0e07e5c089dbb813f9eda46f7cb2fde7b6478def237cc8d207b0f9b0b1c7e92c

Analysis

max time kernel
751s
max time network
753s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
17-11-2024 13:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

New folder/SteamSetup.exe
Size

2.3MB
MD5

1b54b70beef8eb240db31718e8f7eb5d
SHA1

da5995070737ec655824c92622333c489eb6bce4
SHA256

7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
SHA512

fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb
SSDEEP

49152:UDP/q9MIX/crfcNVBaXp1m0zyVCMwBHgFzoZhRP8:kC9MI8Hm0GCjgFc3Rk

Score

7^/10

steam discovery persistence phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: Montserratwght@300
phishing

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

SteamSetup.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Detected potential entity reuse from brand STEAM.
phishing steam
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

steam.exesteam.exesteam.exe

description	ioc	process
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_l2_soft_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_ltrackpad_right_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_rstick_click.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_060_vehicle_0010.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_rb_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_l2_soft.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_button_plus.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_status_web.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_button_minus_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7\locales\fil.pak_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\cropped_controller_config_controller.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\chkunselstd_sm.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\offline_swedish.html_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_touch_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_rtrackpad_right.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_030_inv_0060.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0353.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\whatsnew_playnext.jpg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_back_disabled.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\OverlaySplash.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_090_media_0150.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_dpad_right_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_rt_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_ltrackpad_right_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_outlined_button_a.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0345.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_status_web_ingame.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\inbox_notification_inactive_disabled.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\overlay_french.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_r_left.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\css\broadcastapp.css_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_l1_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_lstick_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_r3_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_100_target_0020.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_button_circle_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_outlined_button_b.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_l_down.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\rampUp_2.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_servers_mousedown.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_r_ring_lg.png_	steam.exe
File created	C:\program files (x86)\steam\appcache\librarycache\2738040_icon.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\steam_controller_italian.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\joyconpair_right_sr_sm.png_	steam.exe
File created	C:\program files (x86)\steam\appcache\librarycache\250820_library_600x900.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\steam_controller_schinese.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\offline_latam.html_	steam.exe
File opened for modification	C:\program files (x86)\steam\appcache\librarycache\1054830_header.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\switch_controller_norwegian.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_dpad_up_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_button_select.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\sounds\deck_ui_switch_toggle_off.wav_	steam.exe
File opened for modification	C:\program files (x86)\steam\bin\diversion.dll	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_r_left_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_color_button_circle.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_gyro_pitch_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_l.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_dpad_touch_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_button_y_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_mouse_5_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0405.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_110_social_0160.png_	steam.exe

Drops file in Windows directory 14 IoCs

Processes:

steamwebhelper.exesteamwebhelper.exesteamwebhelper.exeUserOOBEBroker.exesteamwebhelper.exe

description	ioc	process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9112_1007147293\_platform_specific\win_x64\widevinecdm.dll.sig	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9112_1007147293\_metadata\verified_contents.json	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9112_1007147293\_platform_specific\win_x64\widevinecdm.dll	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9112_1007147293\manifest.json	steamwebhelper.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9112_1007147293\LICENSE	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9112_1007147293\manifest.fingerprint	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe

Executes dropped EXE 64 IoCs

Processes:

steamservice.exesteam.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exegldriverquery64.exesteamwebhelper.exegldriverquery.exesteamwebhelper.exevulkandriverquery64.exevulkandriverquery.exeSteamtools.exesteamwebhelper.exesteamwebhelper.exeluapacka.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exegldriverquery64.exesteamwebhelper.exesteamwebhelper.exegldriverquery.exevulkandriverquery64.exevulkandriverquery.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exeluapacka.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exegldriverquery64.exesteamwebhelper.exesteamwebhelper.exegldriverquery.exevulkandriverquery64.exevulkandriverquery.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exeluapacka.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exegldriverquery64.exesteamwebhelper.exegldriverquery.exe

pid	process
1280	steamservice.exe
1960	steam.exe
18068	steam.exe
9112	steamwebhelper.exe
8928	steamwebhelper.exe
8664	steamwebhelper.exe
8520	steamwebhelper.exe
11776	gldriverquery64.exe
12016	steamwebhelper.exe
12100	gldriverquery.exe
12164	steamwebhelper.exe
488	vulkandriverquery64.exe
3568	vulkandriverquery.exe
3760	Steamtools.exe
19228	steamwebhelper.exe
18100	steamwebhelper.exe
21092	luapacka.exe
20952	steam.exe
3920	steamwebhelper.exe
20452	steamwebhelper.exe
20324	steamwebhelper.exe
20212	steamwebhelper.exe
19996	gldriverquery64.exe
19856	steamwebhelper.exe
19804	steamwebhelper.exe
19652	gldriverquery.exe
8936	vulkandriverquery64.exe
8868	vulkandriverquery.exe
12268	steamwebhelper.exe
6976	steamwebhelper.exe
2640	steamwebhelper.exe
11280	steamwebhelper.exe
8184	steamwebhelper.exe
9508	steamwebhelper.exe
8588	steamwebhelper.exe
3936	steamwebhelper.exe
692	luapacka.exe
4880	steam.exe
4508	steamwebhelper.exe
544	steamwebhelper.exe
3840	steamwebhelper.exe
5832	steamwebhelper.exe
7560	gldriverquery64.exe
12492	steamwebhelper.exe
7740	steamwebhelper.exe
7736	gldriverquery.exe
7484	vulkandriverquery64.exe
12892	vulkandriverquery.exe
13276	steamwebhelper.exe
10772	steamwebhelper.exe
15008	steamwebhelper.exe
5300	steamwebhelper.exe
13944	steamwebhelper.exe
16316	steamwebhelper.exe
16308	steamwebhelper.exe
18096	luapacka.exe
6552	steam.exe
12416	steamwebhelper.exe
19520	steamwebhelper.exe
8984	steamwebhelper.exe
9080	steamwebhelper.exe
21232	gldriverquery64.exe
21068	steamwebhelper.exe
8536	gldriverquery.exe

Loads dropped DLL 64 IoCs

Processes:

SteamSetup.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteam.exe

pid	process
3584	SteamSetup.exe
3584	SteamSetup.exe
3584	SteamSetup.exe
3584	SteamSetup.exe
3584	SteamSetup.exe
3584	SteamSetup.exe
3584	SteamSetup.exe
3584	SteamSetup.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
8928	steamwebhelper.exe
8928	steamwebhelper.exe
8928	steamwebhelper.exe
18068	steam.exe
8664	steamwebhelper.exe
8664	steamwebhelper.exe
8664	steamwebhelper.exe
8664	steamwebhelper.exe
8664	steamwebhelper.exe
8664	steamwebhelper.exe
8664	steamwebhelper.exe
8664	steamwebhelper.exe
8664	steamwebhelper.exe
18068	steam.exe
8520	steamwebhelper.exe
8520	steamwebhelper.exe
8520	steamwebhelper.exe
18068	steam.exe
12016	steamwebhelper.exe
12016	steamwebhelper.exe
12016	steamwebhelper.exe
12164	steamwebhelper.exe
12164	steamwebhelper.exe
12164	steamwebhelper.exe
12164	steamwebhelper.exe
19228	steamwebhelper.exe
19228	steamwebhelper.exe
19228	steamwebhelper.exe
18100	steamwebhelper.exe
18100	steamwebhelper.exe
18100	steamwebhelper.exe
18100	steamwebhelper.exe
18100	steamwebhelper.exe
18100	steamwebhelper.exe
20952	steam.exe
20952	steam.exe
20952	steam.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 16 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

steam.exevulkandriverquery.exegldriverquery.exevulkandriverquery.exesteam.exevulkandriverquery.exeFileCoAuth.exesteam.exegldriverquery.exevulkandriverquery.exegldriverquery.exesteam.exesteam.exegldriverquery.exeSteamSetup.exesteamservice.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe

Checks processor information in registry 2 TTPs 22 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

steam.exesteamwebhelper.exesteam.exesteam.exesteam.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exe

description	ioc	process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

1592 taskkill.exe

pid	process
1592	taskkill.exe

Modifies registry class 64 IoCs

Processes:

steam.exesteam.exesteam.exesteamservice.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\URL Protocol	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\ = "URL:steam protocol"	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\URL Protocol	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\program files (x86)\\steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\URL Protocol	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\program files (x86)\\steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\program files (x86)\\steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\DefaultIcon	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\program files (x86)\\steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\DefaultIcon	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\DefaultIcon	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\URL Protocol	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\program files (x86)\\steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\program files (x86)\\steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\Shell	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\ = "URL:steam protocol"	steam.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

steam.exesteam.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	steam.exe

NTFS ADS 6 IoCs

Processes:

Steamtools.exemsedge.exemsedge.exe

description	ioc	process
File created	C:\Program Files (x86)\Steam\config\depotcache\2358721_7916875498924164311.manifest\:Zone.Identifier:$DATA	Steamtools.exe
File opened for modification	C:\Users\Admin\Downloads\105600.zip:Zone.Identifier	msedge.exe
File created	C:\Program Files (x86)\Steam\config\depotcache\105603_5312595479056093124.manifest\:Zone.Identifier:$DATA	Steamtools.exe
File created	C:\Program Files (x86)\Steam\config\depotcache\105601_8046724853517638985.manifest\:Zone.Identifier:$DATA	Steamtools.exe
File created	C:\Program Files (x86)\Steam\config\depotcache\105602_6844625161744350207.manifest\:Zone.Identifier:$DATA	Steamtools.exe
File opened for modification	C:\Users\Admin\Downloads\2358720.zip:Zone.Identifier	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

NOTEPAD.EXE

pid process

9056 NOTEPAD.EXE
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

Steamtools.exe

pid process

3760 Steamtools.exe

pid	process
9056	NOTEPAD.EXE

pid	process
3760	Steamtools.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

SteamSetup.exesteam.exe

pid	process
3584	SteamSetup.exe
3584	SteamSetup.exe
3584	SteamSetup.exe
3584	SteamSetup.exe
3584	SteamSetup.exe
3584	SteamSetup.exe
3584	SteamSetup.exe
3584	SteamSetup.exe
3584	SteamSetup.exe
3584	SteamSetup.exe
3584	SteamSetup.exe
3584	SteamSetup.exe
3584	SteamSetup.exe
3584	SteamSetup.exe
3584	SteamSetup.exe
3584	SteamSetup.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe
18068	steam.exe

Suspicious behavior: GetForegroundWindowSpam 5 IoCs

Processes:

steam.exeSteamtools.exesteam.exesteam.exesteam.exe

pid process

18068 steam.exe
3760 Steamtools.exe
20952 steam.exe
4880 steam.exe
6552 steam.exe

pid	process
18068	steam.exe
3760	Steamtools.exe
20952	steam.exe
4880	steam.exe
6552	steam.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 37 IoCs

Processes:

msedge.exe

pid	process
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

steamservice.exesteamwebhelper.exetaskkill.exe

description	pid	process
Token: SeSecurityPrivilege	1280	steamservice.exe
Token: SeSecurityPrivilege	1280	steamservice.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9112	steamwebhelper.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9112	steamwebhelper.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9112	steamwebhelper.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9112	steamwebhelper.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9112	steamwebhelper.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9112	steamwebhelper.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9112	steamwebhelper.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9112	steamwebhelper.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9112	steamwebhelper.exe
Token: SeDebugPrivilege	1592	taskkill.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9112	steamwebhelper.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9112	steamwebhelper.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9112	steamwebhelper.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9112	steamwebhelper.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9112	steamwebhelper.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9112	steamwebhelper.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9112	steamwebhelper.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9112	steamwebhelper.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9112	steamwebhelper.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9112	steamwebhelper.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9112	steamwebhelper.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9112	steamwebhelper.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9112	steamwebhelper.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9112	steamwebhelper.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9112	steamwebhelper.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9112	steamwebhelper.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9112	steamwebhelper.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9112	steamwebhelper.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9112	steamwebhelper.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9112	steamwebhelper.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9112	steamwebhelper.exe
Token: SeShutdownPrivilege	9112	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

steamwebhelper.exe

pid	process
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

steamwebhelper.exeSteamtools.exemsedge.exe

pid	process
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
9112	steamwebhelper.exe
3760	Steamtools.exe
3760	Steamtools.exe
3760	Steamtools.exe
3760	Steamtools.exe
3760	Steamtools.exe
3760	Steamtools.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
5768	msedge.exe
3760	Steamtools.exe
3760	Steamtools.exe
5768	msedge.exe
5768	msedge.exe
3760	Steamtools.exe
3760	Steamtools.exe
3760	Steamtools.exe

Suspicious use of SetWindowsHookEx 9 IoCs

Processes:

MiniSearchHost.exesteam.exeSteamtools.exesteam.exesteam.exesteam.exe

pid	process
5004	MiniSearchHost.exe
18068	steam.exe
3760	Steamtools.exe
3760	Steamtools.exe
3760	Steamtools.exe
3760	Steamtools.exe
20952	steam.exe
4880	steam.exe
6552	steam.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

SteamSetup.exesteam.exesteam.exesteamwebhelper.exe

description	pid	process	target process
PID 3584 wrote to memory of 1280	3584	SteamSetup.exe	steamservice.exe
PID 3584 wrote to memory of 1280	3584	SteamSetup.exe	steamservice.exe
PID 3584 wrote to memory of 1280	3584	SteamSetup.exe	steamservice.exe
PID 1960 wrote to memory of 18068	1960	steam.exe	steam.exe
PID 1960 wrote to memory of 18068	1960	steam.exe	steam.exe
PID 1960 wrote to memory of 18068	1960	steam.exe	steam.exe
PID 18068 wrote to memory of 9112	18068	steam.exe	steamwebhelper.exe
PID 18068 wrote to memory of 9112	18068	steam.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8928	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8928	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8664	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8664	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8664	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8664	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8664	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8664	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8664	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8664	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8664	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8664	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8664	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8664	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8664	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8664	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8664	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8664	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8664	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8664	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8664	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8664	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8664	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8664	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8664	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8664	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8664	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8664	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8664	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8664	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8664	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8664	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8520	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 8520	9112	steamwebhelper.exe	steamwebhelper.exe
PID 18068 wrote to memory of 11776	18068	steam.exe	gldriverquery64.exe
PID 18068 wrote to memory of 11776	18068	steam.exe	gldriverquery64.exe
PID 9112 wrote to memory of 12016	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 12016	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 12016	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 12016	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 12016	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 12016	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 12016	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 12016	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 12016	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 12016	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 12016	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 12016	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 12016	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 12016	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 12016	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 12016	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 12016	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 12016	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 12016	9112	steamwebhelper.exe	steamwebhelper.exe
PID 9112 wrote to memory of 12016	9112	steamwebhelper.exe	steamwebhelper.exe

