hxxps://cdn[.]discordapp[.]com/attachments/1306307977728364556/1307107076430102640/SteamtoolsSetup[.]rar?ex=673c6593&is=673b1413&hm=f0c8963a5cbb32d598a8e1de87062eddc85254d8e96c07a4acb049750a87409e&

Analysis

max time kernel
496s
max time network
496s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
18-11-2024 16:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1306307977728364556/1307107076430102640/SteamtoolsSetup.rar?ex=673c6593&is=673b1413&hm=f0c8963a5cbb32d598a8e1de87062eddc85254d8e96c07a4acb049750a87409e&

Score

8^/10

steam defense_evasion discovery persistence phishing

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 44 IoCs

pid	Process
5032	SteamtoolsSetup.exe
3912	SteamtoolsSetup.exe
1124	SteamSetup.exe
3160	steamservice.exe
1276	steam.exe
6468	steam.exe
6528	steamwebhelper.exe
6568	steamwebhelper.exe
6748	steamwebhelper.exe
6892	steamwebhelper.exe
7216	gldriverquery64.exe
7312	steamwebhelper.exe
7532	steamwebhelper.exe
7392	gldriverquery.exe
7628	vulkandriverquery64.exe
7784	vulkandriverquery.exe
18768	SteamtoolsSetup.exe
8916	Steamtools.exe
9720	steam.exe
9704	steam.exe
10100	steam.exe
10324	steamwebhelper.exe
10484	steamwebhelper.exe
10652	steamwebhelper.exe
13684	steamwebhelper.exe
13452	gldriverquery64.exe
13348	steamwebhelper.exe
13308	steamwebhelper.exe
13076	gldriverquery.exe
13020	vulkandriverquery64.exe
12976	vulkandriverquery.exe
11104	steamwebhelper.exe
13872	luapacka.exe
14056	steam.exe
15276	steamwebhelper.exe
15316	steamwebhelper.exe
15420	steamwebhelper.exe
15524	steamwebhelper.exe
16016	gldriverquery64.exe
16128	steamwebhelper.exe
16612	steamwebhelper.exe
16464	gldriverquery.exe
16440	vulkandriverquery64.exe
16392	vulkandriverquery.exe

Loads dropped DLL 64 IoCs

pid	Process
1124	SteamSetup.exe
1124	SteamSetup.exe
1124	SteamSetup.exe
1124	SteamSetup.exe
1124	SteamSetup.exe
1124	SteamSetup.exe
1124	SteamSetup.exe
1124	SteamSetup.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6528	steamwebhelper.exe
6528	steamwebhelper.exe
6528	steamwebhelper.exe
6528	steamwebhelper.exe
6568	steamwebhelper.exe
6568	steamwebhelper.exe
6568	steamwebhelper.exe
6468	steam.exe
6468	steam.exe
6748	steamwebhelper.exe
6748	steamwebhelper.exe
6748	steamwebhelper.exe
6748	steamwebhelper.exe
6748	steamwebhelper.exe
6748	steamwebhelper.exe
6748	steamwebhelper.exe
6748	steamwebhelper.exe
6748	steamwebhelper.exe
6892	steamwebhelper.exe
6892	steamwebhelper.exe
6892	steamwebhelper.exe
6468	steam.exe
7312	steamwebhelper.exe
7312	steamwebhelper.exe
7312	steamwebhelper.exe
7532	steamwebhelper.exe
7532	steamwebhelper.exe
7532	steamwebhelper.exe
7532	steamwebhelper.exe
10100	steam.exe
10100	steam.exe
10100	steam.exe
10100	steam.exe
10100	steam.exe
10100	steam.exe
10100	steam.exe
10100	steam.exe
10100	steam.exe
10100	steam.exe
10100	steam.exe
10100	steam.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_r_right_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_030_inv_0300.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\friendsui_indonesian-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steampops_french-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\dualshock_4_english.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\joyconpair_right_sl.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_ltrackpad_ring_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_lstick_left_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\steamui_postlogon_vietnamese.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_l_down_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_l4.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_details_hover.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\steamui_postlogon_koreana.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_r2.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_sr_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steamui_schinese.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\platform_tchinese.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_buttons_n_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_l4_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_rtrackpad_up_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_button_y_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0408.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\steamui_postlogon_hungarian.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\hp_l4_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_ltrackpad_swipe.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_color_button_circle_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_rtrackpad_left.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_button_create_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\layout\sitelicenselockdialog.layout_	steam.exe
File created	C:\Program Files (x86)\Steam\package\resources_hidpi_all.zip.vz.3de815c3117712cb9eeb7ea4c8b275faf481dcfd_56342	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_l4_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_l_click.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_dpad_left_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_color_button_circle_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\layout\debugstats.layout_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_060_vehicle_9999.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\tabStdTopRight.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_l_ring_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_r2_soft_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_button_x_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_color_outlined_button_x_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_r_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\repairlibrarydialog.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_l1_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steamui_dutch-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steamui_japanese-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_down_disabled.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\rampDown_3.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\xbox_360_spanish.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steambootstrapper_dutch.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_lstick_right_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\filter_banned_italian.txt.gz_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_r_up_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\genesis_a.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0306.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_090_media_0010.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_030_inv_0321.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\rampUp_2.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_dpad.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_r2_soft_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_mouse_l_click_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_030_inv_0020.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_color_button_triangle_lg.png_	steam.exe

Drops file in Windows directory 10 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping10324_1789134805\_platform_specific\win_x64\widevinecdm.dll	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping10324_1789134805\LICENSE	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping10324_1789134805\_metadata\verified_contents.json	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping10324_1789134805\_platform_specific\win_x64\widevinecdm.dll.sig	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping10324_1789134805\manifest.json	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping10324_1789134805\manifest.fingerprint	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe

Checks processor information in registry 2 TTPs 17 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
20524	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133764215231951767"	chrome.exe

Modifies registry class 43 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steam\Shell\Open	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steamlink\Shell	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steamlink\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steam\ = "URL:steam protocol"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steamlink\DefaultIcon	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steamlink\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steam\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	steam.exe

NTFS ADS 5 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Steam\config\depotcache\431966_1677112453947627885.manifest\:Zone.Identifier:$DATA	Steamtools.exe
File opened for modification	C:\Users\Admin\Downloads\SteamtoolsSetup.rar:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Wallpaper Engine.zip:Zone.Identifier	chrome.exe
File created	C:\Program Files (x86)\Steam\config\depotcache\431961_5465725012314299548.manifest\:Zone.Identifier:$DATA	Steamtools.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
8916	Steamtools.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
924	chrome.exe
924	chrome.exe
1124	SteamSetup.exe
1124	SteamSetup.exe
1124	SteamSetup.exe
1124	SteamSetup.exe
1124	SteamSetup.exe
1124	SteamSetup.exe
1124	SteamSetup.exe
1124	SteamSetup.exe
1124	SteamSetup.exe
1124	SteamSetup.exe
1124	SteamSetup.exe
1124	SteamSetup.exe
1124	SteamSetup.exe
1124	SteamSetup.exe
1124	SteamSetup.exe
1124	SteamSetup.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe
6468	steam.exe

Suspicious behavior: GetForegroundWindowSpam 5 IoCs

pid	Process
4896	OpenWith.exe
6468	steam.exe
8916	Steamtools.exe
10100	steam.exe
14056	steam.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeRestorePrivilege	3844	7zG.exe
Token: 35	3844	7zG.exe
Token: SeSecurityPrivilege	3844	7zG.exe
Token: SeSecurityPrivilege	3844	7zG.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
3844	7zG.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
6528	steamwebhelper.exe
6528	steamwebhelper.exe
6528	steamwebhelper.exe
6528	steamwebhelper.exe
6528	steamwebhelper.exe
6528	steamwebhelper.exe
6528	steamwebhelper.exe
6528	steamwebhelper.exe
6528	steamwebhelper.exe
6528	steamwebhelper.exe
6528	steamwebhelper.exe
6528	steamwebhelper.exe
6528	steamwebhelper.exe
6528	steamwebhelper.exe
6528	steamwebhelper.exe
6528	steamwebhelper.exe
8916	Steamtools.exe
8916	Steamtools.exe
8916	Steamtools.exe
8916	Steamtools.exe
8916	Steamtools.exe
8916	Steamtools.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
6528	steamwebhelper.exe
6528	steamwebhelper.exe
6528	steamwebhelper.exe
8916	Steamtools.exe
8916	Steamtools.exe
8916	Steamtools.exe
8916	Steamtools.exe
8916	Steamtools.exe
8916	Steamtools.exe
10324	steamwebhelper.exe
10324	steamwebhelper.exe
10324	steamwebhelper.exe
8916	Steamtools.exe
8916	Steamtools.exe
15276	steamwebhelper.exe
15276	steamwebhelper.exe
15276	steamwebhelper.exe
8916	Steamtools.exe

