a7dc52e8d6a3c6200f3083eaf5ff1e8abd608b9f8cb6da43eeb28fb8587a516602b16c5fa32ab2c30e488b0133f780a6467f41f4070c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
188B

MD5
098c70636931105881aa196a4c70bc91

SHA1
434dd9a2037a50c355f612dff3551a7b02bef339

SHA256
7bcc2b56a5682cf42f7c6cde49342784a9332ac99ec7c9f288a08be39b482b69

SHA512
adef751ba9eb633369ea11893a52e3774da6bc9aa5bbbcbb0c17e335944a4696f6f3ffe7167bd127e0306beef6a8a7cfe9d0a450285e83edef378b45fe6c7207

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\a9826f08-bbb1-481f-bb66-a8fd32c36b23.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\ShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\ShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Shared Dictionary\cache\index-dir\temp-index

Filesize
48B

MD5
2ad9ad14a9871004dbcf7d6b826aea7b

SHA1
6bd52852c29c00fdbe290af33e91d3823c4dfd79

SHA256
e499a845ffc1eb25540326cfb168cd3e76b767434f453bcc5bf92f547ef14f56

SHA512
cb1e7701e1e12fc57f47caf76d32f14c8b1903a8280b54ab72429f949813cf377f73f387e9acb40c6e242983db251a51badad61109328ba658ce1d94450e0f00

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

Filesize
2KB

MD5
602c49f9246967bdcff45b4f43cf2fb0

SHA1
4c5796e0c724bbd7a9244cc8a0fc9e8f40181f2d

SHA256
a3ad9649c1038078038be1abd591cdba73b4b4f5cf30e11bb6cb7a432b746114

SHA512
2f273c0dd0127071f4c768cfe7277c6efff84c1ef4f4271c1326db3658c84261794b106af3198717f349fbaaaf276163700bbb50ae20fe52ed0a88a192d46f77

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfD0AB.tmp\StdUtils.dll

Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfD0AB.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfD0AB.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfD0AB.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfD0AB.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfD0AB.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
15KB

MD5
7b9356bf6681513deb1ba85afff61bbb

SHA1
a495bfe59c0920cb35f9107061ad2e85d7d09c41

SHA256
08bc40de8c9c4030df4dd874e63fdb5c8566b127b86820dbae837cad2d5d04a6

SHA512
e38e68305f2b908096f2c6a2b1aac1ce1cf05caa5684fe0bebfb91f92d718bb99da060681c79c9f34f7967266c16d0c0c1697622a1289207fafa6fbb2fafb971

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
16KB

MD5
56ce78e10a0e6d5b4f23b9d73cfc921e

SHA1
bbf5cfd50557c226422c0ed438bc09272ef54455

SHA256
e821761c93bf00a95e6c87ea4d7029fd7c5014c075627ba318db04e588762f7f

SHA512
a8f7de531f7cb14799fbf31b41b25b6fe61de5989b1ba6ea46c8488fce94cc8644b60742a62148397e00e9e5c734af941cd808c19f9728e005d5cbcaf32e4d78

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
15KB

MD5
e0fe12f2dcd7534eede29009708010d6

SHA1
67cae3d66be56276e27a62420c8d01c97a9bdbc5

SHA256
714c212201ef5e317ead9fce9e6a5e074c0063538d2872453903d8dbc8589030

SHA512
2000e901a697a4b85129f6e471bdd584d9c16a4b3b8486f953460206cdd00671b73c72a90645a6fcc46426596cb62beebd731e82239ea2fbffc04b29f1c8c913

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
17KB

MD5
db03a1e5b3cd54afd380b11534183c25

SHA1
dd8c02cfa46fdaafce6a996b5020b731fe208d9a

SHA256
20a510a46c6a0a3d3a465538b563f66a78c19d2dbac19075685e28b87af98334

SHA512
013c7ee7fcdada51826dbdd6118282dc85b31ae1eb7127e8a0fd79f417dda601156cc2d12593d517b418c26be6356b90c4d8e0259e47d9ac2b572afaca964b73

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
d68d6c1d41246c9c9d8a94e61b80c97b

SHA1
39140429bcef05814f7bdb891fdee0e7d89a728b

SHA256
5d45d95c4a6e45389ddb775d3b0dcca32f7fe2c25ccedc38dea88994f41b0126

SHA512
6ab53d10eded3f026ab1a951f4e5fda60142b951e49ca8aba257e0828334e441218b7b8f2cc5fe1d626885a192cf97f8328a163b006702071ad740e3491616b9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
1773e5d2e3c892f6f873c45aaf812912