C:\Users\Admin\AppData\Local\Temp\New folder\SteamSetup.exe
"C:\Users\Admin\AppData\Local\Temp\New folder\SteamSetup.exe"
1⤵
- Adds Run key to start application
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3584
- C:\Program Files (x86)\Steam\bin\steamservice.exe
  "C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  PID:1280

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:5004

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2352

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
PID:4128

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:1052

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:2320

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:568

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Drops file in Program Files directory
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Program Files (x86)\Steam\steam.exe
  "C:\Program Files (x86)\Steam\steam.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:18068
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=18068" "-buildid=1731433018" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Drops file in Windows directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:9112
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1731433018 --initial-client-data=0x294,0x298,0x29c,0x290,0x2a0,0x7ffab75faf00,0x7ffab75faf0c,0x7ffab75faf18
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:8928
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1572,i,17222578428476413787,9629458463252925767,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1576 --mojo-platform-channel-handle=1564 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:8664
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2180,i,17222578428476413787,9629458463252925767,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2184 --mojo-platform-channel-handle=2176 /prefetch:11
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:8520
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2760,i,17222578428476413787,9629458463252925767,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2764 --mojo-platform-channel-handle=2756 /prefetch:13
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:12016
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,17222578428476413787,9629458463252925767,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3104 --mojo-platform-channel-handle=3096 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:12164
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=3732,i,17222578428476413787,9629458463252925767,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3736 --mojo-platform-channel-handle=3728 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:19228
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3748,i,17222578428476413787,9629458463252925767,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3752 --mojo-platform-channel-handle=1352 /prefetch:10
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:18100
- - C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:11776
- - C:\Program Files (x86)\Steam\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:12100
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:488
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3568

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004AC 0x00000000000004B8
1⤵
PID:8224

C:\Users\Admin\AppData\Local\Temp\New folder\SteamtoolsSetup.exe
"C:\Users\Admin\AppData\Local\Temp\New folder\SteamtoolsSetup.exe"
1⤵
PID:11904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /IM Steamtools.exe /F >nul 2>&1
  2⤵
  PID:6376
- - C:\Windows\system32\taskkill.exe
    taskkill /IM Steamtools.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1592
- C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe
  "C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe"
  2⤵
  - Executes dropped EXE
  - NTFS ADS
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamdb.info/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of SendNotifyMessage
    PID:5768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffab3b93cb8,0x7ffab3b93cc8,0x7ffab3b93cd8
      4⤵
      PID:5716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
      4⤵
      PID:5304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
      4⤵
      PID:5288
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
      4⤵
      PID:3668
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
      4⤵
      PID:6852
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
      4⤵
      PID:6860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
      4⤵
      PID:7516
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
      4⤵
      PID:7712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
      4⤵
      PID:7776
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
      4⤵
      PID:12804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
      4⤵
      PID:12860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
      4⤵
      PID:12976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
      4⤵
      PID:12984
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3696 /prefetch:8
      4⤵
      PID:13424
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
      4⤵
      PID:13836
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
      4⤵
      PID:13844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
      4⤵
      PID:14256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
      4⤵
      PID:15656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1732 /prefetch:1
      4⤵
      PID:15676
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
      4⤵
      PID:15880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
      4⤵
      PID:16376
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2936 /prefetch:1
      4⤵
      PID:16676
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
      4⤵
      PID:17064
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
      4⤵
      PID:17568
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
      4⤵
      PID:17556
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
      4⤵
      PID:18696
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
      4⤵
      PID:18512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6712 /prefetch:8
      4⤵
      NTFS ADS
      PID:18488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3744 /prefetch:2
      4⤵
      PID:8980
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
      4⤵
      PID:8136
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
      4⤵
      PID:13032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
      4⤵
      PID:13052
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
      4⤵
      PID:14008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7240 /prefetch:1
      4⤵
      PID:14400
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1
      4⤵
      PID:14408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
      4⤵
      PID:16736
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
      4⤵
      PID:10200
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7712 /prefetch:1
      4⤵
      PID:10452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1
      4⤵
      PID:10052
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:1
      4⤵
      PID:10004
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:1
      4⤵
      PID:11712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8116 /prefetch:1
      4⤵
      PID:11592
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:1
      4⤵
      PID:6652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:1
      4⤵
      PID:6660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
      4⤵
      PID:17228
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1736 /prefetch:1
      4⤵
      PID:17956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1936,4600923752051119579,14950350601538437878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7972 /prefetch:8
      4⤵
      NTFS ADS
      PID:17976
- - C:\program files (x86)\steam\config\stplug-in\luapacka.exe
    "C:\program files (x86)\steam\config\stplug-in\luapacka.exe" C:/Users/Admin/Downloads/105600/105600.lua "C:\program files (x86)\steam\config\stplug-in\105600.st"
    3⤵
    - Executes dropped EXE
    PID:21092
- - C:\program files (x86)\steam\steam.exe
    "C:\program files (x86)\steam\steam.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:20952
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=20952" "-buildid=1731433018" "-steamid=0" "-logdir=C:\program files (x86)\steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\program files (x86)\steam\clientui" "-steampath=C:\program files (x86)\steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
      4⤵
      Drops file in Windows directory
      Executes dropped EXE
      Checks processor information in registry
      PID:3920
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\program files (x86)\steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1731433018 --initial-client-data=0x2a4,0x2a8,0x2ac,0x2a0,0x2b0,0x7ffab75faf00,0x7ffab75faf0c,0x7ffab75faf18
        5⤵
        Executes dropped EXE
        
        PID:20452
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1604,i,8903310842642916021,5221907637116383747,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1608 --mojo-platform-channel-handle=1596 /prefetch:2
        5⤵
        Executes dropped EXE
        
        PID:20324
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2272,i,8903310842642916021,5221907637116383747,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2244 --mojo-platform-channel-handle=2268 /prefetch:11
        5⤵
        Executes dropped EXE
        
        PID:20212
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2812,i,8903310842642916021,5221907637116383747,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2816 --mojo-platform-channel-handle=2808 /prefetch:13
        5⤵
        Executes dropped EXE
        
        PID:19856
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3212,i,8903310842642916021,5221907637116383747,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3216 --mojo-platform-channel-handle=3208 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:19804
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3752,i,8903310842642916021,5221907637116383747,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3756 --mojo-platform-channel-handle=3748 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:12268
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3928,i,8903310842642916021,5221907637116383747,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3932 --mojo-platform-channel-handle=3924 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:6976
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=1156,i,8903310842642916021,5221907637116383747,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3948 --mojo-platform-channel-handle=4212 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:2640
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3776,i,8903310842642916021,5221907637116383747,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3772 --mojo-platform-channel-handle=3668 /prefetch:10
        5⤵
        Executes dropped EXE
        
        PID:11280
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3856,i,8903310842642916021,5221907637116383747,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3844 --mojo-platform-channel-handle=3860 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:8184
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3628,i,8903310842642916021,5221907637116383747,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3668 --mojo-platform-channel-handle=3528 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:9508
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4292,i,8903310842642916021,5221907637116383747,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4340 --mojo-platform-channel-handle=4448 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:8588
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4340,i,8903310842642916021,5221907637116383747,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4428 --mojo-platform-channel-handle=4532 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:3936
  - - C:\program files (x86)\steam\bin\gldriverquery64.exe
      .\bin\gldriverquery64.exe
      4⤵
      Executes dropped EXE
      PID:19996
  - - C:\program files (x86)\steam\bin\gldriverquery.exe
      .\bin\gldriverquery.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:19652
  - - C:\program files (x86)\steam\bin\vulkandriverquery64.exe
      .\bin\vulkandriverquery64.exe
      4⤵
      Executes dropped EXE
      PID:8936
  - - C:\program files (x86)\steam\bin\vulkandriverquery.exe
      .\bin\vulkandriverquery.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:8868
- - C:\program files (x86)\steam\config\stplug-in\luapacka.exe
    "C:\program files (x86)\steam\config\stplug-in\luapacka.exe" C:/Users/Admin/Downloads/105600/105600.lua "C:\program files (x86)\steam\config\stplug-in\105600.st"
    3⤵
    - Executes dropped EXE
    PID:692
- - C:\program files (x86)\steam\steam.exe
    "C:\program files (x86)\steam\steam.exe"
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:4880
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=4880" "-buildid=1731433018" "-steamid=0" "-logdir=C:\program files (x86)\steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\program files (x86)\steam\clientui" "-steampath=C:\program files (x86)\steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
      4⤵
      Drops file in Windows directory
      Executes dropped EXE
      Checks processor information in registry
      PID:4508
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\program files (x86)\steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1731433018 --initial-client-data=0x2b8,0x2bc,0x2c0,0x2b4,0x2c4,0x7ffab75faf00,0x7ffab75faf0c,0x7ffab75faf18
        5⤵
        Executes dropped EXE
        
        PID:544
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1608,i,7321382839734380846,1434614987001488698,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1612 --mojo-platform-channel-handle=1600 /prefetch:2
        5⤵
        Executes dropped EXE
        
        PID:3840
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2268,i,7321382839734380846,1434614987001488698,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2272 --mojo-platform-channel-handle=2256 /prefetch:11
        5⤵
        Executes dropped EXE
        
        PID:5832
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2784,i,7321382839734380846,1434614987001488698,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2788 --mojo-platform-channel-handle=2780 /prefetch:13
        5⤵
        Executes dropped EXE
        
        PID:12492
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,7321382839734380846,1434614987001488698,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3156 --mojo-platform-channel-handle=3148 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:7740
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3832,i,7321382839734380846,1434614987001488698,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3836 --mojo-platform-channel-handle=3828 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:13276
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4036,i,7321382839734380846,1434614987001488698,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4040 --mojo-platform-channel-handle=4032 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:10772
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4236,i,7321382839734380846,1434614987001488698,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4200 --mojo-platform-channel-handle=4280 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:15008
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4548,i,7321382839734380846,1434614987001488698,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4544 --mojo-platform-channel-handle=3860 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:5300
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4512,i,7321382839734380846,1434614987001488698,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4232 --mojo-platform-channel-handle=4500 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:13944
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4648,i,7321382839734380846,1434614987001488698,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4632 --mojo-platform-channel-handle=4644 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:16308
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4480,i,7321382839734380846,1434614987001488698,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4444 --mojo-platform-channel-handle=4580 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:16316
  - - C:\program files (x86)\steam\bin\gldriverquery64.exe
      .\bin\gldriverquery64.exe
      4⤵
      Executes dropped EXE
      PID:7560
  - - C:\program files (x86)\steam\bin\gldriverquery.exe
      .\bin\gldriverquery.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:7736
  - - C:\program files (x86)\steam\bin\vulkandriverquery64.exe
      .\bin\vulkandriverquery64.exe
      4⤵
      Executes dropped EXE
      PID:7484
  - - C:\program files (x86)\steam\bin\vulkandriverquery.exe
      .\bin\vulkandriverquery.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:12892
- - C:\program files (x86)\steam\config\stplug-in\luapacka.exe
    "C:\program files (x86)\steam\config\stplug-in\luapacka.exe" C:/Users/Admin/Downloads/2358720/2358720.lua "C:\program files (x86)\steam\config\stplug-in\2358720.st"
    3⤵
    - Executes dropped EXE
    PID:18096
- - C:\program files (x86)\steam\steam.exe
    "C:\program files (x86)\steam\steam.exe"
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:6552
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=6552" "-buildid=1731433018" "-steamid=0" "-logdir=C:\program files (x86)\steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\program files (x86)\steam\clientui" "-steampath=C:\program files (x86)\steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
      4⤵
      Drops file in Windows directory
      Executes dropped EXE
      Checks processor information in registry
      PID:12416
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\program files (x86)\steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1731433018 --initial-client-data=0x2b0,0x2b4,0x2b8,0x2ac,0x2bc,0x7ffab905af00,0x7ffab905af0c,0x7ffab905af18
        5⤵
        Executes dropped EXE
        
        PID:19520
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1608,i,10848143297717224802,8086609942960480836,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1612 --mojo-platform-channel-handle=1600 /prefetch:2
        5⤵
        Executes dropped EXE
        
        PID:8984
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2320,i,10848143297717224802,8086609942960480836,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2324 --mojo-platform-channel-handle=2316 /prefetch:11
        5⤵
        Executes dropped EXE
        
        PID:9080
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2748,i,10848143297717224802,8086609942960480836,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2712 --mojo-platform-channel-handle=2772 /prefetch:13
        5⤵
        Executes dropped EXE
        
        PID:21068
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,10848143297717224802,8086609942960480836,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3152 --mojo-platform-channel-handle=3120 /prefetch:1
        5⤵
        
        PID:8336
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3792,i,10848143297717224802,8086609942960480836,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3796 --mojo-platform-channel-handle=3788 /prefetch:1
        5⤵
        
        PID:8344
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3992,i,10848143297717224802,8086609942960480836,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3996 --mojo-platform-channel-handle=3988 /prefetch:1
        5⤵
        
        PID:12584
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4304,i,10848143297717224802,8086609942960480836,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4400 --mojo-platform-channel-handle=3768 /prefetch:1
        5⤵
        
        PID:19528
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4496,i,10848143297717224802,8086609942960480836,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4500 --mojo-platform-channel-handle=3732 /prefetch:1
        5⤵
        
        PID:20136
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2112,i,10848143297717224802,8086609942960480836,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2044 --mojo-platform-channel-handle=4368 /prefetch:10
        5⤵
        