Suspicious use of SetWindowsHookEx 33 IoCs

pid	Process
4896	OpenWith.exe
4896	OpenWith.exe
4896	OpenWith.exe
4896	OpenWith.exe
4896	OpenWith.exe
4896	OpenWith.exe
4896	OpenWith.exe
4896	OpenWith.exe
4896	OpenWith.exe
4896	OpenWith.exe
4896	OpenWith.exe
4896	OpenWith.exe
4896	OpenWith.exe
4896	OpenWith.exe
4896	OpenWith.exe
4896	OpenWith.exe
4896	OpenWith.exe
4896	OpenWith.exe
4896	OpenWith.exe
4896	OpenWith.exe
4896	OpenWith.exe
4896	OpenWith.exe
4896	OpenWith.exe
1124	SteamSetup.exe
3160	steamservice.exe
6468	steam.exe
7992	MiniSearchHost.exe
8916	Steamtools.exe
8916	Steamtools.exe
8916	Steamtools.exe
8916	Steamtools.exe
10100	steam.exe
14056	steam.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 924 wrote to memory of 856	924	chrome.exe	80
PID 924 wrote to memory of 856	924	chrome.exe	80
PID 924 wrote to memory of 3256	924	chrome.exe	81
PID 924 wrote to memory of 3256	924	chrome.exe	81
PID 924 wrote to memory of 3256	924	chrome.exe	81
PID 924 wrote to memory of 3256	924	chrome.exe	81
PID 924 wrote to memory of 3256	924	chrome.exe	81
PID 924 wrote to memory of 3256	924	chrome.exe	81
PID 924 wrote to memory of 3256	924	chrome.exe	81
PID 924 wrote to memory of 3256	924	chrome.exe	81
PID 924 wrote to memory of 3256	924	chrome.exe	81
PID 924 wrote to memory of 3256	924	chrome.exe	81
PID 924 wrote to memory of 3256	924	chrome.exe	81
PID 924 wrote to memory of 3256	924	chrome.exe	81
PID 924 wrote to memory of 3256	924	chrome.exe	81
PID 924 wrote to memory of 3256	924	chrome.exe	81
PID 924 wrote to memory of 3256	924	chrome.exe	81
PID 924 wrote to memory of 3256	924	chrome.exe	81
PID 924 wrote to memory of 3256	924	chrome.exe	81
PID 924 wrote to memory of 3256	924	chrome.exe	81
PID 924 wrote to memory of 3256	924	chrome.exe	81
PID 924 wrote to memory of 3256	924	chrome.exe	81
PID 924 wrote to memory of 3256	924	chrome.exe	81
PID 924 wrote to memory of 3256	924	chrome.exe	81
PID 924 wrote to memory of 3256	924	chrome.exe	81
PID 924 wrote to memory of 3256	924	chrome.exe	81
PID 924 wrote to memory of 3256	924	chrome.exe	81
PID 924 wrote to memory of 3256	924	chrome.exe	81
PID 924 wrote to memory of 3256	924	chrome.exe	81
PID 924 wrote to memory of 3256	924	chrome.exe	81
PID 924 wrote to memory of 3256	924	chrome.exe	81
PID 924 wrote to memory of 3256	924	chrome.exe	81
PID 924 wrote to memory of 4012	924	chrome.exe	82
PID 924 wrote to memory of 4012	924	chrome.exe	82
PID 924 wrote to memory of 2724	924	chrome.exe	83
PID 924 wrote to memory of 2724	924	chrome.exe	83
PID 924 wrote to memory of 2724	924	chrome.exe	83
PID 924 wrote to memory of 2724	924	chrome.exe	83
PID 924 wrote to memory of 2724	924	chrome.exe	83
PID 924 wrote to memory of 2724	924	chrome.exe	83
PID 924 wrote to memory of 2724	924	chrome.exe	83
PID 924 wrote to memory of 2724	924	chrome.exe	83
PID 924 wrote to memory of 2724	924	chrome.exe	83
PID 924 wrote to memory of 2724	924	chrome.exe	83
PID 924 wrote to memory of 2724	924	chrome.exe	83
PID 924 wrote to memory of 2724	924	chrome.exe	83
PID 924 wrote to memory of 2724	924	chrome.exe	83
PID 924 wrote to memory of 2724	924	chrome.exe	83
PID 924 wrote to memory of 2724	924	chrome.exe	83
PID 924 wrote to memory of 2724	924	chrome.exe	83
PID 924 wrote to memory of 2724	924	chrome.exe	83
PID 924 wrote to memory of 2724	924	chrome.exe	83
PID 924 wrote to memory of 2724	924	chrome.exe	83
PID 924 wrote to memory of 2724	924	chrome.exe	83
PID 924 wrote to memory of 2724	924	chrome.exe	83
PID 924 wrote to memory of 2724	924	chrome.exe	83
PID 924 wrote to memory of 2724	924	chrome.exe	83
PID 924 wrote to memory of 2724	924	chrome.exe	83
PID 924 wrote to memory of 2724	924	chrome.exe	83
PID 924 wrote to memory of 2724	924	chrome.exe	83
PID 924 wrote to memory of 2724	924	chrome.exe	83
PID 924 wrote to memory of 2724	924	chrome.exe	83
PID 924 wrote to memory of 2724	924	chrome.exe	83
PID 924 wrote to memory of 2724	924	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1306307977728364556/1307107076430102640/SteamtoolsSetup.rar?ex=673c6593&is=673b1413&hm=f0c8963a5cbb32d598a8e1de87062eddc85254d8e96c07a4acb049750a87409e&
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff98695cc40,0x7ff98695cc4c,0x7ff98695cc58
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,17078794497631371989,14292306688047733351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2036,i,17078794497631371989,14292306688047733351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,17078794497631371989,14292306688047733351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2188 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,17078794497631371989,14292306688047733351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,17078794497631371989,14292306688047733351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4748,i,17078794497631371989,14292306688047733351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4756,i,17078794497631371989,14292306688047733351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4864,i,17078794497631371989,14292306688047733351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5376,i,17078794497631371989,14292306688047733351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5560,i,17078794497631371989,14292306688047733351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5716,i,17078794497631371989,14292306688047733351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5764,i,17078794497631371989,14292306688047733351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5892,i,17078794497631371989,14292306688047733351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5340,i,17078794497631371989,14292306688047733351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5712,i,17078794497631371989,14292306688047733351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5436,i,17078794497631371989,14292306688047733351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4820,i,17078794497631371989,14292306688047733351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5360,i,17078794497631371989,14292306688047733351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5840,i,17078794497631371989,14292306688047733351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6012,i,17078794497631371989,14292306688047733351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4196
- C:\Users\Admin\Downloads\SteamSetup.exe
  "C:\Users\Admin\Downloads\SteamSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1124
- - C:\Program Files (x86)\Steam\bin\steamservice.exe
    "C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5292,i,17078794497631371989,14292306688047733351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5996,i,17078794497631371989,14292306688047733351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:12420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5772,i,17078794497631371989,14292306688047733351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4576,i,17078794497631371989,14292306688047733351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:11832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6312,i,17078794497631371989,14292306688047733351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1040 /prefetch:8
  2⤵
  - NTFS ADS
  PID:11700

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2476

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4972

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2796

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4896

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\SteamtoolsSetup\" -spe -an -ai#7zMap3429:92:7zEvent9974
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3844

C:\Users\Admin\Downloads\SteamtoolsSetup\SteamtoolsSetup.exe
"C:\Users\Admin\Downloads\SteamtoolsSetup\SteamtoolsSetup.exe"
1⤵
- Executes dropped EXE
PID:5032

C:\Users\Admin\Downloads\SteamtoolsSetup\SteamtoolsSetup.exe
"C:\Users\Admin\Downloads\SteamtoolsSetup\SteamtoolsSetup.exe"
1⤵
- Executes dropped EXE
PID:3912

