c9f2e2abb046ff2535537182edf9a9b748aa10a22e98a1d8c948d874f4ffb304

Resubmissions

19-11-2024 19:08

241119-xtfmqszgnh 8

19-11-2024 19:06

241119-xsbx6avqbl 3

19-11-2024 19:03

241119-xqdc7szfrb 8

Analysis

max time kernel
1199s
max time network
1201s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
19-11-2024 19:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SteamtoolsSetup (1).exe
Size

978KB
MD5

bbf15e65d4e3c3580fc54adf1be95201
SHA1

79091be8f7f7a6e66669b6a38e494cf7a62b5117
SHA256

c9f2e2abb046ff2535537182edf9a9b748aa10a22e98a1d8c948d874f4ffb304
SHA512

9bb261b4ed84af846e07ffb6352960687e59428fd497faa0a37d70b57a1a7430d48ac350fbb0c3f0f11e4231a98ebca4d6923deba0949fdd7a247a3c02737355
SSDEEP

24576:4Fa9OUi2VoN2gZ1M8UQag3BXrYZt+GgGTfG74T+TRcL:Z9OUiTN2gZ1MExEZkkf+4TARg

Score

8^/10

steam defense_evasion discovery persistence phishing

Malware Config

Signatures

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: Montserratwght@300
phishing

Executes dropped EXE 64 IoCs

Processes:

SteamSetup.exesteamservice.exesteam.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exegldriverquery64.exesteamwebhelper.exegldriverquery.exesteamwebhelper.exevulkandriverquery64.exeSteam.exevulkandriverquery.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exeSteamtools.exesteamwebhelper.exeluapacka.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exegldriverquery64.exesteamwebhelper.exesteamwebhelper.exegldriverquery.exevulkandriverquery64.exevulkandriverquery.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exegldriverquery64.exesteamwebhelper.exesteamwebhelper.exegldriverquery.exevulkandriverquery64.exevulkandriverquery.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exeluapacka.exesteam.exe

pid	process
4828	SteamSetup.exe
4000	steamservice.exe
2008	steam.exe
6136	steam.exe
6168	steamwebhelper.exe
6224	steamwebhelper.exe
6404	steamwebhelper.exe
6524	steamwebhelper.exe
8580	gldriverquery64.exe
8664	steamwebhelper.exe
3000	gldriverquery.exe
2680	steamwebhelper.exe
5172	vulkandriverquery64.exe
5332	Steam.exe
5464	vulkandriverquery.exe
9140	steamwebhelper.exe
25384	steamwebhelper.exe
24892	steamwebhelper.exe
24884	steamwebhelper.exe
18676	steamwebhelper.exe
24504	Steamtools.exe
22896	steamwebhelper.exe
20136	luapacka.exe
20004	steam.exe
20060	steamwebhelper.exe
20160	steamwebhelper.exe
20960	steamwebhelper.exe
21356	steamwebhelper.exe
8472	gldriverquery64.exe
8788	steamwebhelper.exe
9192	steamwebhelper.exe
3468	gldriverquery.exe
5348	vulkandriverquery64.exe
2116	vulkandriverquery.exe
6132	steamwebhelper.exe
6544	steamwebhelper.exe
4868	steamwebhelper.exe
3232	steamwebhelper.exe
6760	steamwebhelper.exe
25092	steamwebhelper.exe
25116	steam.exe
24892	steamwebhelper.exe
24796	steamwebhelper.exe
2016	steamwebhelper.exe
25212	steamwebhelper.exe
19032	steam.exe
18956	steamwebhelper.exe
17056	steamwebhelper.exe
7288	steamwebhelper.exe
23336	steamwebhelper.exe
24544	gldriverquery64.exe
23584	steamwebhelper.exe
9256	steamwebhelper.exe
21920	gldriverquery.exe
21904	vulkandriverquery64.exe
21844	vulkandriverquery.exe
16192	steamwebhelper.exe
10096	steamwebhelper.exe
9980	steamwebhelper.exe
11796	steamwebhelper.exe
11364	steamwebhelper.exe
12280	steamwebhelper.exe
11268	luapacka.exe
11912	steam.exe

Loads dropped DLL 64 IoCs

Processes:

SteamSetup.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exe

pid	process
4828	SteamSetup.exe
4828	SteamSetup.exe
4828	SteamSetup.exe
4828	SteamSetup.exe
4828	SteamSetup.exe
4828	SteamSetup.exe
4828	SteamSetup.exe
4828	SteamSetup.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6224	steamwebhelper.exe
6224	steamwebhelper.exe
6224	steamwebhelper.exe
6136	steam.exe
6404	steamwebhelper.exe
6404	steamwebhelper.exe
6404	steamwebhelper.exe
6404	steamwebhelper.exe
6404	steamwebhelper.exe
6404	steamwebhelper.exe
6404	steamwebhelper.exe
6404	steamwebhelper.exe
6404	steamwebhelper.exe
6136	steam.exe
6524	steamwebhelper.exe
6524	steamwebhelper.exe
6524	steamwebhelper.exe
6136	steam.exe
8664	steamwebhelper.exe
8664	steamwebhelper.exe
8664	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
6136	steam.exe
9140	steamwebhelper.exe
9140	steamwebhelper.exe
9140	steamwebhelper.exe
9140	steamwebhelper.exe
25384	steamwebhelper.exe
25384	steamwebhelper.exe
25384	steamwebhelper.exe
25384	steamwebhelper.exe
24884	steamwebhelper.exe
24884	steamwebhelper.exe
24884	steamwebhelper.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

SteamSetup.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Program Files directory 64 IoCs

Processes:

steam.exesteam.exesteam.exeSteamtools.exesteam.exesteam.exe

description	ioc	process
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_r_right_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_swipe_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0325.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steamui_french.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_color_button_triangle_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_buttons_n.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_r2_soft.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_dpad_right_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_button_plus.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0400.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_060_vehicle_0100.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\test_hero_image_mask.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\platform_bulgarian.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_button_square_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_ltrackpad_left_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_lt_soft_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0353.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\icon_warning_yellow.tga_	steam.exe
File opened for modification	C:\Program Files (x86)\Steam\appcache\version	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_r4_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_lstick_click_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_rb_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steam_updating_posix.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_button_l_arrow_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\layout\gamespage_details_subheaderright.layout_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\Receipt_CDKey_Success.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\icon_chat_idle.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_outlined_button_b_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\defaultappimage.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_touchpad_swipe_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_down_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0333.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0336.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_110_social_0110.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_r4_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\382030_icon.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_dpad_down_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_right.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steam_tray.ico_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\switch_controller_korean.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_ltrackpad_click_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\aom.dll_	steam.exe
File created	C:\program files (x86)\steam\config\depotcache\1896320_689917599357770984.manifest	Steamtools.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_buttons_w_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\bg_security_wizard.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\joyconpair_right_sl_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\icon_cloud_syncing.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_dpad_down_md.png_	steam.exe
File opened for modification	C:\program files (x86)\steam\bin\diversion.dll	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0525.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\steamui_postlogon_czech.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_mouse_scroll_up_sm.png_	steam.exe
File opened for modification	C:\program files (x86)\steam\steam-vulkan-crash.sentinel	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steamui_pirate.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_button_capture.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_rtrackpad_click_md.png_	steam.exe
File opened for modification	C:\program files (x86)\steam\logs\remote_connections.txt	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0330.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\radUnselFocus.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox360_button_select_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\friendsui_norwegian-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steamui_thai.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_color_outlined_button_y.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_button_r_arrow_sm.png_	steam.exe

Drops file in Windows directory 12 IoCs

Processes:

steamwebhelper.exechrome.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6168_477178425\_platform_specific\win_x64\widevinecdm.dll.sig	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6168_477178425\_platform_specific\win_x64\widevinecdm.dll	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6168_477178425\LICENSE	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6168_477178425\_metadata\verified_contents.json	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6168_477178425\manifest.fingerprint	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6168_477178425\manifest.json	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
defense_evasion

SIP and Trust Provider Hijacking
T1553.003

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier msedge.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	msedge.exe

System Location Discovery: System Language Discovery 1 TTPs 24 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

steamservice.exevulkandriverquery.exegldriverquery.exesteam.exesteam.exeSteam.exeSteam.exevulkandriverquery.exegldriverquery.exevulkandriverquery.exegldriverquery.exesteam.exevulkandriverquery.exeSteamSetup.exesteam.exesteam.exegldriverquery.exesteam.exesteam.exesteam.exegldriverquery.exevulkandriverquery.exesteam.exesteam.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe

Checks processor information in registry 2 TTPs 36 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

steam.exesteam.exesteam.exesteam.exesteam.exesteam.exesteamwebhelper.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteam.exesteam.exesteamwebhelper.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

23300 taskkill.exe

pid	process
23300	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133765169292708325"	chrome.exe

Modifies registry class 64 IoCs

Processes:

steam.exeexplorer.exesteamservice.exesteam.exesteam.exesteam.exesteam.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\1	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\{885A186E-A440-4ADA-812B-DB871B942259}	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\URL Protocol	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\ = "URL:steam protocol"	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\SniffedFolderType = "Generic"	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\Shell\Open\Command	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\1\0\0\NodeSlot = "12"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\program files (x86)\\steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steam.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\Shell\Open\Command	steam.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\SniffedFolderType = "Generic"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\Shell\Open\Command	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\1\0\0\1\MRUListEx = ffffffff	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\SniffedFolderType = "Downloads"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steam.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0"	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\program files (x86)\\steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\ = "URL:steam protocol"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\URL Protocol	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\URL Protocol	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steam.exe

NTFS ADS 8 IoCs

Processes:

Steamtools.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
File created	C:\Program Files (x86)\Steam\config\depotcache\1245621_6005357081270866877.manifest\:Zone.Identifier:$DATA	Steamtools.exe
File created	C:\Program Files (x86)\Steam\config\depotcache\1245624_6740933728493231026.manifest\:Zone.Identifier:$DATA	Steamtools.exe
File created	C:\Program Files (x86)\Steam\config\depotcache\1896300_1676464084021469100.manifest\:Zone.Identifier:$DATA	Steamtools.exe
File created	C:\Program Files (x86)\Steam\config\depotcache\1896320_689917599357770984.manifest\:Zone.Identifier:$DATA	Steamtools.exe
File created	C:\Program Files (x86)\Steam\config\depotcache\2778580_8226581821665546770.manifest\:Zone.Identifier:$DATA	Steamtools.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 265594.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\1245620.zip:Zone.Identifier	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

NOTEPAD.EXE

pid process

20812 NOTEPAD.EXE
Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

Steamtools.exeexplorer.exe

pid process

24504 Steamtools.exe
18872 explorer.exe

pid	process
20812	NOTEPAD.EXE

pid	process
24504	Steamtools.exe
18872	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exechrome.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exeSteamSetup.exesteam.exe

pid	process
4636	chrome.exe
4636	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
3468	msedge.exe
3468	msedge.exe
976	msedge.exe
976	msedge.exe
4508	msedge.exe
4508	msedge.exe
4616	identity_helper.exe
4616	identity_helper.exe
3244	msedge.exe
3244	msedge.exe
4828	SteamSetup.exe
4828	SteamSetup.exe
4828	SteamSetup.exe
4828	SteamSetup.exe
4828	SteamSetup.exe
4828	SteamSetup.exe
4828	SteamSetup.exe
4828	SteamSetup.exe
4828	SteamSetup.exe
4828	SteamSetup.exe
4828	SteamSetup.exe
4828	SteamSetup.exe
4828	SteamSetup.exe
4828	SteamSetup.exe
4828	SteamSetup.exe
4828	SteamSetup.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe

Suspicious behavior: GetForegroundWindowSpam 7 IoCs

Processes:

steam.exeSteamtools.exesteam.exesteam.exesteam.exeexplorer.exesteam.exe

pid process

6136 steam.exe
24504 Steamtools.exe
20004 steam.exe
19032 steam.exe
11912 steam.exe
18872 explorer.exe
13796 steam.exe

pid	process
6136	steam.exe
24504	Steamtools.exe
20004	steam.exe
19032	steam.exe
11912	steam.exe
18872	explorer.exe
13796	steam.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

chrome.exemsedge.exemsedge.exemsedge.exe

pid	process
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
15660	msedge.exe
21964	msedge.exe
21964	msedge.exe
21964	msedge.exe
21964	msedge.exe
21964	msedge.exe
21964	msedge.exe
21964	msedge.exe
21964	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exemsedge.exe

pid	process
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exemsedge.exesteamwebhelper.exesteam.exe

pid	process
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6136	steam.exe
6136	steam.exe
6136	steam.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe
6168	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 18 IoCs

Processes:

SteamSetup.exesteamservice.exesteam.exeSteamtools.exesteam.exesteam.exesteam.exesteam.exeexplorer.exesteam.exesteam.exesteam.exe

pid	process
4828	SteamSetup.exe
4000	steamservice.exe
6136	steam.exe
24504	Steamtools.exe
24504	Steamtools.exe
24504	Steamtools.exe
24504	Steamtools.exe
20004	steam.exe
25116	steam.exe
19032	steam.exe
11912	steam.exe
18872	explorer.exe
18872	explorer.exe
18872	explorer.exe
18872	explorer.exe
1296	steam.exe
15816	steam.exe
13796	steam.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4636 wrote to memory of 3344	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3344	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3312	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3312	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3312	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3312	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3312	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3312	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3312	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3312	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3312	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3312	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3312	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3312	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3312	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3312	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3312	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3312	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3312	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3312	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3312	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3312	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3312	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3312	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3312	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3312	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3312	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3312	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3312	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3312	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3312	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 3312	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 1940	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 1940	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 4788	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 4788	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 4788	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 4788	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 4788	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 4788	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 4788	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 4788	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 4788	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 4788	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 4788	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 4788	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 4788	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 4788	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 4788	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 4788	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 4788	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 4788	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 4788	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 4788	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 4788	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 4788	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 4788	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 4788	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 4788	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 4788	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 4788	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 4788	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 4788	4636	chrome.exe	chrome.exe
PID 4636 wrote to memory of 4788	4636	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\SteamtoolsSetup (1).exe
"C:\Users\Admin\AppData\Local\Temp\SteamtoolsSetup (1).exe"
1⤵
PID:4292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe93b9cc40,0x7ffe93b9cc4c,0x7ffe93b9cc58
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1776,i,4930204783220764155,11914053451736499529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1772 /prefetch:2
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1944,i,4930204783220764155,11914053451736499529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,4930204783220764155,11914053451736499529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2196 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,4930204783220764155,11914053451736499529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,4930204783220764155,11914053451736499529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3084,i,4930204783220764155,11914053451736499529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4736,i,4930204783220764155,11914053451736499529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  PID:688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4352,i,4930204783220764155,11914053451736499529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4728,i,4930204783220764155,11914053451736499529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=868,i,4930204783220764155,11914053451736499529,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1536

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:908

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe93a53cb8,0x7ffe93a53cc8,0x7ffe93a53cd8
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,3402761948186196764,14733465688132610104,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,3402761948186196764,14733465688132610104,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,3402761948186196764,14733465688132610104,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3402761948186196764,14733465688132610104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3402761948186196764,14733465688132610104,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3402761948186196764,14733465688132610104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3402761948186196764,14733465688132610104,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3402761948186196764,14733465688132610104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,3402761948186196764,14733465688132610104,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3402761948186196764,14733465688132610104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3402761948186196764,14733465688132610104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3402761948186196764,14733465688132610104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3402761948186196764,14733465688132610104,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3402761948186196764,14733465688132610104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3402761948186196764,14733465688132610104,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,3402761948186196764,14733465688132610104,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3402761948186196764,14733465688132610104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3402761948186196764,14733465688132610104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3402761948186196764,14733465688132610104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3402761948186196764,14733465688132610104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,3402761948186196764,14733465688132610104,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6100 /prefetch:8
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,3402761948186196764,14733465688132610104,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3244
- C:\Users\Admin\Downloads\SteamSetup.exe
  "C:\Users\Admin\Downloads\SteamSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4828
- - C:\Program Files (x86)\Steam\bin\steamservice.exe
    "C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:4000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4732

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:2008
- C:\Program Files (x86)\Steam\steam.exe
  "C:\Program Files (x86)\Steam\steam.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:6136
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=6136" "-buildid=1731433018" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - Checks processor information in registry
    - Suspicious use of SendNotifyMessage
    PID:6168
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1731433018 --initial-client-data=0x298,0x29c,0x2a0,0x294,0x2a4,0x7ffe82f6af00,0x7ffe82f6af0c,0x7ffe82f6af18
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6224
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1576,i,6193697782363167558,9366472143816604549,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1588 --mojo-platform-channel-handle=1568 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6404
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2156,i,6193697782363167558,9366472143816604549,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2160 --mojo-platform-channel-handle=2152 /prefetch:11
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6524
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2744,i,6193697782363167558,9366472143816604549,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2748 --mojo-platform-channel-handle=2740 /prefetch:13
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:8664
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,6193697782363167558,9366472143816604549,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3080 --mojo-platform-channel-handle=3056 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2680
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3760,i,6193697782363167558,9366472143816604549,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3800 --mojo-platform-channel-handle=3516 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:9140
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3740,i,6193697782363167558,9366472143816604549,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3744 --mojo-platform-channel-handle=3736 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:25384
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4408,i,6193697782363167558,9366472143816604549,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4204 --mojo-platform-channel-handle=4400 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:24892
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4496,i,6193697782363167558,9366472143816604549,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4500 --mojo-platform-channel-handle=4492 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:24884
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=4432,i,6193697782363167558,9366472143816604549,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4464 --mojo-platform-channel-handle=4068 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:18676
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3748,i,6193697782363167558,9366472143816604549,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4000 --mojo-platform-channel-handle=4688 /prefetch:10
      4⤵
      Executes dropped EXE
      PID:22896
- - C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:8580
- - C:\Program Files (x86)\Steam\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3000
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:5172
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5464

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1436

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D4
1⤵
PID:1952

C:\Program Files (x86)\Steam\Steam.exe
"C:\Program Files (x86)\Steam\Steam.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5332

C:\Users\Admin\Desktop\SteamtoolsSetup (1).exe
"C:\Users\Admin\Desktop\SteamtoolsSetup (1).exe"
1⤵
PID:10440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /IM Steamtools.exe /F >nul 2>&1
  2⤵
  PID:23284
- - C:\Windows\system32\taskkill.exe
    taskkill /IM Steamtools.exe /F
    3⤵
    - Kills process with taskkill
    PID:23300
- C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe
  "C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - NTFS ADS
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:24504
- - C:\program files (x86)\steam\config\stplug-in\luapacka.exe
    "C:\program files (x86)\steam\config\stplug-in\luapacka.exe" C:/Users/Admin/Downloads/1245620.lua "C:\program files (x86)\steam\config\stplug-in\1245620.st"
    3⤵
    - Executes dropped EXE
    PID:20136
- - C:\program files (x86)\steam\steam.exe
    "C:\program files (x86)\steam\steam.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:20004
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=20004" "-buildid=1731433018" "-steamid=0" "-logdir=C:\program files (x86)\steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\program files (x86)\steam\clientui" "-steampath=C:\program files (x86)\steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      Checks processor information in registry
      PID:20060
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\program files (x86)\steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1731433018 --initial-client-data=0x2b4,0x2b8,0x2bc,0x2b0,0x2c0,0x7ffe901aaf00,0x7ffe901aaf0c,0x7ffe901aaf18
        5⤵
        Executes dropped EXE
        
        PID:20160
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1608,i,2351572443490102662,8143244107205158187,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1612 --mojo-platform-channel-handle=1596 /prefetch:2
        5⤵
        Executes dropped EXE
        
        PID:20960
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2224,i,2351572443490102662,8143244107205158187,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2228 --mojo-platform-channel-handle=2220 /prefetch:11
        5⤵
        Executes dropped EXE
        
        PID:21356
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2716,i,2351572443490102662,8143244107205158187,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2208 --mojo-platform-channel-handle=2724 /prefetch:13
        5⤵
        Executes dropped EXE
        