        PID:11200
  - - C:\program files (x86)\steam\bin\gldriverquery64.exe
      .\bin\gldriverquery64.exe
      4⤵
      Executes dropped EXE
      PID:21232
  - - C:\program files (x86)\steam\bin\gldriverquery.exe
      .\bin\gldriverquery.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:8536
  - - C:\program files (x86)\steam\bin\vulkandriverquery64.exe
      .\bin\vulkandriverquery64.exe
      4⤵
      PID:20860
  - - C:\program files (x86)\steam\bin\vulkandriverquery.exe
      .\bin\vulkandriverquery.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:20848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6868

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:9380

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_105600.zip\readme.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:9056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\aom.dll

Filesize
7.1MB

MD5
d764264518e77cc546a5876c3bcebad4

SHA1
ea17d45b396fa193a851bfd345e2b2c20ad60e12

SHA256
e78492de0ab575add50b925bfd44216d224d09904a9b14c17087a92fdcbc15cd

SHA512
7cf132ea5254a55c08186ffcf5e47360ef5ddd57d03d7051171f6753b22e3925304d183c2037bfd320ad56c08e079f9b2c4640db8cb3dbd38ff500c7a39e997f

Download Submit
C:\Program Files (x86)\Steam\appcache\librarycache\1113280_icon.jpg

Filesize
638B

MD5
7ecdaf8a54ec52b20640a88527512903

SHA1
3133a4d748ad3be61fe9db759339cd5de73339b5

SHA256
7bd8b75aec0a4d4a377f3ca3a023fd8b7c5fc7dc6a2a66d17f8cdfe5b731ab0c

SHA512
60ae2031eed0c38264f0d8db22a9b6efeb3f80c791e916e15a1730853162d56e0da014dbd93a5479bae4f3bdd5705ca89be70c90574a524abd1c276ed5c55a2d

Download Submit
C:\Program Files (x86)\Steam\appcache\librarycache\1391110_icon.jpg

Filesize
737B

MD5
8566b7d265d3299e41928f18d265e801

SHA1
728b074ab0cf913a501f71d6c87108d972dd30c9

SHA256
dc265cedb299f7d0ebf039c2e09bd18e4b581b75da92cb4848f6e2b206c01c4f

SHA512
d6cf8cd1b9428a4b5bbe6073c84433493760f7c3a3df7d0fb70affcbf1970e7dcce9eb849bf26f843b1bd6c042dcd877dc25bd698430bebc65530863168e0d4a

Download Submit
C:\Program Files (x86)\Steam\appcache\librarycache\229950_icon.jpg

Filesize
1KB

MD5
d3d916e246dc519c47a12cea37c5e93b

SHA1
c0f48f47d6d4befda9d33568f218cf726572eaa9

SHA256
2e9fc66d3328f0f89550270c0211012e01fe1684893a1629666bbf65a387a18d

SHA512
ad4f2c88d45fad400cfb00e732f73a94f6fce179deff4d246a41ffd3774e04d4105b49e816ce25c999167c44a35b40219b4d59b0fed9b03149f14b7a0f52e697

Download Submit
C:\Program Files (x86)\Steam\appcache\librarycache\243730_icon.jpg

Filesize
1KB

MD5
2e9ec2fe6c9b5e33ac5d473690db0bd0

SHA1
bb5e97d5a755e785cfbd33641adc409c4b7aa1a5

SHA256
a7695989cfc563d53b52030f7a9b0de13e05fb472ab35671bbf990cca616e476

SHA512
c3269a0db46bbc088b663b284a8e11a655af506f6cb94d66e17a073e07fbde46fb378aab90645f5e1d4453bfa0d2af22fb5b694a4a381b4e0cc6422099f48f5f

Download Submit
C:\Program Files (x86)\Steam\appcache\librarycache\635_icon.jpg

Filesize
1KB

MD5
3d325e63058d54d0d29c96f9a92b500f

SHA1
2263391453e3f77856db1078f0f168fb99dd2c51

SHA256
02d01fd6ca74d92044b8e94621ebbefb17294dcd6bb0c824da2f214823497968

SHA512
20ae8d1d06ebb0c17c40ec2dee29f0b7bda83f83fc46c6cfe9a8022727a9e7df70254320ece9f4e3899a568901f376434e2b0055b1177886b9993cd4db5a049f

Download Submit
C:\Program Files (x86)\Steam\bin\SteamService.exe

Filesize
2.5MB

MD5
ba0ea9249da4ab8f62432617489ae5a6

SHA1
d8873c5dcb6e128c39cf0c423b502821343659a7

SHA256
ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d

SHA512
52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

Download Submit
C:\Program Files (x86)\Steam\bin\audio.dll

Filesize
183KB

MD5
bc83f9686398c71c4c574a408aae7dc9

SHA1
f11656e4faaad6d5c3a3c9d9f282352cee63d4e0

SHA256
7115452974e926c0358b04d24ddf061ad39bba4fe97287fdaec836fb9fdad297

SHA512
432cc5ed06a906c753b94e85033b8b4d7d0ef7277c58659df7a504d9bf2644c6a284ef75748d24f66dd515d19156c0212e9afb3dea7554a9e8ecb7e2288192e4

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\chrome_elf.dll

Filesize
1.3MB

MD5
1d7c12f54a1c26b49b287ec08da3430d

SHA1
4ae1c3281c61780293340104aeaff1533eb1c59a

SHA256
22abe408da4703c068ef3b4419e09d270b4961096f16ff86d1bac752cab44abe

SHA512
0e2dd6cfafc5f151dcc92d343b64e5ecb1ab31de8913212985a86416f0d623047c5a65fe6211c7cdeff30bb6740e14b99adac3496fa0d799fc3a4115e2ced21f

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\d3dcompiler_47.dll

Filesize
4.7MB

MD5
25c6a5ff6eef9dbeb199aa695d0bac52

SHA1
ebeeebc3f40b161328454119558f06c23bef5524

SHA256
3a70b65777fe52b0871aa6f593a0248f6b886f17c60c2cda09b7e4dc42a91a63

SHA512
8e6bc58a3d73826a17418eb95664a9d98c5c65e67e0f9a4f163bb04750e22ac771e522a63a26798eeb53ed2f9d9e72e22e1158fe06d9c45056722a8fab472296

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\dbgcore.dll

Filesize
211KB

MD5
067f141b175624d7a88a3558484e9d02

SHA1
b314045f58c45484646960463c37b85eea163ed0

SHA256
7a8cbb3ba129bc3a41ffd8315ccce023f4626ec341b35c79c8c84add8bfb7f27

SHA512
344d9990da1460ffa8e19a511a4e975c6c2c7dd21d73dfcc3849729ef33678fbe688f0282fdff799b81c41b2200772f5b36ea488506b6acf11d649f81b653a7b

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\dxcompiler.dll

Filesize
21.0MB

MD5
e42ccd57a524076ddd278038619c3861

SHA1
331eaed6c9d6e97bd58b76e346a10bcf54ec2a14

SHA256
2077446491af4a4a92e69c249d6b79a8b7a090ae5d3f6b525cb59dbfde9baace

SHA512
5e74839aadbbd492e482281e199f76c498a93ab62b533b7275ecf30f6df34db22dfc9daaa1e41a7c91a7e50a2699d5cdf50a7165384c0ad1b5068ad1ccda1ffa

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\dxil.dll

Filesize
1.4MB

MD5
d2a3821ff8201eb0f095b805db0fb4d7

SHA1
550576dca8bf7ee81f175d5eb65631a507ff0cbe

SHA256
9137f402f2687d5c2d83dfa7e15180ceb9ae29d741b16506aefef18f94d4768a

SHA512
f4aabeecff7a5579c41dd65a2c408383ff164224e30a5d81ca39f4aa31db8b42efcf7bffe4303fec87541d90a0c38354c44028c6dfdcb9c060f24c065e03ecb2

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\eventlog_provider.dll

Filesize
17KB

MD5
2d35374fd25759e50c61f42a07bbb861

SHA1
09a5932bb4add6414c896992bc3c8c272d927cd2

SHA256
7b7576bfcc2173557713ea9a5c9b0a2ec816e956a90b4e2194709764ed337cb3

SHA512
fcb1d30f0b4518eb68579d6cf156bd5e1454d08b92714c5fe3544c8ca07f2764f6a9fc5caa1ed9beca5b3a8b5d10d28e9660a4115e1d9fd6d0162aa01953b9d8

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libEGL.dll

Filesize
472KB

MD5
3a304c8e873f8dd2bc6e24f90bf9fccd

SHA1
26f44bc752f99780af4ad4971a99f27204bc3381

SHA256
591623ae0702765d55580edd0a5c0add25dfda32d4d5c41767588626175316bf

SHA512
5fa50ea4a1028f47187021bc50cb2d63730d024e7d3bd048100f836e45bf364d8f69ac01f142254ef52a8517dff4d58ded548e0c524d366c49c3fad86d11f518

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libGLESv2.dll

Filesize
7.7MB

MD5
3cd37ca91216ed0b7fcd78beb2cc15c9

SHA1
7ab7ebd83fc094a64a1d3fb68fb90912e1447a90

SHA256
7ed85c93fca522e485cfa4a9688bfe5c5ccf1b3dc3ad4a518fba7582f2208061

SHA512
810b7bb12e6ee24fbde119923b4db804a3aa410850c587d94ad232162b962b9a0e179c2857511b16aa2c3a257443202fc8320c5237be4daef435e6acc8907f96

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\msdia140.dll

Filesize
2.2MB

MD5
02229c4846fcdea33d8afa6c5027a8d0

SHA1
1ceaea09a8efec2a26c3c557cfc988af21739db8

SHA256
f430f70c0aaef9ac63b6c8119dc2e4b946d2f11254be094bb023e785a7d984cd

SHA512
44d58947d3496ed254cf1ab378b3341c5ca6d082f338b0523fff7ca529904e28c83d41a553aac24738e62b1666489f4e4a6efb26ee3d8879244449c538bc1df0

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\msvcp140.dll

Filesize
552KB

MD5
f63106b5dfee9ce783c48e18c7946d23

SHA1
641b1f1d0126923a8863f269348425b8519aa9b6

SHA256
5d112ddf70fb8f538e6584f735e3d39ea4033bfea3cc31de376718cc612d78b3

SHA512
91126343191bd4b3004d1bbe12c9dbd08861bc8529d9200ccc845e745b23cd6810bd2a7e69ba8b196f2e43873f74a7b9d208e7dfa1744418a5ac7894d33e4a9e

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\openvr_api.dll

Filesize
806KB

MD5
4398179b668c70f4464ce9448fa0bac3

SHA1
a12848d2488fbd31a2481922664a2875f162bbdd

SHA256
0ba4d3049449403e1966cf8922ac5c2e6130fabe72c0cc6b3218da82f9110ac9

SHA512
98db440b4c220a9e71b60104c819c402bd88b6c10b9ed518660e8550884fa518e165bf20ec2d85a4bb5c379a28e9524d4b69dd25dc599e062498670fe8f28bc5

Download Submit
C:\Program Files (x86)\Steam\bin\diversion.dll

Filesize
19.0MB

MD5
fb59f7262848e6c9413d76494d88e1c0

SHA1
9fcb582deb9e69b8b8f36522a859d206633010cd

SHA256
32dda887447b7b5fe74d7745cb6c2d28c677ba479435b4e4bdd8b7ac36379866

SHA512
1d2960b7549d4ce63041dd8e20f73a860d8ba32d7a70671a9ded5d539d364a68c621c6f95fe3c00b586cc2ec397d25211f832b5a72414d70c08b6cf6bf644776

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
12KB

MD5
6e740c8161d689d7e5e821cbe9aef704

SHA1
48c090d102493268ab948d30bc457ecf8b22c56d

SHA256
3830579f1d5b1a47274de8c0bec81cfaf5ac6050188be08109b43e1c6892fd24

SHA512
72d87dd4c03070c496927de1ce9d7d3104c653a0132a0e390d71dda4e1bda680ec3e16cf5fe20e0cf6d0ae7bdfe2827b9f8e6467306c7b83a5927a0ccf27b190

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
16KB

MD5
9e9d587c6716260d9a4cdce848d837bc

SHA1
2f8c6d56e19d2754e43db555f0c5d448a5dd9572

SHA256
6c569c46f54152729f16112d927827d6f355c24cc330ede9f3088975b80765a8

SHA512
0d8d9142906f5c702194b7881e5159d152c109662e4723bd95eb72dd10ce871f2d0c8a69ad4845780585cc6199db2fad21e71f9192f4f21788ca03cadffaf738

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
25KB

MD5
2ef5abfe71cdb6352da33f440b9fe054

SHA1
936a7253866fae0129884385209775cdf1463f02

SHA256
2b9a44c453ce9a55e250286aaaf669c7be48f17a516344d0eb12f0967e3aa327

SHA512
75fbda41d582f559c9e29286638d169e4eca2fa32c2b279fd2bfb8b74159a49e55c335b42114bcca2f48b885585da97ca2f3f115a7e42f4c70055332f3ce5c79

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
23KB

MD5
8d8523d0e4f4ab9890e3780efaeadb31

SHA1
962b6d9c3934ed0c43e15f3e691b95e83bb69448

SHA256
6237723f547a7bc24811d51618b1257b6484a854c47cb2eb074ee3ed53676e3e

SHA512
b6ac53deb87b7e922e2eb9d69fccc2f2350486017bcbce637599812378b120cf471d879d6158e0264e987f605ef70d22dece84dc0bebea893d39eec74c1d2ac1

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
19KB

MD5
daf0950ed12dea136994585cca75b223

SHA1
daa400fbb68a83268d03fd8f1f2791f4998a6b37

SHA256
81f00b7746ea11b2dc43bcb8ab7248af62701cc2139ab60c37d6556c2df097a9

SHA512
1b698407f7202b4949a29fb9084d68da4190c306bbb12ad06a2d22ec79ee0360375201f66a25c8983c0b2f8b251708fe00771b8acb19ac69505086d28878bd3d

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
16KB

MD5
414479c742cb13aa0bbbdfdc6ec63d92

SHA1
48ff6f06d165fdc97dec942abaa6af03df1aea37

SHA256
dcb703ec4278b9edd5dbbd40390dce6fdf915dc863b77cb896ee3e510b9a4374

SHA512
a86adf521460e979378c68116563b73b19e21f13a3101e7fb3f1a7f7d3f9d891755a807845f13c21e768f766e88033b4b6e31256e58d774153d28d4910603718