SHA1
44826d706196319b258e3c220fd82475e9884be6

SHA256
d3e3466911b2486fed74b32eaacbe629ed446a27de2663bf36946b20043174be

SHA512
9313313ae3aa247506d197adf6b28793dbc99032a29f2b57f3c6d63bb949642087c8db9a2131f000072a2165ba9beea9a12ca9b883ae41d8d499b117278f9c71

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ld3ilkk.default-release\AlternateServices.bin

Filesize
8KB

MD5
d6e817f9de55e8a83f1634a5052acfab

SHA1
600063299b782bdc22409ee05d5df4b93631c2d5

SHA256
8c7a3ceb165effd9ab9613d3bd85022941fad5d972349d20d64e2780e059733a

SHA512
14847ffdc86424366b62470850a14261964c97798ddd8676888e792464efa18d609b8de2d42e8ddcada9684f0f40eddeb80c99ae8f1ffe595670d1dc7fa367cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ld3ilkk.default-release\AlternateServices.bin

Filesize
12KB

MD5
b958e99f06d007bd816df85be9296616

SHA1
186f5b82ac77e4bc7b210dfe54b98fac89687912

SHA256
e53830a63087c7bc20c0becf1b3cc0faec7adef3d740c92ad38c64ad91acbbf5

SHA512
2ee424eb841e6ecba9c0861e1c69e88f45c336e39fcd0ff29042a8566cc5288942e657072e6ee89d5cb479cb4177ae5e743880489acfbae29a562082a2058045

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ld3ilkk.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
443a2187ab60570c6ddfc53f6decd547

SHA1
51f1253f5240bcd95de0de381c574a31ce0135e1

SHA256
2cd336d7b35378b00a2e48cb384b042f4fa7dc92b251382e0348496fb274ee72

SHA512
9d68767a22cf734af8ac67e90f827d67466cb3fbf642911ae9c81565c125bd856d773e9a7b53b3b1ccd14f049e2b9b913316efa183cb80400a217db68a80a4b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ld3ilkk.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
05c5ecf44c21f667336f98cf103e7d36

SHA1
e50192032064ab0045dcee74fa72d2975fe49e60

SHA256
b12ef2db2aefa2b1b4991a413b7a64d026c7b41d902c2124be0ab1a74a660837

SHA512
f7aeb8ec50a9dad198025ee57b7e5db1d4d6b148d806cb42c2a61bf4d2ff21b8a1da10d962a5e756b980d827c233c9354b3ce219449be884de34ccb658bc240d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ld3ilkk.default-release\datareporting\glean\pending_pings\6852b8f3-cb5e-4ca6-bd5b-81c4b5e11ec4

Filesize
982B

MD5
e1538ac19f8b457da75f42b5f2821167

SHA1
db063847d9d8541333f1a88b43ad75b1acd809ce

SHA256
a5b6e6a02cfbf00af86e9d48c61d14f05378ad3cef42555ecf02efb04ef07904

SHA512
ef93c80e08ba37654718bc80d4254de4f15119eb6411ecbfd5db335d8b179d84a0375ba01c926f4ebe71e9ac5c92c4cbd00063a77eaabb756eb08bdcf9ea11ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ld3ilkk.default-release\datareporting\glean\pending_pings\99898537-c06c-4398-9bdc-dd9048ddcfde

Filesize
8KB

MD5
799c4ec736e418a2eb265517d5ccaf2c

SHA1
b15511d978a6304439d055e4443616871da52f3e

SHA256
93952d8b49524d70ea6ca1d32c5762b3b98f8ec19891f6fe85ab9727c665c505

SHA512
345e373c37f13b8ddbe62ea3a093daca9de9c946def74691dc7a8db7e1a310e41acdd0f2dba6bcfd366fd9d4eec240872000a4fb0aa467f6a24e5e3adcba7914

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ld3ilkk.default-release\datareporting\glean\pending_pings\e89e9e3e-f642-44b0-b97d-7c0be7e17546

Filesize
671B

MD5
b48a017a4f489cbbfc6d70a9d1459b7a

SHA1
1f29bd3db2c1715d9019ce0be61c59c5c6eef470

SHA256
14387e92fb993f89a46d8b6ecbf1217ffc09350268e782cf62e899b6e4e644b8

SHA512
4af0c75e72a352e72ce4e82ec9ad1f5795fadd496489984f7d6feb5e7446b0c875ea942198efe873d3253af0b1a6b8112d1920d248e8e914e33f9b3863b9e83a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ld3ilkk.default-release\datareporting\glean\pending_pings\f8b9f382-3d4e-49e3-b48e-4bda0a9e8e67