        PID:8788
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,2351572443490102662,8143244107205158187,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3156 --mojo-platform-channel-handle=3148 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:9192
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3628,i,2351572443490102662,8143244107205158187,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3772 --mojo-platform-channel-handle=3632 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:6132
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4052,i,2351572443490102662,8143244107205158187,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4056 --mojo-platform-channel-handle=4048 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:6544
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4228,i,2351572443490102662,8143244107205158187,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4300 --mojo-platform-channel-handle=4004 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:4868
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3804,i,2351572443490102662,8143244107205158187,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4056 --mojo-platform-channel-handle=3800 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:3232
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4624,i,2351572443490102662,8143244107205158187,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4620 --mojo-platform-channel-handle=4604 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:6760
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4480,i,2351572443490102662,8143244107205158187,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4488 --mojo-platform-channel-handle=4508 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:25092
  - - C:\program files (x86)\steam\bin\gldriverquery64.exe
      .\bin\gldriverquery64.exe
      4⤵
      Executes dropped EXE
      PID:8472
  - - C:\program files (x86)\steam\bin\gldriverquery.exe
      .\bin\gldriverquery.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:3468
  - - C:\program files (x86)\steam\bin\vulkandriverquery64.exe
      .\bin\vulkandriverquery64.exe
      4⤵
      Executes dropped EXE
      PID:5348
  - - C:\program files (x86)\steam\bin\vulkandriverquery.exe
      .\bin\vulkandriverquery.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:2116
  - - C:\program files (x86)\steam\steam.exe
      "C:\program files (x86)\steam\steam.exe"
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      Checks processor information in registry
      Suspicious use of SetWindowsHookEx
      PID:25116
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=25116" "-buildid=1731433018" "-steamid=0" "-logdir=C:\program files (x86)\steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\program files (x86)\steam\clientui" "-steampath=C:\program files (x86)\steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
        5⤵
        Executes dropped EXE
        
        PID:24892
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\program files (x86)\steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1731433018 --initial-client-data=0x2ac,0x2b0,0x2b4,0x2a8,0x2b8,0x7ffe901aaf00,0x7ffe901aaf0c,0x7ffe901aaf18
        6⤵
        Executes dropped EXE
        
        PID:24796
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1564,i,8033819842781763616,13903665134114893267,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1568 --mojo-platform-channel-handle=1556 /prefetch:2
        6⤵
        Executes dropped EXE
        
        PID:2016
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2252,i,8033819842781763616,13903665134114893267,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2264 --mojo-platform-channel-handle=2256 /prefetch:11
        6⤵
        Executes dropped EXE
        
        PID:25212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.steamtools.net/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:21964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe93a53cb8,0x7ffe93a53cc8,0x7ffe93a53cd8
      4⤵
      PID:22024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,17882195722346492251,7373693960764788919,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1772 /prefetch:2
      4⤵
      PID:23116
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,17882195722346492251,7373693960764788919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
      4⤵
      PID:23180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,17882195722346492251,7373693960764788919,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
      4⤵
      PID:25576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,17882195722346492251,7373693960764788919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
      4⤵
      PID:6948
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,17882195722346492251,7373693960764788919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
      4⤵
      PID:6956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,17882195722346492251,7373693960764788919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
      4⤵
      PID:2500
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,17882195722346492251,7373693960764788919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3264 /prefetch:8
      4⤵
      PID:1928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,17882195722346492251,7373693960764788919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
      4⤵
      PID:8040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,17882195722346492251,7373693960764788919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
      4⤵
      PID:8132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,17882195722346492251,7373693960764788919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
      4⤵
      PID:7472
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,17882195722346492251,7373693960764788919,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
      4⤵
      PID:7480
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,17882195722346492251,7373693960764788919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4428 /prefetch:1
      4⤵
      PID:9024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,17882195722346492251,7373693960764788919,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
      4⤵
      PID:9012
- - C:\program files (x86)\steam\steam.exe
    "C:\program files (x86)\steam\steam.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:19032
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=19032" "-buildid=1731433018" "-steamid=0" "-logdir=C:\program files (x86)\steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\program files (x86)\steam\clientui" "-steampath=C:\program files (x86)\steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      Checks processor information in registry
      PID:18956
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\program files (x86)\steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1731433018 --initial-client-data=0x2b0,0x2b4,0x2b8,0x2ac,0x2bc,0x7ffe901aaf00,0x7ffe901aaf0c,0x7ffe901aaf18
        5⤵
        Executes dropped EXE
        
        PID:17056
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1604,i,548462304939443211,13366482282346659762,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1616 --mojo-platform-channel-handle=1596 /prefetch:2
        5⤵
        Executes dropped EXE
        
        PID:7288
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2280,i,548462304939443211,13366482282346659762,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2284 --mojo-platform-channel-handle=2276 /prefetch:11
        5⤵
        Executes dropped EXE
        
        PID:23336
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2760,i,548462304939443211,13366482282346659762,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2756 --mojo-platform-channel-handle=2688 /prefetch:13
        5⤵
        Executes dropped EXE
        
        PID:23584
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,548462304939443211,13366482282346659762,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3204 --mojo-platform-channel-handle=3196 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:9256
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3880,i,548462304939443211,13366482282346659762,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3884 --mojo-platform-channel-handle=3876 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:16192
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4056,i,548462304939443211,13366482282346659762,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4060 --mojo-platform-channel-handle=4052 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:10096
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4444,i,548462304939443211,13366482282346659762,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4452 --mojo-platform-channel-handle=4244 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:9980
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=4548,i,548462304939443211,13366482282346659762,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4572 --mojo-platform-channel-handle=4576 /prefetch:12
        5⤵
        Executes dropped EXE
        
        PID:11796
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4660,i,548462304939443211,13366482282346659762,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4624 --mojo-platform-channel-handle=4664 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:12280
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4708,i,548462304939443211,13366482282346659762,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4712 --mojo-platform-channel-handle=4704 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:11364
  - - C:\program files (x86)\steam\bin\gldriverquery64.exe
      .\bin\gldriverquery64.exe
      4⤵
      Executes dropped EXE
      PID:24544
  - - C:\program files (x86)\steam\bin\gldriverquery.exe
      .\bin\gldriverquery.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:21920
  - - C:\program files (x86)\steam\bin\vulkandriverquery64.exe
      .\bin\vulkandriverquery64.exe
      4⤵
      Executes dropped EXE
      PID:21904
  - - C:\program files (x86)\steam\bin\vulkandriverquery.exe
      .\bin\vulkandriverquery.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:21844
- - C:\program files (x86)\steam\config\stplug-in\luapacka.exe
    "C:\program files (x86)\steam\config\stplug-in\luapacka.exe" C:/Users/Admin/Downloads/1245620.lua "C:\program files (x86)\steam\config\stplug-in\1245620.st"
    3⤵
    - Executes dropped EXE
    PID:11268
- - C:\program files (x86)\steam\steam.exe
    "C:\program files (x86)\steam\steam.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:11912
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=11912" "-buildid=1731433018" "-steamid=0" "-logdir=C:\program files (x86)\steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\program files (x86)\steam\clientui" "-steampath=C:\program files (x86)\steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
      4⤵
      Drops file in Windows directory
      Checks processor information in registry
      PID:13104
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\program files (x86)\steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1731433018 --initial-client-data=0x2a4,0x2a8,0x2ac,0x2a0,0x2b0,0x7ffe901aaf00,0x7ffe901aaf0c,0x7ffe901aaf18
        5⤵
        
        PID:6500
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1588,i,43249056918283700,814098542091625917,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1592 --mojo-platform-channel-handle=1580 /prefetch:2
        5⤵
        
        PID:3944
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2336,i,43249056918283700,814098542091625917,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2340 --mojo-platform-channel-handle=2332 /prefetch:11
        5⤵
        
        PID:7264
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2720,i,43249056918283700,814098542091625917,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2752 --mojo-platform-channel-handle=2396 /prefetch:13
        5⤵
        
        PID:10628
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,43249056918283700,814098542091625917,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3148 --mojo-platform-channel-handle=3140 /prefetch:1
        5⤵
        
        PID:23788
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3800,i,43249056918283700,814098542091625917,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3804 --mojo-platform-channel-handle=3796 /prefetch:1
        5⤵
        
        PID:24116
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4012,i,43249056918283700,814098542091625917,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4024 --mojo-platform-channel-handle=4020 /prefetch:1
        5⤵
        
        PID:10296
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3940,i,43249056918283700,814098542091625917,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4360 --mojo-platform-channel-handle=4228 /prefetch:1
        5⤵
        
        PID:23740
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4308,i,43249056918283700,814098542091625917,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4196 --mojo-platform-channel-handle=3700 /prefetch:1
        5⤵
        
        PID:23456
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=2040,i,43249056918283700,814098542091625917,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=668 --mojo-platform-channel-handle=2044 /prefetch:1
        5⤵
        
        PID:5452
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=4424,i,43249056918283700,814098542091625917,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4632 --mojo-platform-channel-handle=4476 /prefetch:12
        5⤵
        
        PID:17460
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4624,i,43249056918283700,814098542091625917,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4612 --mojo-platform-channel-handle=4568 /prefetch:1
        5⤵
        
        PID:16440
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3960,i,43249056918283700,814098542091625917,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2112 --mojo-platform-channel-handle=4356 /prefetch:1
        5⤵
        
        PID:16516
  - - C:\program files (x86)\steam\bin\gldriverquery64.exe
      .\bin\gldriverquery64.exe
      4⤵
      PID:10180
  - - C:\program files (x86)\steam\bin\gldriverquery.exe
      .\bin\gldriverquery.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:23884
  - - C:\program files (x86)\steam\bin\vulkandriverquery64.exe
      .\bin\vulkandriverquery64.exe
      4⤵
      PID:24008
  - - C:\program files (x86)\steam\bin\vulkandriverquery.exe
      .\bin\vulkandriverquery.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:24036
- - C:\Windows\explorer.exe
    explorer.exe "C:\program files (x86)\steam\steamapps\common"
    3⤵
    PID:18912
- - C:\program files (x86)\steam\config\stplug-in\luapacka.exe
    "C:\program files (x86)\steam\config\stplug-in\luapacka.exe" C:/Users/Admin/Downloads/1245620.lua "C:\program files (x86)\steam\config\stplug-in\1245620.st"
    3⤵
    PID:16828
- - C:\program files (x86)\steam\steam.exe
    "C:\program files (x86)\steam\steam.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Suspicious use of SetWindowsHookEx
    PID:1296
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=1296" "-buildid=1731433018" "-steamid=0" "-logdir=C:\program files (x86)\steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\program files (x86)\steam\clientui" "-steampath=C:\program files (x86)\steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
      4⤵
      PID:11944
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\program files (x86)\steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1731433018 --initial-client-data=0x2a4,0x2a8,0x2ac,0x2a0,0x2b0,0x7ffe901aaf00,0x7ffe901aaf0c,0x7ffe901aaf18
        5⤵
        
        PID:11988
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1616,i,13052954296910742361,1327425561412100575,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1620 --mojo-platform-channel-handle=1608 /prefetch:2
        5⤵
        
        PID:15304
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2204,i,13052954296910742361,1327425561412100575,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2208 --mojo-platform-channel-handle=1572 /prefetch:11
        5⤵
        
        PID:2040
- - C:\program files (x86)\steam\steam.exe
    "C:\program files (x86)\steam\steam.exe"
    3⤵
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Suspicious use of SetWindowsHookEx
    PID:15816
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=15816" "-buildid=1731433018" "-steamid=0" "-logdir=C:\program files (x86)\steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\program files (x86)\steam\clientui" "-steampath=C:\program files (x86)\steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
      4⤵
      PID:16276
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\program files (x86)\steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1731433018 --initial-client-data=0x2a4,0x2a8,0x2ac,0x2a0,0x2b0,0x7ffe901aaf00,0x7ffe901aaf0c,0x7ffe901aaf18
        5⤵
        
        PID:15744
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1588,i,1542801971704631752,8306759531125864770,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1604 --mojo-platform-channel-handle=1580 /prefetch:2
        5⤵
        
        PID:11312
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2324,i,1542801971704631752,8306759531125864770,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2328 --mojo-platform-channel-handle=2320 /prefetch:11
        5⤵
        
        PID:18276
- - C:\program files (x86)\steam\steam.exe
    "C:\program files (x86)\steam\steam.exe"
    3⤵
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:13796
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=13796" "-buildid=1731433018" "-steamid=0" "-logdir=C:\program files (x86)\steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\program files (x86)\steam\clientui" "-steampath=C:\program files (x86)\steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
      4⤵
      Drops file in Windows directory
      Checks processor information in registry
      PID:13932
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\program files (x86)\steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1731433018 --initial-client-data=0x2a4,0x2a8,0x2ac,0x2a0,0x2b0,0x7ffe901aaf00,0x7ffe901aaf0c,0x7ffe901aaf18
        5⤵
        
        PID:13964
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1608,i,3472588019275976773,5847221752106148849,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1612 --mojo-platform-channel-handle=1600 /prefetch:2
        5⤵
        
        PID:14092
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2320,i,3472588019275976773,5847221752106148849,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2324 --mojo-platform-channel-handle=2316 /prefetch:11
        5⤵
        
        PID:14176
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2772,i,3472588019275976773,5847221752106148849,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2776 --mojo-platform-channel-handle=2768 /prefetch:13
        5⤵
        
        PID:17320
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3280,i,3472588019275976773,5847221752106148849,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3284 --mojo-platform-channel-handle=3276 /prefetch:1
        5⤵
        
        PID:14756
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3800,i,3472588019275976773,5847221752106148849,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3804 --mojo-platform-channel-handle=3796 /prefetch:1
        5⤵
        
        PID:24312
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4016,i,3472588019275976773,5847221752106148849,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4020 --mojo-platform-channel-handle=4012 /prefetch:1
        5⤵
        
        PID:24336
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3952,i,3472588019275976773,5847221752106148849,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4464 --mojo-platform-channel-handle=4440 /prefetch:1
        5⤵
        
        PID:23424
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4504,i,3472588019275976773,5847221752106148849,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4512 --mojo-platform-channel-handle=4488 /prefetch:1
        5⤵
        
        PID:23028
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4652,i,3472588019275976773,5847221752106148849,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4656 --mojo-platform-channel-handle=4648 /prefetch:1
        5⤵
        
        PID:20316
  - - C:\program files (x86)\steam\bin\gldriverquery64.exe
      .\bin\gldriverquery64.exe
      4⤵
      PID:14512
  - - C:\program files (x86)\steam\bin\gldriverquery.exe
      .\bin\gldriverquery.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16888
  - - C:\program files (x86)\steam\bin\vulkandriverquery64.exe
      .\bin\vulkandriverquery64.exe
      4⤵
      PID:14828
  - - C:\program files (x86)\steam\bin\vulkandriverquery.exe
      .\bin\vulkandriverquery.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14928
- - C:\program files (x86)\steam\steam.exe
    "C:\program files (x86)\steam\steam.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:24388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:15660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xa0,0x10c,0x7ffe93a53cb8,0x7ffe93a53cc8,0x7ffe93a53cd8
  2⤵
  PID:10148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:9612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  PID:9644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
  2⤵
  PID:9688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:9792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:9788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:11100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:11104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:11352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  PID:11476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:11888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:1
  2⤵
  PID:11912
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 /prefetch:8
  2⤵
  PID:12064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3936 /prefetch:8
  2⤵
  PID:12300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
  2⤵
  PID:12496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:12500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:12656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:12664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:12948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
  2⤵
  PID:10544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:10548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:10184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1
  2⤵
  PID:10220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:19584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
  2⤵
  PID:24064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:7300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
  2⤵
  PID:10332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
  2⤵
  PID:10312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3500 /prefetch:8
  2⤵
  PID:23664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:15628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
  2⤵
  PID:18300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:18280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:17372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6184 /prefetch:8
  2⤵
  PID:17232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5268 /prefetch:2
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:15820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
  2⤵
  PID:15492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3012 /prefetch:1
  2⤵
  PID:17192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:18896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
  2⤵
  PID:15192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:15096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1
  2⤵
  PID:15108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1828 /prefetch:1
  2⤵
  PID:19764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
  2⤵
  PID:20320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:23112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
  2⤵
  PID:23000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:22592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1936,1218432091794106044,8391735048067254863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4064 /prefetch:8
  2⤵
  - NTFS ADS
  PID:22412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:9956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:10068

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_1245620.zip\readme.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:20812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:25328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6940

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D4
1⤵
PID:11872

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:18872

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:13136

C:\Program Files (x86)\Steam\Steam.exe
"C:\Program Files (x86)\Steam\Steam.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:14372

C:\program files (x86)\steam\config\stUI\Steamtools.exe
"C:\program files (x86)\steam\config\stUI\Steamtools.exe"
1⤵
PID:14364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\.cef-dev-tools-size.vdf

Filesize
71B

MD5
9679bd7a4e51e384ea428d6eafc1fab2

SHA1
80e36c373d432305c5d23319a0e532934399f731

SHA256
d82fc37374e2668f6569102bd2ed13b8d21ebad019c5d1bf7fb825617d0d32a4

SHA512
06fc8b2a670a8d05dda366d98cf16e34bd78f2a41aa640f908278c9aa13d5a787918b6041762fda89987b80cfdf26e1c92d3c84d12b477ce5708a4a4f7fc5abb

Download Submit
C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\appcache\librarycache\1161040_icon.jpg

Filesize
638B

MD5
7ecdaf8a54ec52b20640a88527512903

SHA1
3133a4d748ad3be61fe9db759339cd5de73339b5

SHA256
7bd8b75aec0a4d4a377f3ca3a023fd8b7c5fc7dc6a2a66d17f8cdfe5b731ab0c

SHA512
60ae2031eed0c38264f0d8db22a9b6efeb3f80c791e916e15a1730853162d56e0da014dbd93a5479bae4f3bdd5705ca89be70c90574a524abd1c276ed5c55a2d

Download Submit
C:\Program Files (x86)\Steam\appcache\packageinfo.vdf.async11912.tmp

Filesize
9KB

MD5
7fc221e4dc533ca718d8df4e79e926aa

SHA1
175a1750be28550229a40a3b722d0d7872441f49

SHA256
81f2e3f97b154498337dad57978ae4788684de0ac248c1de2b98e6ee655ec93a

SHA512
a4ffc7220eba50e7f7b55172e1c10200d6f2e1b00c93e1f5476e649d81169993257249819d08c324bd6522a62858a93666352750648193f3b37fb5174e3695ed

Download Submit
C:\Program Files (x86)\Steam\appcache\version

Filesize
672B

MD5
413d8df51bff7adde88fd2876905be2f

SHA1
8eeb7fb15e35729c795565b0394baf19d369af9c

SHA256
9ea335eb389314b8e2f6d7e638a094fd5913c36f449b777b96b43030c3ec9b6d

SHA512
f0b4ee48197c0579d5566cee5da6ca0ce0146165fb4f9312399988deabdf7904dc51b772fc88cff44db29408ede5762cde306044da9980575e5ebb230dfa7238

Download Submit
C:\Program Files (x86)\Steam\bin\SteamService.exe

Filesize
2.5MB

MD5
ba0ea9249da4ab8f62432617489ae5a6

SHA1
d8873c5dcb6e128c39cf0c423b502821343659a7

SHA256
ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d

SHA512
52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\crash_reporter.cfg

Filesize
378B

MD5
65cde83bd897111ef66965daa1990c90

SHA1
a4c2a137d80142a7e5eec61c107e196558395de4

SHA256
84b0829a1a670da6ec97df57e506b5a95761df516f3aeec21af1bbad1d7476da

SHA512
0d091aa44958a28f6a924c85993e907a80e6f65c0038ff7f0ec2a3b94553b1763fdf2e8470eb4ee33667e7a66944ebf42a7863f080f5332cd6978846f9af90b7

Download Submit
C:\Program Files (x86)\Steam\bin\diversion.dll

Filesize
19.0MB

MD5
fb59f7262848e6c9413d76494d88e1c0

SHA1
9fcb582deb9e69b8b8f36522a859d206633010cd

SHA256
32dda887447b7b5fe74d7745cb6c2d28c677ba479435b4e4bdd8b7ac36379866

SHA512
1d2960b7549d4ce63041dd8e20f73a860d8ba32d7a70671a9ded5d539d364a68c621c6f95fe3c00b586cc2ec397d25211f832b5a72414d70c08b6cf6bf644776

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
15KB

MD5
69bf567add5daa6a41524f9773caabf6

SHA1
572289937ae2fcef8a23fcb59639003d2eb39128

SHA256
80f2769c569a2c4cf660b002ac7a2ed0e5dcdc8c11a9a869fe4d316a7b2589ca

SHA512
fe1d8d055f8398ad95650d4f8125ac64a89d08e2733b8114d9cca68edcf12f460b5a22516a5165c1f1654fbae4a3a834fe6d661b21c5998aa820c4f0f50a2b07

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
14KB

MD5
9d0a310ecb90f9acb76fe72dcb59d703

SHA1
bee40dd3943cdc5c70979db6f0bf77cc09808f06

SHA256
776b7f5506b9fcd8fdcc25f8e71178eb009990e82cc4d51699d8b5c16e208949

SHA512
08a4a5b1516d4dc558fa3cbd82264541b69a9b4e5f709364c8692beb34d942e3e1f36f20a7b92518d9e953b3a4567407f6d2ac3bb1838ddfa666a381c8de77ae