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
18KB

MD5
2c590af566ddc5238cb2d58342376970

SHA1
31fe9138c5df6869ebb07dbfedebab20cda1c1d3

SHA256
d4dfda2e36ab924b9562efd3a36aa86d72f9b28bff9802e4b270e1630407424b

SHA512
732577b0e337ecde1bd69ed4118d31775d32562f1f9d7790223e70396843231378afb2bfdd73b6401a9a091740808cecea4baf126f7716ec4a5f2a64d91d8c89

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf~RFe5a99a1.TMP

Filesize
184B

MD5
3cdebc58a05cdd75f14e64fb0d971370

SHA1
edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe

SHA256
661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7

SHA512
289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

Download Submit
C:\Program Files (x86)\Steam\config\depotcache\105601_8046724853517638985.manifest:Zone.Identifier

Filesize
75B

MD5
cabcf813194e3c8b1b4059f82993e086

SHA1
6db2d3d31571ab11b17f6bafe806430efe30f7d4

SHA256
253a83738a533fe54b84016894de805b16cc0bb3a7a4eb7794661c38385feb62

SHA512
cff093421ab08ae56138f0912723ffcab744ca67e8f7bb793636dc236a33c294214b5fed7bafe032ca245c9ebe715b4f249df996f291cb55755779da46d37e12

Download Submit
C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe

Filesize
16.3MB

MD5
1a475aa5000d3958df447de17e0dc14b

SHA1
8a45a8a2b38a524633a99abc7994aa0ac46c03ce

SHA256
1208c4d240918ab0b4767bc6a5c0cbe83ee7f21408fb0c5ea68769ebea759b3e

SHA512
e86be352a5732d18db772f3fc80a70ebb223d68148057663ed18aab5c2221fe6d1cb48d4f4e22940419e9144aeacdc03ea05739352f86aed7ce967afd7e80911

Download Submit
C:\Program Files (x86)\Steam\crashhandler.dll

Filesize
347KB

MD5
8a181eb1ea07abb3919d7c3d90393410

SHA1
8a21841c78c2402339570b79d8fed8f1dc600633

SHA256
468f40c0e25b884584ccb97deddf4d519ff519e6c02d41de11f98733772bf62d

SHA512
59bdb6d023b4a3d196644b46eb6ab303851c5a647c3b8e0c7ad4373f6154f36fd5762cdf843fc7bd6e970515cbf53b828be9b85521dc8c736426d0d1c89e98ac

Download Submit
C:\Program Files (x86)\Steam\dumps\settings.dat

Filesize
56B

MD5
9ebc3ce3e321b109f82e5c65dea44bd8

SHA1
f868549c3fac0fe1c4ea2703a1f088cdddd8d087

SHA256
b8b861a94a087873542f0a4afd032e150fd5fa8f7ea97cc73d17d9e7b777b0f1

SHA512
6f389bdfb8a5c5699441f2fa9586c64515c391d3dddb03d8e8537520cfd1f3eb8ee7e56fcc7c789edec85a95ec420e56d070fc303b9a3670152fe40ce327802c

Download Submit
C:\Program Files (x86)\Steam\logs\bootstrap_log.txt

Filesize
25KB

MD5
7fcc86e0c01ef8bebcba3f08772fc2b2

SHA1
93a434fbd7237b0ec5ef2f93036e225b2d0d0a54

SHA256
c10ac24e6fee4ad24e5e991231632f2db2b5fde43a4b5fadb7489f7ef5c52432

SHA512
18ba3beccadd13734baa90971e146bdb68564a02ad3819f284d413e685d881b646a94bf606451872bbfe19c478e7cffbcb886d8482e5cb799cb1ec98aba177df

Download Submit
C:\Program Files (x86)\Steam\logs\cef_log.previous.txt

Filesize
1KB

MD5
d88a84edd8a23635b90906f23e163b21

SHA1
29279c8ffc58170f18efef10f9d9b80118c10366

SHA256
5bd48badcc2c51a085b41a30269dc2fc531a0adc27b5ddcc3c4439910b457017

SHA512
f326fc5ba70653086e6fb05e06c8873a6d5bda1b7881f41044137bc59c975a8c81260c514b88b01dc256e8018d0bebe32163bc6c4ecc1e9617287e4c5f810836

Download Submit
C:\Program Files (x86)\Steam\package\steam_client_metrics.bin

Filesize
3KB

MD5
3e96f9c5327f0c2593cbdcabd0cb819f

SHA1
2d57b1cb9027c09593be86318bc2c810c3120b29

SHA256
11b063ef9960ee7749edeadb66c7b194189e692f39ff600e8dff01173c751e4e

SHA512
dfe24b893b1b9b5f7f9b6c2ec45cdbf7d0368f949d1eb85edee93dc1439a557aca4b133c27607a4d0613fb4d23d0cd00a2a6edd430fe29cfb39a64fea2ca8f39

Download Submit
C:\Program Files (x86)\Steam\package\steam_client_win32.installed

Filesize
467KB

MD5
9aa4a36151f946d00014117d75380f62

SHA1
9079a91c072fa2268ded0601a8865335d8646a3e

SHA256
e729bade62b46b02966a91a6bc0049e47ab0c7b127dc8539faad26340638b339

SHA512
0f1240c11fa02461619c35f7c8309c5bc50fe87302bbb7166ac656293028e15de5469c330ed26ce2b4a325ae4ba8530c28a1fb7c66ec69b47fe78b82c0d22d1d

Download Submit
C:\Program Files (x86)\Steam\package\steam_client_win32.manifest

Filesize
8KB

MD5
fe5170d0df394c0f68f44b56c5dd9954

SHA1
bd8b3761e204f4190120a2d0ba8111fa6d4b8007

SHA256
d9128bf6e56002320a8fde94681a3a4614b44a960d4b2578571deeac0b6a9aeb

SHA512
a91b3bc4d2dc3b258c5e12f946fcc2a1fb3f5d55d720c4b000c2c1a78c0f6497611ccc8c5d0d3ef2c6f96a933b0fb09c85acdc46acb47af31d143081811a4ce7

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

Filesize
4KB

MD5
0340d1a0bbdb8f3017d2326f4e351e0a

SHA1
90d078e9f732794db5b0ffeb781a1f2ed2966139

SHA256
0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544

SHA512
9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

Filesize
6KB

MD5
4c81277a127e3d65fb5065f518ffe9c2

SHA1
253264b9b56e5bac0714d5be6cade09ae74c2a3a

SHA256
76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9

SHA512
be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

Filesize
4KB

MD5
2158881817b9163bf0fd4724d549aed4

SHA1
c500f2e8f47a11129114ee4f19524aee8fecc502

SHA256
650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7

SHA512
f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

Filesize
4KB

MD5
03b664bd98485425c21cdf83bc358703

SHA1
0a31dcfeb1957e0b00b87c2305400d004a9a5bdb

SHA256
fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115

SHA512
4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

Filesize
4KB

MD5
31a29061e51e245f74bb26d103c666ad

SHA1
271e26240db3ba0dcffc10866ccfcfa1c33cf1cc

SHA256
56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192

SHA512
f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

Filesize
4KB

MD5
da6cd2483ad8a21e8356e63d036df55b

SHA1
0e808a400facec559e6fbab960a7bdfaab4c6b04

SHA256
ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6

SHA512
06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

Filesize
4KB

MD5
27993eb75894ca4894db266ad9b5e61b

SHA1
4def653ee04b0514822b690052598435ec25e686

SHA256
fbc09c1b9a55d04b57be8fb2ad5ab58b38f76054ecd3d1b70440a2d08191b05b

SHA512
eaebeee5b1a7dfb9bdf661623554793d7ef7e15d9f9cf01f94da1eb0b84b88c8f24176463d15c407ebf670c5b7fd4052daea33ba43e75c1de2979487c4987bab

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

Filesize
4KB

MD5
9e62fc923c65bfc3f40aaf6ec4fd1010

SHA1
8f76faff18bd64696683c2a7a04d16aac1ef7e61

SHA256
8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7

SHA512
c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

Filesize
4KB

MD5
10c429eb58b4274af6b6ef08f376d46c

SHA1
af1e049ddb9f875c609b0f9a38651fc1867b50d3

SHA256
a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13

SHA512
d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

Filesize
4KB

MD5
5c026fd6072a7c5cf31c75818cddedec

SHA1
341aa1df1d034e6f0a7dff88d37c9f11a716cae6

SHA256
0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382

SHA512
f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

Filesize
6KB

MD5
189ba063d1481528cbd6e0c4afc3abaa

SHA1
40bdd169fcc59928c69eea74fd7e057096b33092

SHA256
c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695

SHA512
ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

Filesize
4KB

MD5
18aaaf5ffcdd21b1b34291e812d83063

SHA1
aa9c7ae8d51e947582db493f0fd1d9941880429f

SHA256
1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5

SHA512
4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

Filesize
4KB

MD5
1514d082b672b372cdfb8dd85c3437f1

SHA1
336a01192edb76ae6501d6974b3b6f0c05ea223a

SHA256
3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4

SHA512
4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

Filesize
4KB

MD5
8958371646901eac40807eeb2f346382

SHA1
55fb07b48a3e354f7556d7edb75144635a850903

SHA256
b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585

SHA512
14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

Filesize
5KB

MD5
7e1d15fc9ba66a868c5c6cb1c2822f83

SHA1
bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7

SHA256
fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265

SHA512
0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

Filesize
4KB

MD5
202b825d0ef72096b82db255c4e747fa

SHA1
3a3265e5bbaa1d1b774195a3858f29cea75c9e75

SHA256
3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314

SHA512
e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

Filesize
4KB

MD5
7913f3f33839e3af9e10455df69866c2

SHA1
15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25

SHA256
05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c

SHA512
534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

Filesize
4KB

MD5
58e0fcbee3cca4ef61b97928cfe89535

SHA1
1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b

SHA256
c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425

SHA512
99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

Filesize
4KB

MD5
9b0b0e82f753cc115d87c7199885ad1b

SHA1
5743a4ab58684c1f154f84895d87f000b4e98021

SHA256
0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32

SHA512
b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt

Filesize
4KB

MD5
eb8926608c5933f05a3f0090e551b15d

SHA1
a1012904d440c0e74dad336eac8793ac110f78f8

SHA256
2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04

SHA512
9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt

Filesize
4KB

MD5
6367f43ea3780c4ee166454f5936b1a8

SHA1
027a2c24c8320458c49cd78053f586cb4d94ee6f

SHA256
f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998

SHA512
31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt

Filesize
6KB

MD5
e04ad6c236b6c61fc53e2cb57ced87e8

SHA1
e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4

SHA256
08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e

SHA512
0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt

Filesize
4KB

MD5
56dcf7b68f70826262a6ffaffe6b1c49

SHA1
12e4272ba0e4eabc610670cdc6941f942da1eb6a

SHA256
948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f

SHA512
c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt

Filesize
4KB

MD5
66456d2b1085446a9f2dbd9e4632754b

SHA1
8da6248b57e5c2970d853b8d21373772a34b1c28

SHA256
c4f821a4903c4e7faea2931c7fb1cf261eba06a9840c78fdca689f5c784c06c4

SHA512
196c2282ba13715709ece706c9219fe70c05dd295840082e7d901b9e5592e74b1bb556782181cdbe35bd1ab0d6197fef67258b09491fabc6f27606dbed667d49

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt

Filesize
4KB

MD5
b2248784049e1af0c690be2af13a4ef3

SHA1
aec7461fa46b7f6d00ff308aa9d19c39b934c595

SHA256
4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690

SHA512
f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt

Filesize
4KB

MD5
194a73f900a3283da4caa6c09fefcb08

SHA1
a7a8005ca77b9f5d9791cb66fcdf6579763b2abb

SHA256
5e4f2de5ee98d5d76f5d76fb925417d6668fba08e89f7240f923f3378e3e66f6

SHA512
25842535c165d48f4cf4fa7fd06818ec5585cc3719eff933f5776a842713d7adb5667c3b9b1a122a1152450e797535fc7a8e97ebdd31c14b4d4900a33ede01f3

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt

Filesize
7KB

MD5
53f7e8ac1affb04bf132c2ca818eb01e

SHA1
bffc3e111761e4dc514c6398a07ffce8555697f6

SHA256
488294b7faff720dc3ab5a72e0607761484c678b96d6bcd6aad9ee2388356a83

SHA512
c2e79c2505a6fd075df113ffce92ad42c146424ca39087601daa4ed15a2b5528d478a093921d9d8a738c7b6b963275a0693ebe526b6e2135d14ced03639d0e70

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_turkish.txt

Filesize
4KB

MD5
29f9a5ab4adfae371bf980b82de2cb57

SHA1
6f7ef52a09b99868dd7230f513630ffe473eddf8

SHA256
711675edb20b3cb70acf6cf75f2eea8e0d87c8ace3e11c8df362b4517427a34f

SHA512
543fe63f791250e05e8fda24fd2ceadebb4c8925e8927de49ae490895c87eed3e61a9ad50237532649f99fe3165836261de215ee3f66ffbfc6d677ddeea7732a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_ukrainian.txt

Filesize
6KB

MD5
cadd7a2f359b22580bdd6281ea23744d

SHA1
e82e790a7561d0908aee8e3b1af97823e147f88b

SHA256
3dd0edfbe68236e668fb308f92fe7c6493dbb05bfca85a48de93588f479ccc99

SHA512
53672dd13e6ccbe96f6d4a61297c595b6d6cba8de92caa51ccf8ab1d8a82eea5a425eab348f295b9ec27de0026ef849d9230f751a46e040be8863923f91b8519

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_vietnamese.txt

Filesize
4KB

MD5
f350c8747d77777f456037184af9212c

SHA1
753d8c260b852a299df76c4f215b0d2215f6a723

SHA256
15b6a564e05857a3d2fd6eec85a5a30c491a7553d15ffc025156b3665b919185

SHA512
efb86809a0b357b4fcd3ba2770c97d225d0f4d9fb7430c515e847c3dd77ee109def4bef11b650b9773c17050e618008fc03377638c1db3393ac780b5b0bc31b2

Download Submit
C:\Program Files (x86)\Steam\resource\filter_banned_english_cached.txt