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies system certificate store
PID:1276
- C:\Program Files (x86)\Steam\steam.exe
  "C:\Program Files (x86)\Steam\steam.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:6468
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=6468" "-buildid=1731433018" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - Checks processor information in registry
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:6528
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1731433018 --initial-client-data=0x298,0x29c,0x2a0,0x294,0x2a4,0x7ff98680af00,0x7ff98680af0c,0x7ff98680af18
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6568
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1568,i,13823940324796812469,11879685474589868228,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1572 --mojo-platform-channel-handle=1560 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6748
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2144,i,13823940324796812469,11879685474589868228,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2148 --mojo-platform-channel-handle=2140 /prefetch:11
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6892
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2756,i,13823940324796812469,11879685474589868228,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2760 --mojo-platform-channel-handle=2752 /prefetch:13
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:7312
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,13823940324796812469,11879685474589868228,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3108 --mojo-platform-channel-handle=3100 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:7532
- - C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:7216
- - C:\Program Files (x86)\Steam\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:7392
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:7628
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:7784

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004E8
1⤵
PID:7076

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:7992

C:\Users\Admin\Downloads\SteamtoolsSetup\SteamtoolsSetup.exe
"C:\Users\Admin\Downloads\SteamtoolsSetup\SteamtoolsSetup.exe"
1⤵
- Executes dropped EXE
PID:18768
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /IM Steamtools.exe /F >nul 2>&1
  2⤵
  PID:20148
- - C:\Windows\system32\taskkill.exe
    taskkill /IM Steamtools.exe /F
    3⤵
    - Kills process with taskkill
    PID:20524
- C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe
  "C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe"
  2⤵
  - Executes dropped EXE
  - NTFS ADS
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:8916
- - C:\program files (x86)\steam\steam.exe
    "C:\program files (x86)\steam\steam.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:9720
- - C:\program files (x86)\steam\steam.exe
    "C:\program files (x86)\steam\steam.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:9704
- - C:\program files (x86)\steam\steam.exe
    "C:\program files (x86)\steam\steam.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:10100
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=10100" "-buildid=1731433018" "-steamid=0" "-logdir=C:\program files (x86)\steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\program files (x86)\steam\clientui" "-steampath=C:\program files (x86)\steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      Checks processor information in registry
      Suspicious use of SendNotifyMessage
      PID:10324
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\program files (x86)\steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1731433018 --initial-client-data=0x298,0x29c,0x2a0,0x294,0x2a4,0x7ff98680af00,0x7ff98680af0c,0x7ff98680af18
        5⤵
        Executes dropped EXE
        
        PID:10484
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1580,i,16093261743290215278,14096974265897332731,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1584 --mojo-platform-channel-handle=1572 /prefetch:2
        5⤵
        Executes dropped EXE
        
        PID:10652
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2160,i,16093261743290215278,14096974265897332731,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2164 --mojo-platform-channel-handle=2156 /prefetch:11
        5⤵
        Executes dropped EXE
        
        PID:13684
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2824,i,16093261743290215278,14096974265897332731,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2828 --mojo-platform-channel-handle=2820 /prefetch:13
        5⤵
        Executes dropped EXE
        
        PID:13348
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,16093261743290215278,14096974265897332731,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3156 --mojo-platform-channel-handle=3148 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:13308
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=3680,i,16093261743290215278,14096974265897332731,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3684 --mojo-platform-channel-handle=3652 /prefetch:14
        5⤵
        Executes dropped EXE
        
        PID:11104
  - - C:\program files (x86)\steam\bin\gldriverquery64.exe
      .\bin\gldriverquery64.exe
      4⤵
      Executes dropped EXE
      PID:13452
  - - C:\program files (x86)\steam\bin\gldriverquery.exe
      .\bin\gldriverquery.exe
      4⤵
      Executes dropped EXE
      PID:13076
  - - C:\program files (x86)\steam\bin\vulkandriverquery64.exe
      .\bin\vulkandriverquery64.exe
      4⤵
      Executes dropped EXE
      PID:13020
  - - C:\program files (x86)\steam\bin\vulkandriverquery.exe
      .\bin\vulkandriverquery.exe
      4⤵
      Executes dropped EXE
      PID:12976
- - C:\program files (x86)\steam\config\stplug-in\luapacka.exe
    "C:\program files (x86)\steam\config\stplug-in\luapacka.exe" "C:/Users/Admin/Downloads/Wallpaper Engine/431960.lua" "C:\program files (x86)\steam\config\stplug-in\431960.st"
    3⤵
    - Executes dropped EXE
    PID:13872
- - C:\program files (x86)\steam\steam.exe
    "C:\program files (x86)\steam\steam.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:14056
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=14056" "-buildid=1731433018" "-steamid=0" "-logdir=C:\program files (x86)\steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\program files (x86)\steam\clientui" "-steampath=C:\program files (x86)\steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      Checks processor information in registry
      Suspicious use of SendNotifyMessage
      PID:15276
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\program files (x86)\steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1731433018 --initial-client-data=0x298,0x29c,0x2a0,0x294,0x2a4,0x7ff98680af00,0x7ff98680af0c,0x7ff98680af18
        5⤵
        Executes dropped EXE
        
        PID:15316
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1564,i,5064241180618682351,7197192111067110795,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1568 --mojo-platform-channel-handle=1556 /prefetch:2
        5⤵
        Executes dropped EXE
        
        PID:15420
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2168,i,5064241180618682351,7197192111067110795,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2172 --mojo-platform-channel-handle=2164 /prefetch:11
        5⤵
        Executes dropped EXE
        
        PID:15524
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2652,i,5064241180618682351,7197192111067110795,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2680 --mojo-platform-channel-handle=2648 /prefetch:13
        5⤵
        Executes dropped EXE
        
        PID:16128
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,5064241180618682351,7197192111067110795,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3108 --mojo-platform-channel-handle=3100 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:16612
  - - C:\program files (x86)\steam\bin\gldriverquery64.exe
      .\bin\gldriverquery64.exe
      4⤵
      Executes dropped EXE
      PID:16016
  - - C:\program files (x86)\steam\bin\gldriverquery.exe
      .\bin\gldriverquery.exe
      4⤵
      Executes dropped EXE
      PID:16464
  - - C:\program files (x86)\steam\bin\vulkandriverquery64.exe
      .\bin\vulkandriverquery64.exe
      4⤵
      Executes dropped EXE
      PID:16440
  - - C:\program files (x86)\steam\bin\vulkandriverquery.exe
      .\bin\vulkandriverquery.exe
      4⤵
      Executes dropped EXE
      PID:16392

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Wallpaper Engine\readme.txt
1⤵
PID:10828

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Wallpaper Engine\431960.txt
1⤵
PID:15736

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Wallpaper Engine\431961_5465725012314299548.txt
1⤵
PID:17324

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Wallpaper Engine\blegh.txt
1⤵
PID:17700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\bin\SteamService.exe

Filesize
2.5MB

MD5
ba0ea9249da4ab8f62432617489ae5a6

SHA1
d8873c5dcb6e128c39cf0c423b502821343659a7

SHA256
ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d

SHA512
52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

Download Submit
C:\Program Files (x86)\Steam\bin\diversion.dll

Filesize
19.0MB

MD5
fb59f7262848e6c9413d76494d88e1c0

SHA1
9fcb582deb9e69b8b8f36522a859d206633010cd

SHA256
32dda887447b7b5fe74d7745cb6c2d28c677ba479435b4e4bdd8b7ac36379866

SHA512
1d2960b7549d4ce63041dd8e20f73a860d8ba32d7a70671a9ded5d539d364a68c621c6f95fe3c00b586cc2ec397d25211f832b5a72414d70c08b6cf6bf644776

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
15KB

MD5
1c5bf428d0ad363a1ab4cedd8464124c

SHA1
6fa1b10424c0f00c45bb221c3c2088c49cc22865

SHA256
f3b33fc08ddde6ad6b14f6e27579b86f6891edb26b962b9a02561a49b59ac423

SHA512
fbb859a4ce0f6a47654ae05f54982c95538156fefc87be7b04298a1fcaae74d40e0951ca729cdc666e7e52202173e72d741aac477d1d94f96626becad45921cb

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
16KB

MD5
9770946dda95915198e4019028103848

SHA1
cc62569cafb53abef81cd7ad2050660da4a75bd7

SHA256
df4f8f923bf1948e59232938db7b8ceb0487dd195d59e85290d6edf59d03f043

SHA512
872aa07435e6c1c36fa3fe73ce1be2ec55773dfd5f6a752fd5bf11075f5ce786cb341d3053cbdf2b4a3a9f094f02359d37153f9c21ef2e41cdc7f55177c10bd5