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
15KB

MD5
55b4e8a31732aa578035623b6f9d5326

SHA1
ccdaa5c8d8505f6ddf8bfb622b6607295d43bfe5

SHA256
7eea8fd9e7de611a2645f4bbcfffab347b9d864324be0e2a2e5fe39db83c2dc4

SHA512
9da4c0d431c560989d98230b9b1e6c680063ea25e5bbd8bc07ab62f9531ffa5bbf838731b140337a11bc365ab85e58e294a00866f15766b9dda5672b0183be06

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
15KB

MD5
e8458c0e760de3fddec6661e87a0b971

SHA1
beba10c817dfb640315b2640518ca98a6ef87f7f

SHA256
e06fe7977171383ae2ccbb6a0e7476a80850f7b5b479944b6805e51cacbc0056

SHA512
b2592549e2b8d4450c08e64ad9c0f68766552323f244fa7920407f7d73339f84771b7a3ba68f6f98d0245e5b11f16790a8796aa36a9b2b49af0495550fe1c0a4

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
14KB

MD5
c26b6b20770d9b314aeebe5a821dfce1

SHA1
02effec63b6c72447c2ee94f482557d9e9414c1d

SHA256
9669cd1fcd610e7cf7e264e29149047ba266afa9ec65a2b90df9b3577f22a04b

SHA512
10de1c6d2ae18204f99a4c5e804d10f657a078715670f6835c5c83667707bcc570f057b6ff54cd5992524134c53edf6e5641d96cea05ad02fd7c2d8c889400d7

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf~RFe5bb7f2.TMP

Filesize
184B

MD5
3cdebc58a05cdd75f14e64fb0d971370

SHA1
edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe

SHA256
661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7

SHA512
289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

Download Submit
C:\Program Files (x86)\Steam\config\depotcache\2778580_8226581821665546770.manifest:Zone.Identifier

Filesize
76B

MD5
b3ddf94099389aa553c390daa37c9d85

SHA1
e2f723e42542c27a487a947453b8b652176ba70a

SHA256
dca805510889d5e28e327b092feca6954d68ae464ef44e4799b90ca51c8a13d3

SHA512
0b06ec71232c8ac9c78a0e4399c8b7394ff32a66fba7dd888f3c16594db1853fc01e247fbd4154aedddc79cae262b033aa266182e4e0fd0f04f85b762c8dbdc8

Download Submit
C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe

Filesize
16.3MB

MD5
1a475aa5000d3958df447de17e0dc14b

SHA1
8a45a8a2b38a524633a99abc7994aa0ac46c03ce

SHA256
1208c4d240918ab0b4767bc6a5c0cbe83ee7f21408fb0c5ea68769ebea759b3e

SHA512
e86be352a5732d18db772f3fc80a70ebb223d68148057663ed18aab5c2221fe6d1cb48d4f4e22940419e9144aeacdc03ea05739352f86aed7ce967afd7e80911

Download Submit
C:\Program Files (x86)\Steam\config\steamapps.vrmanifest

Filesize
47B

MD5
8dddbd4ebcf391576016a88f4d8e1520

SHA1
875573003391b113fcf8e11fede71424618a44a1

SHA256
86af15e416cd4bd82d8f2b9a7a945dc7c4aa5882c1afc4e26a7f9b9e5a9d02c4

SHA512
99c6ba91e23e05d21c467f0314029c44db83bb1edadb6866096d03fba93782c2bee819696fc0f6a2523ece78d2324f7442800f55f439c8644ffac51a7f124852

Download Submit
C:\Program Files (x86)\Steam\dumps\settings.dat

Filesize
56B

MD5
3be573369c2b729ada4fe43b0eafa907

SHA1
1f41ed08b411c63d2fb8ff3e1270cd041a024cb0

SHA256
c420f5c8326ebf452dd8da989c12fd85a1494463a6ab05a2d2ce035c41478b65

SHA512
badc5a038b61ca98fdd509a1a9c322c0ee3d7ee4ee0bcb5b1eb47c8fe5faa92e493b17cfda52d89597f275a41fa01c19ff4df8fab258fec2fc2624af0408c655

Download Submit
C:\Program Files (x86)\Steam\logs\cef_log.txt

Filesize
2KB

MD5
a3b11f2b44abfd019415fdf8a3871587

SHA1
afa88d2696cf109ad9a437e5be6d99862f852d20

SHA256
85464185348252113e06c203146c496ae568e3dd5dd30754640da65ef3b78252

SHA512
fc6fff9961401d980a2430bdd99f9c873cf26f23a6153de95cbeb13de0f0d745878d635a326c055dbf1731c3d8020600cd3db560433e5403dcc004fcd53e7ca1

Download Submit
C:\Program Files (x86)\Steam\logs\cef_log.txt

Filesize
45KB

MD5
242599e3449bd9926ac62ef2593326d7

SHA1
69f4fc21088c50bd041be6dc131ce7c8dcd185e8

SHA256
f2a3ad54c4aa6fce2728f93027c3c653368223df3f5003b1a8fab1d3f6fdcbf9

SHA512
e6e9dcf4933d1a69dadc603d7ffb120c5d3b6b4cf72a87ada379be3c3e3de454317aaa380b6d8c8200e099e14f2cbf79528902243c62f7ba03d40212dbb24e9e

Download Submit
C:\Program Files (x86)\Steam\logs\cef_log.txt

Filesize
10KB

MD5
0976fabc7c70c029ceb34dfe09b07dbb

SHA1
2698fe7e055dfe1868bc26dba3ec1df9fba9b102

SHA256
53d80c786e4bdc9a3fd804f86e70f02fbfe0f394d2deb0ad1b91723342fd42b4

SHA512
47502915046368858fbe8d64de56da62d1e86549e15b589c869bc6054bf0aef3e259c1ecfdaee2fde1e1362fcfe2b08d52ceaff99b21f44aba43a5563ac0e4fc

Download Submit
C:\Program Files (x86)\Steam\logs\cef_log.txt

Filesize
42KB

MD5
6f141eef6420853f6359a0a341e34b35

SHA1
7241fa170802d539ccd40ace8cc96af0e2531cec

SHA256
2b43ed50aefed36ed8a646745a1c961b4acd65fd61efb31fb781dddbf0d2305f

SHA512
b9b341405f8fc7d3a53ee33a5e206dd78b1be9eb6000514f5f0dcdaddf0756c235036e1c78a4c0742911349081e3c2ebc96bbe27dd77159f4622c2b58c788d05

Download Submit
C:\Program Files (x86)\Steam\logs\webhelper.txt

Filesize
61KB

MD5
340d477125ca9f911c3d42b18cb497f8

SHA1
bd75a4f8952174cc88d729e98f52fa19de39b798

SHA256
93c34116e6fa074de89d0297dbcdf252a3d3652429853a897bbd4bc681888cf0

SHA512
db461dc0fb6a4d199abcd1de98c8e8747736d0b5f6fea3ceedb5f4f78b4a938423c6d6f0ac635ed71a58ce3b75a8bd4dbd50e472fb01db5ddd90c203a367c753

Download Submit
C:\Program Files (x86)\Steam\logs\webhelper_gpu.txt

Filesize
108KB

MD5
01290143f8dcd41fe3f2a289dbdc520e

SHA1
84baf9ca1f9d989a99593f10732953a85c114a7d

SHA256
acdf9b49b615a2b67cedbdf8553870f88e094f594663a003a95c5fd99a1c5579

SHA512
cfdc624c9ce7c118dedd18d70ebd87b8f5b21e16a79a9b9b3f2ab51b433b038968fae3ce44b154cda06ca90ad7db8892fa4cccff344f608212df000acad2cccb

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

Filesize
4KB

MD5
0340d1a0bbdb8f3017d2326f4e351e0a

SHA1
90d078e9f732794db5b0ffeb781a1f2ed2966139

SHA256
0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544

SHA512
9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

Filesize
6KB

MD5
4c81277a127e3d65fb5065f518ffe9c2

SHA1
253264b9b56e5bac0714d5be6cade09ae74c2a3a

SHA256
76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9

SHA512
be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

Filesize
4KB

MD5
2158881817b9163bf0fd4724d549aed4

SHA1
c500f2e8f47a11129114ee4f19524aee8fecc502

SHA256
650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7

SHA512
f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

Filesize
4KB

MD5
03b664bd98485425c21cdf83bc358703

SHA1
0a31dcfeb1957e0b00b87c2305400d004a9a5bdb

SHA256
fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115

SHA512
4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

Filesize
4KB

MD5
31a29061e51e245f74bb26d103c666ad

SHA1
271e26240db3ba0dcffc10866ccfcfa1c33cf1cc

SHA256
56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192

SHA512
f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

Filesize
4KB

MD5
da6cd2483ad8a21e8356e63d036df55b

SHA1
0e808a400facec559e6fbab960a7bdfaab4c6b04

SHA256
ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6

SHA512
06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

Filesize
4KB

MD5
9e62fc923c65bfc3f40aaf6ec4fd1010

SHA1
8f76faff18bd64696683c2a7a04d16aac1ef7e61

SHA256
8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7

SHA512
c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

Filesize
4KB

MD5
10c429eb58b4274af6b6ef08f376d46c

SHA1
af1e049ddb9f875c609b0f9a38651fc1867b50d3

SHA256
a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13

SHA512
d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

Filesize
4KB

MD5
5c026fd6072a7c5cf31c75818cddedec

SHA1
341aa1df1d034e6f0a7dff88d37c9f11a716cae6

SHA256
0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382

SHA512
f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

Filesize
6KB

MD5
189ba063d1481528cbd6e0c4afc3abaa

SHA1
40bdd169fcc59928c69eea74fd7e057096b33092

SHA256
c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695

SHA512
ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

Filesize
4KB

MD5
18aaaf5ffcdd21b1b34291e812d83063

SHA1
aa9c7ae8d51e947582db493f0fd1d9941880429f

SHA256
1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5

SHA512
4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

Filesize
4KB

MD5
1514d082b672b372cdfb8dd85c3437f1

SHA1
336a01192edb76ae6501d6974b3b6f0c05ea223a

SHA256
3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4

SHA512
4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

Filesize
4KB

MD5
8958371646901eac40807eeb2f346382

SHA1
55fb07b48a3e354f7556d7edb75144635a850903

SHA256
b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585

SHA512
14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

Filesize
5KB

MD5
7e1d15fc9ba66a868c5c6cb1c2822f83

SHA1
bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7

SHA256
fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265

SHA512
0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

Filesize
4KB

MD5
202b825d0ef72096b82db255c4e747fa

SHA1
3a3265e5bbaa1d1b774195a3858f29cea75c9e75

SHA256
3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314

SHA512
e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

Filesize
4KB

MD5
7913f3f33839e3af9e10455df69866c2

SHA1
15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25

SHA256
05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c

SHA512
534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

Filesize
4KB

MD5
58e0fcbee3cca4ef61b97928cfe89535

SHA1
1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b

SHA256
c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425

SHA512
99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

Filesize
4KB

MD5
9b0b0e82f753cc115d87c7199885ad1b

SHA1
5743a4ab58684c1f154f84895d87f000b4e98021

SHA256
0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32

SHA512
b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

Download Submit
C:\Program Files (x86)\Steam\resource\filter_banned_english_cached.txt

Filesize
1KB

MD5
009ca439b8e68dbdb83850d51b07c736

SHA1
b8dd1986d15aef3dcba09c954577c780b549c582

SHA256
4bfbbfd0114ee78d7795835c64aae6dc6b525547748c5dd1150d7d1ff8757c43

SHA512
25e90b8b737b30879ec9073457cc7b30bdc46ed71b8885ce14f9c1946476d65c6bbdd0ddc19bb09c406cd9439837aec5c8ad007dbb5a4378842e1634429b093e

Download Submit
C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached.txt

Filesize
2KB

MD5
0b8f38d6f219adb6af9a46e34c8b55c5

SHA1
abfb7eea3e2073ef536ef4c020b79dce54028174

SHA256
c6cced2a542c64817209699a48ba5c17f32ad47a5bb799d395d707f665378de8

SHA512
4a4dcd5efb3433f23848b7bcc18a430f05107985e48f280874f0058eac863b3ddac9f849ab55271f619c026a6282387f553f1ec25e16eba7cb68c850f314beea

Download Submit
C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached_timestamp.txt

Filesize
29B

MD5
a87fd0c24c76721c0f59225558966091

SHA1
c8ca7e49a2fef879cf2cab10359b27ecf87990fd

SHA256
1935ba31980fda1527f0a20353fb916b5c9e53193620c8f3e8281bf8194609a7

SHA512
03781362751df77862170d85fe0b86efd0a1a7e531642f3ff4f8078ebd7aab96a2e7c679d6f5f427efbae70171aaf9b4307cfab9f5ab737a79b6c01258aaa1fa

Download Submit
C:\Program Files (x86)\Steam\steamapps\libraryfolders.vdf

Filesize
231B

MD5
36602373e302b96ebe998bbcadef92df

SHA1
9c3c01228a74fbc05f797167cab7be1e0f8ffae5

SHA256
ed063374bb4aaa5189d3e0b8399f37341f1216f978ba80f0c37ea092b23c58c1

SHA512
bb0628de229fcd4b90b17cad7aef51f9f654827cb7810728bd37804cf8d94b9af5acb83b800e9902b8b6a86f5c65d943571f9643abc086b3849949d4c3a88a0b

Download Submit
C:\Program Files (x86)\Steam\userdata\1843341080\7\remote\sharedconfig.vdf

Filesize
164B

MD5
3fc361978a8478e85fe686a696c27461

SHA1
698fbd542b2aab2497f697067f4a631b48fb0e99

SHA256
08bff3e66e8620185e2a9c25292a415d050c87e4deac074e0baded84a7f98af2

SHA512
b477958456dac3a8fb46dff93dbe0685229788f2a002f65149ea817068fb2230527a383f1b319ba57f8093951030e2e3666319daa8c5229a271b06183878190e

Download Submit
C:\Program Files (x86)\Steam\userdata\1843341080\7\remotecache.vdf

Filesize
300B

MD5
347e8b9cc951f028e24515968af60caa

SHA1
94c0fa8e060680d91e00fa3e91bf70a0e5904d51

SHA256
8cd3a305237af20b08b05efa5b154775bad62840e49dac70f36ef1bd189e204d

SHA512
aaa9e197ae43f419aa7fb21c91d001cb875120d9905ef3c5020dddd090b3ad84848dafbf1ba32f03cb442515f2e92b02e673e0a343103f872875ccde21e50e28

Download Submit
C:\Program Files (x86)\Steam\userdata\1843341080\config\licensecache

Filesize
131B

MD5
85685722c1f52258f0c9c9c74c56bbff

SHA1
89b56172643f368e11abbf878e095b0e033ea14c

SHA256
5b0cb1de42475e532dca7ea8e1fba42850c950a28377754483e08ea385e6608c

SHA512
8a0a59f21b6635a236b9d43626f090ef22728d61db6ec08bbe2a00ddc133af4464d6b7b278c267b61fa0307a878f88ff3eea2b847ac6313ab2449f8004bfc922

Download Submit
C:\Program Files (x86)\Steam\userdata\1843341080\config\licensecache.async20004.tmp

Filesize
67B

MD5
896ef5cc3cb2189dcc5253e0bbc40694

SHA1
552abcfe4b92801bdc79329edae692fc86538193

SHA256
eeb4117ec94e8cf7ed3e1ea52b0368117b9acc2adb71a44319b8188c33a6a663

SHA512
dc0ce36d1446c569513e155c0e84c7f806dbc7880167e8d032e2b12af76b874e87645944590ce61f08580dc1677a5312549501419e37ddbe11df9fef572423b2

Download Submit
C:\Program Files (x86)\Steam\userdata\1843341080\config\localconfig.vdf

Filesize
3KB

MD5
143135ba31f332394a7b5b44a10212a1

SHA1
1fb26ce8bd021c0178c119652a44de86bba9090c

SHA256
238ff99018799bd1b4d4c7d6e72888ddc430f290fad33256b6c7f274fd028c47

SHA512
fe409f33d8e2e1035d66d8ec7632b93e3bc1b65493181c7d4d1df93a0bd11d156656b336064ccc7f7a7ce9d5be408ed7cb5a68729ed87ce643d482f6d4d89356

Download Submit
C:\Program Files (x86)\Steam\userdata\1843341080\config\localconfig.vdf

Filesize
31KB

MD5
75249034c6f268887a9eb7b92aa446b6

SHA1
83fb221d3bff47aeb11bf345e904084e69789395

SHA256
ae1e766c8db9d5203afb81191564807c7d684ed220629fb3ecbaefbbc57a77e0

SHA512
4b8f8b37630639115674f3b2646b238ebb84c20470f51adabe079974ce5a4aee7c6bd28b7572b06fe3154c0bdc13eed08b8a31f6362d5ab656ef0187ddb0e883

Download Submit
C:\Program Files (x86)\Steam\userdata\1843341080\config\localconfig.vdf

Filesize
3KB

MD5
a71ff61459298438d99f72f478752019

SHA1
af4a5a35d39eafe819b008d8738d29533d476125

SHA256
619544a16d11fe9220c71a5893cea8e4858edb58fa42e6e9049a1fbe85076f98

SHA512
8f5243d3729a8f0537581d99eddf17fb024198e84f0893f1ce9559be6a75bcfbb6418e63bf88531e977f0914e96b52245ff4c60f08678af62c8604373a889aad

Download Submit
C:\Program Files (x86)\Steam\userdata\1843341080\config\localconfig.vdf

Filesize
3KB

MD5
ef05334035f34b7ffaabdcfd1fc05acf

SHA1
215a4a8d2674ce084953ac3791be581a921bc358

SHA256
3f769ec5a4658815c391a014e12f3dcb4b033b5cda2b2dd028999fa82be4b254

SHA512
1f8903a1ecb0a4dbbca72b48e8fcbbf023c7f79e43b2794d5e8792b5ea411a25d379f159b1dcc7bf2cac2f540a301b34eac8b3d98939104835d3b0f00dc2fc5e

Download Submit
C:\Program Files (x86)\Steam\userdata\1843341080\config\localconfig.vdf

Filesize
4KB

MD5
6965c01960173f7f0730d7a445977507

SHA1
f2474cd1ce35c94523277ddfa07fb7ed1507cc85

SHA256
548da6237bfdcafc43eb80a4730733dc9c35a30db2fa343794984a750f78a786

SHA512
7ad911282f8b274df706a1176ec3427c680b9ed1a8962c0d7061a9a847fa4bf0a355f7d32d652f07aa7fcb3b4c0171d4883dea0ed043562befe91a69b17c4a9a

Download Submit
C:\Program Files (x86)\Steam\userdata\1843341080\config\localconfig.vdf

Filesize
31KB

MD5
3285614f6f8c6859691d109a67786b77

SHA1
f4c945d9a7f20f2c467df79620d2b2f8f9693747

SHA256
db83fa1fc717dbea8d3f914e4d6b9b0d87a8e263ac2de03c53a34ffbcc535caf

SHA512
5a82f3e51d8dfd92053fe6d9854c363aff21d4d1b561134a4ec95a688fabe6300dd70f3c5bf285a2737f7869bebc6ba8f440f7fcea90e3df7ae422a10c4ccf25

Download Submit
C:\Program Files (x86)\Steam\userdata\1843341080\config\localconfig.vdf

Filesize
31KB

MD5
aed6af63879f14bdc459aa3cac6eeadb

SHA1
893442d1c3a43a43af669961c1b9fbbe11bc2aa4

SHA256
5ddf1675bc40bdf5663734b38bf64132e65e66f6140fbdf7d7c290117124290a

SHA512
8795b0d785529b4606e9fa17ade614d2055014394493077463bc79f6e5b38da7e7de2b3d29d7a89b782642fcfb80977905d1e2e7c85cfe3a703596611a76356a

Download Submit
C:\Program Files (x86)\Steam\userdata\1843341080\config\localconfig.vdf

Filesize
50KB

MD5
7375f7832df9fa3a3cbcf57516a2d10a

SHA1
04334b6018cc09adf988bb735f29672dc443e472

SHA256
044e3606f8332e0832e07093d309293371970aa1df1271e2af33407f105e69aa

SHA512
a2908a78a17397d1bc74a0eb606d68e781c8002a29e0df95bd7cea2fd9d815943cdd87972e323e420d86ce63aebcf7df1e0eac6bc953d90b6f82a52a5f5511db