Filesize
1KB

MD5
009ca439b8e68dbdb83850d51b07c736

SHA1
b8dd1986d15aef3dcba09c954577c780b549c582

SHA256
4bfbbfd0114ee78d7795835c64aae6dc6b525547748c5dd1150d7d1ff8757c43

SHA512
25e90b8b737b30879ec9073457cc7b30bdc46ed71b8885ce14f9c1946476d65c6bbdd0ddc19bb09c406cd9439837aec5c8ad007dbb5a4378842e1634429b093e

Download Submit
C:\Program Files (x86)\Steam\resource\filter_banned_english_cached_timestamp.txt

Filesize
29B

MD5
a87fd0c24c76721c0f59225558966091

SHA1
c8ca7e49a2fef879cf2cab10359b27ecf87990fd

SHA256
1935ba31980fda1527f0a20353fb916b5c9e53193620c8f3e8281bf8194609a7

SHA512
03781362751df77862170d85fe0b86efd0a1a7e531642f3ff4f8078ebd7aab96a2e7c679d6f5f427efbae70171aaf9b4307cfab9f5ab737a79b6c01258aaa1fa

Download Submit
C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached.txt

Filesize
2KB

MD5
0b8f38d6f219adb6af9a46e34c8b55c5

SHA1
abfb7eea3e2073ef536ef4c020b79dce54028174

SHA256
c6cced2a542c64817209699a48ba5c17f32ad47a5bb799d395d707f665378de8

SHA512
4a4dcd5efb3433f23848b7bcc18a430f05107985e48f280874f0058eac863b3ddac9f849ab55271f619c026a6282387f553f1ec25e16eba7cb68c850f314beea

Download Submit
C:\Program Files (x86)\Steam\steam.exe

Filesize
4.2MB

MD5
d3484bb0997b56404bdc05122c8193fa

SHA1
fa96d4613a4865830e608093eb83b8eb8be8482a

SHA256
f5c97342e82c944e810094bc1097201f1bd41c64ba615aa3d68f7a9543a6d2a0

SHA512
157deb211acf9a0c2db0d392f2442889aec05aa90de3e08ebae6b784e12bbe4d4a20d187b085656410024f66609e2bac7449f6605c02249e57ce8d9ad8f165ab

Download Submit
C:\Program Files (x86)\Steam\steamapps\libraryfolders.vdf.async4880.tmp

Filesize
231B

MD5
c334f61c079b59e5077388e3e83a41b6

SHA1
1c33924202d5f923dc1fe8f5f0c7916d9e30c3c0

SHA256
42c047ed8272e2ecfb1044435c757817c9c24799c4b68d291126a0e3c85df002

SHA512
4e5e18a6da666a1b1b963894ea7c5cc24ec54a32cafdd4642b811b8f7daed108bc1faa6427587b555c160992b87f71d9ba7a2a351e7f67770d06632ad1a342b8

Download Submit
C:\Program Files (x86)\Steam\userdata\1842146717\7\remote\sharedconfig.vdf

Filesize
165B

MD5
611a49e42c82fd5f61f96f829569d663

SHA1
d2d3978d261da95f08087cb6ef2e23d3ac70c50f

SHA256
ed4e1794c3b8d88a5c529a1806a3540b8ac000a53cce11523c58b0b0960eee7b

SHA512
e45425fa2042c8bdd31359c12601bec543221ead5f9ca1825b01187cbaed60224f8fac894f2af805f244e7411409f4a04af5cbdede60866d17cdd8cf29558c37

Download Submit
C:\Program Files (x86)\Steam\userdata\1842146717\7\remotecache.vdf

Filesize
291B

MD5
76768d0be9554e670e0249a83bce7a10

SHA1
210017bd6c812de0206395621829a97be4e55126

SHA256
0080fc96025a32a2b50e8e810f709ec625f4909ea269b9fe5dc82c732d239ed5

SHA512
52db72059b5aefb90888fc0863fbe302aac8313beaf0f5e90c9f1ff3cd6aec2b24102d40327df46bf8bcc89cdb3ea640b995f67636eb1e6a2522ecde659e107a

Download Submit
C:\Program Files (x86)\Steam\userdata\1842146717\config\licensecache.async4880.tmp

Filesize
67B

MD5
c4c82bbb27cd4255db1ef285f3b26d2a

SHA1
da19d5bc62a6a0d5a2ba662779f73388e127b64d

SHA256
24987d7474ccc8f261752b2d7f2546cf5131ad1bf1773d645e66c84901deca27

SHA512
34865195fab4d09f4c680bd2c2b497bb34b5134166dde44c6911ea558c0101337f0af26ea42a5f5ece6f33cd5783f46bbd8e9f5be4f9ac7c15510f766a598894

Download Submit
C:\Program Files (x86)\Steam\userdata\1842146717\config\localconfig.vdf

Filesize
3KB

MD5
195513f63b13f6a76d6415024cd06229

SHA1
8bb5c5be48fbffa42493ead1a31b50adb58f1b41

SHA256
68e0db7f8c862f73d8b340d46dad5365a1f2334190c8e9ec7c14e4cf2ea48e51

SHA512
72068ef891b2c50054d5196b97bb777e888440b37559a514d32596b27a1cb1fa548c863cced22673e77c257a6316d69eac4a055a829ba4bbc6a96626c42a4f1e

Download Submit
C:\Program Files (x86)\Steam\userdata\1842146717\config\localconfig.vdf

Filesize
4KB

MD5
138ccbc4d9f63ff5162cdd679a0ba209

SHA1
af487f975e6074e1662810fee9caf56895b3c6ba

SHA256
26f7a6e6d1d3f1f763c5d71cb348002585738b423810a60d1b502919dd8e06b9

SHA512
f1f17d4ee63d981420525af6816d13bf5a919305492649fb7331572b1f1efefda84926fb12bf8243369e0bb053f60baffa1ee59d4761790c6fa03c30f8c5452a

Download Submit
C:\Program Files (x86)\Steam\userdata\1842146717\config\localconfig.vdf

Filesize
3KB

MD5
6f22b69a8821ab289a36cd24801a0703

SHA1
5f1bc0922c4cceffd826c3d3309bf7ea99914a1c

SHA256
2390e7f9faa72e03c0480769656f108de15d1fe1b64b98b53baa333f358e820d

SHA512
58d48e24c6367b7a4402d619b572b9ec32570714e67d8e7cb520c52dc75e046167f9f3399bd3f238d5fc5f71c33f39f1e4ebb38259e9c5653e1277723a8ae3fb

Download Submit
C:\Program Files (x86)\Steam\userdata\1842146717\config\localconfig.vdf

Filesize
3KB

MD5
e2a24ad86b8305ca84fba9f86505d423

SHA1
94f8995e96ae801065d1c6030c221193927402b3

SHA256
ae2222bb88f6933605e3ac5fb4c2c36387b08cce73115537559b8597335e92c4

SHA512
568f97f5d5b072c51e77e30808337441dfc855259d99ad6349fc11b3c5656835db4169c601e95d78782c789d0ede2673a1395699383a3f36592b222ad6d8da2b

Download Submit
C:\Program Files (x86)\Steam\userdata\1842146717\config\localconfig.vdf

Filesize
50KB

MD5
1bd199e8e8c2e1a60d41d35390f5272e

SHA1
615a1ffd626b2c99cd9483b4e53f03de693efd95

SHA256
7f4bbb6efc881019a1890c510a41003b377e52c748ca1f13e29082525598eb8d

SHA512
a9457a30e807d8af84e67fd177f8d6ef92506fdff7be9f4ad3a8b65dca876c1ed78b8f1eca11bd9e4ce899d4e4a058e3e134aa03283714f9220d4674b2e17850

Download Submit
C:\Program Files (x86)\Steam\userdata\1842146717\config\localconfig.vdf

Filesize
34KB

MD5
7f211d80caba68280efad015592f29c3

SHA1
4c72c1376394e88a3364db6610079e76768012bd

SHA256
a34053965cfb570788b0d9c9e6fdec5f4e686f8e6c89128a52cab7a6dbe6347d

SHA512
14c8b50ce413b8613a1cb0acb5c9390b2108d85a1d3caf4cbc9a23e48cdb1077a0829282a8e32bbd1d9b627df8f36884d30c4dd03fb0e4020244e7156ea84910

Download Submit
C:\Program Files (x86)\Steam\userdata\1842146717\config\localconfig.vdf

Filesize
50KB

MD5
27c3addb81b19f9e60d14c7d74922229

SHA1
1cea926c2f2dd5adb9485146968f30bbd4e724bb

SHA256
32f0c1b05aa444264e91a572975686fce254e5fdba12bca91fe216b4f1072195

SHA512
1ed14612fad0f163e082c787ff75ae0902551098a1ffe83da751e86e6565fd46d9cd7bb3ea3eb694e8678bf803225e0b334ae2230e1974a3c82a73faeb765fcf

Download Submit
C:\Program Files (x86)\Steam\userdata\1842146717\config\localconfig.vdf

Filesize
34KB

MD5
3a787b8f8faf977ab89179574ba41a13

SHA1
d0ee808f722aee3c17b15fe94e90cf3eff90bc48

SHA256
c36b7cf52440914b9d23aadb33357864b72f0011eb3254fb2401b598c3c2a88a

SHA512
2eb75eb94150dd48a5ffc0326680c353ccddd8de4608ad8b653c1fea81c00cbd481a6b8364db2a89e8b2d825f232d3538601dbe23420fd4ea0980b7ee51b61dc

Download Submit
C:\Program Files (x86)\Steam\userdata\1842146717\config\localconfig.vdf

Filesize
34KB

MD5
01d9dcc7f3a29447ab84c43a46f328f6

SHA1
c39ad4bd8da50079f0305ebb187e71ad632cf33a

SHA256
687d2952381e4ee76615657829863740f4c2af5f34e3aced3d57200387f20e6c

SHA512
b3183e41caae262b65161f1b79912840ef8d3e5eef15aca633a99a114dacbfc3dbbb14efa02710d73c58ce96364d8f597f3fb41f2138b638995cee41036cde7e

Download Submit
C:\Program Files (x86)\Steam\userdata\1842146717\config\localconfig.vdf

Filesize
50KB

MD5
aff8574ec126b948eacb97b4c01db84b

SHA1
5291c725a3d19efffd96253e58540a11f2684a39

SHA256
e5934d2b7b4ed45cdb1081bb5af8e1a270593fc587af7a3496f7dd8c362835f0

SHA512
1e64c55e1c4284283db30ec892aa6f345b984953367d0fe7e268f1b1a5d1344d6798c0e89ba25dfaa155ce299b8ca67f2a611f3f55e45822892236ff1ec444eb

Download Submit
C:\Program Files (x86)\Steam\userdata\1842146717\config\localconfig.vdf~RFe5f6114.TMP

Filesize
237B

MD5
84bbff7c586c7734642ff31be7b16886

SHA1
a4ec3c5551737cdacd6925fcaef4fba43acb4c11

SHA256
14ff45180d7096641fb3d3b4548cedc6108f901b39534b1ff481b678a42df445

SHA512
6b407359ee1db809dc8f39abecb74a4be3a241b05612780854c518c4afb9a6352791d4dd0c26f2694b6edd1fa653a3b1e5fc0da7561a342d6e4c106b8606c4d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c03d23a8155753f5a936bd7195e475bc

SHA1
cdf47f410a3ec000e84be83a3216b54331679d63

SHA256
6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca

SHA512
6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

Filesize
20KB

MD5
cf0a72b0777b553d5a1b26b49c978a79

SHA1
dac1fafc4e2ea7c4f8d3e194fed653729c68c986

SHA256
5c11333f71b4e6c62f9c9b3b8c7efa7b65b140ee510fc4aa2e22c0bed1222cf6

SHA512
43e8963b0a98c44efdfb50702601f6c79c79da9e065e1a6dbed969ed70af4caffce08ca1afaed6bbb0ee9a9b3afffeea09e84aaec5f68966cd66b86936811142

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
3f7529183fc7c7ac1e6a9ead86722ab9

SHA1
bfdd764ff0f66c444eea4c80dc473189d74dae7a

SHA256
ac20974569c030b1c8978a02356f5a9579971ade036ab3c73179bc04950a4bdd

SHA512
9a3d9036c554c0752ca8188c705f75e45346fcae9d006169a3f5415229f17a93b59958c4baf3753ff51966f84dd245ea32de87b724b746ac81e37714188e1ffe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d18b06bcc03820324c152e7a5161da3e

SHA1
6238bd1298aecdca5993b5d22aa09d988e269544

SHA256
3fc222867c32087c588a9b4a195f6920ec76e2007a4fe548a626041f9c667a60

SHA512
310ee1083309c29db55794c45417fdfdd75677d8c3e52a5ed2bc12fea10bb1c336b901a81a4898838df6622bd81643bf7917d534d51d0864b7724ea2a19d748c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
41f488a92e8bbc9ec862821c0511b8ac

SHA1
da6c0440d76f10c8b011fb4cc1fc971c00219a6e

SHA256
2b60780e6d0fa86d0268fb6094641bbeeac606520f6ff0b6dad5f68a6dab5662

SHA512
02ed0f65511da1338c3ea1e07af2ee2d0de2bdbc20ddfffd4821fc7649d61f7ac790f31bdcb645265412ac3cc34b4fd143109db2722c527060ff760a098c1819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
6e15b5e21da3932a97f4d6d83879331a

SHA1
9afa8a4e606227bc5a890106e0d3027bb07c50c9

SHA256
f4eda997350a6f386001c90fa5e4783ddfab887da2473724132273acc87e96a0

SHA512
0a503bd646e842ad215fdceed3b0610cad13f56befd6ebca338143bebcc5fc49751398821cf77e9fc9c009141a203431644cdfb6551fed14eec865143af9f6f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
60d35073b7cf828ede26768c4daca5f9

SHA1
a41fcd043c3bf7b6fc468aa73713d4923397d217

SHA256
a925c17e8094793735edc200d7cc2c1b3f74bc2ec519cff2399f9aacff0d4c2b

SHA512
4ff828a56fb5265bd8f7a13d3b82a1646356bf3234792a03a81977252d123616c3e167b9c36f892559b3ad869a7c51d605faf6bfa54e29ef131c185dd4cfccdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
03a6414ba36ec75a6edc71a5377fbeb9