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
16KB

MD5
734eaa34af946059cd4eee91df369220

SHA1
cfd7f8dc0e2d92567a5076a179e48dbfbbaf9b80

SHA256
8b5ab117febe9a6faf4ce550b09843c3d98e8eb514718ab4bf12995f9ebe3306

SHA512
bf9e80bec117ac256921221470fbaa0799bf1db01d1bf989e08ee44c7c2f2eb3d4bc53ffc6831cb80f8a05aca508bbaeabd8cef16cea75b540f4726095964ffc

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
16KB

MD5
1601827f63f04d6d25a385808a16525f

SHA1
2e7bfed8ed8e41856fa66a9260321f7cc75ab3c1

SHA256
398ca77908dbfa3b85b00c9ba329f705df914e2833e3409db979b3eb8c7fbde4

SHA512
35078778609d59c2f09c9d60424aef1d1cb860c41d3ec42983d35d84f9bc74ba770d7149b71c7102d510c14e0376df3b01a081fb58fb75c38fd8f36a68a20e4f

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf~RFe5b9c9a.TMP

Filesize
184B

MD5
3cdebc58a05cdd75f14e64fb0d971370

SHA1
edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe

SHA256
661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7

SHA512
289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

Download Submit
C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe

Filesize
16.3MB

MD5
1a475aa5000d3958df447de17e0dc14b

SHA1
8a45a8a2b38a524633a99abc7994aa0ac46c03ce

SHA256
1208c4d240918ab0b4767bc6a5c0cbe83ee7f21408fb0c5ea68769ebea759b3e

SHA512
e86be352a5732d18db772f3fc80a70ebb223d68148057663ed18aab5c2221fe6d1cb48d4f4e22940419e9144aeacdc03ea05739352f86aed7ce967afd7e80911

Download Submit
C:\Program Files (x86)\Steam\dumps\settings.dat

Filesize
56B

MD5
75ca7ce85282f72c9142f26a7f98e916

SHA1
9c970ff6e687e8014cb10709cd5ec84721a1162e

SHA256
7e92ddeaeeabefc926ff0c56a0976fd55daddb6b4afc69a61cac27a0ff470557

SHA512
f612b3c93adc248f4b9f70cc42bcc6ca8eb9e912d07cfd18bbb5f4ccb4152c5a68c2be950d854e1ae4a0bd4a9b46cbb90e3c4f104edd2f1f8c85a200a76391e4

Download Submit
C:\Program Files (x86)\Steam\logs\cef_log.previous.txt

Filesize
635B

MD5
7b76f0874164925da665eb29ea11d270

SHA1
731229014e983a9c04196842c072aa02396369ca

SHA256
4f5252d053cf3a5dcad4ea0f7d1411da2aa0ab8f990f7a4522dbafd4d2979f55

SHA512
d494120a9ffe2e776a1557a0059da701378c26f53fa232904483d1ba55b783b6d7aabf63425866017f2582bdc47277440f40849cd6a9a7ccdb8f6fad310b8961

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

Filesize
4KB

MD5
0340d1a0bbdb8f3017d2326f4e351e0a

SHA1
90d078e9f732794db5b0ffeb781a1f2ed2966139

SHA256
0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544

SHA512
9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

Filesize
6KB

MD5
4c81277a127e3d65fb5065f518ffe9c2

SHA1
253264b9b56e5bac0714d5be6cade09ae74c2a3a

SHA256
76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9

SHA512
be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

Filesize
4KB

MD5
2158881817b9163bf0fd4724d549aed4

SHA1
c500f2e8f47a11129114ee4f19524aee8fecc502

SHA256
650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7

SHA512
f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

Filesize
4KB

MD5
03b664bd98485425c21cdf83bc358703

SHA1
0a31dcfeb1957e0b00b87c2305400d004a9a5bdb

SHA256
fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115

SHA512
4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

Filesize
4KB

MD5
31a29061e51e245f74bb26d103c666ad

SHA1
271e26240db3ba0dcffc10866ccfcfa1c33cf1cc

SHA256
56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192

SHA512
f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

Filesize
4KB

MD5
da6cd2483ad8a21e8356e63d036df55b

SHA1
0e808a400facec559e6fbab960a7bdfaab4c6b04

SHA256
ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6

SHA512
06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

Filesize
4KB

MD5
9e62fc923c65bfc3f40aaf6ec4fd1010

SHA1
8f76faff18bd64696683c2a7a04d16aac1ef7e61

SHA256
8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7

SHA512
c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

Filesize
4KB

MD5
10c429eb58b4274af6b6ef08f376d46c

SHA1
af1e049ddb9f875c609b0f9a38651fc1867b50d3

SHA256
a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13

SHA512
d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

Filesize
4KB

MD5
5c026fd6072a7c5cf31c75818cddedec

SHA1
341aa1df1d034e6f0a7dff88d37c9f11a716cae6

SHA256
0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382

SHA512
f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

Filesize
6KB

MD5
189ba063d1481528cbd6e0c4afc3abaa

SHA1
40bdd169fcc59928c69eea74fd7e057096b33092

SHA256
c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695

SHA512
ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

Filesize
4KB

MD5
18aaaf5ffcdd21b1b34291e812d83063

SHA1
aa9c7ae8d51e947582db493f0fd1d9941880429f

SHA256
1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5

SHA512
4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

Filesize
4KB

MD5
1514d082b672b372cdfb8dd85c3437f1

SHA1
336a01192edb76ae6501d6974b3b6f0c05ea223a

SHA256
3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4

SHA512
4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

Filesize
4KB

MD5
8958371646901eac40807eeb2f346382

SHA1
55fb07b48a3e354f7556d7edb75144635a850903

SHA256
b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585

SHA512
14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

Filesize
5KB

MD5
7e1d15fc9ba66a868c5c6cb1c2822f83

SHA1
bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7

SHA256
fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265

SHA512
0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

Filesize
4KB

MD5
202b825d0ef72096b82db255c4e747fa

SHA1
3a3265e5bbaa1d1b774195a3858f29cea75c9e75

SHA256
3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314

SHA512
e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

Filesize
4KB

MD5
7913f3f33839e3af9e10455df69866c2

SHA1
15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25

SHA256
05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c

SHA512
534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

Filesize
4KB

MD5
58e0fcbee3cca4ef61b97928cfe89535

SHA1
1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b

SHA256
c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425

SHA512
99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

Filesize
4KB

MD5
9b0b0e82f753cc115d87c7199885ad1b

SHA1
5743a4ab58684c1f154f84895d87f000b4e98021

SHA256
0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32

SHA512
b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt

Filesize
4KB

MD5
eb8926608c5933f05a3f0090e551b15d

SHA1
a1012904d440c0e74dad336eac8793ac110f78f8

SHA256
2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04

SHA512
9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt

Filesize
4KB

MD5
6367f43ea3780c4ee166454f5936b1a8

SHA1
027a2c24c8320458c49cd78053f586cb4d94ee6f

SHA256
f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998

SHA512
31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt

Filesize
6KB

MD5
e04ad6c236b6c61fc53e2cb57ced87e8

SHA1
e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4

SHA256
08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e

SHA512
0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt

Filesize
4KB

MD5
56dcf7b68f70826262a6ffaffe6b1c49

SHA1
12e4272ba0e4eabc610670cdc6941f942da1eb6a

SHA256
948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f

SHA512
c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt

Filesize
4KB

MD5
66456d2b1085446a9f2dbd9e4632754b

SHA1
8da6248b57e5c2970d853b8d21373772a34b1c28

SHA256
c4f821a4903c4e7faea2931c7fb1cf261eba06a9840c78fdca689f5c784c06c4

SHA512
196c2282ba13715709ece706c9219fe70c05dd295840082e7d901b9e5592e74b1bb556782181cdbe35bd1ab0d6197fef67258b09491fabc6f27606dbed667d49

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt

Filesize
4KB

MD5
b2248784049e1af0c690be2af13a4ef3

SHA1
aec7461fa46b7f6d00ff308aa9d19c39b934c595

SHA256
4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690

SHA512
f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt

Filesize
4KB

MD5
194a73f900a3283da4caa6c09fefcb08

SHA1
a7a8005ca77b9f5d9791cb66fcdf6579763b2abb

SHA256
5e4f2de5ee98d5d76f5d76fb925417d6668fba08e89f7240f923f3378e3e66f6

SHA512
25842535c165d48f4cf4fa7fd06818ec5585cc3719eff933f5776a842713d7adb5667c3b9b1a122a1152450e797535fc7a8e97ebdd31c14b4d4900a33ede01f3