Download Submit
C:\Program Files (x86)\Steam\userdata\1843341080\config\localconfig.vdf

Filesize
31KB

MD5
ab502ea07688d8bd4af20fe4db4810ff

SHA1
9ed001c15e992cdcd4303184ecb6519e5a7bf46c

SHA256
69c0288ab0ef4836417b9bb2202c5fa01a0cdd2fbb36ddbb3765898faa360aba

SHA512
59e5da25a4483c950aded094d3f64c890855813b7ac76db764a97d3424cebd75aa5608e798ae18b6deea4b6c02db7ff9f1ded6d7521a04f406abc7592e92dac9

Download Submit
C:\Program Files (x86)\Steam\userdata\1843341080\config\localconfig.vdf

Filesize
36KB

MD5
520e4866efe15e64b1b869681865950a

SHA1
f5a93b8996a9a37f18abc394958b39d7ece4155c

SHA256
7cb2e3cb4492ea9d01d6bc41d7886abf2415eb42c31ce3a5f484205558c9a1c6

SHA512
2e25a3a29d759c1a7d3ffb43e8da1cd0cb67276e0696270b65782f6282c129c788ceaf469d8196158cf8a4f5901f91f038c42c0effca38d58feca2e5487e1f59

Download Submit
C:\Program Files (x86)\Steam\userdata\1843341080\config\localconfig.vdf

Filesize
35KB

MD5
1d23a13c740931cbb2ea4a0a67461ea3

SHA1
5fd9edc66922db72433884fdcdbb0824c2922399

SHA256
524a3b0ad3d509966cab4a0ee2f1fdd4447078b6438c6ba0b4dada37a2b00e39

SHA512
adf7e9300e5ab7e572ab629a1c4e4cb0c59d1700863f15baa4aee73e6673e38995e1ba8d7abc4d912922bef3b305864c7f71c3bd1a0b00ef2bf6d1f820666e28

Download Submit
C:\Program Files (x86)\Steam\userdata\1843341080\config\localconfig.vdf

Filesize
50KB

MD5
ea8f4c7c7b59a047ea175830fcc236d2

SHA1
b4892ca26f68af0f68c214a00813e6076eddd02f

SHA256
404e67a60045abf31bbecd2d7fb701136e984c09728b8bcc9706a1912b1574d3

SHA512
b5046e02be875f4e9c8732ae53fa6514a498dd3310420aa9e48b1a5677b3482621b1f2c11f1420d1a90adfd5a0b88b965cfc6bc6229cdeb4033502ec5fc05fc5

Download Submit
C:\Program Files (x86)\Steam\userdata\1843341080\config\localconfig.vdf

Filesize
50KB

MD5
01b6cbc03961e0a7d62c6be8ccf3f9ce

SHA1
fea8273f66f21f9c2ec84fcde20df799125a0495

SHA256
43b2e4c098b746f3291a21c2ebf9c3f8bad5b8833cdc1e37786682cb8be5dcbb

SHA512
127c40806eea3fbd594de0fdf6c075040516aff1a700d34a9b36984630bd22318da2edfa8256153a847a9443d744c2ae83e7997e520bdfdd5e99f0a1fd7c8a75

Download Submit
C:\Program Files (x86)\Steam\userdata\1843341080\config\localconfig.vdf

Filesize
31KB

MD5
7e3f7d2a4fb791c9062e9a5a733af09c

SHA1
575041d34151c850849b493029ff709fdeb0f733

SHA256
a193af441fe5b8ed9da7e4217f97afb3db55ebc3def47fb2223a1c0685c48ab8

SHA512
285f4971c516846081f4527b1bc448e5a51685f7e79e392ed39e7395f15223da9d888315174329f75906cff0e29ec79a08474c0c013d05fee8ee4bfdb24e37ac

Download Submit
C:\Program Files (x86)\Steam\userdata\1843341080\config\localconfig.vdf.async19032.tmp

Filesize
36KB

MD5
e6b1556774e5c4efc179367e4082d9d6

SHA1
4f547191ecbad6359ff1bad323edb29d9f7007ad

SHA256
7522728792aa7ffc1c2cd117ebcd66faf94b4aa5c786d36d1fb5ab463dc2529f

SHA512
8eb757246ee29f127c1dc33c49ac6cf9a8cf0b05d4828681598a6ac88c2b48d67d5629c5c8952de79317d8507cd2ea5354dd4bd44fb1150b20bce4f632ba49c3

Download Submit
C:\Program Files (x86)\Steam\userdata\1843341080\config\localconfig.vdf~RFe5ca5bd.TMP

Filesize
233B

MD5
fd077167ab995f6409e64fddcaf2e76f

SHA1
93e3f34710fb24e9473be1900ed166bdd7af7cae

SHA256
56a6d3ab027c1e2c293ee0faaa456cc5b946d68a0a98cf6eb92fd8b400684930

SHA512
9b87da82f0240e0649a6fc788cfcac4531b5fd004ada61614cb3ce17d5dab757dae6ea815303d3c1b2d5e57d89ccc13ca9039be9abc9f1f7de443f39ad64b5ff

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\25efae87-22f9-4fc9-acae-ef6b803da4c7.tmp

Filesize
233KB

MD5
32ac0f98abc03b596a091280a7b6c18a

SHA1
294a2cb0115825aff132bf65789c914b0774d609

SHA256
164b9d76ded8de9cc5b76651578715db53e15dc07523158042e8e7ad3dafe868

SHA512
e792409696e0ae08e5503769f1960f5717dd61ce4b7df8842e39daba929eac13002c5a05e5148107480d24017cb216f594d746df947c9eb7faf2a7105745f865

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\36cb6215-4075-42e7-8714-427b62104b3d.tmp

Filesize
9KB

MD5
4492554f382b165dc74c8a01b11fa03f

SHA1
bdc017e1c938c297f801de822baf50a4467917e9

SHA256
f13a1225188a0aa8f6e0557f3d8488032a6b6e08c8006bc1baf7eac62b1863c2

SHA512
5f2c55c7aa75c6a4dfd3b1f4d77a1335ec31da2adb12685aa9853de55a3e3b458cc9b07ff5a02b3bfc9ea6f1c7980987f27d62da26fef41c83096103200d9a73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
bcd6f6f2733444b7691eeff2082c5a2a

SHA1
6d6ecf767b670060986d1243ba83ae1b25feedd1

SHA256
d8210399635b3df9c5846ba24663701f2d3d13f1ca046eed517b155dda187a14

SHA512
0e0c92a80a9da0845b430358a6668dfa674bc117a6ab1ae51e62b4eba144bfeb34a86d856a43f9f131ab7a3761390ae5268d18db5dd05ffa47e6020edb9a4d3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\88712ecdeedc45e5_0

Filesize
19KB

MD5
156ce581a27a98027098c7b9739b95a2

SHA1
e26e66bdaf84082a4a91716bda2b54effb1f93a8

SHA256
8f62eddb91c4bb064cd3c2d70bf5cef2c25760bdc12d955c5285a8745a61a5ce

SHA512
30fc7089cc9229147321981f9ee48f9c81fefb0f3cb3b999e5ccd7ebc2ec9b329f42e8539da9b0b1d66efdb3d692a94e282ab1f55301b53b07b1ba2fd860c1a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e90f3de079e4d23f_0

Filesize
280B

MD5
9afc6683013a4bc2881b6391794dc2e4

SHA1
c1f2148729083d4c871e3e8804c31008d98aadbc

SHA256
baf29a4db8fb0fe2c0b474ec734c46d9b073293a6cb56fdddc5273c8fa8ea222

SHA512
f37689b873a3c42f2b909bfe79374478005e1cc02cdab565b40f77f3b40ecf0d1ec16ad574f856903b04f81dfa145a3f60474bd81894cadf1934c2be2e50a847

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
50f990be5491fa090417caca4d4c6ed7

SHA1
bf80270ae1a408a26259a3fac793c41548654be5

SHA256
edb9f0b43c46a34b51d3088a90ff2d459c7a69bee3001b703bc4d73642ff47c6

SHA512
518426cebf7dcfc294feac070a996d0c292d2032db8c552e196db5b5bb1187c2285ddacdb0ae60794337c2fd5c1e07689322a29e45d461fe1579ac7af917d51a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
e0c77a9c46e96b71e5bcea54e349ddd5

SHA1
c4826e829e655f9a48c10f5d0f93dde5300a8725

SHA256
624951ce7d0f5c7be54ba19d781b78c7f9b7725fb470e51451620b543d729b20

SHA512
010541e32de9dc94dda55af0d8a21e98e670afe163dda5c2057a0213095c1e832913290df7bb5566730187583a2500a9487882d1264111aad4ece4fb445bb49e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
77b3496ce9a00a8e280d1620661056fe

SHA1
4a01e2802951fae3c375f754d7a1bd8b020f8ec5

SHA256
3f02e4617d9b1d65553cdaa445f80701a5855ce83e64da58604425d9eec64bad

SHA512
6dfb18096cc8d2829b286f5dd160d3d53955139f9adcd3777a109cb022c6cdd0a0f8db07de6324795020a1bfb833dcb32b54c2e1ee6b75a57538f41adf596647

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
4f3f891780b8d2702e9dc5706c177a4e

SHA1
6862025d681676b60dac4e365f17cebad65ce3b9

SHA256
33907fcc86ddc3c1dd9fe7905469ffe5937d76eb36dbe07945d6d2f0004af51b

SHA512
0c576d615bddcfb201d553b8b67e3e8aceabca1bab4501cf071abe6fe76f3e160b3be1f9d9946d4224e8b1b3a44dd76eb493a245b7f5926942cd5db05928f450

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
6d8a4c75b9eaf680386b09785d2d9f51

SHA1
4c3101fc7fa6b50acc3be3e2554e153cb7da7e59

SHA256
aa6f99deb2b5a12a167b5bbc3bfa815182bcf9546b1c0217e06a1c399e74e021

SHA512
244db88b2925c479787be4cb898ef4c842e6d502677c55c6d51bbc68bd67607831a20add6ef4f93ddd6a55c79fefb4c104c7ee342120d7711679442064d56969

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0e5c1c68298ada3fe979342f437a10a1

SHA1
129871563add0565b4917bf5c2b5c45982898131

SHA256
396e347480af6d66f1a6b6d8ebf8fd82ea1ec0f8044c657348863f7ad8f93edc

SHA512
f6ce7974339b9b760612782bec19c0566754b8e91ea764aedce832c15670d6ff20bbdafd107d55713cf3bd5047f7fb1140f3fd0cf6b9c90b9fca2720c8c916d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
afbceed68c8fa62c253bc48bb62042b0

SHA1
fdc5c3d76ae8b0f3f3835f084ea2e756e6801d95

SHA256
1a456b00574714d6995a70d70e3ba67da68427d9ae477704b1db0aeaf62f1638

SHA512
c63be5fedda7b5d98302d945f13378fc235249c57f6f9829588de825e80131e3694fd8730c926cc67e48418c7998b0f04cc528433c3442813eccdd57e2d6c002

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
de76f7c32adc4a2beb47cd29c1197883

SHA1
3edd29864c4311927dd1828858bdef0caa9c49f6

SHA256
6f211ee85517e2ca643a5eaf1743acffb4e0345d3b4336ab496890320490875d

SHA512
485c15f09f131c2a5248ebb57eb2c626f879c001970c180daf03128437b64023d9c121dbc7dcd7dc9fa3f1d7abd12c8b1370bce6fb12cf81c73f9ca17188d334

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dd67f50c563403826a4f55d99965f2d0

SHA1
3f4ac17711bfd903be8d9d8c9eec24dd9a6d96cf

SHA256
89891c1a120e5f322d2c30cd0603e6f89b7e4b9d1b64e421e08d7e4ff25668b4

SHA512
a893ffc591dd6439bf34a2b1922c97b7b3fb04fb7fc2e209fdeebf5f5906face082b06d02af9888ae50b37460ca138460e155af1c9e4db8ce969135faa4ffbee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
feb22e1d52d2a9c492080f9f42ea0147

SHA1
dba6a2b36a32e5cc3ddaf97d7344bde60990dd0b

SHA256
025c3234a0122d2b75420aa7550052cbcd236a1dbd1d608f438e759f3a92b7b1

SHA512
40e7e86e8b83b200a1b3822b4af6728201a8096d1289639273b23c17487ac7764245f45ac7a35fb18e13672a3de91443517bada9d3168ef37a126428695c9449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
14ffaf10432def2ac3e752572999c45c

SHA1
a1bd1d734a94a03d9c7c8fc586c6d5f88f8db713

SHA256
4bd8be393415aadf978ada01c48588e98e3f5c41cfbe3549365f390b57bd3ec2

SHA512
3bec80827ed60db8913a6e924270523c866401b6ed6f4a106fe4923a3d7386d9c0f9db5144364734e888befa6fc78f7029f6294116b6f13ff4f57ed6129c79d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0696a464ae17be9db85516b25179da8c

SHA1
c820b079aca4f242b4ccffc97f32aa6abc52724f

SHA256
0a24af36f885d556e4dfc100b06b74999408cf1181f553e5d1b18453bf0b17e3

SHA512
4df5ba957e05de19657d54ecedf3d3dc2d7a9c97d992e08623d79e4a3e2dfa824fe444dd56336b6bf141b1e36129eeba0df541b5425150d10b352b1efca46428

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
79f3c6a0fa87b357c43502907da89e88

SHA1
664531236597e8606b0b1fb6c9e3f3fc56722673

SHA256
50ead8f53b06756dc241f012ec9eb09d243049112fc13759194a5aa820cbc223

SHA512
81289ab4ef0c0e9315d85640998cfe669a96529b635fe6847d282b5156d1d332ab07dfe1250b5d7fbccbff37c4ff841749ca2df7dd7f31de4ec454756f76265d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fb4f2b538444ab2db93c67584c028447

SHA1
d8249ba55336cba76cab467f033a0cbdc85a4e3c

SHA256
b53ff446ed60cb76b7d207c81c527642682a861151d148ac7d63e91bf0c0c4fa

SHA512
87b9c1f58ce9c1f62a30be4906857ee817f851e2c949ba17ff1ccc6c6328b28119bd31e413bcd233f2d09a42d064d60494eafcb7969607224e66125f0c61f091

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c696567c893a05f3825364e0d7de26a8

SHA1
5f8c432e12169df404cfc48f525995f0393b3140

SHA256
e5d5f73d70b060116937d925f5717ce4cb61811d43cab96010b2c1cb627f1f8e

SHA512
1a7a27e06e702112e1ecf9ff8035cc355bd148d425b0ea5e1a915de72b4e0fbcd47be15d22f6afa935ffa287993debd7278f8ba6f4a47a2cae1db40980cba90d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7acf34a588a3cb7234d2a9154393f8c4

SHA1
a0db8707d5adb9c88fde173198a1482d083090d7

SHA256
a5e894071bc097ec48f0b11fa4090aad9a06d0caf5826bc3e16c1f1375c2209b

SHA512
656170e87a51966bba2de7712793b6f72ee59b8c3cb6b0b06cc0855946feae195c8ee76ae9aaf4470fa5d143922f4c30031640279df8c16230a7628f94a8ddf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
737cbcc16504fe435d4adfe81c022ff8

SHA1
d2293015266c1b07b15cf1ccb21ec475237ddc5c

SHA256
fe9c048a4184459e32618d7285e4f236f78528e3e878737cf9862a194bb8ff73

SHA512
c66a6baa2741ed78cefb11152137371c99e8edf34b615e8844632977d0d6f1084bc006baadc7b35af808a618308bb75fe2ff78549c61a440e72124923ffef3f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
0a21157afd691cdec4b27e7fea9fb483

SHA1
22241b96db8b2ae2293759fdf0c5f4da7d9c2def

SHA256
50e635571951de3825cc80a8618bbec0c4a41655d3d8f42bcd211b6d7f4a8e34

SHA512
51206f46b309982ebc484775bd7ad65917c359e118f025832daa168282a5c3d57e89df1829daa8593c1b4c9fc5e61213172103f3ebd95c76b4c413794899ac2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
c2e745d17b2d96e89c8f066fca9d56ec

SHA1
a356e3cef8a73a01ce2bc87367b24e5420c0d3fe

SHA256
c8fa385b8d36350cf26a16c9408cd453aface351e9df7f4fe781348dc92ce257

SHA512
1182e05b12a062e7a33bcff5e6ddbf7f269b880202a121aca7d2d6ac3445ad4b8085d225272c535a5573b1b88017c2e7e2764ee465cf2083ea77b7a88e2008aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
13192a7e2ca01d3ba0856c858f7860b2

SHA1
ab91df711f4236cc6416855f75ffd35eac7bff22

SHA256
d642f7bb3ce194819232b62ff374a889f519689c5d4f6ee3ca934f53c4383c3b

SHA512
a623e75b4b6dcb8df21946618d42f4d8180dc72b03c42b48a37d69f0ee50455bcc96dcf1a09b5b6839315942384d32823e37275e42ba5b88730e19a7e6d4af59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8956fdd8a81812861268518117d3da32

SHA1
6862b764b28d922a11845bd940849c313e04c583

SHA256
c93f57a78ad76e23e1d86a9553e5fad085e40d85e97d62295cd5735f0b9ce020

SHA512
8f1532f7aad5ddfc56df1a629c983f8ba948d23c66371eec31393b6e1814ca3a37d14bc79bef6d74e27a5dc150d13b8c331a9a8300fc63f541c79a964d710088

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f49b8ae91b4f263aa9152169a1a2edc6

SHA1
bd020896666add08e2daf093e722fb537574be12

SHA256
3114490a75c3530d62f11e95eda8889fb6947dbe6c13d1f67399741fbdb81c44

SHA512
c765af35f4ef2bdd17d1ea9a8a8a6d5af93f6115a690735dcaf8fe554c1fef231cf3e8cb8b0f807ba9b1fcbdded146405afe279c00328f63e0e922fe44c02191

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
02a4b762e84a74f9ee8a7d8ddd34fedb

SHA1
4a870e3bd7fd56235062789d780610f95e3b8785

SHA256
366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da

SHA512
19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
826c7cac03e3ae47bfe2a7e50281605e

SHA1
100fbea3e078edec43db48c3312fbbf83f11fca0

SHA256
239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab

SHA512
a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\63681ca5-e655-44f1-9d5a-e252050d841a.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061

Filesize
46KB

MD5
3b0e6433ad6958e78d0b13a118aeace3

SHA1
65c721c4a496b670f9956c9b8f752cf495f2130a

SHA256
70403c13bd7acfafd9d222f305f68e17108505d51f25a8be9cd5f5c523c45229

SHA512
4d946288f933982b1055cc5a1a9274d3aee2f5653715199f5b5b206dfa1292047665ea2d3f85b085813e490ff3931cbd6d8d709e7dd42a853680ee9d4865fea7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a

Filesize
41KB

MD5
503766d5e5838b4fcadf8c3f72e43605

SHA1
6c8b2fa17150d77929b7dc183d8363f12ff81f59

SHA256
c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9

SHA512
5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0720badf6795a0b6_0

Filesize
3KB

MD5
af9890f636f51a40fb4f992333ae7687

SHA1
c62b024a2d32da8791de4d0550ddf9e26f514bd9

SHA256
111a77d32d32cee2f62f9caadb5b67bc9ed1c45b77a9d162292ba6d518455208

SHA512
e54ace1dcf416260071a71dbb5ea56f0c3ce73ca9c4db8325229133aa8864aad7f3ac23d943f629c41324caac6f35076c4d8947653d22ec7206536f0294de959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
2KB

MD5
6dd7577fb3cd7155549652881fc3ae25

SHA1
2d82f4071fb437ec2a8436878a7cb4af0c65c122

SHA256
c73b66d8595272b17e6bab154918565f33ef90d7a5c0edccc099e74f7ef2a436

SHA512
77ce1449e70053d368f185e330feeace1f25e9fab3778f81027320822dc96a8075c00b095b89b5486186685fe7f2c20c2bd1f126e7f2d947c44bb102629c9eb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

Filesize
2KB

MD5
4970c72efbb95da0b0d1ef7ee165c991

SHA1
d210038b236d4f5f54a3b41f4d987df3a023b54e

SHA256
d70c6c4fd332e4e86ea782ad7c598fc81710606674ca1bfdf87e0074c328ce45

SHA512
02ca7558c22e2fdd4aa9ff27751a517f40e40e6ae7b8d088ea078b6b09787b0ad19377059bceff7d437288af56354e5a927f4be7289919edf7ffe2ba6cd3b32c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1aff53954ca20491_0