SHA1
21c27d7fa03d07bef9b6cb40743b2c0e11ba7d8e

SHA256
7ec459d1d819723d6ef9d8b57d44a7029774fddd65c94989044ea926a963db3f

SHA512
7eb0b89eebde4f30e9c09844d69ff864980d5d774df268f4e8db08b3d92f5091c553072955e61ecdd0b8c1c76ddbd32217ede084f9341f5692a0c455e3c3a7de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
821f2c2c141532747288a214b85fc0e8

SHA1
a061b3975b2d08c766b0b0137fdc96c1e006e05c

SHA256
8bedce83ce4d53c2f01f7c1074dc29dae3754b7532c448bc3739a0acb475a183

SHA512
cad0bc8a4c53b0aa25e9a1e9624d28b73a7d16ade33fe1568e948c9b37209a00e9a467b87b5c01f7b4538c580b4b52db360f6077574168633846258271ea73b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d12fc1bae7c549f5ad8d691102e0c3cc

SHA1
2d113780c257659a53d3e632fae2f90e4f1ad303

SHA256
f2327a730e1fe23e1876b07c0601736bda0924af828668c75bb3a1f8ef3076a1

SHA512
d1cd66d480e05aa0ed111f1114985c344727334cbfbdfa4ab1dc68011236a950195d24dd405014cc59961e6d366ec798a2f8efa918afe99add0b3316a4ca837a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
15730d3dac1ce8490f43f04988c42e72

SHA1
748d6902f37f79e49fced2ad10f1cfa3cceccfec

SHA256
a1dedf6161c6774421a32b47b836007696fb25d55abcd28d41b1ca1920835afd

SHA512
29c336a80cd80422dc469176151876943b6cf766d35cbacedaa153cb779f10c44eda59b345e1a1f5fa452080d0990ecfc21412d76fc1d76a20cd3196a1ec179c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
71a002cdb7737af7a9427e0293eca97a

SHA1
d4ca35fe3e3dee9d70a97c708c3220c707d1c7e6

SHA256
42b0aba773086a053ef00f0842febe2015e7f5a4783d11d2aded638c83b9016b

SHA512
758b6dfc9cf7029d3a1fcc701d1d0b85bd37f893b00a959f6fe2cf7a474dca50016f0998508315d883aff6afb451d79b6b540676b8dd02033ed0b54e89d1978c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8a89a1915d8b8a8d2626bb9dd30a9a6b

SHA1
b254bed7484ff9997e552d62e9b553a0372befbc

SHA256
6196c9dedc2e2fe4c93373a3fdf74d75dcf43898155530192f4278e002a523a6

SHA512
61b85291a2f9ed4a6b864861a0602c5f7c6a85a9de8d29ad36e3472fe773c3c7b37a2fe696320973a1d4cec583d7cfbabb62996a59699d9db509a921484e8118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aca9715c0db6689e805e424b9b445e1c

SHA1
bc32e12e6971518bc7047b944726759c6e3ed953

SHA256
5bd3cf4482c297f3db1066197c7f79406d6d703ef4feb098596952ff74b51f3e

SHA512
298286953437047a638080cfc350e1e8bf838b7d363808ee1aca503d564a482aae1edd1ff37187533bcc600689fb68634cc7314a758de95d11db224d45333e17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d1ac0b07515f331934c42b0ade15f4ac

SHA1
5178fe815d5e422533738d6acd30e9338cb73ccb

SHA256
01d7b44b64d17f23c775b98dd44d36e984fb4f68ec670ed68942641f081f9930

SHA512
f431856714ba2e07f382716d2fce864c427d5a6d6051c44ff3667d9f95c672f8f371af984c3049bbfcb3c86d1084e270924a0a52fa95fd51e0873059ade82ce3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
51afda651b06df338428791ba96b292c

SHA1
a60eead86a8ef7a2e10c291a304edf16f9e2cbbd

SHA256
1357c9fd538b6ee300c5f81185eea9fda8af422940c58e4da7cff495d15a13f4

SHA512
8594fa9b5b6568e437e66e446bc1e13f7c936c1aaa34571f91cbb3cb40b00cf7b1bf60f4c4c3620056922658db875b099196d76043708018171f7033f99f80f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
277eb6770f87e0f8544d1858019d9158

SHA1
929c9737b2bb30ee6778960e9c06a4429dfab2ad

SHA256
25c2112157c0f42d437530c4ea27f86a9d2f48331d1c2dc7554f6259015be5b1

SHA512
2c5a472efbc5bdc5fd7438938bdd3d20866e7df3d01aec0f90bb0547c9584d645b71e6dce77b2ac4b675525e555c66705bdd89ac00e94d9f4a5476b28747b8d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6497cdae5e14075e9740274aedbe889f

SHA1
a4bb1711f2b18e9d003df8cd17cebb9e550d1c4a

SHA256
bae0fcc50bd97705563afef6168a0fddc8556b7936d437bb31877b0cd9d7e033

SHA512
8334e66627ab18bb2ae65b8713ebb0da54e148248ec44132384d9231232ae7309f4c41efa47ce00f255cfaed8e7142959e538229882493ae4ec340dd4e8fb5e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fb421d39df2f3ebd216d98e12fe67fb6

SHA1
b542df358084a5d7a902b7a0260fb6412aafd898

SHA256
bbf9402cb051fcf54f19f2a5b84d7751396c98924925b2a1a9df47c39cd09cf0

SHA512
1dedf169a8cdf4bf8ae75e7e635198074572f05b26035fb4441117aae6df0d0c37f960adba07e88830a7f8825d6c6294413314b30746e4800c4f7141c2fcdba4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e036e200fe6945e69c4ea32313475d35

SHA1
5a53873f1925c4875633444f112883eb7dd67e93

SHA256
2efac0b153a4a6ac4b8c759bbd46c9acea1e83928700218b6f5efcb5f0098af0

SHA512
e6fe0c4f43cd21112c97f0362373973621ac5a81320a211aae88ec9e0857197e1e248d2c0e25bb558b5101c96ca18337eb76e81b774de1f201be0b2460d7c430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1a3885ade11a659372e1664c26c667ef

SHA1
d7b5f97b92877f56120ab7643cb96a928749c618

SHA256
dbfd892c3c1f49f17cb3eddebbdbba65c15a80c7b56cd43b97a9bda70670e703

SHA512
1ed2ec9c410a20b641f73c05e47e13186999afacd73afb7db3f5a814a168f37f526cae6181ccb8894d0fbc09201f6acc09ca413053d46fa859a02ec40a98cb9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b6483.TMP

Filesize
48B

MD5
40e2afba2caf0425c7ae1d4a52acb0bf

SHA1
521c30ec7e239fca04c63670452943f5ce60dc54

SHA256
1935a87e4ea79e31fb9bb65ef21b46a48dd3bdfc5782084b6148b9971771d91b

SHA512
1d5409de5107da4aca653fb45ee748c265b38ac7e420d83609359f36c5545574d4445807514b1a7bf3ad9a723dc86986cdcfbc2722f9b185b5c19c9bce6c4a89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9aa70c326a95d761a61a4abbe2901e46

SHA1
144578ca4ac64ab0830d3c5072d07fa255bbcbdc

SHA256
5e3bae8680868eccbb223b9849c8b64573dbe05b33e834c277d84238878b9871

SHA512
cd55d4a2163b7db852097f5fbb9d60b55ea1fbc78de9f933bb75aa18656a178a0b203d4d44c4199fa9e7a99729d82c7200ab36e7088427effc75a74b2d28c713

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
24f397037012433e7ff72cb252f033b3

SHA1
96466445463fe837ce831a838de05b8cc7b1fc9f

SHA256
ecc4dd1b1c109f3f1629d7c11b843827bf5c1c21b98f29949857e23c1912556a

SHA512
cc2bfea2740965655ad3921c2a01e4518ec359f8a98ecb6853a991b742834a0f2b834534fa67c378e276bc86d41acbfb2f91ff3127db47064cc4c1d1fcde2aa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
890e9fd6a34eba05ea6f8c8fe0af2140

SHA1
11fafdab7cba764a8bba8fd6ab78bd9415f1023b

SHA256
4476d020c3a94167254720641b648a6897d5c41af85008bfaa2ffcd1379f7d06

SHA512
736d72d78095fe0d5bf3305cc36b84af0e3cce0c7d45e47a365196883cf54394cf8ff430176f3d82885f07030e6b70c069c4cdb249f878600306f600071845ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
03df893034059eed1e1d894d88d41d45

SHA1
4c7671f5f4bf38ce21c781c6fecfcb363e54c705

SHA256
84eceabbc316e5708fe82edcdf0b98cf18eb47849e932282fc8732b38b6c8c38

SHA512
c0b1d62c31872c3f41d6d8af42580b3739189deee43520d677b849c95255ce5a029b80c312eb80cc85fbb61c2d776dc6163e2111129392d18302db9c71d784b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
87bf5b99309b9720e5a5560ea60940e5

SHA1
7a812551ae0a0da3173b71be90be83f6fb2d1e79

SHA256
6e77323d356e611074962086d87a46972d3f0c58d3dc04b545c0c7e67f7e7d97

SHA512
76236af0491e6356612866d93e2b30adb66cc9f6c4f716e85f4f9f1ef46e2485deb9a9e06d75e4792b940bbb3473c7bcab150fc34e748b0691305e942a11bd34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5b08b24f110cc96ae8099a3174374dc2

SHA1
00c8973a10958f111aa19980206616c3d31e9483

SHA256
2b50a2342b02aa7b086e1776890da5ac626c2e4984ee6fad1bf59f0b4eb47afd

SHA512
596a24e0cfb80ae517bbc0eb79b548bf4d77544240111616b9a487c612dabd9716f3fc4d89108d75ea0e63288ab36b744919efdea5a5c8d95327d4758f155a84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d04016004e6e53ff6af5ee6dab77f148

SHA1
c7cdf17fdd7752151919298a3b19c17112475d3c

SHA256
2e768e7bb0b4e5f881b918806ef7d3d3e8580db020480f39756ea7adc4196c19

SHA512
28d0d1eefdeb052c0e30de8559af9975b1b333268daf5f5c165876c2e7e368504faf33c988eaacd24ca5e66a00391590f86292ef4719d87a994d747cbc3f76ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7469f05439130a7028dc7ac36086a7e5

SHA1
93efc077b056b2e2cdebf4817325dce63ec53ddd

SHA256
f77e7d8f30146ce56c565d6c6e7769ee5d8a67d650231430c8e618015bc9aef5

SHA512
f61c6679ee608dfc71bd28de1f176c71906a9ec5b3735a31c0b0699eae8d008e3326f219545cec54178d180973531cc12976c60adf9d1cebee256ea439750d4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
eaa9d22322c8cb1e9bc4ba2abbe5697a

SHA1
911d8c418b64a250a1f7af44c9563dd1b37e3b9e

SHA256
7bf24e4fa549e27d28428a8660a70a28dd3679ed5860136846e0fc757db5f183

SHA512
136c8fbc67a090beaf53b52a89c3807c8f8262a7d6f4fe77214cd2b18f478f294b2a8eb6744b40c56b612250cb0b99517f1556e0c989493d612eb03438ef40c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b5b7a.TMP

Filesize
203B

MD5
b221679fd458bdd896bb56e86f52a362

SHA1
15134b4ab0f8c198e0af4c6c1b41cb370e79121d

SHA256
a6b3040ad84f2a5045bc4ebb61433a5cd436568ee4d9968a94a144e0f12be05f

SHA512
f4c2493ad9855ad6c98e8f1484917bf7d4acd9c95c057f13e54842a08df798945bdfa8a47014eb1cd4a7f066cbf73a1ffe12de286bda084d812da74b719748a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1a48962950b0cc9da651c8f2ec57e585

SHA1
0f398410cb0e4a8faf1a0eb30acf212247e69553

SHA256
eaeb104a258d61f9642ff5dcb79ab31668e857b4397485452d184bdc20617543

SHA512
4033f4393b39d6527a018d08bf6f7df1ad33d721d904b8677021fb7ed6219c4383b2399336f017b8602e63c3bb3af23770c7b739f77733869aa9a958df7eadc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8046cef994902e78d8a2cd2e7c8e46d1

SHA1
760ddaa4e99bdfb4d3d06fafb694a2e12c7c23d5

SHA256
269eaf58f0ed1e105d2d7622bb18f83638e840e29086d3bfdab96180baad9b1f

SHA512
38d603cd92f44360f2c2883f33857a22444b97cdcb233c70f53d354acc38a0a71867428a5e9e10767ae18fc48d561f0007836253118821daa62eadf11b20b77a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
875837e121f22e31c251caa381788780

SHA1
d2af2917b8f1415bd7b48ead412bfbf5a4064a56

SHA256
09bc66c93e7a42842c2fbdac630b4e6917f0a7c9f59cebb89158efde3c277ac0

SHA512
e81fd787af0a9d8021964da8acfe65a967c82077d5d8f3dfc62fde91be8191ca3defb668465bf7b0b1edca209e6d13f8ff40e4d571eb59a32cc1933ee377ed04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
226cfb015014cb6bbcb726c6392d8db8

SHA1
5c9b838863bf8d2122dfb5db3e465258eb31ed2d

SHA256
93137d83733a68f11e8d27807b49c4cc82935c09ab06cd8b17697832609f1c4e

SHA512
cda65df73633cdb497eb2f0c93a2324722946743d7f05ac2d97976046a9bebd44f58adbd17899114df6810c0542b9d20476307cd5864fc5fa1c959d2aa763c3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
32efe64a6b48daaa4aa7523bb2969881

SHA1
9cc78eab1c7eb71f4dd753c3d0dcf961a4266d7c

SHA256
6006646b2d2dd183805f92edd98a0326a8728218691df06bfa6a18c517c3d613

SHA512
d2827e56125ca780153ef9ff910eb367a79091a48623ff51e17ab72fbdf50d29ad8a477e8118ccd2a01f0639fdffb5d97d29bad1abbc4388326ea4c3117f4ee6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
688a72041651ea91506586d31df60dd3

SHA1
f771bc62af3dfc2e27bb078b975099a83a6daaf2

SHA256
d6c2e50591d11cb798f51b329147e26f6459e0b87fbe38ac4e7b0410236891eb

SHA512
8facfe4dbe6964f0bb944064a3b0e7b8685b49a1e0ffa126837e3621c5ddb62c48812c7246530b0eb38761c6f50916d21a7e35ec1e54f3007aae0b42c5b4daef