Filesize
25KB

MD5
d453f2fafcde94b5e325d5551e7c617a

SHA1
946ff34b2eba87244832ec64976ab78dafb39f47

SHA256
abd53f64f0d26ef11642fec80798c8a66c5e02461307b4eef7e100293f2f37d3

SHA512
ee6f518595901a47b66da905c19cbf406017729c4578520005eb9e30461e51e653cff0f1a65624b3da433323622d825a2b0868aa3c635d31f3eb589cb0f3988d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ld3ilkk.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ld3ilkk.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ld3ilkk.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ld3ilkk.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ld3ilkk.default-release\prefs-1.js

Filesize
11KB

MD5
dba3ec9a4c7a0dc904ecd9a41b70f45e

SHA1
d4c69c86f290b7200f03346843f42382953048e7

SHA256
61160cf842f8f17f19cb5b964adc2b58fab77bcaaebb6d1824c804ac8e47eb33

SHA512
18a686dcde6100df19d8976476a472c2a18d4fce513b632103dc58f125062c959eb5f9d7e9fdb6344d7c33a820e0928db93121d5b59dbc1af528d88c12ea945b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ld3ilkk.default-release\prefs.js

Filesize
10KB

MD5
7ee557ec755a7508d1793b513d049b94

SHA1
6180a26db4caa498795d112f77520574d1ed1a7a

SHA256
4e8ea73d2e01ddddce624324d5c309a8c6707d9e897e2891008c085dc659bd96

SHA512
bff3e231a7ebe7369e3d953df372e2d71f2fe4ee23b5a09bfba411c71a88c61df5a70db7b6cce279cf5fb8fb4886324ed78555f93f05ea10723f774f12fb0346

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ld3ilkk.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
b1212c825aa20f6ee3a58ea33b8e17a4

SHA1
1cc3946d87bc7867b0683768c4b15345649c0ba3

SHA256
766b7d52fdc4a8bb2200722112f3a29ce207ec3d1301d0b623b501f664055a44

SHA512
3664586eb4aa963ca9c4a50506a43e89abdb4d001fda7d23d5119daaf0e343b9f2847216a3043808d9209e1df5274c0cb57630e802ff4e4d56f7b3edc75b194e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ld3ilkk.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
94a54371772b534575353ec74367b046

SHA1
eef040059736a4180d51f6a6f429712d19e57cc2

SHA256
483d0be058c4a4438d0c755ca377e3c000365f7c8b8ec9ca7079ab606ca51e7f

SHA512
f7424c62ea520bc9db33903bd485f076cd548330a1d86d548323e8e6ed087ed163e0cf353d2cd65b000b3f7bda655561341e8a296e23b7f774e964a0101d2a5e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ld3ilkk.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
1b1db41e34ea3f90fb0e83ffa3945482

SHA1
be41dd08249f47084893b8be446279ea26d3300d

SHA256
706cc310a958aa435df87214a2e3da539fe84a30d26926ea065cf97c0794ef69

SHA512
ad2b1ab9f85c7c4492cc31a5468d26c5c56594ab702a10cf7fd23837337bce649b2e0313738dc84c5948257286ba15daff71ef9b35ad5eaebb64658c3e4cb05f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ld3ilkk.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
fafc295a26cab2c651637d580030a32c

SHA1
fc0a24398a2bad5c127f64430f12f040c164499e

SHA256
fc524f7263652b148cbd45ab0d11f7fae2e8a69706659f5267d6edd25d58974c

SHA512
39cde82bcf6da7001b22d8e7a0f8ff7946c2cb16b9cc76adb3607c9a5d8b556a8ef57bcbb2b734074f23a0eb439e556a8d1440652c4900344f5a8c7eb4921b20

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ld3ilkk.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
4742152d596820422caf15718cfd3b16

SHA1
bed508c3c30feb171b469feef99a0f4ff6e4dda9

SHA256
454a254c43c1051273daf61b261ae5fc01a0580de38b93a29efae534d1122da6

SHA512
3e9bd2a529e20cb22e7c2be833f3f66fac79d222826410bcd9ec01a2dfbac78d666b557971f87999730600517124a3a893196e090e47a6b41409f994e8a24332

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ld3ilkk.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
da2c10528f7e41f70b83211f8b23fe9e

SHA1
93ebc04e43636b1de73aaea4575cbc26b3424a2c

SHA256
e2936aac3b69cf0decd565f22b3a77121371a8dbd88cc8baa8a71872b758f955

SHA512
89fa1e717a6908c510ab276e50d1b1447c9709032f8d1e678ae91b5fbbe6ec59e874bf1a757fce430c2cec855dc239fc9436b1a6848644e1c36c960374c3ad38