Filesize
28KB

MD5
92f9b2c0e0dc75f13ea081cdbda45b19

SHA1
314b0e2943e168526afa193242a7331d2636a072

SHA256
3fbc00fd3976d02c2b87415716286c7ab43ea42afa21bfd10223e0d2e7303a65

SHA512
023cd1779139309d1e06661711812a6ddc60311b9174dcf6d9e1c17a8b3506b23c1cf8674ae791184e96918f605ddb44a49b33444352c2440960005571e1b7cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\20276c77306fa184_0

Filesize
75KB

MD5
9ca8a2e585871316fce9936acccb9fc9

SHA1
8016e529d8d474ba46515e9b92dc2436dddbf0a8

SHA256
a5c211c527120f9599116a7a62e14631bf3415ab98bb006f81f1f311800c7bdb

SHA512
681f75388afcfce7ea39414f234afe3ca398b6700a2a6d8932b6ec9ba5c8dcdaaf2d5ebceb8eeba4f5ba6a4adeb0c789174aa4f49633f1e319a8c822b9ed71f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
b79ea52c55b33949cc2a10c6d031fec2

SHA1
58585211499d4e2556241de32952dd90a6d4ec7d

SHA256
755a0a87b1ec112020178e74e73c77d83f2f5ed5b42931204a1ebe4a070ed160

SHA512
54f02074bc42d58ebacb0e43c3d050d7023f88356de5da1cd4e93be18b07054bb35bbc710f9a93a1c6d733633dedd9e8a6e44c9d862f514b75f3098ef98562fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f4680e8f8f8a14f_0

Filesize
9KB

MD5
a7d0d784ba156dee02113e949adf39df

SHA1
5235f2423688b01a19db6bfccca0a4975532721b

SHA256
7a02d1190d2a6822405dc324f92ecd031481b95bf08c3d2ac4a8b868fc15c867

SHA512
90eaf9622ed1a5ddea27036e4829f23e8763589f57e2da6f846199a2065c6465205e201eada9c4d878e8fa2cb77d3d462ff79d487c662e9d214e2db5179d854c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3698cdadd160779a_0

Filesize
22KB

MD5
e033d93015c16c001a1b83814237c1d2

SHA1
535cf591db4b4e78a641262d0db0810e4e3ceec4

SHA256
c75edf092f9efea7b132db5cbd15cbb9d40ce890482c082f8db3db1f6ba26919

SHA512
80c1bb55f72384d194c5bb6db74cd2396e7f0c76db373901b81bacc5ea24b6226d7f00cd73183036d285a667a5d38a60e5b296b70c0c9d28e8d18a7ede23321d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a4259a0181983ba_0

Filesize
7KB

MD5
17ac7276a48389c832237a1f08743cd3

SHA1
4ddfecdd33e64cc3932f24864a84d015fe94d7ad

SHA256
961afaab69fa21070a9ee3b19d6d5ed73a16b436953fe71a8032dc50bc87ccb6

SHA512
2bb7e73ccbd6bcc061e9413aa6465b39cdad1ced7446ca98e14f73ac69391918c855e85fd2204d4c23abc8851c6fa42d48304b0e3aa4e273215e301a3bbae456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f139f229e6f0497_0

Filesize
5KB

MD5
9fd35605fe04cb07cbb3a582da8a35b1

SHA1
f8214387c6053f5ad0902c83bd13179ae50612a7

SHA256
295e6fbf7811407c7ad41c22ac343f8c29cf5b7b380995a6c517d4deb25d24e3

SHA512
0551e4a5a6c20a4bedb2fef631aaaad43c0b6c6688585c61d648a3e5806762251c5a0f5a7b4341685888ae14e3840729bfd674ee88151378b5e8f7f7f3087302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fd2be14abb3904c_0

Filesize
1KB

MD5
f55207ff5e6b975f4800a97ab619c6c3

SHA1
bb216ae1f307a0d3546ad73933a357d42b89f7ef

SHA256
b42388741aafb177fd1fe02e718c0fef061c8b5290db3f48bb18447588a5540d

SHA512
b7495bae9d745acf201775785d0195915a44defd4443286ddfd2804198342f0297e8afabf5db49ca893879ee1898f6982d083cc71f188bf08412f55cbcb1b0eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
f1c9f5b197096699aa910023e6e102ee

SHA1
20dd7bbc46f1197e4ec539a3cb3136424e3a074d

SHA256
47b5a3c501206763b2f43bee0c5c5438bbaa9777dd456ba07afbf6818fcb80ea

SHA512
22c1d701f2bd873f290a309229519e580733940950365d25eb3150ce08ad0dfb07ad166122e002b98e48e8c6290347976f589870c0d098f58d33b6a6e3af6310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\478c519de6dea736_0

Filesize
6KB

MD5
1f3bd3acad458e50aaf6b6d70fa50546

SHA1
c071666eff0d8c45e4bb9f1edc90c9e13a924aba

SHA256
13751c332af59b267c63b64a1d17ce01b05d18e9757974238d7e44b1a7734c87

SHA512
3c034e92c378228d386344dd336ff6fad5c757df1e64f071812b0198faf82835e3b1f378ab4c1bad56e0661b7701814bd1aa796e0145aae89500dbb067f87358

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e9b18b0f66a7183_0

Filesize
1KB

MD5
e96a3e087933ee7d76373d15bf2192df

SHA1
7be81ea2922b0c0b81c88beefa33b2c15bdc161e

SHA256
faed38b49792f767e365b616e032bcd6172c7bb88cd486d08eef2dc8f4635350

SHA512
6b544f7411e7514cd389669926b057cfb4d25341d011548766b6b777b28424dbb365d1eef2d7c96491c70654c603785ee343d7a76de46266e1ce65185c7c9ba0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4ff4b179c1c05fed_0

Filesize
1KB

MD5
5c1486eedb175292382f1685bd4b9fed

SHA1
f7cd02606b36756ad4f589031cfe390207f8ee20

SHA256
53ca52eaa481c84780e07956ae2d2735ab8e4f9894e010a46aa87a44b18dd301

SHA512
f03d5c5d02248ed012079c49439d6d879cc71c6c5a8c0c14a92db793beae8fe44f867ee5fec60d9cf0889cedad6148ecd17a60a471611e4c4f2836d7898f7cb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
caf5e5b6451da25dc1d5c9aac6a0ce7e

SHA1
e835b291b75e1e666f795b00299e365b8e729758

SHA256
b573ce2f7d1be7bcb4f61d6b53544ed51b01a7f1df64058117f61d08d9f535df

SHA512
477e1a37b533212c538f856798ff8ee75cf336e237182e601a884ecd4f971e3652fe27f1d0de7ec79c3048a0a7d394722853d7463606b68d89a2a25a98f02a79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

Filesize
2KB

MD5
19c0a1fba6571c8dbac6febec528bdc2

SHA1
53c05b3b9361de830e67940437cc3c7e6f372555

SHA256
4791f52a31d48424c85ac87977eb2624b06c39117270684b9119940d9e2ae49c

SHA512
8b25936a2a0c3e9bc35e9cf4fa2eff70919ab7e8cc02863918f61475c04408c758a08e9331cb8194ce5a4054f7a2de63323b13fa462d8e997090c8d9734dc088

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a0b4d20ae0e222_0

Filesize
4KB

MD5
c68c28bb0071af476df43f3833cf32f2

SHA1
fd93113595cbebe6268d1800287a11687218d70d

SHA256
afa9e226114ece4bcd802841638bf29870a404dd0e61592dc883243ae6992343

SHA512
cfd41dada49816c66005ba887cb711a0f4fcfce6be890d5febc88c6bab7e5f78f91d4febbf1186b7abf8d2ee009414b29f9bcd34ec493b244551fc4be42cc9de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6a5e8bb53a565b9f_0

Filesize
2KB

MD5
d71fba2b972ed3c58eccb82f97f3e253

SHA1
9ffdb7ed1d8898c39bcfd420ef871608a0a07046

SHA256
9fe02b4923f347b7c1cdc89c7d28b7a1ca551e2e10f721c70bd671dae5ab09ba

SHA512
e315ae5ef56c86ed24d866b38f7d15d9ec0faf367fa2c946b9194ff10e4f4e25e98bb7e51344407901ef124fbfe6d1ded67057e9a0c97265f0492c2419905052

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6e1427d19ff38087_0

Filesize
3KB

MD5
64b70b11113dbd724a0a44c056bb94f4

SHA1
e63754b2c46c1a996a75a8b073c32e18508eb672

SHA256
8b347d85eebbf88c8fc27f82e139ed38f2b9016ac93ac5fef02029a0efa25c5f

SHA512
eef31d860ceb680d27e715d67dac45b84959fc044c1f06c34d0005bf5a2f7a694cf96789e0f5a5b12142c5ec47562e7dcbce1e4739a20ea85a3c937ab99c575c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
1KB

MD5
2d6a5b08d8a1850d9ecbb721b80c048a

SHA1
35469099730bb648fe5706a1916a2bb607565497

SHA256
c4af4b519e085c6c2057da67291a193f34b8ab0b97f9b78148c585498205942e

SHA512
3ab8513c0e1088ea605441df254c68686bafd0d1322577d60f8b19f18f6f7861a0a3664e36f86e49e6acfffe9a001a15a736e6f5e33945211a55d07ca3de578a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\766094f4b47e839c_0

Filesize
9KB

MD5
83d5c10cb86954d0c0265d010a9ebd9c

SHA1
9a466847eb11d6dd565689ebef2f4250d1b373ab

SHA256
7d5aac050941f93e5dffd015e92b7e373e19b11868184ae7c2f4837219b6dceb

SHA512
f3173c474574b9e97ed7eb3046d6af70a48d21d30df497d5ecf935dd9bb044af6d24a56fbd3a0130639084e8706c58fa0c46efbf0c11dcd67cd2ed82500647c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\782d018d3f59e184_0

Filesize
27KB

MD5
c3327eb86eecfb0a20be231ccaa8e523

SHA1
5b0df7b27facb28c8ffb244231e01a76c9629b3d

SHA256
882b87b542cd34dca49867b203fe41f99c0ea93ce99eb1b4ee8ae91ccc991f12

SHA512
b13d70684aedd9cde74c7cb319098def603b2035b82259599cf5c1481201ee70ec71256197a161e447ea359f68872ba32a0029a18dff19ecfe45f75f298a53ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7d07dc3a67fdc3b2_0

Filesize
8KB

MD5
aad1d2aa6a1c77fe54882f9297a93fda

SHA1
3bcff5914d10e09694a231b878b12824159045df

SHA256
d9005bcab7848d70eb86e83eee31cc77b0b9dd1673ad674779aba3686e680958

SHA512
f36355b454b849afe2617503b1c6bd446b158d9a038faee2d8811c0973587865bed5251f2e5d2989ad3657e14df863760c0f0b280b0bb613e1e3aaebb10118fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8268c2ed840dddb3_0

Filesize
200KB

MD5
3c3e7229ffb9ab35adcf08a6af71665d

SHA1
9c1b61eccb09f206768ffd47d2ac9c3c6c3a76bd

SHA256
1ff18dcc704954d47fe788dfd1a1dc05cbb1f54509972d8c49846ca63e3ca727

SHA512
d4298215e5e92c79914dacfe473e6202505e990b296315c13f5ecf735b8d7ad92c9bb55b4e7f7a9166c266e31bce64a5bbe3176f57112c0964e746ee56b2bd7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\86b9cbd77d05d034_0

Filesize
6KB

MD5
9629db1b7b35334b82e9c217f29ccc45

SHA1
1580f2032bd3fe63927b2893f084eb2022443b57

SHA256
68feef62cf3cb12b6cb51787232dc10f8578c00ac258bcba19e94639ee68f2a0

SHA512
eeb66c1c21e97419a6ecfca4e632a171c765cc5bb0f897b0aa8c4c85d7782d5da7a855dd4f99ca595656b36cc084e97b0ec2e521f7f5253e2a947107f4971e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

Filesize
1KB

MD5
67053b1cc72c3b28f246c86e2f2828db

SHA1
f4a2c4d0c8f5c04c450226e3caaf53d54563da17

SHA256
2d808bf6dbd8bc98e55adc7ff0bb56e1779933699231ea83525e52c21f484eab

SHA512
f5adc63909d0f96f0618d9d54f6e2a78b6129ec4db2c754d41d94541b49417ed6ec5491b38f219cfbb3a545312eeff1d30bffcf5be4b04863e675169a08d4a93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90d7d7591a1b39bb_0

Filesize
262B

MD5
5a4b9685c2b06431975ebca5f24268e1

SHA1
35f41a8a154bbbe4d1d06d9bad3a59414489fb73

SHA256
26679acd9e5d6ffbdce72902a6e0ac5f1cefdad544b9733398497e347e9939b0

SHA512
0527cd5ac1aaff1d0b6218cd49b77bf6065a34f7800ecb96ebd0bd7e29945f2984a5cdabb7a96d8e5e751eb51586a7e62c579ba0ba7d3dbd2cdf16ce9621b804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\96bc766215a93e35_0

Filesize
1KB

MD5
cf6d3a4d4eacf500dfb3146f2c97b169

SHA1
6470c4967f15fa9a954210795135cc1d4f43ef81

SHA256
f32a8af6efc548befae4b2512fc535c7a15c3b0b36ca5fb901f612d2000381a8

SHA512
f87e7ccbfed0151be9ab4297cf07a805ac9dd48a4cdb4137d4e1fb6443c25888af95f26ffabb864ffa91b730eb8498c25f2f5f7344dbbe706e535f5f575adf87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9ba0d3d1ac7bd8dd_0

Filesize
2KB

MD5
f92458cbcbc852aeac7cd2f8428f9d8f

SHA1
cd3c5f6edb4d86aef5b26047140d78fa8a706fcc

SHA256
640cc7265ce9160428d3832331d60b518fca10b06130da6f6ce31119831a0796

SHA512
b2973c632a2852f411d20615bf7625ef27d694c70272b85be526b38e640b4c6a1bca5eac5a1b15a5871d50eef644400ec198fb24e4421c3d0305922c0e8f51a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0

Filesize
2KB

MD5
cb7196dcdfc14feac20b5fba77f1fb67

SHA1
d5154904f36a973b007e5077d534c3851f966427

SHA256
2035a1df8bbe6efeac6f8b612f2a96b39c31b7997142ea41f7deae8c5e06b4a9

SHA512
f8d40f15ccba30fdbb789707772d711fefc34059a8720bced0715a6f6d89ecf6d03563854fa74d975d1e2525b9fa0de8ce6e0933fb11fbda3a049fa497a5b3cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d693ac0f52716b_0

Filesize
3KB

MD5
179ed10c980e9b1a3514682b82a12632

SHA1
def3e27651d4fa60fbf6d17d23e28bef888550f8

SHA256
0cd6d8af815be74dc9ff5d7a909379f02d2e84f4d5b2a058080079f156cd5ad0

SHA512
935f0db6eb03011d11ead52a3287b2e69610bb81302f07d2eb7c2407f87192f2a29f5029389a2ef287bb11b6447da83165869e13b0de48b8b0e5e3d814fb4119

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1f1454b9e4cc586_0

Filesize
262B

MD5
6df917f32ee722b7480a8f3e283ca161

SHA1
467d9559bceda4c48a28726011530134d6a8617e

SHA256
4ee8f3ca7f7e960a4c9936a3a2a2797ba10b4b34881c16680c4943aa4e28f8ab

SHA512
6a434bbd059c82fa0a72a0b6c68159e44ab582e2a28c0aca83859fe7b3933422746f9d621b4036aec407a36b0f0cc19c1bfa65673cdf2d3aca9238c32f428fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b6547d15486f1a8b_0

Filesize
7KB

MD5
33a64049f834b0b83d534d7c5c8c1aae

SHA1
eaf310fe0cf688730f79cdead0773e9284c8a242

SHA256
465d682210ec6f02a1cdca6e2e7510d0cd669dec40b8c626da32db15da9dbbfe

SHA512
84f86ee147a82696c3653bc7816790cf20c1dea1914c97c3becb7e7aeb30d3648de5073a1c6f8cddfe18d1e0b8c045200420a839d8baa153819fb1a44dc77b4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bb8d8c25547e1073_0

Filesize
175KB

MD5
af1b1dcc9f962e279074d6a583603643

SHA1
dbb6a3291e1869d4331206dc43cfd9ec681fe494

SHA256
c18bda178ab3db6408de06b46f1062e14cbed7469cc3b6810542402dc9a5837c

SHA512
51fa14e57a117b35120c455d3a978290ab7982a29dce5429c9b5a24549e2771b41dd320269f17f3f634f06d0d608a2f5636c9cd9e9a0d7dd22f518a8f75dbb4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be6d12311ce2b399_0

Filesize
1KB

MD5
8b1329b886c9972f9905e7cc5981e151

SHA1
3840fac87e06f71576114bea797daabdd44f75fe

SHA256
80240991585b7361c988173ba2f5fcf966038f703568275f7d7fdd1fd8d4aa5c

SHA512
f6e72335dedba9350ed98d4f5c1e24dfca8673d1068878a5aa7d4536645ee4254fc494a77629d8ea3324bd8faef4010a0b6229e8fc8a0f5267e7c5061fe32048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c91c845c83814759_0

Filesize
14KB

MD5
7e7c7267f3b258530f9524a4dac4e444

SHA1
bdb9246a693e9a1f81647f949ec162bc0083cb3c

SHA256
fa70270eaf4cacee17d32d664a52ffb8016dbe560032d9fcdfcf36b1fbded5f1

SHA512
e834f29530a80ec82d42b61710bc7dc826a5cf49eccb221feb93ed98e7c432e479fa859e4dd88d82aa7475d6360b2b635fa24606d11fafc7620e73db1053ae50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d79e0a2891fc014a_0

Filesize
262B

MD5
b3b3fc2450361a18e07488b3cadcefeb

SHA1
03c1d9d75ccd4e392746e78fe83f2518366747d6

SHA256
804ca7ef1f59b9c01b52cf0ad2daf4cf0ff4f26e2253a14364d6d80ca1d13ca4

SHA512
00d1f17e313c92212788d15a02d368bb07cf94009479a9242dea0838a88150fd65bd692d7333ae0e8fcb441d7cb0d3c294d6d60a7a828fa2340c7840c04acb85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e146fd968644d345_0

Filesize
6KB

MD5
642df787e4d1c171be46a16915019686

SHA1
4b9be993d8eb3a0e1a5e4cb4c45265be1af6dd34

SHA256
1a8bb732a3074bf5bd222894e188420382c56689f01e9daedeebd6c68925679a

SHA512
88ad2c78a573dd70f6ed1bf070d3edcc2e574d77a9b610389dd20ddd1b083e0a0434b5c50292de633eebaa2a8b117a98c4e98c966530dac9dd2ac7ad20763ced

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e312f145a03d80a8_0

Filesize
291KB

MD5
dcfc929cfa549435fa4f74208622600d

SHA1
eaa90fdbef91186d9eac939d6f66bcfff4bed3e0

SHA256
2d3b1729b937c8709a083e61555d3798df8258785e1f1d67a2b6c2ee305665e2

SHA512
71e778481081c89a67dccef38d86383a0cf24a4a5237f368c7cd57755aaa26e86cd65aa0d5c6a3865ea658867e87fc410e3adf8d52596c807c2fc3648c5799e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

Filesize
2KB

MD5
f83c0fb497b4197a35465ef93991b0b3

SHA1
ae58097ee619e3fed1b2befb00ea03d18153787b

SHA256
818ffd0bdbdac55cb7038cbc9796bd71b8fbd0324995f29978bbb0a36a24bdac

SHA512
3dc9ccb2f8a4e94e0202ba0565c3e018e75cb671cfaf1441ae79dcd57d9302c8975d2fb607608e7f08b4992111b8f07d7692e2a7f8cc10935571f5dbaf1cd567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9c7e700cc3e33cf_0

Filesize
48KB

MD5
6bce42e35da41dcda5452305005611df

SHA1
50b01cb4f38dbd0d928bf7b8c106c9a3b723fcb8

SHA256
de2a86a5ab1050226cb57f1cb5bcc59844a1007d2d03de4fa56bfc258e1b5a8f

SHA512
d506e888b7fafeeee568f5ee323b49c65f03c6a1e786f2368fb0f5506f1b0632fa50e157d667578f800e03d4ad49605311477f61a150916fac0a342ce80678cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
38378df2efe2411a7138030ff6bd4367