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
398ce63bd37303d0985a0aa88a38b4c6

SHA1
937faf4a1451c8a0be62bb52676fdb3a89511a49

SHA256
37b37819270b78fd94c6c0606afae4a06e4e5f7380d980a40488472d0ce05502

SHA512
bb5ca7595ad936d72e86c1c3a4b0fbbc235b2fea32cf8d9cde62aa1178f1ac4199d7e1f2e42a0291f3b5778689d36effc5855dc00c0a2a1dcb24494cca88c6a9

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
d6d3499e5dfe058db4af5745e6885661

SHA1
ef47b148302484d5ab98320962d62565f88fcc18

SHA256
7ec1b67f891fb646b49853d91170fafc67ff2918befd877dcc8515212be560f6

SHA512
ad1646c13f98e6915e51bfba9207b81f6d1d174a1437f9c1e1c935b7676451ff73a694323ff61fa72ec87b7824ce9380423533599e30d889b689e2e13887045f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000002

Filesize
19KB

MD5
8f661b8c2dc08d06a2992b1006fbf95d

SHA1
51f7614ee218ca027670a3bb0d7cfe1f23869602

SHA256
8bb39a6f700638d352b26ee0cb86fe5fd1127397dbc18d50a5bf37eb9ef6519a

SHA512
80789cf71769f1c03910535c610c942aa4be684433bcdff360ba309a6c15b3878920a49d1d1303c322de64f200b8e5d316b428b66668d51f9ddffaac0aa5f80f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000003

Filesize
24KB

MD5
944531387ce01bdf7ad736937b9b13b6

SHA1
df6268ebe74638714887588a1f43506b915e717b

SHA256
d6c997210287cecf290cc7c5cc99c13a46d874786d1747cace5f00713069e2a7

SHA512
25cbff327f7af6013476a5453847a5f0a4354a8efe773a4f7f8e29c4b8c12ba8105ed344109cf0a83ee6fe986468c2318b212d2eddc1dc2a6fb4ad9c7f9fc4c2

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000004

Filesize
78KB

MD5
b63db6116a515c8ec16b58bbb1a0db89

SHA1
c8b53c1566bc23bf614f3faf2dd0e2be49aae50b

SHA256
58cf7a378014be774e0348655722edbf63b5470f6a4e84b19bb46e10349189a1

SHA512
b114bbb09dab653809bc63b9b7ce66be04b4baa50fa4ae938b1cafd86eac94b7742ece421fba8c491ad3b95980960acc9d30dc6f0c5e609f1494571583641ab7

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000005

Filesize
32KB

MD5
31b05e57c066452d73ab005bb42865f7

SHA1
2a8efd5d7753dd756c539ad66831b01f603fb13c

SHA256
84d0be622ddeef6d0793df5d274965d6d13a756979b4b484185dc7a051eb4071

SHA512
f793863cec23493b58311d37720fe7d48e21c92da5cbc9c5d4562e47a046e33be4584d58a1c031513298c55a9c33f5e591fd5ce831c9c33af9c2594bb071c277

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
ac17ce8254b590e03662c19043527966

SHA1
4d38abf16edab843361ea78b38f06e4e0bb73d83

SHA256
e661ffd406a7ef2520ae7302f2c7518f2711f748ae94075aee4cb9b42655c1fa

SHA512
9af64763a42c44b5830e9ecbc2b0260336bb83a64e13f73eca21f629ff97910c8565e97c7475f2286306a0d332aff23e16f31a0c852adea6a57b387d0b2d2307

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
59841b39b029d5fe5095e8cdb23832d4

SHA1
d7bf6a0a0ae67748875a25099cf8a7e7f68baf76

SHA256
fc397bb1ceda8ffb9ae3bcd897b434b20a0df361d58ef1019f6c4e6960d5830b

SHA512
b36bf89331e2dd94d83bb240f6690defb47cc4f1fa1cf9d68b2eb0a8663bf07826bba44d23d468143fb5fca09da55851760e474acc98007ad6d89351d47d3a64

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
6da4750ef23de1f9183310a5d296b3a5

SHA1
0aaf4c61cedaa8d6318957743240c81a23939a6d

SHA256
687f4d6cba80cef103716f141fa3f77ed7c62f7de021b8da2e742ea69b838cc3

SHA512
9ea1a925b5d2292fc468bb9133f7b04d0833622432b4298f82fada6539654be877eda36d0f142a43b68d9d5b07e62dfa74def891bc097ffe9439188bf4ee0358

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
108c398e0bb12b6cb3e5fe525d7796fb

SHA1
ada650965ef36cad993edb8b4693cd5d8c750e7e

SHA256
46a09d0c64a9e96477287a7439fb99fa96c2fb27755ab2b02cec34c1993d8ddb

SHA512
2e117341b09dd5df2af8be4b2f447ab93777bd6651034bcb8a0df75e87094429738744c20547224ff97b9a84bfa619c599abadbb2491422e561c0bedb3cbfe30

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d35d19ba0b0367516c8be11dc01d0bb9

SHA1
c2f5df55b82166c7f879ae5e4ea5ebc33d070f19

SHA256
fd60e0b3866d2ad3ad4854e05328dffc356fff543c439c3aa2a866403d4e3424

SHA512
f8d3044fe5ddb7e9b6278738aa6a7b37fb58b7ced89349106827d8ebeb893c1f34e3e55130978ed4cfcf08f269b7467bc94219300f4fddb7d3563033789fcaac

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
54f8bb594f7d0d7d688fd905c7823fa6

SHA1
12f5e8a18344a63b6b673df8e115fa3554d7987d

SHA256
70978affe737ef4f1e2bd99a994679f78418ce5c9a27c2ee96d1ed55ffe75fa1

SHA512
15fa9df65e7d4c7828b36438400e9b6ee74ebd6aa7ae4ccbe0adf9f2eabc3eaa38620a47d9a66dc8a2a02fc976d2c9a57b2374d199bc13881c825430a6f5a9de

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ca8a40bc061c15a686891c31a036540e

SHA1
e4cb84947bb18c26bc6432ac790e27a701ca6db3

SHA256
9927690fbe9edb15cb8f44d32d846411fd528054c448c3ebbffe7c433e35e2ab

SHA512
ab2fa5e44263c1dc3f2ab276117e97ed8ba6bff909413b66efc9ecdda64da5daf75083bbd6921e0f41637afd94aadd155e7ca7eb2044e0c9e59e7fefe0f7a632

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
856B

MD5
96eb59fa0f07ebdd90e1e922f5d2eb17

SHA1
551729190d01a6ac543af2469e0d8a24be81e3f6

SHA256
9181974a45357b3f3e4a7b5e7a7f76dc584e295ebb537c0f39f2d2205a796c9e

SHA512
8ff5716424560a111de6e1206b8d28762714ded4b43a800da7e431c9ae97a216d060319a8b456a26f6cdcee8497c7a222d8a490ff4a4033fa0dbefc9ad739c13

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
856B

MD5
f7711edac7cbacd8c8d68cf534133a31

SHA1
8bade50570b2be8b37485d96520fbab5a10469bd

SHA256
8e8e4cfce07d832c135b15099417c532bd5320bbdb31a0f1953b7fb2f8e30862

SHA512
86330a32253bbe1c2011bc0d4160887f8816f4a37b170b97aa65687bdf0dfb1c4939ba4d8d507e8613f4fa38f082055e70766f994b065f555efefbcdfd8c821a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
744B

MD5
d288750a3ceb38c84f586770e09d7334

SHA1
cbd091fe2f4e56af31cef57de65689dc5417f3bc

SHA256
6abe834f29fd164538f50814c96265c7dbc250d4b7eddb042eef2fe765fcb2f1

SHA512
a51c24c8cc631752e1d616e007c0b61e87aea38b267cfae0c3b4c7566a32eddd9e6bdac09354db62b7a58bdccb2a8b19b0e0bd489a441c674c63563909dfe41d

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
856B

MD5
e78325aa1e994cf05f59e350cfa25ff2

SHA1
d416149851ac5bfa364b810786b410be5183df8e

SHA256
a220e65067e0e845ae07aeb6a1130b0a7e87840581bdf50619ef71a9e7e40a7a

SHA512
95bb2f1d5659739ff1ef857997b340c64b92b60626b4a6b4d6d3dd67f69124007c764bdefbe1bde509468b256947f970277054c9163f7c2c4282c4dae5ea165d

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
856B

MD5
bdb5cc60fbd2f928a14437f1686418c7

SHA1
85f8a8028fc37cca24614342985b8401872a1611

SHA256
aef0e069b0e7a9a7442147c8734ff0dc91dbc1ffed62f546bdab092f6f8b2f93

SHA512
4437dbed8f06c45738649cc3be72b6eba5840ef1a0297996b6925d3e34b466167e3d18886c6e45af43c6a3dcde222dd4640bcfc86faab10a3d9c29ae648e2f10

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5ba68d.TMP

Filesize
529B

MD5
5938ff9583aeda65bc311e81cff3259e

SHA1
2de52deb8aeb97c5407b59b4e1dd920c1a9cd648

SHA256
4336b2da0214415c0b76e7265ac7f85d7b43a8ac4ff2b7cfef15dc688035b384

SHA512
a1f02528d071e2a4e9c792c0181e107bce38cf5345eb3b16bbe1b7468392ff973ee59ea38a1d164898699b012ac91d7dd56840e717a0fdcba6ac492e71a83033

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\1006fbe7-4815-4f84-a97d-396f82c0d362.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
2KB

MD5
a013f98ebda5193965a8b74038d4166b

SHA1
5b56d2b9fcdd122888209e56fe08d26b56df734e

SHA256
6f6dc33b7a52a1dbb5beddaad5910f3c009ab2279fe5293152a329160666cb39

SHA512
68a12c2ed4268a3bf58d106c81cd5131eecd21d9834fa880bd1024c01134c58c198c78db5d64c34bc0766557458f67bcad97bcfb3d5311a24b3faa62fc87f87d

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
300B

MD5
08f42b80ea6bcd139bfa3d2a5a51606a

SHA1
f14f22f50240d630c38e37606c9d960d82db1d16

SHA256
b24f69674127f2c1c481be8b86b7aafd9bd063e8c6d3db5836eb6bd9764f7fdb

SHA512
39356ec2bd9275ada7a9110f07f759caad9bd815caff73162dd71089e7be26b11cbd3a622989c5ac60fab941aba32650586a58496667cc21c822043f7920e66e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
0843682b6b46558e0c6347dfc086556c

SHA1
9a448e5e2e792d5ae1808a90b4f565eb4e14072a

SHA256
5a4418dcad5743b1682b73a9901b562e9e5810b585443ba0cb90ccd3671a92ec

SHA512
eff68718009c6af0c3f22cd50b18b6d7d2c4e354b62c43a4a2a9c01c0cf56f7a57b7c4323165bbf7290cf4b84054f6895e2005a7885b083a774e2a422c018642

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
48beabda296ce8d19800e1f94862ea8b

SHA1
2066ac8b250006f7f9e9a834a5db5a84c0afc3e5

SHA256
b7158e53be2fcd11b9b531f9f7e8108756333c1a7f5a17c6707c9d41f8d318d2

SHA512
faf09cd58249bfa825a261af6eeb9c0ef6261808596dec5950c8771dbdf7150f552cb38607888a7c1fc30dc1a12fad1d1789e07bbb953e389b975fd0ad2b8081

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
2KB

MD5
20faf0d30a12e21eee316cdf285af943

SHA1
07507b46c430318432142198b07ca98fd814760f

SHA256
a43b226abbc074cce4b6f67d6b86c42526a8c7782f3540d043723099861a105b

SHA512
83dc13eee191c07f7fe7ae8ce7c6aa629e1866a99fd5c3e5674a6db9f28cba1600b6222227e487568ea4f50e1fad07dcab62ad5b58b2e460723ed141e86e9568

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5bba25.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
0c135b68b5252c1f4858f09337ff9f0d

SHA1
1b0a3616ccc3b9e8301fb4d7b182fdc28751625e

SHA256
1aa4c3864756b441f16b24aa50f45e6ba2e514debb2fd52a70e1c8797d13a7e6

SHA512
a3353a126af06f929c31597e4338749de64c70b89e8a7cd723e2363b268053b440ae94128cc493f2f109de6515c148d74b29391255f37e4db6ca1e2a8f1a5f5c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
5d6b95b3067bc46ee14ffe426d0a13ca

SHA1
43684648d313c5a1f505c554641dd3a350fbc640

SHA256
812612548a880003ff9a2f2019a0163d412f153464da4e837d2eeba671beb7bc

SHA512
ff3f3d3d1dc0e54a20c856a57a151c91d3978d733cb5b126536c91e6b0b60170a9e530407e1666a7b29d3a8326a840f4e8cfae52e9dc0218fafcebf6bc2f9c6a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
4bde9c9829072c945b7e4dafbc141e91

SHA1
88097fe313fd6224481075e9f97d80c93f9e3d28

SHA256
dba8d070298f45c100bce473e5f48d128dac0820950aeb66584a6c071e05558a

SHA512
c98ff95df8d9c466298ea56c8845987824ad29d930013549429dbf4927476a8a3c279484226fde5be837ae49f77b51a2101175ab944209d8cd8c717d1e46d556

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
a0eb83f043300f625a656fea7a43f9ee

SHA1
4e0cc1e58b2a890f82799effbca91571e36a5666

SHA256
da67ea6f410b96f107aa984bee9ccdc808a12efe2da918196b27d91442f9687b

SHA512
5313c1621ebd398e19513f9a809b35cad7e974be78aaef1d4e39873a4f5dc62b404f196ebd4070b9c5cf0b1bc90c3abc663679dd0021ac251c9d3f0705111ffa

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
590cd70e8d703771e38dcd62044165a0

SHA1
f7869e881647c8b4fbcf6087ba285abef9cb60e9

SHA256
23bea3cd0484a0d93f6adacfeb74d73d119100182a17ce4d1c0750803dbf7066

SHA512
26c733134139cc21eae12913e9f7add998c25c26c982705ce3bb1600b5753ca5787ab0c4200449812d444e4fd6ee02ff4e3efedc673ee30ede8af31321cf2fa5