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt

Filesize
7KB

MD5
53f7e8ac1affb04bf132c2ca818eb01e

SHA1
bffc3e111761e4dc514c6398a07ffce8555697f6

SHA256
488294b7faff720dc3ab5a72e0607761484c678b96d6bcd6aad9ee2388356a83

SHA512
c2e79c2505a6fd075df113ffce92ad42c146424ca39087601daa4ed15a2b5528d478a093921d9d8a738c7b6b963275a0693ebe526b6e2135d14ced03639d0e70

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_turkish.txt

Filesize
4KB

MD5
29f9a5ab4adfae371bf980b82de2cb57

SHA1
6f7ef52a09b99868dd7230f513630ffe473eddf8

SHA256
711675edb20b3cb70acf6cf75f2eea8e0d87c8ace3e11c8df362b4517427a34f

SHA512
543fe63f791250e05e8fda24fd2ceadebb4c8925e8927de49ae490895c87eed3e61a9ad50237532649f99fe3165836261de215ee3f66ffbfc6d677ddeea7732a

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a40e98f97902d8b1768ddfe5ab84bf04

SHA1
e7e88b46c845bc44ae021f24169c1c5a41d7fddf

SHA256
ee5c861487c1c60c2fc017ac254c35813291b31fe10a27dde4c53a33791559ba

SHA512
e102d904bee76b730105899dd93f8decfe58a57f42be46fc454caa3b2fffe72b276a5606a267c65f6bfab3fd1eae1162243d622ce1f054a28a6a3bec7936e54a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
6797ea2f48f1c0aded279f29a33bf9a1

SHA1
76b377aa039bf4ed858ff55434fcf2c6f6cb9ebc

SHA256
0016ae598f37b4f9757ba5a8c4d05ff6a4af8abca958473e8ab826e5e3af4347

SHA512
6bd1e011e1715e1c2affddc48f77a8549ae2053e6e1808baf564d95574477c36fd058cc4f3ca16fe13c7bd62a22e458bd588135cb8203ed0ce5916f72637c59b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1b37f245e491eb39a0b18c9035ed68c6

SHA1
e047787a2d7c87c37dddaa69f8670b2256b7ca88

SHA256
1c5ed5231dea74531c0b23a4bb391c718c6fc9bd87fa6eaca353da1ed7fd0d94

SHA512
f25ca391192d91a8fcf94e1d777298ca9e4c417d9ee8b9a69e605fe8cbe04dfcdcdc6adc116649b3ff0522947ed174cb92b32c1267e458cd8353ae5ce0cc5e10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a1d5fe3c673909eba9c4d803b1817fa5

SHA1
5735f5400d33d83c3f621fda23f3d2344b5cffeb

SHA256
d70484c0bc832e2fc60a3ebb8f5304f2dbb7e4833c41bb85e0ba38830a21dc95

SHA512
231326406ca6fd8242b15c8d425eaf0b4e5cabe2edf82a2cdc6393d72970f7379ceb5ca174fa812fb5561770b1a1d0937363ced29b9001cd2d08ed0fd7891a98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
88881634ea8201548121193de5ea8dc0

SHA1
c5149e34444854b3ad5c69ff617eda0ba4866623

SHA256
7d72ac8cd44f54f36bd3d5417c4f44d5c123ddf55d1a120b06cd3c760d79c8a9

SHA512
93ea53292797d5c910f25f82ec8299b1dc44d95893eb177103912503434ef0fee4cbd8911bc8f6954e9addf71e33508eeba42a87ba68bd8c2c4ff37916031997

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
12e17c92dfcf0ad0b56afc8c9eea48fb

SHA1
de6df429a96b57628de40d34d2ff5def0a6aae89

SHA256
0e30987992c26604ca81e94abe1c6ae2e2fa363d08bd869f4dcabeec42054fd8

SHA512
4e9f6df563b26662da61435eff5ee086a3791674ed84bc819627f5f03bc913253fa7a2df8c5a238f961fe3c4245a0f3162537e8b0d29e8afb583b9fa57b33f91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
686B

MD5
1ea533bc8603e045a4ce530cb2545995

SHA1
5a847ea3988f515bed61761fc610ec8ec8d9a9b7

SHA256
c2c3837894ecaf8951ed167469f586b201fc3ee7ae4447ce4536d7249372519a

SHA512
ba5fbdf4f19626388f53f78196f907a9ecf2932a3e710583fcc3f71d53645fd2422e144841bfaa487be5321b371bf6b106d2b73fd8ff8704b01a520711dcd317

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
686B

MD5
0ca376ea91cf8d338f41c4c4b8ca9d6a

SHA1
babc18dcfb68620c4e09809acfda86a86857e825

SHA256
7007a636ceb147f6fb051df5333d5916cf28d7df1029e41c7aa64a756c9e0513

SHA512
c7ba6d4c5a167eff37b7a5a0bc1bd66df41f6ac9996f3729d091dd49944cfcaba597a38613ed67e07ab77986e1ef4528dc9443cb41e0fe8eaf09a6957bbbbb70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7305fb2de14d580df180fe0d523d9f7e

SHA1
d4f53bcfde84f8fc9382c14c4cac12792dffbe28

SHA256
6fedc89876e5394ce13b55f8778aae93de292e1a82f84edd3511140fafd6ee71

SHA512
b3bfc948b35e7a4e7d35a6f2096bdeabab315b640cf6723138bb7de0be6a3c667f4100a146ecc03addecfa741285e28e85ed277128b87d3dfa5e427cd1b43909

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3b26cf451f7a9fe4778697847808a1fc

SHA1
76a7f13d811d00a764e01016fb91eada7e660863

SHA256
898c5c641cb2e42ea0c5f5acb4398794bcc9c847dc217a5a86ce51b2d38ae4f0

SHA512
00896a8cdf00c96ee1a1da70cb8bffc8da217fa809c9b852c4f89dc614ef36e2684c51be03be3399af7ad2d855e901a3fa83c78da4726e7625ce8446d3fdd121

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
df43958f406ad2ed4ccb91ae8686bc31

SHA1
bde04cdf622e6fd7679bec9938ccb98e16f5e24c

SHA256
0edfaeabda7df5d223ce3a03313cb3cb355ec45b1e3a551af141827384f078be

SHA512
94787ebcb3263b846ad2d4c325229d5b5c79ba216c4f01ed205fc907fd90ed36373a7da85f345165db49d728792a95be3a9711bb61cb137e57140905d53ac416

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
79793dea2b4767355108e93ee9086012

SHA1
a0b868bca7170306edc804c080f7c1697a45fe0b

SHA256
7665d25e1595f43f78c2c6ea3a22c7352fcff03590bdbb9c22f7b39ad3f6645d

SHA512
cfcd59917fad9b74a90ab9861a8dcf331ca0f14039cfbd88811a26ddb41dca39b7ec72d82529cadbd16c2178a5d71630fe1d4ee50593d0f73717f565c55f1c06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
02ad7ecb22fd5805db66306a1523db78

SHA1
3a5d579c306f3dd97f261d8fc8ff864f443815df

SHA256
fe0e619ffcc2fdeb9fc377d708f0df15bd522856e746090fd16cd070d8b815a3

SHA512
f504e221c223aaaf5bd5d984342375846766ee7d06d9e155ad3f0821a6e4ac0b77483668809ba7b142654cecdb2e48f756e03c3c6452c00a1e6fcb19c9499af4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4e4ccc88d109e2b8311c702ecf1bae82

SHA1
88acb45ebd507e0062bed0a6f3c336369ee43c99

SHA256
241db0d8194d9216b8ba6e335244afa555f814c4c3ff6901d510da28751cb135

SHA512
9bd6c9381b6191af1b659543a0c10ed753b90880da2977a2bb802c94713e7d84cd81dae48ee1e988323b5097efb6e7ae4923ae64279ff436fca06a08a2617853

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
615e1d214e0c99f6bce06a3cae140c0a