SHA1
ffe1c371b1a27acc079df055ec3abf672cdc4462

SHA256
dfcd3613b65fa3701d7e0aa37d3298dc9dec12d0fda3c5abd9631569e3a821aa

SHA512
1421d185716e7b93be0deeb4e86a7a4e121e1c52c4da08962631136594da68279d7610ab8e43c80614563042e672e1d6b91db2360b6e600a55742530aa731ea7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fbd11ea5cda006cc_0

Filesize
26KB

MD5
1841a5a478541ac45d67212e56ac4bef

SHA1
0e21cbe54c54a4727bdcd91713cbbbd51c883b22

SHA256
10d7a41390ff73ba20f16ced27f56914c1c38fc85e0bb4e11fdd4bc6f5abd4c3

SHA512
604f65fe829fad73c58d5b7e1bc1f505522c59619e88af37b521ca660961ee70c4a1cde7bb78c38097559deec52ad4e4f0061a101d3f091a8330ac32fc3b72c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fd32a4394e68b986_0

Filesize
294B

MD5
af1ce038f7ede3c9c5db83ae1a96a97f

SHA1
42ec91555a45c1ae10d704289adebb37ef02c8d4

SHA256
590819ec19dd19306cbae8f400872e88f83ff6d6b649393b0aa559a6a9fa6e87

SHA512
8350a43fb6838a2696027f7c4abe8e69b45171c175944e1702760f545f5b60bf4868b13c8614992be787c6d1d6c3508f20f337280cb462187380e58839b66ab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
18ceafba6d7cee072ef8eb5bebf7c060

SHA1
452e1d46f6fec249fedf5516630a7c999fd0d747

SHA256
3622a84ba4600e1ec3fb042b9134abf4fbf9ab1a10780f69963309bfa04d2761

SHA512
7cc44af4323e89340e420de1fecb5d6dde5aafb39e0b249660a0f6ff89de62b28b8a84766c2ff52c88e14ff34fe1227437c61e682da7bcd2f0c1eb8537946c19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ddce6b9c5779c53191c117037759828a

SHA1
f05a4c081a687c486b5f10110fdb3ef7a3cc22f1

SHA256
f2214f8ceeda261ea4ec0554603a050f84c81adfde92fe88437e1743accd648e

SHA512
5d29211f952213d16c21c9fe3237ed1d105a815e031a4d3803eafa1d11131c830f25d0703d7c8a7e93c76b8041cc407815b8a41b8913ea1fec9f30e9ba28692b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
a841d8c69cb3de194207a10bf318dfa3

SHA1
e54d15be81b0aad5f8ceaeff88c4f237709da9af

SHA256
92374824f3e3f9f37d2634e5b3b19cde631fddabad7cfc4a1e20c79931322540

SHA512
c63a58f8d124c1be69dd34cac7d436e04e135d727f74d0d2f7fc6c5fb7717a79aa839364ad8c77d463f72c53d84e805ed243b3c9b33435c158232c9c14f971a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
262d0f05386bf4ebf1f127d94f788dfb

SHA1
076e69b10a27462e485f30efb817783bf79ebc46

SHA256
af7610fddfa39827ef3b108cc584025075dc308ddd182807ded4f48ea7e4e2a3

SHA512
4aace82109fe4be4431f3cc8db989a8f9ba580343fe39a4a3af2f979c578ab683a17e822c7ff92f33b292332d12fb9c31455efad4bcd2bbf53455448741ff1cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
e3eb4ffc6e4df4ff9245588022f4385a

SHA1
0f5e136a05c667113c04a2574737c408dc5d9495

SHA256
ca5542b22d18160a6927c4987bd3f14f61bb779e761058670d20ae797b10a6c2

SHA512
3f6ca3ea98cec607a6cd16cbd0c565c2b61e9e85c5e711e12518e335cc1ed7fd373bcf15fca74cdf15b82e5ef031ea68aef7c021d48d7e50eb6bc47f5b5e36ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
4243ed96095c3d169e232cb74ab57cf6

SHA1
a928706299a3f2957526f134b2b4c6e54803dc96

SHA256
05f8af7d8d559d7f7bbe07e1e59d50d6eb14c08892faad1c5503ff11c14d0507

SHA512
a758fb63f837ef0e0b1299207c8db5f94c29471b9bad8a64c0b957b9d4568eb440a717410c2923ac150c4102ac25f50f8867845942640d3d0c6e9ef003da36a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
bfc38eb4e119f65ed2f8e125f1181a5c

SHA1
5689932bc3f864f4a71f0628a7a3ed0cd0b883f1

SHA256
b6648b52f76f08cfb5509bd8fb0e64cea09e84c623066e9af380a7e3b49de7e9

SHA512
c047c6e5da5037b2a672a510cedccdc7ddb87e0be43d3480240a95c01e05a4b1e477eeb8f1db62f4c03661dfcb58bcd2bcbb54b1afc6bdeff63c297cc2d60a52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
385a68068a0ba3d5ed2c8b63dabac0c7

SHA1
9fcb72277e57581f35eae25fa87ad7f474c930b3

SHA256
2d5338618b0418be18b3810a7d56a3048d76ced3be1eda4b32d2035165534c78

SHA512
6d03724412ee22a0e13f6c328572ebb3a9057bd66c3de77baf5469bedce1c5d459421e0bd007633ea712e18532d86836bdec82836edb172b185d0b516617cd9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
82c61e7c57225496f2d0d4776dceeff9

SHA1
0da57a8702019d372f6cff749f60b34465374c97

SHA256
d80f8aa35363c9bb93edd654137982bfb4fbdcbd20dc9dd04c87c4bc03e0a5c1

SHA512
7fddf7740c3c88b68ea6ae2067c0760573cd3a153f9c319d48e648c4fe5113e62e23fe5db73edecf0252b52e330e7975bf9c8b77e860096cd8026931f1f383cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
33e6ec13cc244b06c0e5185f79904687

SHA1
53aaaf068c24efd4449b7a51fff5c4cf271b8a2d

SHA256
9c476141a1b01ea50806c754f48e9a529023351f798cfa451b1c8ad1be4500f4

SHA512
13b7196c3901f01499e7e065017c56a49d6a135b74959118b8931a30ddccc1565c6100740ba42d102d6cc1b4d625d52b2d2337908ee45fa8ccb252eb13d8bbd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
605325a9c3edb457c9c11816b6cb4558

SHA1
ea10e31e0b85e0d016ee809feae9a5dcd3c35db2

SHA256
22f0451321464c8e9bbf9da374e1151c51b48e8913341aa3f1510b6513b68fe5

SHA512
758cefe5c6e8796fc8543d17747afd21abd829db506f8eab2c03187443b3d05cffc48ffc5d01213227f797c85c17a71ec213eb85dc6279853087f101f0ea4141

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
738B

MD5
ed104e4e76ef2f25e52c60461cee1603

SHA1
f370820bca3c132cde2a8dbd5d3db1947f7dc81f

SHA256
3a81c3807591bc5ddc5089e097808f9b9200a3c3a5900eae3eeeecfac05ee6be

SHA512
e31e7a9a084ed071bedd9bee2223ef0da5d93a281762a6bc169e704e7888fc7edb8fd1b5beabf0bce000c97405cb456c5e7388eaa341c9b8b982571d58210cd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
20467abff006b9b69c149f9cb14719b6

SHA1
4c7549f073e5e301bbd18c2c5fa8de7ac87834fb

SHA256
422ffcbddd7b35c2c594e6d7ba861954f1cf113332d4281ad708c1138d29231b

SHA512
2d5071e461efc6fd752843176e90f41d80d9c0818e34ec7c2eb043d7b2641667a2873f11c79839136645106211ce54499b8ca8d6cb5f916fa7afa0ab75ed9774

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cf9560447a599ef289a4491fe5c0e35e

SHA1
4c23875e1025560298a69fa177e90f37338d641c

SHA256
42afad74f726f2a4bae6bcb0f27f78cb59027ccc3974ba965c8b8f80a9943c63

SHA512
e83e78f4e6526ba7731a86a8ee8a53b11d836bf0e1039dfde2eac082182552c26e95f04db9fe39915dbaab3e11887ddd974d554e02e595dc7bb7ffff948d7545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
95c7c6384f05897b10f10e9b2e803eb3

SHA1
63cdc2951595a5d14534bf42ec63684e1c3b8403

SHA256
22d1b93b36675e1b859092d4a1c9dc362f040be2b404fe7e2cb6b7209c59ff40

SHA512
4a89752ee7d34bb4ea5cc5706d479efd45d103997f9aeaaeb75a06c4f7064a60fbcf28974a3e7f2a09d0c0810a0f357af09721c1e7fb378d5ae2e04ab0220573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a498bd61a1810bbefaedc5626f269b72

SHA1
68cbf4dcc2e32935de59d24756d33bf35e2ccacc

SHA256
d281ea21a4df2b35c3e43480f84e0229d4e0c5896139e12632aeca9380446d7c

SHA512
981b9b3455c331fc0f23acfdd3f5203706691d53ceeddfb7f9a30bb5b63c0f8547251c41ba276eaafbd538537c775ab894f043699be4feb00cb60f7849364e54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
65b6c79a14d16310829d2104e2a958be

SHA1
2a3c5aab5d79819285315c0587d5bf603b48ffe8

SHA256
44100ce369e87f8b32b1591a5abf2a2c9afd64018413bdb09e5d30011c7de6c5

SHA512
2aa72d54e8d59bcca63c7827e5009ec1eaec49be77a863b266f96609d142ca5fe847a54c02bc8b90808e323b8ea5e8e9ef7a03343899b09e3188f315491f0193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
d4e5d8ae98af993e0ae6482e7b38b3e0

SHA1
923653f93aff26a5a112c55b4ca52bef94346707

SHA256
e1c3b9f82252af7eacf24357ae65251b72428a710031cadf467df079596f23df

SHA512
c44f9f23ed9e0a26900ca0d2256f2df1d8861da569bc2a83067cfb2d5b46e9b852883517082f099c3067ac61f3abd8844ad5237e6f3423f1e80a823552b6b7bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
de14ad526095fc6bd1762d417377fb46

SHA1
4a55da95b03e96e78c3570054ce6531356979f4a

SHA256
85f67d9ee29e2ad9dde8b3095ec50bbd37ef33a48628f13cebc461c106c7fdef

SHA512
0b014c2f92442888549aeaf97cc07a2aa3457017d9a72d4952f95580584fb91e7393676f537638b4cae84902e8b0056c03d42a3351014c3a9d4f5df3c207f7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
90bade36530ee2832334daec0294ea19

SHA1
91d0b3d91ea747e690f0f54b8dec8a4367f20ca1

SHA256
36b84bac4c864af562365c544c05dddbeeb7e50631b25536c9c9b4460247253b

SHA512
6a9624febcee37b294734444bb22515cf4fc72e14dba6163b7c8403b1f73c7d7450ccae8ac44acfd33c64405807e2120dcbf4581f2b8d2a0f6d66f669144fe27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7bf128856092811de2556bc00b55bbb5

SHA1
f7798bc448e733873a1165aac6aa3b64fbee22fa

SHA256
8a463ef0078e815d944df724ca84492a169d49e79a73c1b9216bfe8a730c9634

SHA512
7bb0d4e2537b25939a572b97479e0cf19be05c0e1e73b855d7a7f344738cf67e7c1153156e9d327a64e75940394d03a4473f9e4cd10e73c6d53131d05422c766

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
5f041be3d409d34c1a8418e24db9a6cc

SHA1
fbd5450aa80d173c18a4f0feeca9825a1dc143cf

SHA256
d3d2758dd0ace896c9b9b97fad4d6c3fee434ef61b72d0359c187be577fdc921

SHA512
0f3944b3fdd830ea3fd47357175c4680aed6e44fbe051b05b90f5bc198029cf2978cc192b9a90c222df5dab2f8e64f539d35c8297eeff6165531366e9299c195

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
ba7e7ca21423e807574083f91a6e5ba2

SHA1
e3e34c046accc5c8792e0da82d3c35126763cbe6

SHA256
05d5390e18b296fb4e115a13aa6c66360a969ac1614101a4b777fa758ab0d200

SHA512
72af43b4df73916a3cc37de87fbd6cbe30090335bbaa4d9810c1e32d046767ee70bfa04c8824f45a2269a6d2fca3fc02d47faabf6386ee9389b7692386dea4eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2e48b8ec35e3ebf0dd5be31733615b49

SHA1
3b08283781ce59542dbcf0f73976fb9bee93c5ae

SHA256
c4d200bff444323fa250208ab03eecc4864d42197e60bc5663314308e24634ed

SHA512
fdb1c11a992e5ab3fbfb298052a1a6134eb653d283cbaef9ed9b08c59b671ae6c544f7a53c9448e34ca0b41d50463f4f064b5e2042a5d74561a4ed8c282e63c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b286e766f3334383136f459cd11e8631

SHA1
aeef9afeb3a9cdc5bd2582b50cf96f162025dc43

SHA256
629c43b25a5f01e5ee54625c57e601af3fee9a3babade2caf5877c1671c4ba40

SHA512
02042bef1982647de9ae5b3422833e6dfeae38321e268b98f6d318db560f6978caf4e7b4c8100b32f61abd8721577d01ea8ee77ccf5a88725486662c1762210a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
92b803dd74cb5051e1d8adc0131fde73

SHA1
31cd46f33f806b7c95e9e1116b1ba6f6875b15c1

SHA256
5d696cda64b8269fdc88f869d03102957527cfbc78a74360c7a13ac1fbbb39d1

SHA512
4099e4bd020e16a30e3f1a077774dedd6bb40fdee039d9e1f04f3ffe14565e29d854b5005bb30de018ad7102ee107477822801d6608f243277c02975e096e3bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cc25880a61d9bb189a98709f33d9db66

SHA1
dea20a21ba513b73b1a76617fca87f046733a95d

SHA256
aa7c0adf059ef6dbf6c35276f7f0522b6d720b99218736a995e68db1df0ba05d

SHA512
f9d026578caa9068ac64254a1f45f2a6e07ee3c21f2f2cefb75ea0ebfc6463f00619f783f4c46199743cd44147e607dd7975d1c043cdbc960310c071540dafb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6bda587adb2ba511461c4530ff8f919a

SHA1
119fa1a49a4a0e5787dec788672315ae8b0336cc

SHA256
da471e97cddd160c8a54482de395f09f67615a21947608bc6b6eafa06330e86e

SHA512
155b8a5515d5ed60df29537536f5f9e04c13ecb351b72f41655ac6fd361beaba9413524a511d346f1c60228ba69cb7250e312592cfdaa394a70837009e3e20a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
060ae34d5c7fde8fd29ee5b7657c0167

SHA1
cc3a54311c033c60315ea16f455209ab7c322599

SHA256
0b03be335df96e5f16cc8ccd8781a124ad7a0ef81cd384e4f700cfca6aaa57e4

SHA512
a348b320fe24ac35dacc1430d7b9077515dd38f503936afd2da82c3dd4ed8a81cae1df7e97ab67d06e514355b20fca3dadd0f10672ea9822791f4548443a860f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
70ee355116c8bb28775bcf3c97226485

SHA1
0ae1dc1049a33d39897293751f79a1b7f6159083

SHA256
46c5e3784a1676995afeed9152b3ca600a308a872c4af89af7ae20f260965514

SHA512
c1f5bf996aa2e0c49857b7cdc4de96ea1cd74672cff660f24c05793ec23fa1e3cd9c016905671e59998605229cb0a0aff2dbe441917dbcfe4cc9b357bb1c3fe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
804dac69add6d8a035f5e59edeaab9ad

SHA1
0d02f429c50af7f434729d7e8b8c8b32149a6c88

SHA256
03a0a2b991748791af801040f92b76cb8cccd024d21f7c3804c661953759e474

SHA512
d473447a0a6350a9b8bb03cf3e861bd7f361d06be733386abbf6fb80977f7aafbc9b634225f7d4ebca713e670784c78dd574db39aeee2dd006990f5ef01a1120

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c4edba49c3d4c936cb891727e4151ab3

SHA1
7f545d0a03dd7e44c8147aef0aa61618dfeec6c8

SHA256
29528355a6743f6947d401ac65affdb3bb1ce70f2de6044e25cb7e5ab8bcad92

SHA512
e629b3bfaf1547e39a4f938d8aa52f821feb23fb83305fa31aaba9675b6b7e8c47e1fba4d4e335a887af700ef7324eb480bc5dbfb607a95465ef7eb535cf14b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
000a21c92dec0d532a627114500228b2

SHA1
8d02f99c7fe9fd3b3cba412b7a865486da895fc0

SHA256
6217b6f958620b5565c26f69c034c66fb494634cc95bdcfe5c520b4f2a97aa25

SHA512
29c7375a72cb76e84f8cc69fd4caee2bd0d266cf797a5741e451a37a9eaabea255985bc2dbbde3cf4e2d6c4263587824031a47d07376c12c28d875e334885c09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b6f30b9cff4adda2debca7670d633997

SHA1
b035de7de7a9911cd63fc1acc16eab7cd1387b78

SHA256
e3c74f567666a47d14efec9b824851a5aee6eecb21fad8296ff15491f34f1cbb

SHA512
28fb2085096309db3e1cd1bd0d5f3535a9ba06e76baf5284d0a7ddccd561aa56104e11ee8769f857564d60ac36a9bf609c633addd3a5fc39c9f585a8ed8117c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe6486d4.TMP

Filesize
48B

MD5
17496397fc527eb82e7ea89d7414f372

SHA1
39d458b7558fe7cc45f208bb1cc39c5249d0f01a

SHA256
287383e9c5d1da8bd2702bce004fd8981eb168ed1244c943bd7c7a0feceeda0f

SHA512
85cf2e033c51319c514b3f53c49aee25c2b6144ccf137d8ba53299c3ecf53422032f1305ca7f9242f33e8baf82bc11545977761d13cab915645dd730ec69d93e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f8486b454a39863eda51569a6c10a5b3

SHA1
9043be86a034440c3d07e35a31509b4809829114

SHA256
0420b33fc7771245bbc266d04ff04d8262e209135a9730a38a7f8849fdc577a1

SHA512
7291ad3eb324a70f88d851164651acbaf87a21dff1667d9f6a6a4da7d23ed84c74208d186f1bb2e7633b46a8be61777172fb9dc87ddacae5c799ba6da97a6819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
ca6b8c16c93730ba3609e3b253e6030c

SHA1
6f7358d4d53981abaa66c07619ec8625a2a873a2

SHA256
625cce27faa0aeda599f27a548788f65592f9e8aba1c8ba760b0b55f6615863a

SHA512
d941ff9b589619b174490641389631d585f6b9cade928192fd5f5598d38792919cd41fe1590b1db8b2e2a30fc9c1185cfa1dec6709b4d205fd648b8c3f3a4e20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
53fbc8f110e4f997b29b79a0d9907b90

SHA1
d27b9cb654c8e17493a678fd8278699f72457804

SHA256
5e7182cf5e12398c10c885fa3630eda91cf575e85e01a6d1fc969a9caac498b6

SHA512
9d1875c47cd8bad331d40f07acc7c9b32af85422cd724ca3a0e8bfda4a4f09196796184dc0800b9b8516bbda6678f78db375504bd3d4b456c436c7a7f983057a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a3af5f03f62f05cc2a64cf508964da80

SHA1
369e2ff21ce075d5571f6f648fa8e0db6ca61b61

SHA256
12fadec9296ffd44b4db72c4bf4547dbb8382e11ccd988da061a6a7c716b9188

SHA512
1e8d36b6868882eded1915297bce8b9a67dcce6437641ee567143a6aa5969071b9b7d67d20f62e4d7bbccd3fadbba3aa33355d3fc6c61d7b50f99cc07eb768c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3dfd1db9e7335bf6b789551a5658c785

SHA1
fe06253e9e8722c0f344292fad231ff9f3a53af8

SHA256
8c54a2b722a0d59d4f10a465234ff32a28937b7c818d01ba0aa721c13cf78f38

SHA512
3fd039a599ff63400d2acf5497dd671cc174459053ff58f6c8018997e3dbdb64bd235bcf582e8ea2afcea98cc439578fa23843a923abd4361681ec38a5a0d189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
60db1491ff7e685cfcd55be34d57837c

SHA1
a29ea4ed9fbb4e479ad6a5107f2844b5250e365b

SHA256
f19e7685dd2a226fe90c0164854169681685a44e7de34235213bce17d060c1c5

SHA512
69b4ed8edcc30e0426657faa67e83dd68a9ad225dc6aa6fb61e082f72b8ff1b19705de12752b9ea87976c6d6faf8fc2935515488c8cb6aed784828f14bb15daa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
10f213586f4765d262f169e4e3b5eed4