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
1b0fd7acfefa0249fadb83be7dce5f42

SHA1
cb850dc9d17c955f363879ff23e0c505e89bcf36

SHA256
a4f1b961b55b980741fb84fe988d904d5c58af9f69ece0e070a23d8bef8b6f34

SHA512
bb8e182a12ad8220e025f65e85c05d2c642a978ba7270f5e5b55e9eecc3b29f5438f177dfd45a1960bdf63879dd4fe644ff14bf57271e278402487ce673534f7

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
d67c4144b9474765ca6ae58a4b5b9607

SHA1
5e453cb8319212ff396cac079090eadc200944cd

SHA256
2ba4fed1e471737ef08781c3e2bccff44918d3fa3311dc02b8ab03e29087a486

SHA512
0799b2370b4dc5561cfa7af29e8fabad345066f51c3c257565e9a6b612b73a2a0856b059857283f770c5baea44a5eb01ce839db5655a81a75a60f0fad09271ad

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
cdb7feceff8df1c0abcbc2d7d8af06a6

SHA1
af3317a729ad66b39006e9434935af4965742b15

SHA256
61f5146effd7ce343c9e02f761c2e1df2984a9e6f9219e5440a4c96c7f9ed615

SHA512
f9a30e8e72ec7545c049e5fe17b64e6980351abf9b1a74e58260eb36d95b2db4017dc2e8f220c646500b641b91849738ce2d81f6463549edc3de8c3f9209cb1d

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
5f827bd5d14111047af31311da3e6efc

SHA1
02d6a3b7490a7fddc73e62d82629e968bed53a3a

SHA256
931328239e24996e51532d238025f5924db965a393aaf8b7a38f34e6d9648a06

SHA512
f1c8fd1b0f4ff90104499fdd8620a81d4cee3d8254d3b211ec70aa661e001e411f66d7d74e5791996a120c3a479105f5b94bd555452a1b19eac2d691fac6b905

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

Filesize
2KB

MD5
602c49f9246967bdcff45b4f43cf2fb0

SHA1
4c5796e0c724bbd7a9244cc8a0fc9e8f40181f2d

SHA256
a3ad9649c1038078038be1abd591cdba73b4b4f5cf30e11bb6cb7a432b746114

SHA512
2f273c0dd0127071f4c768cfe7277c6efff84c1ef4f4271c1326db3658c84261794b106af3198717f349fbaaaf276163700bbb50ae20fe52ed0a88a192d46f77

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9F30.tmp\StdUtils.dll

Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9F30.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9F30.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9F30.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9F30.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk9F30.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
e79fb3b7aa1a7b0e9e60d7a601379fe4

SHA1
d89cdb681630f078d8bfab9794030536d1a0e598

SHA256
5a4f3308456662ec5c85e78764e63b9c310532b55dde2007ddc223cbfe8cbff4

SHA512
b901a2722749e1cb23cd6046e2b6cf44fa37f5e951bc2ac178f83b3253aa5b72635de6104ba0c7813cdddfa17c4c744c4d02fcf65e260a60efff3532bb3d0989

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
384c9e408a80b93a8f4b5fb9bc6b1ada

SHA1
a21a97f818eec22aa126801d318ead6b7185ebc7

SHA256
b1930359ce12575885a8b970444e999fdec71d737c514d2982e42dbf5a0929ea

SHA512
b5824b2705fbe42fe5a3fa3fc7c35df3bc71d05af980bc2beb53324f7c3dba6fbc6b9de8d60ba17544a09e0ab37de284f06728b645019c39235d1084c13d0ebf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
1d059ac93e4bef1f0710dc04edb39f15

SHA1
cbe76a0ff8e1346b2e21c1fe03899209abad8400

SHA256
d4ca4b887e00895244a9066b4fb0e49e8723c2b647dc173fa65631c1f888af0c

SHA512
01b75f4db383fb8067f461c81aaf07dba3175771e82ec7212a0ddd6fb67771944116fbc2f0b3094a8c5b60c492c1efbd180e3fb97e952c0cdc17847a9ba6e8a5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
de2088c79eca912f2dfcf01fa3061d62

SHA1
cdfe9f8388b92b98bd30aa47255c21b5edbda724

SHA256
b2ba5f008fcc15777328697c58f00c89f47005edddb1a6184fc06608ccf03b8d

SHA512
ae04cc951c76721f313db5065089413799f83e7b8803d6595534f8cc5c49ca5db34eacb85b16d7f146a32cb2cab3cd19e3e985346c1090f491b1d793b066f81d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
3bace2d36a47f80a89a66ea3061b29fe

SHA1
140e7a7e8e3aba5ff2d95b213fdf2bb5efefc0b2

SHA256
4c2839bd35ca307358945da76daa7dd6448a4dd41f5e7f1fa961becc49d249c3

SHA512
a636d8b19bbba999123a0a3b34da0307f5e7b8f9fad90b0e9e883b0fab5cdfa8cacad1962c8e774d420d0a6a33a8738866f92f53818ae74a9d04c1a5ef2be174

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
963d785f523e4bc05c003dfee9c31466

SHA1
21dad44102b56d63a1914f9c97b98cc4e779ae5d

SHA256
667b8068fc8f6bc6a78f96ba965d6a79c33015fea1134a97bc372ee5c370df26

SHA512
578df5b7a17c442da900e257d9e1425cf8a9965b45b7140d5128cdbf53a60452b227fe1e2cb5fafdf4c81e96c2c4c1cc10878d78de947dbc9207ec072e8d3c78

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
7252579be80a149ff5cb203db8e10f3a

SHA1
1817de8e672ff3fbb32e936d40922c2f8ff8f858

SHA256
e516d47b45e0ed38c6a4485b3e31081de83b521012b458739ec251f4434f54b5

SHA512
665e033c90b5f3e1ea63b20fcf59f130b2bf97bc7921cce95e77faf2201c6e38fc1e5b42c712131790c5529a28605f21d0ea6e0577c5c687697f69aadbeff005

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
046b35b11a388fb9e21684393bafea4a

SHA1
4d33d1b39e1a44097c904f849ed75e0509da5696

SHA256
777646e7d6dcf54dbb4d7d1a39292c5fb959a0ba049e07404162184eb13440b5

SHA512
18cd75922dceed0a801ae191122d271e92d58da2c5772053bf4d0a3c8c0899fb17df2fff82f12336d29dc9a9cc124c7275fd2bcc7c2d5d60ed8de79d065f31a8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
730e7c8c3637839255458ad294233e2e

SHA1
16c2348db63e85b7e4aaf79a3dddad9dc1ce977e

SHA256
47567bc6cfdc785b8bab799a83c9401f8b0679f1b89632e093cee8231cd0c132

SHA512
6135d6bbf12854eba538728a0e3ce0a16a3f8bb6550629093fe92c48d237c9b83c3e967ea85be71d105453f1e470f5278afd7b39b2e44565a76d80d32c77f59b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
5afe40e979c5dfb2c0f4255c10407e39

SHA1
aceae5c0773ba1242722e7e108c5e7e62228b91b

SHA256
91a4f623ac8e6042e8d0b5a1024077888f95a93c164619f737757deff0ffcfed

SHA512
05720a31bf033032e54df41a0a80be49bbe72587a2c88a994be791ec8fec716ccf04a3f0f036c03484c5ece58006d0ca7d77fd77857bb7d655ee6ff4cce9c0b4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
6b4870a7de68d7d6fc3b1d94f5409723

SHA1
e970908c1ad5f760e34004dd93aaa82515214c17

SHA256
fc70f2d8cefe2ce6658eca601aea37717609bfbd802765d58a12534c2780193a

SHA512
356852c90e099f6e840fa78b02e5e3d6f164351808a2883f39c4d10febcc9aa96f440cbfb5d35a0caa7fc4f4c640b1585bcaa58aa817e295778b551238a419bd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
01b1beb1ad8b12c6958b6a1d611d3c92

SHA1
35dfe759df7fe6727bdf748fc6cb691f6ea5affa

SHA256
30a3cebf4e425a221ecea23260556c2dfaf87417063d129fcc24ae63807cfb46

SHA512
005b4140e0b46d5cb87fedf6acef8a04ad0c68cc2130b3ef6a7aa6cb02021719ba58c71c6e761ac55acc739017e78adef10d1dec3fa3ee4018e09c7b032f3995

Download Submit
C:\Users\Admin\Downloads\105600.zip

Filesize
2.6MB

MD5
4d50238a4d7a4dd6f0029974a4b0c886

SHA1
020b261b3b898c9fc2c1cc72408c0fe02bf72411

SHA256
3451f67a091060d81110bf262be0ab965bbb1859fc2177ccaf03a391ce849f6c

SHA512
a096a0c27fc000fd24e02d993c90d472a1380a7708f9fb123752c2d54a0c6d54fcda390f3f26e726a571a0e6a7265ea8d67731e49ad8b5c203dba4943a7fe2e5

Download Submit
C:\Users\Admin\Downloads\2358720.zip

Filesize
4.3MB

MD5
dda40bfd19208da70c4d498bd82e8052

SHA1
453a70c0d3f1ee02ed82a6f4eca5836775e37cc6

SHA256
c11dfb1b969403cc38b3a72f0b2911e312e5aca9b50badaa983b783ff5bfaa85

SHA512
4b24d18e5b751f8c4e54ce0cf302977b40e0e2259b3ed9c0d3da62deb4e5431c9fc7e3a51a191caed5f996c80f525e4015b28bdd1e85f2e5447d74caf5d9bc83

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9112_1007147293\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9112_1007147293\manifest.json

Filesize
1001B

MD5
2ff237adbc218a4934a8b361bcd3428e

SHA1
efad279269d9372dcf9c65b8527792e2e9e6ca7d

SHA256
25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827

SHA512
bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542

Download Submit
memory/1960-12324-0x0000000000FC0000-0x0000000001472000-memory.dmp

Filesize
4.7MB

Download
memory/12016-12377-0x00007FFAD77A0000-0x00007FFAD77A1000-memory.dmp

Filesize
4KB

Download
memory/12016-12378-0x00007FFAD87F0000-0x00007FFAD87F1000-memory.dmp

Filesize
4KB

Download
memory/12164-12529-0x000001EE08A40000-0x000001EE08AEF000-memory.dmp

Filesize
700KB

Download
memory/18068-12789-0x000000006EF10000-0x0000000070250000-memory.dmp

Filesize
19.2MB

Download
memory/18068-12685-0x000000006EF10000-0x0000000070250000-memory.dmp

Filesize
19.2MB

Download
memory/18068-13079-0x000000006EF10000-0x0000000070250000-memory.dmp

Filesize
19.2MB

Download
memory/18068-13286-0x000000006EF10000-0x0000000070250000-memory.dmp

Filesize
19.2MB

Download
memory/18068-12572-0x000000006EF10000-0x0000000070250000-memory.dmp

Filesize
19.2MB

Download
memory/18068-13224-0x000000006EF10000-0x0000000070250000-memory.dmp

Filesize
19.2MB

Download
memory/18068-13193-0x000000006EF10000-0x0000000070250000-memory.dmp

Filesize
19.2MB

Download
memory/18068-13161-0x000000006EF10000-0x0000000070250000-memory.dmp

Filesize
19.2MB

Download
memory/18068-13235-0x000000006EF10000-0x0000000070250000-memory.dmp

Filesize
19.2MB

Download
memory/18068-13239-0x000000006EF10000-0x0000000070250000-memory.dmp

Filesize
19.2MB

Download
memory/18068-13246-0x000000006EF10000-0x0000000070250000-memory.dmp

Filesize
19.2MB

Download
memory/18068-13266-0x000000006EF10000-0x0000000070250000-memory.dmp

Filesize
19.2MB

Download
memory/18068-13132-0x000000006EF10000-0x0000000070250000-memory.dmp

Filesize
19.2MB

Download
memory/18068-12532-0x000000006EF10000-0x0000000070250000-memory.dmp

Filesize
19.2MB

Download
memory/18068-12819-0x000000006EF10000-0x0000000070250000-memory.dmp

Filesize
19.2MB

Download
memory/18068-12493-0x000000006EF10000-0x0000000070250000-memory.dmp

Filesize
19.2MB

Download
memory/18068-12741-0x000000006EF10000-0x0000000070250000-memory.dmp

Filesize
19.2MB

Download
memory/18068-12863-0x000000006EF10000-0x0000000070250000-memory.dmp

Filesize
19.2MB

Download
memory/18100-13194-0x000001C33A8F0000-0x000001C33A8F1000-memory.dmp

Filesize
4KB

Download
memory/18100-13195-0x000001C33A8F0000-0x000001C33A8F1000-memory.dmp

Filesize
4KB

Download
memory/18100-13206-0x000001C33A8F0000-0x000001C33A8F1000-memory.dmp

Filesize
4KB

Download
memory/18100-13196-0x000001C33A8F0000-0x000001C33A8F1000-memory.dmp

Filesize
4KB

Download
memory/18100-13200-0x000001C33A8F0000-0x000001C33A8F1000-memory.dmp

Filesize
4KB

Download
memory/18100-13202-0x000001C33A8F0000-0x000001C33A8F1000-memory.dmp

Filesize
4KB

Download
memory/18100-13204-0x000001C33A8F0000-0x000001C33A8F1000-memory.dmp

Filesize
4KB

Download
memory/18100-13203-0x000001C33A8F0000-0x000001C33A8F1000-memory.dmp

Filesize
4KB

Download
memory/18100-13205-0x000001C33A8F0000-0x000001C33A8F1000-memory.dmp

Filesize
4KB

Download
memory/18100-13201-0x000001C33A8F0000-0x000001C33A8F1000-memory.dmp

Filesize
4KB

Download
memory/20952-13410-0x000000006D530000-0x000000006E870000-memory.dmp

Filesize
19.2MB

Download
memory/20952-13394-0x0000000010000000-0x0000000010338000-memory.dmp

Filesize
3.2MB

Download
memory/20952-13409-0x000000006E8A0000-0x000000006FBE0000-memory.dmp

Filesize
19.2MB

Download
memory/20952-13393-0x0000000008210000-0x0000000008541000-memory.dmp

Filesize
3.2MB

Download