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ld3ilkk.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
f51ed21478e3e4eef94c0382292f4499

SHA1
1b2f36ee8e7b11718785e6ee061aa02d2389934d

SHA256
5e4945300670bc034ee65c162b0cf567514261fb71e16da56370edcb7955254b

SHA512
7bf2c0f33f727e42a5ad6209931e0c488b812fb816800ecb43723fb2d4cfebb588b45f761e8531748c67c145342c968f28452a66d4bcadc270b8825b753a6e99

Download Submit
memory/772-13110-0x00000267F6130000-0x00000267F659E000-memory.dmp

Filesize
4.4MB

Download
memory/772-13109-0x00000267F60C0000-0x00000267F612B000-memory.dmp

Filesize
428KB

Download
memory/864-13098-0x000000006EA90000-0x000000006FDD0000-memory.dmp

Filesize
19.2MB

Download
memory/1100-546-0x00000283AAB90000-0x00000283AAB91000-memory.dmp

Filesize
4KB

Download
memory/1100-557-0x00000283AAB90000-0x00000283AAB91000-memory.dmp

Filesize
4KB

Download
memory/1100-14222-0x000002537C2E0000-0x000002537C74E000-memory.dmp

Filesize
4.4MB

Download
memory/1100-14221-0x000002537C270000-0x000002537C2DB000-memory.dmp

Filesize
428KB

Download
memory/1100-552-0x00000283AAB90000-0x00000283AAB91000-memory.dmp

Filesize
4KB

Download
memory/1100-553-0x00000283AAB90000-0x00000283AAB91000-memory.dmp

Filesize
4KB

Download
memory/1100-554-0x00000283AAB90000-0x00000283AAB91000-memory.dmp

Filesize
4KB

Download
memory/1100-555-0x00000283AAB90000-0x00000283AAB91000-memory.dmp

Filesize
4KB

Download
memory/1100-556-0x00000283AAB90000-0x00000283AAB91000-memory.dmp

Filesize
4KB

Download
memory/1100-547-0x00000283AAB90000-0x00000283AAB91000-memory.dmp

Filesize
4KB

Download
memory/1100-551-0x00000283AAB90000-0x00000283AAB91000-memory.dmp

Filesize
4KB

Download
memory/1100-545-0x00000283AAB90000-0x00000283AAB91000-memory.dmp

Filesize
4KB

Download
memory/2172-14218-0x0000020680CA0000-0x0000020680D49000-memory.dmp

Filesize
676KB

Download
memory/3116-12960-0x0000000000A90000-0x0000000000F42000-memory.dmp

Filesize
4.7MB

Download
memory/3308-13459-0x0000018396D30000-0x000001839719E000-memory.dmp

Filesize
4.4MB

Download
memory/3308-13458-0x0000018396CC0000-0x0000018396D2B000-memory.dmp

Filesize
428KB

Download
memory/3308-13107-0x0000018396D30000-0x000001839719E000-memory.dmp

Filesize
4.4MB

Download
memory/3308-13106-0x0000018396CC0000-0x0000018396D2B000-memory.dmp

Filesize
428KB

Download
memory/3308-12998-0x00007FFA71B30000-0x00007FFA71B31000-memory.dmp

Filesize
4KB

Download
memory/3308-12997-0x00007FFA71D40000-0x00007FFA71D41000-memory.dmp

Filesize
4KB

Download
memory/4160-14335-0x000000006EB30000-0x000000006FE70000-memory.dmp

Filesize
19.2MB

Download
memory/4160-14289-0x000000006EB30000-0x000000006FE70000-memory.dmp

Filesize
19.2MB

Download
memory/4160-14233-0x000000006EB30000-0x000000006FE70000-memory.dmp

Filesize
19.2MB

Download
memory/4160-14263-0x000000006EB30000-0x000000006FE70000-memory.dmp

Filesize
19.2MB

Download
memory/4160-14217-0x000000006EB30000-0x000000006FE70000-memory.dmp

Filesize
19.2MB

Download
memory/4160-14253-0x000000006EB30000-0x000000006FE70000-memory.dmp

Filesize
19.2MB

Download
memory/4520-776-0x0000000074DC0000-0x0000000074DDB000-memory.dmp

Filesize
108KB

Download
memory/4744-14219-0x00000170C4E50000-0x00000170C4EBB000-memory.dmp

Filesize
428KB

Download
memory/4744-14220-0x00000170C5090000-0x00000170C54FE000-memory.dmp

Filesize
4.4MB

Download
memory/5964-13099-0x0000018BA2E70000-0x0000018BA2F19000-memory.dmp

Filesize
676KB

Download