SHA1
f1ae104d1a56bd5227775ba41c1d3cefb66d6d0a

SHA256
dd14abdd2f5752393965ba9975a59ee967dbf25f983b45f03d0f548e0812424e

SHA512
9d7faacb8e0b9ffb4084889eadfd61ac7460376bb142b17a1a07fc5aa6cc8d6af4370f9949d6ee32b9edca111580265f88081d4871d52ef71eb31b29f8015289

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
50ed9e8a7ff722f04783121c787af562

SHA1
f048048113ff95e74ae63b584ac435dac5de0ec3

SHA256
170873f460de99a7b14f8cc613a5dba93d75e49500ffb93134360a099831282f

SHA512
0bbc9156ae60e8762ed0b744b34fd56da10809b06750f78e802579f3a0871e40bf4bf1480223c730952db0efd644cccfb762c354fe4511d2c51cb8947c86692a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9de3b969bcaaafbd23efbc6884e346c4

SHA1
0201f0654760d677e87c9ba5b96951b279194580

SHA256
e6300993e829d7cabb52de6e2fc54166e06c27a01fa835083a28406fe97f154f

SHA512
43b9a8d3de90ca0c8095115dd549b31cf69b65f7743bd41a929fbd626897a9a92210a8a2cedafd4175a95d08f1d4376686ba2c713ed028f790ffa8ee73284385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
60ec4a83b784d379c6ba908cccd0857c

SHA1
90e9ba82e3c424c0add9eae14dacbc90504d46fd

SHA256
af80d0186f228107416daf61f4b00937e37558bff8a12b6e9a9e6b39952af039

SHA512
139b6da5ca08280075e9b702174658c6a76723dcf2b8383b584379b16f0af38aac80da7841868920a0af15d3c9da9050da0429f0a2bd5fcdfd8e49724595f2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7a74a7caff101802e677ab6d2c6c027e

SHA1
a4da82d60338e78311282b2dfb3f8d56c0ac9702

SHA256
0647db2ff2cd28073b4195f8327495348af1055652aa8409c0fe6dc3acfaa308

SHA512
39c6d443d984734f6de89d4b1569e14bee5a20429dde3e41bbd51ae4570fd8df8bcfd5a840ea320a3ac81c357c668dee75e423ce834f4651e3888643672fc7d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c71908f41f2f9ce7ca19007d7f30d013

SHA1
1226eebad60d5ccb7fe1c4f44321d92e4aaefcb8

SHA256
9d065bd78d425a240beb034e5907359470d6235c64ff919164683d16b25b930a

SHA512
d2d87ecf6c67620a0ee8549017c823d9f318b5fce0243813f9cd19ec52f93ccb67621a7b6c876fcf13eb88220096a2e4b00a37511e4c57b17d9088ce7161e91f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
48d2733bb0e22eab70c9bf4e92155896

SHA1
e3fc4b958bce06059c1783d2143f8e3a4dd5c392

SHA256
3f11cc05f1894c8ee8a0add3330250fd2023cc395c0b1c1f3b2f86f90374ef42

SHA512
fd15babf102959cabdd15f3bc283589f0ca7ec77e1d093e3296a04490f88838901b8b3758419527a29da961b2d090174be4a9d27cd9e2fddd6ace84b7f315301

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
94706160ebf940eb04bda780df9ba0fb

SHA1
d36d07d54219f65fb9241fef02f68b173d931a01

SHA256
67f64c5998f0bd1a069f6f8ad814951a80124fb35ac7a4b0fe148a91fd5c894b

SHA512
8acef16e2677b1d8e4346fc40781d13c606ecf1d82019e6ef70ff230bb5d85a0ed437a0d0414cf78fa293dccac1383702adaa8bfefd0f0f6a791c0c1bec7a652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b70ef9471b9542b30d2d49d552fe7ba4

SHA1
5f3d490499a254a45ac76ec726444afa0fdcb72e

SHA256
e3001fc22abe98170f6cada27ce991710eb5d3d2301cd2f32bb7ccb0cdf376f4

SHA512
f9fcded6a4b65c64f571c7651f155c48d6ee8bd3fa1dd2a13e3ff552cec88ade91051c52a3fe10dc1aed3329eb57e9d2487944f5ea7649768f09c9cab1c7fc8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a1ce0.TMP

Filesize
538B

MD5
5735d90780305f781c222a62ddc4ebff

SHA1
f24136e33880201b17982950b43d49e17fb544ce

SHA256
f636ceb68fa151116acdee39914a190b369234684f92c13daa38b47accba95fb

SHA512
dd7fd84fd4a331581abfc7b71de29a697a0c857eb456d3a09fa32a9f6c3bad4dcc79680f7d0f30d8cc3b987b5b98c9719c3450c07ca5462bffa06c3c9944cf65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f49e9e71-c19a-4394-9bd5-ff9779faf118.tmp

Filesize
7KB

MD5
f2b1475b7b14b4bae6db2dbc73b27cb9

SHA1
05c4b28c4e5528ec67fe6c215bea560fd270dd6b

SHA256
ecf9b5f88423e6bd30088cb6b08183547418baf3f43ba47fbd9926130c92c4fb

SHA512
4087fa11c1ed844749f757a9b044c3b224950d023b9b22fffe14d34b81d7582467b7e45f486002b610540a00970a5fab727badd91de56927b844a855a885368d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f4d23209c5846cdf32799ab68f02df16

SHA1
1d487192ec42fbb6821e5ec911ff89c66f505921

SHA256
ad4e71c85e719d18356c0c4df0bdaa75532b492ed8cc6345119e5b6ce06cacf0

SHA512
c8cc5d07a648aa847343febca1381c633ba289b1e3cb3a58bdc652036fe7540c9c35403cc5829c25ec22d68de4b8605cd3a18fc7009cb39248355a3729c53a44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
42ba7e8aacbfc43c71d1a3385d33327f

SHA1
6689b892d73b738440e6bd74d0f06db742f54360

SHA256
22e7efc1df706be1c414ae2d6a3065a51e561f7334c2a919716248d42a6fad07

SHA512
e0583d322bc3047b5f4ae2cbac6070471f8f98e44c4a7c5e51d1b33cdea58b759e886bcf43a0b7e6dc656ffd46f8ccb3c567138b249a189982d14e1707bed1e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
df703d7f557bf9a1961769b4bbd57bd8

SHA1
148227ef3dbf029ac43f69831bdbb1a6dda9aba4

SHA256
dff36a9d097cc3ade04127f8e3330f55b673714f4dcfd2097ae336bef5acaf22

SHA512
f9c3fe76e271ba5635f87e2e643fef5bb587fda40be52a0d27926a43566503384ffa4660f88277bc6a574598f881a50bab80427de38a5439911f93a3c459c23e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d265330e78ad944f6295ae6464f00f29

SHA1
b8483f94f87c3677c4164d0cfcd1ee0229cdd9d3

SHA256
f62a142823c7bfd292377fd65ee377469f2cb2a91f24e443e01eeb88ca835f2b

SHA512
45ce7283724fea1ce4f8604f84ce2dd96ae159fb3badc00bd8439aef19429954ff0eda722415006eaa98e6590c1ba0e21eb48dd69213e57028934080c0b4b415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
910bcb411a6dc1ffbb5f237bc591ae57

SHA1
fe9990716728ec7ceb3840d094796a1035684620

SHA256
d65fcfb9de334410217ffef3715b69ae76c4af362251158c91bf6772e85ed01b

SHA512
5788dfed6f66cb36c850bf79104285a46fbacf0bc0068d7f32cd3ada294483c8c7006e979316b92d5b5fdf1a3a2b58357e55c8682184832cfd3a367cd1509214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2571f5c55df5c1b913bca36acaad31fc

SHA1
204f1c96fd83c41379d0c522e130eb99db5e6f52

SHA256
757be28307de3c8de209dbcc2f405c8ab618fc7e10f16fc217cc2fa21543aa0e

SHA512
cb819001ad93683d62b44fda85191e1afc23171845f56ed09e0f18cdba2b64401ada77d1dbe27f6f9b9d7b19fc6d497c433d42eff0fbab2494909f7b2512096a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1514cc8d5bf503e4dbb8082e49397157

SHA1
1a41775c44e634e75b7b70c8d7f858fad906a101

SHA256
ff77287669b0bbacf464b52a90e3240b02dd7d0500ca9c3869f400fa563324b4

SHA512
925d57ed26507c1a85bccee9a46208e43ea3e6336b9cf269e9e1f4205da085e81aca59c015b7efff4be501157fb1934bae92996111dcfad7f278dd061bf09e7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9a1adf80ed5ae53c5771e8a33a4e0994

SHA1
77968173d7d2b0fdca1f2c52340dbf083286b709

SHA256
dbd003b29f23342bb4040399fe4db11f22f68b90061ef3114a3effbdf7f3d419

SHA512
c0ac0d240668a14c7a04c2ed834ae9d06a3c5ffe6da72d49e984328109778e80930de4068011e480f4a842c25cfd71634065cc4afab3b059e4df21c8db391d90

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00007d

Filesize
83KB

MD5
78eba2ea86a7b7eec670e67ff6b87ab8

SHA1
07f21d744f9711bac5c820e9cd51f4772514fcd4

SHA256
87f6a4082390919d4dcddd2f1d3720086e97b944de76bc762fa4736c78ae061c

SHA512
a45cd0bdff8a94b6161043cbcc5c4f4360296e19f057f8cad6ebb3903dc5514e8ef123bcfa299d83069c0c9bce8dadab6772479e90c3a69e73280c5ed147a961

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00007e

Filesize
86KB

MD5
466c5b2051dd16570d77e4cf9ffe4b0c

SHA1
c6f790199d39d549d873ebf712ef7830784d86c0

SHA256
faad9ce59bada6d99ee30d341ea61f5d7d65eab8ad84aeca83e92239a5ad223b

SHA512
73e3c7602b7ea5720b20b124b1cacb36b9a584c5b6411049324984e944b2351b3b37bf0f43729d3163c12e2b3a6ef06cc41a945cdbde3618c7e5fe4ad94dea13

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00007f

Filesize
63KB

MD5
4550f0edc857d121bc30af4bf001a981

SHA1
a7d158c7ee071a8f5cdfcda5fc19908eba271bf6

SHA256
809bd67e52ad5e5e7513da1178a3a3009f9a2a295fccbaf0c4b25917cda09402

SHA512
d24ad7ba3a44b930d07ee515c38a5300e829c5f101f3bc1bdd3f8c91e2ca9e0abce44c65bf215999a752a823aabfb3719b18faff3099c4b5ada8787d7ba631a4

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000080

Filesize
75KB

MD5
86637086da4ed0f8dcf3ecd056b1d45d

SHA1
b633058a7c42511971ed357c6c44892042cf3525

SHA256
b8f4c85913d11722020f04a8111ded8b0d06500d76ee464a1f42716b7bf89b84

SHA512
9023bf41e7d824794a25523be90e4d4e9cf5de3e23af99dc64463369d63c5a08057761a66fde782f6a513432533bdc2210682a1ce53918ed112d64fc72b7a5fd

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000087

Filesize
77KB

MD5
fa10e6c5b03d75cd2384e4c13fb928b5

SHA1
b9d53e5b9b2022cd675614f102c4e837cc44861f

SHA256
1a9b433a4b7fd61fcbe3b188f9c31a2a1b8da94cd17d8b3b482b91a76b116439

SHA512
c90898f9aaaedc16fe2c98b5b5772f2f59af5d48b26cd9f3caba3c9c3b3f95b541801ca23c11f9ab4b16f7002e3ac714204cdb0606a55b05003e36f7e3d94a6d

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
6d277e629f63656a2ef1efcff16b5d47

SHA1
42581eccaad50e4f6e4791fb38a56f8aade242be

SHA256
3cac98c50d3e3d8d75b39e45bb7b7a44ada7c4443de3872c251bfd0dc92497db

SHA512
319bb4b4d5921632357cf98434582f8977a0e676a4689603c21f9b44a24430840c36942a7fdf62268da6fae74fb4ab2248be3fd6ca21bc286c814eb27c90cd30

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
d7717214ae6285091c1050e0d3d3b978

SHA1
9c7f5ace8021dffc3df898e07082271e656d36e1

SHA256
8807b857ec36e4d138243f45cb04d53fb42a7c9a6e3dbdb70494fa7878d53ce2

SHA512
1e8c0d465999a4b29f71c4929732ccbe8605befecbf04a5516d5dfa6a449c390f25782674e19513529666d9898dc1e6fffe7bb4b4e5a144ad9302e7e6f6fe6b5

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
424a05ee012107852eead12d29a112b4

SHA1
4d10a274b9332f25c398dad956c52a814a2f5b9e

SHA256
2dfe9a5d737fed6e621d9afefa78bd34c9f603f64a652946f60be1e4e6bbb97e

SHA512
f657647a18995d5cb4d60f3f28aad1486a5a91ae1e0ca58e086eb0dd175decdde08bf8bd43df9023b891f97f732815c7d22619703a1e95f83e06a26ac00468c4

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
b5f785af278b68cd51c83afe347271da

SHA1
f795b0969bda1a48f9197f5acf8b8688bb1ec397

SHA256
c910d6c50778527048835629f04401b961a3e17643311150162ef190ebdcc07c

SHA512
b5250b8e7e979e6f66a8335d9637435825e5395faa69711b74e74a7f90ef458590cf592839699e66d5974e3da2bf55915fe0805af6489397386c531259ccd334

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
1c80274b03b73622849986eb3ea333fd

SHA1
8b3b6db3cde9cfade45ad0ff748700e2f8e11ef7

SHA256
17d51ed02392efdd887f062735db156168ec9a1c2813062c3c1cba58a4a97611

SHA512
a053c88bb70fc57788e6bc1c4b3aafabc2662d212b367c00e37e1c51c0164061f1e5db7a216b5c8f72fd72f43b9835e765106a9499d772a529bf42263cbf1a47

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c47407fb085084a782164a99016a7011

SHA1
95a1f96a435545daa65fdc5fab7f46978c6458e9

SHA256
2201ea048a32c3fa2c62128dcac6dd639879e3ad604e3ffe4ab0bd8272085c3e

SHA512
7c791da147b49fbedaeabaff0df6912ca7b437e8803900a40d7b6561e9dabbf634e695856c2d5a15a347a7c10a4d6ad4d146da4ecd0537942e5b12bfebe5cbb9

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe5c0bb0.TMP

Filesize
48B

MD5
60478e3de3864bce86b76d638c22c98a

SHA1
aa2d187a3aaf22fe11fe89fde772f729e2122d14

SHA256
1c9a5811ac19d4e8332674956251880afbe05dc4bf5f4f79196987af0c4a44b8

SHA512
a94d2cf3c83a9746d4611b0717af389413502df0a79953771469e1c1154c08c9c130504fe2c1e3bfc7bcfdcefdc7fb2a0db214e71dbccb7ba752088b197b15b2

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_0

Filesize
44KB

MD5
919a3f89408fc9b92f02da87d43a7c56

SHA1
8df0f1834096a1ffa5b1120ba6be99964ad25309

SHA256
da2e84772e8732893dc8a776d0b97add68b5b2ef77c539924805d5b3ce04dcc3

SHA512
027cfee2bddabbd8663a36d20289951bdbedd808f2969b4789e1565eecadedc96d24295f3c4b1af2b5fbb810b03e0320f7ef412fe8ca7b3e87c0c28d118103b2

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_1

Filesize
264KB

MD5
a61a33e07d4becd309a7a74632d58ac1

SHA1
89c8deab40744dceaa0180777702d81040342c6f

SHA256
73636bd115b8a48c7503299a6311fe1af64cff7bbbf5565bc68d36dc7aefff3e

SHA512
97f4678d8aad6bc49ffaf49c1e593d115a326d995ed1da526e335eb33463bddcb0125df51923a8bbea2866ddf8831e4df95e35ca09bf89d7d3a772acc328af7f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GrShaderCache\data_0

Filesize
44KB

MD5
164fb980d242e3c7e58ff1006fd8387a

SHA1
019e8563d866fd147ddeec3e58f8e72eaba8fa04

SHA256
b1d08d6bdd3f9d9bddedeab04f08c5752d22c6f36527295735b95b41ad9b06dd

SHA512
391b1b7a49110854dd828a0cbaf045003465351e98f96924d7bd7f62130a34347b7118cb99049884d01dc9325cbe2315accb09088baf9ffc151696fc8b21df6a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GrShaderCache\data_1

Filesize
264KB

MD5
f24829a76b9a16e0fce392c82b9ba357

SHA1
101f87a11f518945ef8d107448482fde5ec444c1

SHA256
29a4c2711a1fc2fbf14c45a5a9bf5cc12226ca1167ae02e27562bb195d2aae84

SHA512
8ead794367bc591c528ac4e8465a591fd3bd7d0128d64e8748f2c50a961e28c78813c60f986628bf465ddd07216a175d64ea60b87bd094d542f2f33f27ede4a9

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
856B

MD5
51d067436a0d01fe857ea376ea3f05d4

SHA1
74f6fd0d271ed5ee8311b2a17c74b49dda9c98a2

SHA256
edaab45d4d5833708ae85c7625edfe5c4f6f331382344c6e4304f914a4541f7d

SHA512
53f0916f8f2e81027be852adf4248eda970c9dfbb78056043c7c9463f36f01d80703f2aefb1fcd449a80834fdca3e9e989de8c6bf2b9dfc8a4c86cfb53efb303

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
744B

MD5
4e578069958aea1764af3100c2cc6895

SHA1
332728787df5387ef1e5146640b87f7ab3298488

SHA256
222554b37f2b76f3fb94cc64c5a32b73548bcdfefee42646b2715f12474dc308

SHA512
2454397882702c092fa3f868c383da56e927bbdd1167c19298648370ac4984354d1063e89ab7b3e51adddbf10ffdc54aa49408057083930f084c61f62e7c3f9b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
856B

MD5
b488c4421a1464708205095ca50602cf

SHA1
2c3d78c8d088dc068822a3847033a530e7474033

SHA256
40191f4f98ba5f3aa2f67eb7ac9a7771a353b5dc976d72f1d24b0c68b3e2ed5b

SHA512
3aaa65a47a317c0761e78c95bc29241cfd2ef2bf96d954d321845b4a823b2188124cda424749b48bf731e919098fbe7070a5997d6e00223632e9ad947873e06f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5cc490.TMP

Filesize
529B

MD5
62b11959bfdb59d75667cf794ba81887

SHA1
3720684fff8702f3e51fa345659ccb08d13971e5

SHA256
79805316f4e67297b8f62b2cf2c3e5a1c477525e06e67375a5b9a066f6ed8a41

SHA512
598b773c8fb1b672d2a134362401640f6c4e4660f53a682d201bcf4836dbee5b027a132c71ab8a984ab7caa7b0e4d0fc59c4acd8ca3e516878a733e911ece768

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\6139e677-9074-448a-8f2e-3e0037f69ded.tmp

Filesize
524B

MD5
4c73fc1b12df7f6438f4c04735ca6cdf

SHA1
69d1a5a65066be562ef38bff921aa75582d31cc8

SHA256
20eedc6d9df9b50d05abccd4c4a264801513c655deb6d28d865ecc4bf3c72796

SHA512
8beedb39f3b5d68e3dc7655f0b81c1dd67f8f8432b91774473335a5fd6fecb628dd670e8216ed65193467b4aa5971e68eff6ce2586feaaac66e264a196739bf2

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
686B

MD5
12f285f6340d90abd7cc4ace22be7433

SHA1
463d33fa2131e3a09383c96fd5b2a86e4415ef86

SHA256
d2f1708789f5dd06661da51ad572e5ccc8e3bd19708b1c1df68e99898ce5edc5

SHA512
9191d5b5867cf96c416d44b115818e5ed4bfa00075f8fa24918878a27884a4065a32b8b0f1bb4f8fb529399d70ffde9f4c53ed87b77e00bc971a39b78b39b812

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
d76c1f09f0e923ff317813b2775de526

SHA1
2af97e81f1bef2a48041085365262ef62b9a94a4

SHA256
5c2e49e2e55215cce9ed8ce468814ab6d81688f8109a85dbb230692e53a5fcd2

SHA512
92c7c9dc6901309135751311a53fe113721a904c0509cd65790d438c0f8eea937040ca44c51cc27648472725c51273ed74778744512830d27516e94b7bf11e7a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
60be78750975e059c8839355aa69993a

SHA1
6e28db5acb1465fb439bd345a4042f600d86c97e

SHA256
e6781c51ba6d9f308eef3389e537dc5bda6e1237e6369aaaab06ad8fdb4d68de

SHA512
47b6eff91bc5c15546ccc18139800ad0481cadb3aaf254e4dc6ec42e7e78109c56447fbcdfaabc552c94cc58f537c870eaec57d6429d7b0e19db2620eb10bcd1