SHA1
9a93dc606209069237eed10657bceea4f2020b57

SHA256
c77c800acb1d37d5becbf7a7693d8b24e733093450c0969f73fd65f164aa0b7d

SHA512
c50c4c2d5cbd47fa96787c49e61e4b9a89982d7cbc56e984422c1779d8d6ff44f59dc0cd4696dc4e59d460e3f3b46c9602b5013d6706ab056a168fa4227296f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a0742ec20dc99472a374e094f858b71b

SHA1
ce3adbd5df6749bfd0778d35b8fbd425a1d26076

SHA256
4d3e438cbdaa2c5a4f6ac7da6493f433f90928ee9bba4154aff61fdd062f164e

SHA512
f484a828ae9e85ff2c3bdbe10a6ac0c9f0a949de5d4e9735f8b136846773f9b8341b2734b9c6e09fe7e66728b2423b69f1e784d191abff0e6cf6f6e58f10feba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c6ba084b7f97b5c35e7df98fb673e71b

SHA1
86cb4bfa4a99e3b4e4c24a3bda1c2c8f86eb57e5

SHA256
b82162ce02b678d9639ae05a4b7ae614d45eae158348d8860318e8234071312e

SHA512
f42afa6b0dd563d2e7b08e279b721ef7775bd9ba8275bfd9ffd282b24e772a42b6ca72c31367dabe2351bb3e8c955f2983705882c7ad92bf62822f301d12534b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7d65011b196ce6a94ea20effbf83ae70

SHA1
211e89c33d98d72813f44be98ff4ef6c1ec213df

SHA256
7302b0ef070fd9da74d73b91f336628a76f9ccc50f5ce43b1390e97c9e38771d

SHA512
4baf130035969efaf0959d73dd9fe796ec828ee75e48273a6007442a7f7a4b5bb8f475b5c088c8c1c1c8a101f4767d4239e76a83cb469167226bbe26cfa327e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7c2a441a4293acb143a4d4b8f05bb41e

SHA1
e6d4ec6f1958f2e74e69075eb6c5243ae592f2f0

SHA256
9b64845ae29925915f93966a9ffdf29aeeada09a26797a90131c4c4dd4f62205

SHA512
2273890d428464e2f2ba837758f32ab98960db3999a98a3be667c19f47fa149830ddd7402315723932687c1d306d7a67b0f4261b5d0e467c72a200538bd27131

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
64d01931b4d9998b9d77e6f23f3d0410

SHA1
b7bb8bdaed9172de68c06e94b58f3eee1bf1f006

SHA256
c3b89008c417aab29b6b0b0f2d278e33dd6890786347f6860b45f703f7e54656

SHA512
5023e8556bdc696c6750d5ffc4ca1d42bc9401f03bfb23ea56d216556cb1815ac848fd68d57eb0c11e7a9e56502e495026c914c5dffba49610504b7e97f75f12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9830329129a18bd5742771a77944f315

SHA1
5ad4446a26c3d6aefc8b8b3bb44cc66b0c0575eb

SHA256
088ae675304cf9e3f5ca0b2dab41c522000c11ade3df58aa8023451a9c2a02dc

SHA512
95e1da7e7ee71df49bf32ebafe923891a1065db0438541663133daec157ecdfea7a1915d3180c73892a46f4a173fe0588af240fefb1f99b470b3e0302b881750

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
77f9e5881a24c98e2910e24db8baea85

SHA1
b2fdbd178489696e947936118d94e46061a556da

SHA256
b031e24cd58c01073154df9bd5d83695cc0903befe08e39e77053251a06f97af

SHA512
93a8c63d6c9c03fa9e13029a3870a91646135dfb27548cdccd468fca3cf9435973ec494013bff0aec8236b201cd1873cacf20a16ac7a906388e5d92541100d14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3c5569f7fb88f4cf725a8d4058db8b09

SHA1
477287c4d5c6ae426b6808d1291305cc135cfc76

SHA256
c5558bb2d4ab240dc291ec3fd85a87d40e003db673bf306e7d1924b29d190c86

SHA512
bd83bbf26ae081e76959644a420fa6082cc1b99ee2c249eddedd68e70e9604a91fb504f6eab8796f2438847481c3850439a195833b830c9ccedef9df0161a8da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3b4696c79d63ea0a8406213943a851c2

SHA1
0bd679edd2269f0682bec29047faa97a3bd0c75a

SHA256
55e62ef85761989effe1dfec80016e9d43638f76dd83a6cba941cd75cc87aba1

SHA512
acd39f480ab461cf55a937a2ff78ff44c181a00809dfd94c8bac77a5862bcecaaf55f7ab6d7c25add894b678e2a5f136f1a75a43dddd7fc68c9d0d51a3aa52c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ee811c4e0be19ad614aa8fbda7bd5565

SHA1
78f2b1abffaa22191342fb4faacc73cd6c50ce8d

SHA256
ca9c79d231cd3c20c518ac2ed2269660c9e82e90f8a72708a6d857796f9afc60

SHA512
97a37839976b16543729eb1f74b2dcdbc02a71f891d44749c13ddd0a2d643e45f62b1da9226abcf2b30db52bb4d20866bf6348f15ac7030e238a3dbea1b59e72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6924e4951a8b3b1fd3a4e0ecb50bab4d

SHA1
3e70e9510d4693f3a5555bac633957ecc3db6ad3

SHA256
ebb945217ab1db5624640fb7e59b6595f2953b9b7e1df1e603c336e6cb476d03

SHA512
402acb65cf199667a61d3331f432a14473831bf3b4fbda390e41abd2a37f93dfacaf4ac7e45bffd951748e1deb201e309e20e5d06d0db4308b7cf2fa5d16a15d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bdd40a680491fd6ccdbcbda51a6f3553

SHA1
a3405c5ac67782cf13fde351bf01db7f57b28daf

SHA256
5a343812924dd4bcf3f17ad0db1c8c0b7b6af469e8537cfa65a5d4072841e386

SHA512
531dc2b9851807dd331f2846929c0180d2ae84eea6b6dfc05b02b6a1dc193e60642a821131652bb29e0179320bf362dd43a2404f41afa2e97919cb45f73739d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
63513c2ef9fad46fffab897d095bc98c

SHA1
d81aa3842a6693770c4ac6fa4a19062168e8e025

SHA256
a40c3bcea4c43109079f5910dd8d1f244a5220fb7000aa96c7686c06113d3778

SHA512
c8e06af8f29087728f70fd2012889a74223bca7fed4910c94bf4977856fdbc454e1e67fbbd4cf6460180751f3fdd8a0591242101ae1a2b9bb6f0ed5b37fa7d00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8f72814566ff8a160d4a6a6ef5207672

SHA1
482702b474451f41b94288572d0ec6b8bd53bd45

SHA256
5ac7e46fe008d904cf708bc74da6f3abf031cd9c90417dc20f00389448005a64

SHA512
1a8af73c97ecee39b087cc5a4ee3ac04225c46355658067120b6460006a069bfdde67d5b630d175eb75de005a9b0ac763115282d7d2975b4357f08e972537a7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
00e11559bcd30a60b9ee176093c08780

SHA1
606c32bd0c52634e630acc0a9cae24cdba3bedab

SHA256
a5236e0ac71ca285db9d6f69a5722751eddd00beded462078bd9c553ded9590a

SHA512
f85ad3a2f7b06cee3a97ff41929da8e2acae23eb750f7fcd18c5c3c458f8178fd98d93ab3ebacde1232e96a60c0b2532b8e50338f797c4f15ed4b412198e4c2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5afa406c5c55d57b36383f5f282e12ad

SHA1
d4a5070403f9d31ae8deac75f91b4e5e4d060fd7

SHA256
0ce4fa9640611c2c9d9b58df68614800c03bbd84f59ef439c77ef2ccb2957c65

SHA512
c59ac48954deae598db8c12d7c8f4eead6c15d7e06caffe6708bdc78504f040e446d6d5240faa1653f910df1b3773ec1cdf8c597c042bceceb719c58c77dc0fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f21a84b5ced875cb2b60a0d304b10861

SHA1
777456a188b100647bab07ec805f18d1ca2d78b3

SHA256
fedcba3c410be4b34153ba19a2ddecec72068f0ce5a9288e41802d9bb9d846e3

SHA512
7ddc955facaa980f72f0f40d29da20dd6e0aad1ff67c868998f2ceda3aca0ffa0cd80d2f7d231213e290ad6af29262d601338bc556eb26625f25301d468cf046

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
aa13e0b50770629e03bc65e80f870226