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
49120f55f2f7175227b3bb15db622c28

SHA1
f3f15bb132a0963096282d3f2727e3c6a2dd70f7

SHA256
cac069acaf120584fc155f026d53ba358c3069d8d047257290d8cab0ef562ad3

SHA512
9950a4e4be1493291c8acf6709d711bd0666643670dc181cbad316c9e0ec81245c23729826d75825054ce28c656790eadba190b44a3e08e0c92aa4c984ed7b74

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
c5b503bdf8534f67a53a95bb5eb64453

SHA1
7d31766449cafede2a1b9378458fbd1edeaab4c7

SHA256
d4c5e608240c23f474092a7702cd3c6c9e499c7c6ccf93720e901c41a51b6d63

SHA512
70ff2c8593154f6ebcdea7933c5dba9c12d556232d1f64e1ce202df6c842a50bc99f77d02fb327cdcbcad7d775ad3ce0b38fc749ae31313a3811531e2dc42374

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5cd837.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
007d4f39d6984941228d9e8bb1606771

SHA1
3a8aea1c989b8939a91054028939dab3874c6a30

SHA256
ca43e88284a94ecc88fb437d55ee2d0da2e83181e0e43ec5076870ab036471a9

SHA512
f272289a8a8c955bd49ff285f4c5ad000214aa659f7215ec83b293abf26510db04808cbe4e24da74935990225891950467f9d7338ae871f30785697aaa482427

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
78e869990c85a9c9e3de128a89f11ad3

SHA1
bc150d653c200d7334c8ae85456098879437421e

SHA256
1c38a68719cbf3ad0283e7e106b2825bc98d5a6d2967f165dde21c2e13518e8d

SHA512
f3a777d8d2dd1f703d5b020d8c130c74ecc487877cc40fb3bd2eb33f93fc1387360615bf8fbdb05d5f41b94dc66d37e5fe30a2fc15210ee95bb8f2fe2e814780

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
188B

MD5
21ff882186e51a790b88f847f68b5657

SHA1
aca1ccdffa2bc083c9f5cdb9e8e44517a35c1d90

SHA256
68714acc9f69bada1dc9ac20f01462bade81b3aa16afcd71a499ebd90f18d772

SHA512
19512f8a82fd31ffa0c32b1e19b89d7068e4c3a0a549a9c2ae8ae64954d8613abc6fc6c4f005156da455fb77e158aeadff5d9c638de46ad6960139b0ac556760

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
20be6653bed1fb32f4ff2adda3eb590e

SHA1
33579322ac5b7569ca7b2783c3b7e619fcfd0b39

SHA256
aa5997b22de556fcf17ee296481292a4442b285fddfbfb4829dc26c07dc6990a

SHA512
8fe36901cf0924641efd266f48aed91cd8fe80de287b08c3770f4bf0a67f86d35990088f2952e0c1646fe4cdc721afc8cddff1ef2810a299058c89b023a845c0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
7cf2d8845618e89c081a2496de85b872

SHA1
7df9ac3af61e7c5284e0be2ff0a9863f003d38d0

SHA256
56de29756ab51b6143c70ecc7c20ba45e52a92e1468150061fcf83479b832b99

SHA512
921971e4c17da21aa919f2e17e6f1f0b8db108f2c8f31925979459468bf43fbf73ede8572d5aa93070307c6484b97137e4438d214aa77669cdb8b70452b74e76

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
520B

MD5
27105c984895f54441f7844e32b014ac

SHA1
79ddfd1d1dce811e663402682686dc28a0671343

SHA256
0b73ddc0eb598f34f1a97d8beb912ced7d064d7a855062a7e3130ea7b49713e5

SHA512
435d7f10e8364e080453abd849c8187afb94183e206810f6f92927ee250175a9e9851110163df030321740656ce3c3aa15fa8b5d9bba12d3a3a6b69ac93c9ef2

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
d503e370c2af0d593800be39a0e9b773

SHA1
2992a953d1c69e55e695fc2a7383b9132f2eb12e

SHA256
17809fc0fb9d71128be706efeba5b5adbcadaf7027cd777d063e89c686c502c3

SHA512
c6ff53290d8cc41f694a3e1f60dce95cab327c12d8d60565de8508271fa6547cb6b76e17e59a8679cb91e111c1fcae501830f778edc50371603f3b833e57c93d

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
d31bd871462ab358d3259938f571701b

SHA1
943df2fd4b6a4b1a8e4cfce2c3c0a874c031796a

SHA256
971a3ec82c376ec5c9fe1869a63df3a9277ce910dceaf5744f157afa75214fba

SHA512
3cfccd8d9839daceaa2d236bf72820e23f82e5e07172cd5d9b84e360087921e5bbbd436810bd96e61af6b99743dd95843fdc98a6e61a8c011b030989d420a475

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe5c2c47.TMP

Filesize
188B

MD5
38b1106b5b0718eb3e89116325e6daca

SHA1
0db66ea1e2812592856ba5e9f5a8d740f0eaa1c3

SHA256
16b2b60097943bb5d3bec4cedafbfe86540f17e8a8191411b50a42cd4bf89804

SHA512
f3cd0eb3ed044d073efd3dcd977077d37e62bd1682628ad08a57277c5cf3ee750834fa24a4200af442499eda04a9ad6a43245275d40ff829f67a32d365a5fe33

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\dabb1067-c595-4c34-b65f-d2fcd4cfcbaa.tmp

Filesize
1KB

MD5
54066a3008a6742063fa201460eba355

SHA1
bff15010628afe2899ec6e72d04dc0eb34899586

SHA256
179749c1cf523b1abb11e40c08904298101a1e4548049cbd4eb12d9262b62078

SHA512
ddf08b1fb8a671b9bb907cd804532fee52b89a820241fd792effe006beacd8778dfada6b5f7c640698e8d2f632793a359b8844f12d0475a6a54cda452a421391

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

Filesize
2KB

MD5
602c49f9246967bdcff45b4f43cf2fb0

SHA1
4c5796e0c724bbd7a9244cc8a0fc9e8f40181f2d

SHA256
a3ad9649c1038078038be1abd591cdba73b4b4f5cf30e11bb6cb7a432b746114

SHA512
2f273c0dd0127071f4c768cfe7277c6efff84c1ef4f4271c1326db3658c84261794b106af3198717f349fbaaaf276163700bbb50ae20fe52ed0a88a192d46f77

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe5c2c19.TMP

Filesize
2KB

MD5
68b20851ccb9834d21fb32615e42bd43

SHA1
88fab935f0b9484994097c08f785e9ecb7d68127

SHA256
a954b528dd65ad6c4c2091fa32f17abdb7a49454ce88e10bb6c377734c70c26f

SHA512
dcb0771120c8fe35213d60e9abf4b242af807324759e3c99e9b2569c00a941d885d53ef6fadfe69e6b740e0b52a6008602605d643801190a2d29175a7d065e15

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\XMD-000004.log

Filesize
24KB

MD5
1f6079e22442c06198075f4b68db8feb

SHA1
15869ecac7536eb119c124014f0cad60f4ff56fb

SHA256
ca9187c173ccaac32363715753d7d9d72f66f4b7206b4952e14c3445c88c010f

SHA512
6b152412d118720f22077ec8964efe2af6d304bdb773ccb44f6e9751e0ff867832ea388efd66f5ad3b3ba48ae14c19b7ac1da7ac0b256e1c62d5ff3b0a91cf8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx5315.tmp\StdUtils.dll

Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx5315.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx5315.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx5315.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx5315.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx5315.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
a2e3e100342678604a76275142eda8e7

SHA1
64d28662570dc6daafdb2538b15a97c014ac7bfe

SHA256
276a3eee45c10c9d1a126c01d863fd1082536b3adeedaef17271af762c435169

SHA512
e6800764ccc66d3c2c0112b59ad7a39d5cc1e42957f226a4de7894b2fd97987c726557e090645a0745a7ea426db67e26604e78f4f0aa43355d8493791ad52f42

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
a3229bf7757dd54991fbbf336e649726

SHA1
913fb9c22456b818b4e5fa255d92e256bbd619e4

SHA256
dd1da5db3dc937dea60b1059578cd5c2fc2719ec30d047f22c5700e203e9be74

SHA512
dfddc79a990dfc55ffc1337c2d337ad757c5938fa13c3c94c205202efb0da51dcad8b65a2a167037be1967e89d96c543b06057014a5a7b6b910020b70af65059

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
5fff6659ca641c3c33cd0e3835f80146

SHA1
af9051052dc1575ea72633fcd6285095136dea71

SHA256
6d92a4e08f50f0feed9099f396d48e3d4575863448441b884fde40aa87c6ad36

SHA512
a907ddfba8246e861baf9bcdf5d430b397efec42539723d1b4473d1640de55c0d2f04621e7645795ea4e47b20b745ffe283ab5a3e52abf596c2a540513db3bfe

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
45ea7a9e87e83a3e8b4ec8946472f5fb

SHA1
389bb5c8f4fe02d023ed8d602062481cf74414b7

SHA256
31e4f416584bf69ebed78ca39a08aa5d2ed5273d3e2292e010a719e83942150d

SHA512
430130d71d57d0fdfeae4554b8caeb52b7afd746a57a3e96d7b42f1f664b9f61759b48fb47f29561e3d8c3880d6f4e61a69c077c93d1d9f07df1dcafaed9597c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
5c2d07f757eb01c29801ccd3243fc577

SHA1
a6b6aa41108be9453c7d04690693a017ef520d58

SHA256
15d8c88ea38bbbe0d1909c7be4302d2bda15456c784657164e234490a86dea63

SHA512
b01794fad77970b22a90bf6843797feda9bf0646d2b912fa1e98ca9ba52634ee855e6597fcb523c16462a1f21c60b8aa1f3001ee6d3bcd5d8c2ce104d5b092ca

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
54f301845bc8222b3b42371bdaf5df98

SHA1
acd8fa59a37895751f3a5d58b32b390bae3be15e

SHA256
9c602997db27e798ef599967aa0840b8cda5a36080ff36df8a5ec10e6c04b44f

SHA512
4c2365230f9a86aae5b50335552b726b5202d70774e46519449d885b94c631d6a24d4da2d0a3e857f10b615d60030022f61dc48d18a1aef7140eb3b376cd96fb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
e6546e2b144454b90c9b2be6e753401a

SHA1
24a84d9eebd1be6736c2311ca4ffd76bae76b53d

SHA256
bfcdf08bd3d4baeaef2b87390c340b5b2d3fe2cde3dfe67f56ca8cc2fb465c87

SHA512
20c1921db7efd984a34175fd87b2166569bc748b9143496954cdea6d7cf768076d5e698f24fae0e8af92213f74cd3eda7b979fa33bf4815570edc6be2a5f7ff9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
ef948cb69c06b50110a7374e972f4d60

SHA1
29330dd42c082389407cf1ba7c9f56a8be21be1f

SHA256
84760e730dbbf99e2dc4a94fff094d14f7045485e8e7bc1f8fb1d3ee406b7122

SHA512
42c1b932b62819339d27cfffbd49451fc20985e89e4905c00191db4e2938fb3c1a0099ed47f9b556879869efa4104f40ab6edbc01bd986bcac5ab9b3c6b79cc8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
64c03222ecbc1d7be0412e6282dda87b

SHA1
f00c1a8ba91128c64ea50485e5b2b4df5a5b7e26

SHA256
edf9ac4ee8827841fbb68ed72aaba6b41318ade6ffa6534aa66e0dd9834de2a3

SHA512
0765b3440663686897a5c8615dd79b830c569b99c50e2ddc7cffc1f2698701454ce1e2efeac10927e67e81c9a1805528a3f0aef3cc3024b278607f0702602e52

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
1d566aa6a1c0ae29e92b7788e869eace

SHA1
186aa907e26701077bdc0ed342d117ab6d113096

SHA256
08f960e1a0ca3e30e62c7d8f7e2777e42771ec61fff5b5013298cbb8461fffc9

SHA512
41f70e9fc9da7dd0bb0bd4265c2027c49645b11e8fd8c2e339abee09ebd9c83a9d70edb1911a4f6421ce157f1286db175f89b9670e849f220465ca8a284d2ccc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
69031282b36fe9c0675c15826bcd75cb

SHA1
e9277f63bdca9100b20605ba683a17dece8f0194

SHA256
4e64adba9ff32b593873552502a07b966dabde0942da1291356f1d2183b22d76

SHA512
5b912bcaa7c19b5694eda28fc8e2473758aaa2668089024869143bf9274b7bfe0340ab0b85b4d681827b62f537b132de9c0f5d4d3aee694adad9f9f5208ed964

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
f3e363960f592c17575b380f409ec9f0

SHA1
11b380682cb429b1ff540063d45563f381404e7b

SHA256
5d3b0abfd2cbf892aab7bed8055ccafcf756a33d2d52615293f684605e381b5e

SHA512
ff9bd22a23a5cce57b99e31832ac3e2cc3fbdc3906745592e9c2b346f6e8d3c699ba083f0ddcf0aefd86105b1309c21e020583af8f20741e9b71bab1299c6cdf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
79c0feecc651cfab9b425e86284b04a9

SHA1
56eb2bcf86ddf2076a5f9af5d7c7fea91743d385

SHA256
a035be2f780d54d6836cb2941bc709bf3996f443ae36a156a8ec6b43e87d58ac

SHA512
06be076a794006c6d2def1066c40afdf082f919ed4a46d3dc0ef672dc894e1ede62be788d3ab0b7a74aceb0a69bd11dd4bafc32a76b8b564a18e34411b6113ef

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
60e35234cf5086b52092770e66b931e7

SHA1
1258b46a239f266d95f65ff4de7cc7029dafc82a

SHA256
838e0092710d636518e15dbfd1837687134b96278f35a43a3b5059e9af03e7ee

SHA512
30512bf6dd93048fa7eb165a5016946752ec75122f8e1dbec08c25040e050f5aef29a620fe1126210b57ac775d676343903ff26f51becc86a120769fde71a8a4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
f929f396d15015f16c8ca565f13acb7c

SHA1
1f7946163ac6e17963d46b2deceac1ab4bfc13d9

SHA256
6d840025b679e52b409f6b71f4f2abe66e46f463da1505dbd2d05526a5c47d0b

SHA512
490e4f54027f9d1248c1b8f014a182986853e1ac9df55c430d77c446b5e9b41f7caeab54ed2f3564f789bbcf1a17222b7189351b94eedbe4e62fe7c073fbeca4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
9be9dd9ee850a276ad73d72d1cff2ee7

SHA1
0766768f6f92f7f5a5b57d660fd2f4b0c9ca9a83

SHA256
77fe8ad036e28032b2972f2f148db9ee0759bc92bcbe453157ce8f968e94adc2

SHA512
395d467424e6f5ba795578f66f0e961389e7c9f443156600020576d4b663a269dcac4f1c7e2dec65990ff6c3da40d28678a528b3ce1f2d4f437d411e23128e13

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
4257ae2815b39a694f2ab644fdc24000

SHA1
1f0aed313274a1263f49b4e0124b5eefdbeccdb2

SHA256
2e8191beee3dab20fd4a5061ec5053e35c1055a65871cb44234ea064e6d7bf71

SHA512
785a0c681d00e0e56c67e423e03d7d5b31eaa1dca88f9f07e7958b9a12190d359d842212cdef7db2a0ec098e0d5ddf6d019ec4c710f2c5db2df8073775aa276f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
3b49b564d09bcf86b1a09524fa5b5613

SHA1
105808b92d2f92e35e919a1e6206790da0529401

SHA256
2371cd9926c54453278bfcfe8a2dddb7286bf8c61f8dde95cfc67f46b5dc5dc5

SHA512
ccbd256c6b14ba155e9f43b3edc4c933162e7ea772dd93e5fe4cecff86edfaa9e0ce34afe41957f64814c15f6f75dade0d5d21ff59b2648451510379f2e7d810

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
4e1f0320edc9caa00868e75a7b692a90

SHA1
e7c6784a4d9f7ab63b4f95ace1e792fe9348be8f

SHA256
e8da8de877c133e9a677c2dca19c4a29a3321ca30248ddb1454792d5c3fee189

SHA512
f87770738eb9534b303bd3ad6b1cc9d97a841bcdf7c56ec40fe248a17bb41d8575685f3b090c46ac5c3529ff2c23f2ebbc69a7597db1c66d1954ba7a9f8c20ce

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
1616cd4ead74840473b06df0c662e98b

SHA1
e681d0deab712957fe73cf5619f549af55b06a42

SHA256
f052c4d81ca4a8fbd02a84b6fc9b1c3f25a2029e66c0d64c1dc8bc8db83ddbfc

SHA512
a5dacffcf13011e3db77bad43717fff039fb227f3d96a1d1bfbed37c308fb18f0e437e3b6f065f2dd76e2ca704e2d05fbcf350be7a091e1e85e4ade744bd8662

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
6a7b8ad6ad21dbf6c6cff09853f9bd77

SHA1
813c5d07defe203e73358aae156463de8d46c947

SHA256
b1cb9c11ebabcf99ddd853178f111c5ec12ecd9f33505f403dbcaafed3bf30b7

SHA512
4ca61f97cf80fcb024aa4bb1c52de2790acf7b5266f98df0bf93dabef6fd45e8d68b38a33d7ff71c0fb02e8101e22469a800c563396d1800a0f33aba0b719399

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
ffe8f9a0f704fa789f45abfdae121c1a

SHA1
30560bb2c6b7d62d7f2a222402957d89327c2331

SHA256
205bd068148cc0796bea808233801659f2b0327027a56017035f196e8856368a

SHA512
de9e7e33376badd70155b796db329698e7bf7af1b8fe9efb6bc981ca4f10119c8c931e8caf2a28ce5d0596ad820fde7d63e73653486418d84810143c872c6e0a

Download Submit
C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 265594.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6168_477178425\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6168_477178425\manifest.json

Filesize
1001B

MD5
2ff237adbc218a4934a8b361bcd3428e

SHA1
efad279269d9372dcf9c65b8527792e2e9e6ca7d

SHA256
25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827

SHA512
bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542

Download Submit
\??\pipe\crashpad_4636_IIBQTZVEHSCHMZKG

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2008-13140-0x0000000000140000-0x00000000005F2000-memory.dmp

Filesize
4.7MB

Download
memory/2008-13134-0x0000000000140000-0x00000000005F2000-memory.dmp

Filesize
4.7MB

Download
memory/6136-13992-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-13327-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-14703-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-13286-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-13982-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-13328-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-13331-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-13608-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-13722-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-13806-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-13913-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-13922-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-14684-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-13295-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-13923-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-14704-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-14706-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-14707-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-14708-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-14681-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-14718-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-14727-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-14680-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-14677-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-14705-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-13308-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-14667-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-13993-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-13994-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-13995-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-14018-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-14085-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-14155-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-14191-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-14248-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-14347-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-14386-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-14486-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-14611-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/6136-14652-0x000000006ECE0000-0x0000000070020000-memory.dmp

Filesize
19.2MB

Download
memory/8664-13181-0x00007FFEA1D10000-0x00007FFEA1D11000-memory.dmp

Filesize
4KB

Download
memory/8664-13182-0x00007FFEA2060000-0x00007FFEA2061000-memory.dmp

Filesize
4KB

Download
memory/22896-13932-0x0000029CEAF30000-0x0000029CEAF31000-memory.dmp

Filesize
4KB

Download
memory/22896-13933-0x0000029CEAF30000-0x0000029CEAF31000-memory.dmp

Filesize
4KB

Download
memory/22896-13934-0x0000029CEAF30000-0x0000029CEAF31000-memory.dmp

Filesize
4KB

Download
memory/22896-13935-0x0000029CEAF30000-0x0000029CEAF31000-memory.dmp

Filesize
4KB

Download
memory/22896-13936-0x0000029CEAF30000-0x0000029CEAF31000-memory.dmp

Filesize
4KB

Download
memory/22896-13937-0x0000029CEAF30000-0x0000029CEAF31000-memory.dmp

Filesize
4KB

Download
memory/22896-13925-0x0000029CEAF30000-0x0000029CEAF31000-memory.dmp

Filesize
4KB

Download
memory/22896-13926-0x0000029CEAF30000-0x0000029CEAF31000-memory.dmp

Filesize
4KB

Download
memory/22896-13931-0x0000029CEAF30000-0x0000029CEAF31000-memory.dmp

Filesize
4KB

Download
memory/22896-13927-0x0000029CEAF30000-0x0000029CEAF31000-memory.dmp

Filesize
4KB

Download