SHA1
1acb41d336ec47effb5b5c3c59a5dfe48746fa07

SHA256
d51adc80b28a05ad0b99f1b436e93e1dc10f3ff3429264d3e0b57689d950cd77

SHA512
5d5268337cac99f735e516091724e6108233ff5500aed8933ea437fb25fa05a0b68265b2a0e9115be3ee48f6e251e83f26fb4030203bc471ac27bc5be2c6b3d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f32c1f676df9986b1143bf06cb70dc0d

SHA1
5b2e37a2176c1612e3cee408aa876d5ac21b0e63

SHA256
213c514fc86b2894411443e8fa8c1e72fe983e19eac1eaa6187dd29230039e79

SHA512
85571e8b28096f4d2bffa68c239fea2719a8011d0fbdbae63a8596dbb2cd4e1b52f10b75167a510e88c4cdb46208f6bbbf366d946a76f1cd1cf9effef1411f76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e7585735d0b7222b9489ae6583fc51a1

SHA1
d42105bf5b0efc7fc82cba54353334b21f24cda4

SHA256
0781425f6b0fd10e89736e989f860540fc1ebbe9aea08e421f62ffc49ee48568

SHA512
82d72bed3e4304fc73f0da745013ccfc719a274872772ea89061d9fe1898c2d7043a420a2f00b3c61bdf7d66fbde3614b9c56449a9ca2fecf293b4f3c9f4ae99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
641f40d34dc616fefe94f42b10d183bf

SHA1
f2e7a7ea808f81ddc7696f0d82584377da5ab6bb

SHA256
23a55432e345859ab8671ae5aef7ee278429b1173a002c959fa720d61ffd8ca2

SHA512
ae3501b07c870a4dd36d541893eca90f6747c1f43bd1752e1079ffc7cc0b31a4b40c2b863b4d44c22a42433a8723b77399088e20b79180a2b2ff116d6bce91e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e9cf1e9a1b792f91631c544fbc8b8687

SHA1
0c4180533c44a55d7b90c26db6978a64efbfe9e7

SHA256
9bcfef32c3dcb7f8c32ac5a429d49ce171a11a3abcb18994e9a881f3e8622e44

SHA512
aee2464656a77d981542befa8111700a21e237c64d8da2630f09fa0c326beb556565d168f194e86911600abd2cb9ae419a89efd5ed26c00c934db6314946fe42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
37b4eacba1d2d3aa3eb0007730da219b

SHA1
95127ad1d745e796443cda5a48b9cd41cb99aac9

SHA256
59dc4ff5a23a6e901718dde800a5b52996cbde68af64988690f66021cb5f2147

SHA512
6f4c87a75de6daf668cfd80f1945790291ac2734bbc5d53e2f880c18e5e5f40c1f39c44632db478a4e0b4963d905d968c06af4f51af6bd7b9d1221c1aed7dcec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fd652983-61b9-4ede-8909-c27d46b901f0.tmp

Filesize
10KB

MD5
71fab46dc91106743ef9e7184d063de1

SHA1
d0622e7d9c21aa8f8c4a799d8999cd6fe6a59f5a

SHA256
befff0b136886cc09eb3ebb1abc1e1fd69c770f9c6c349afea2276959bef452b

SHA512
716e7ae77c45d8474087cb436caefbfe978250f0e9f251d812b92f6e6529f5a79f997dfce12143735fbec1d43e1d006dcfc40f67ddf676fc7a5600113b7a7e08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
d23299a130b450d87e4b412f94aeb0cf

SHA1
71cb97dfa97920552d70dd9ba6dac0aa878353d3

SHA256
32a215abb0c412fd6cf6fba592437ec2dda126aa97ca63400d7850a266f0da8a

SHA512
5badc01c5de30c0f3103e80fe686d9a691b0b2e4ade9f286867cbfd78084ff85414404d4f5d91bb33e06be0d6585e4607faff183a0f9a2243c32a9e1ad17d282

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
3dbf29de77e2f7e64f5eee17f6b24862

SHA1
0ad406a73d4e055eb960c1d0c73106d3ef7eb069

SHA256
38987de0a4113733ba1889610becf20b9998e5d6634f93ea7bfb9f9431efa14a

SHA512
2a8457094f8fdf238219360786afbf4a8be787bf4d0e051ecb40e8175229541733315782b083d682ae2dee6b115ac9fa2bcb7eddec7c9b2145f9aaee5fa83044

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
c77a94988ab22cb7ba2f7cecb2e0e866

SHA1
4516fc3898fcab9291136cc06f3fb2da9e96b05b

SHA256
93904fd7a3a3c263a4cfe114e5721323dd5bffa7b5fe28c0045df67f41d4e9e0

SHA512
b517319c36d3ee099f711c95933084e7c50e72c485bb3cbfcf94206e8ec2e73ccde2134c1b119ae6d6f582fd8d2bff685d8a987a302408cf381b5365d6999d52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
93dffc4d65e401e7cc1aaca94bc2f907

SHA1
fcfd2264632b687a9e0cf4524a39e2849ded7c2a

SHA256
b5c4aba9c810cc51c8404c0b2882077ce4ecc1a3cc07f4450fa625eeb33c3c95

SHA512
e3c6ad458e39bc9582fbb2caf577403899bd93c3ec9091ddf71ea32c429ee9c54d8decdbd990e3489e6c6fcced4277e2382fbfacb574c4a037765cea113d18f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
ade3bc6b88b9184b93ed075d574f2b81

SHA1
6abbbc475985f6d59aa970a927816f4aba49701e

SHA256
0ad5cf3904137d0cce5617ec930db1d1591750c7c0a2245d2825b3097fc46692

SHA512
13d5f92abfc1758472ec148b85d74b35fe736acf1a05ecf9fbb33ed79f2ba6e7b677a9a6204113a362fc6059c2ec09093b95c20cbe9d8a50bc52e7a3d6497813

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
9e2fbde79673a9ba675ac4916a8d6868

SHA1
dd54032ed7a2b697685c5a8dccceb97bdd671c5e

SHA256
3d4ab3580d5f4eddedc68797ac6a46a802a3a8f2d26e13ddb43255e72a3e7136

SHA512
02cbce5550d9128461eabd8bd91677744a5a3364cc9f600897c18cab724863bc794f53a751a1fa39e89d17c41792224543352f652e29d43860b2570132074ba3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
6cd697b1edfbaaaa7b7b4b435956e864

SHA1
156c992d9d418fb3167ba5d31a4e307e1072e0b2

SHA256
57c562bbe5b1ce4271de75e28c373d2e556b6fd5090980c9ba7e41c3b29b9639

SHA512
d028deea4fbed3248e243e2fb780a1fb50be98f12e5d5a5131da6a861f520633c91174ada51961a51f6c37f68cf9aefa52c481d0d34fbbc1de30cd350c355cd0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
9509e806fe289050e7fdf1a6ea48408c

SHA1
bbafd04ca04056545a70f46acdf41adc4bfb9f7d

SHA256
43ed186105b509f60d4480a5c50d419e6ae46966a54057d7b30494fd5228f0c8

SHA512
aca729aff9e229731949ef42a10917e1afff2b36ff6db4d5ad043053a27f16af71d723cbbed0ea672fd0955a792d9c0e814f82ee1c23b3d56b9b074dc07d2af0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
fb1b71e5409cd95105bfed517e1ccd51

SHA1
54382461217de3caad16dc60cdd11bca3a5779b7

SHA256
61a2186fcb3356e3ead746950e622ac7a5c794a601f313777e7609051904b240

SHA512
f8c740d1bb5b1baea36d3b489543bba873a23efb9f97c9c5e9756e977f9f9c18bce30e6dd30749e2e158a9c3d2ac37a478e3cba3c192cc900d330a68c91adb32

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
744B

MD5
3ebfef3e9e3c6e9e2861744a15917530

SHA1
c9a1675ba6179cddea738b17478faf8567d73180

SHA256
c6d821bf4118e4290efa525c84374305b7a0170cb4c8033ee25b31fc264ae2c5

SHA512
0ceaef221ee31a81ad3c270ddd876c69ead06aead48b181b1cee2ef800852c07c40434b7cc707b147cf5cf6e28b21806c217c1ec3ffdc5a5b1699df1e5c6590e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
856B

MD5
1088b5148942d1fbbec35741e534dec9

SHA1
2b419a8e641fa55d0c5d1cc5155f72c2384ce572

SHA256
1bc22baff09d0648e0c1131a21e775e096f31ebc96241abf3cf9deb715ebc30c

SHA512
b86934e3da8e6a006088824cccb57d38fde8b49b70fbd8c619d5d0a7b7195c8f7ddf3ae4b9f8bede0b17afa1da47b5b15cb3840b003b16e1936fc350c1b9f27e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
856B

MD5
58ccc79c372e9d32ca1ee845e4201f54

SHA1
afd45ffcee8699c2a372e69fac62a0f2172cb293

SHA256
bbf744600ff5f51c2ae1a46d2c51b4665c97b61be3f5cc3303c607370cd7a2fe

SHA512
c1cbb4204c329289769fd39f5303e8c9d380d94d085f590088cd586d57b2e01f0f2f1c4623e23c4bc4d55447d8584f9e5a300e86d416469b7cd31ca21aaccaaf

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
300B

MD5
f041bc23c99afef7de0c4a754d2f3899

SHA1
2c4556bc780a2919743fb50388ee67913912eeb5

SHA256
da409931f1b1b432fb0e214bb9174180cb73d3c5ea9901cde759abff395d6a4e

SHA512
ed1d52a384ec37cb94bcc4fea4f9e11e928b02c6a9130ef4791b911a11d4238a87087b6be27bd933ddcd4559e0af3bed4665227555b3645e0290bec1ec9cd226

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
300B

MD5
cbfe9e821fcdec13a644b2e1eb0a1dcc

SHA1
58a63633d8cb77bbada116b9ce12a2b3589ac603

SHA256
322c1401d84624a1613cb905b9a1194035a2beccf658800a2b5197632f492f86

SHA512
b448d89aa61dbbd0c55dd65c72c198d51b3e01dfbea5cb2f931ab3ef65b7cef1c57539f20595342510ff87439baefb3e630d5afd394d6cb30b5664381c9436dd

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5c1082.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
188B

MD5
aeaf0ac7d46d03435826baeeb27e376b

SHA1
8b6ece876d4393b463c08edbf29d9cb12af109dd

SHA256
9af6e4e90d0723d5c6c7a7746fffec21da52b91bbfcb60531b9cdcc270d45f2c

SHA512
b68aff8e5b3b19ca1e2eb4c89b353ab88027324f19f8e9ad6db604cdd7a58756eea32c28447380d0c1ac9e8847caa300c37d9db10d31e2809ddd67a3b5ede19f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
188B

MD5
ee71217570582275afa5b6c55c9c68f3

SHA1
9cd7058c27f5276dad789bff24ba6d334559f473

SHA256
96b7e2fe7a12f9fd4cb5c7a10b7bad4af5d702fb90a8246ae616ff9885a840f9

SHA512
e1c7e8d1c39c33813a3f6904f166620a1708303db5412e8a78d41204ec6196e5d3d5f24f6054ebe26ccab7d9dc4c68539130fa1697102eb72c416fb9bc2071f9

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

Filesize
2KB

MD5
602c49f9246967bdcff45b4f43cf2fb0

SHA1
4c5796e0c724bbd7a9244cc8a0fc9e8f40181f2d

SHA256
a3ad9649c1038078038be1abd591cdba73b4b4f5cf30e11bb6cb7a432b746114

SHA512
2f273c0dd0127071f4c768cfe7277c6efff84c1ef4f4271c1326db3658c84261794b106af3198717f349fbaaaf276163700bbb50ae20fe52ed0a88a192d46f77

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsbF961.tmp\StdUtils.dll

Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsbF961.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsbF961.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsbF961.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsbF961.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsbF961.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\Downloads\SteamtoolsSetup.rar.crdownload

Filesize
412KB

MD5
cd90e71535a930abcde93f241f94f0f2

SHA1
21e6030f2bb9f1831e8125da17117ee6d01fa8ce

SHA256
39e277a4affb0ff8b7d5c7963c98b5cc201416dde22817df541d1fb83a2ddf04

SHA512
a601a11a11ec9a4fbbdec548d2bd66b8c075ce50ec7e0dbb520dc3e15d88c1d2b3b6043e6244e2d37a37cd7fc223bdae2171e649a37a185a6d5beba911074d48

Download Submit
C:\Users\Admin\Downloads\SteamtoolsSetup.rar:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\SteamtoolsSetup\SteamtoolsSetup.exe

Filesize
978KB

MD5
bbf15e65d4e3c3580fc54adf1be95201

SHA1
79091be8f7f7a6e66669b6a38e494cf7a62b5117

SHA256
c9f2e2abb046ff2535537182edf9a9b748aa10a22e98a1d8c948d874f4ffb304

SHA512
9bb261b4ed84af846e07ffb6352960687e59428fd497faa0a37d70b57a1a7430d48ac350fbb0c3f0f11e4231a98ebca4d6923deba0949fdd7a247a3c02737355

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 176181.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping10324_1789134805\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping10324_1789134805\manifest.json

Filesize
1001B

MD5
2ff237adbc218a4934a8b361bcd3428e

SHA1
efad279269d9372dcf9c65b8527792e2e9e6ca7d

SHA256
25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827

SHA512
bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542

Download Submit
memory/1276-12641-0x0000000000910000-0x0000000000DC2000-memory.dmp

Filesize
4.7MB

Download
memory/6468-12847-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6468-12831-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6468-12790-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6528-12848-0x00000150CF900000-0x00000150CFA1E000-memory.dmp

Filesize
1.1MB

Download
memory/6528-12795-0x00000150CF900000-0x00000150CFA1E000-memory.dmp

Filesize
1.1MB

Download
memory/6528-12970-0x00000150CF900000-0x00000150CFA1E000-memory.dmp

Filesize
1.1MB

Download
memory/6568-12796-0x0000026B95200000-0x0000026B9531E000-memory.dmp

Filesize
1.1MB

Download
memory/6748-12797-0x0000018CABA80000-0x0000018CABB9E000-memory.dmp

Filesize
1.1MB

Download
memory/6748-12893-0x0000018CABA80000-0x0000018CABB9E000-memory.dmp

Filesize
1.1MB

Download
memory/7312-12800-0x000001D4A7D30000-0x000001D4A7D9F000-memory.dmp

Filesize
444KB

Download
memory/7312-12966-0x000001D4A7D30000-0x000001D4A7D9F000-memory.dmp

Filesize
444KB

Download
memory/7312-12690-0x00007FF9A60E0000-0x00007FF9A60E1000-memory.dmp

Filesize
4KB

Download
memory/7312-12692-0x00007FF9A6B70000-0x00007FF9A6B71000-memory.dmp

Filesize
4KB

Download
memory/7532-12801-0x0000018461F80000-0x0000018461FEF000-memory.dmp

Filesize
444KB

Download
memory/10100-13022-0x000000006D6E0000-0x000000006EA20000-memory.dmp

Filesize
19.2MB

Download
memory/10100-13108-0x000000006EA50000-0x000000006FD90000-memory.dmp

Filesize
19.2MB

Download
memory/10100-13130-0x000000006D6E0000-0x000000006EA20000-memory.dmp

Filesize
19.2MB

Download
memory/10100-13109-0x000000006D6E0000-0x000000006EA20000-memory.dmp

Filesize
19.2MB

Download
memory/10100-13070-0x000000006D6E0000-0x000000006EA20000-memory.dmp

Filesize
19.2MB

Download
memory/10100-13069-0x000000006EA50000-0x000000006FD90000-memory.dmp

Filesize
19.2MB

Download
memory/10100-12997-0x0000000010000000-0x0000000010337000-memory.dmp

Filesize
3.2MB

Download
memory/10100-13021-0x000000006EA50000-0x000000006FD90000-memory.dmp

Filesize
19.2MB

Download
memory/10324-13023-0x00000158DA670000-0x00000158DA78E000-memory.dmp

Filesize
1.1MB

Download
memory/10324-13089-0x00000158DA670000-0x00000158DA78E000-memory.dmp

Filesize
1.1MB

Download
memory/10484-13024-0x00000255C9890000-0x00000255C99AE000-memory.dmp

Filesize
1.1MB

Download
memory/10652-13100-0x000002923AB10000-0x000002923AC2E000-memory.dmp

Filesize
1.1MB

Download
memory/13308-13102-0x0000022E8DEF0000-0x0000022E8DF5F000-memory.dmp

Filesize
444KB

Download
memory/13348-13101-0x0000024C949A0000-0x0000024C94A0F000-memory.dmp

Filesize
444KB

Download