hxxp://steampowered[.]com

Analysis

max time kernel
343s
max time network
346s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
30-11-2024 17:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://steampowered.com

Score

8^/10

steam defense_evasion discovery motw persistence phishing

Malware Config

Signatures

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
phishing

Executes dropped EXE 19 IoCs

pid	Process
3476	SteamSetup.exe
5172	steamservice.exe
1600	steam.exe
3300	SteamtoolsSetup.exe
12660	steam.exe
12720	steamwebhelper.exe
12776	steamwebhelper.exe
12872	steamwebhelper.exe
13004	steamwebhelper.exe
6048	gldriverquery64.exe
13388	steamwebhelper.exe
13496	steamwebhelper.exe
13608	gldriverquery.exe
13808	vulkandriverquery64.exe
13888	vulkandriverquery.exe
14532	steamwebhelper.exe
14912	steamwebhelper.exe
16884	steamwebhelper.exe
19388	steamwebhelper.exe

Loads dropped DLL 64 IoCs

pid	Process
3476	SteamSetup.exe
3476	SteamSetup.exe
3476	SteamSetup.exe
3476	SteamSetup.exe
3476	SteamSetup.exe
3476	SteamSetup.exe
3476	SteamSetup.exe
3476	SteamSetup.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12776	steamwebhelper.exe
12776	steamwebhelper.exe
12776	steamwebhelper.exe
12872	steamwebhelper.exe
12872	steamwebhelper.exe
12872	steamwebhelper.exe
12660	steam.exe
12872	steamwebhelper.exe
12872	steamwebhelper.exe
12872	steamwebhelper.exe
12872	steamwebhelper.exe
12872	steamwebhelper.exe
12872	steamwebhelper.exe
12660	steam.exe
13004	steamwebhelper.exe
13004	steamwebhelper.exe
13004	steamwebhelper.exe
12660	steam.exe
13388	steamwebhelper.exe
13388	steamwebhelper.exe
13388	steamwebhelper.exe
13496	steamwebhelper.exe
13496	steamwebhelper.exe
13496	steamwebhelper.exe
13496	steamwebhelper.exe
14532	steamwebhelper.exe
14532	steamwebhelper.exe
14532	steamwebhelper.exe
14532	steamwebhelper.exe
14912	steamwebhelper.exe
14912	steamwebhelper.exe
14912	steamwebhelper.exe
14912	steamwebhelper.exe
16884	steamwebhelper.exe
16884	steamwebhelper.exe
16884	steamwebhelper.exe
19388	steamwebhelper.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
217	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0317.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\accepted_cards.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_dpad_down_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_r2_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_mouse_mid_click_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0210.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_030_inv_0070.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0040.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\steamui_postlogon_brazilian.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_lstick_left_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_r2_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7\locales\nl.pak_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\html_lock_ev.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\support_flag_top.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\steamui_postlogon_sc_schinese.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_button_share_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_lstick_left_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_install.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_r2_soft_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_button_b_lg-1.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\Receipt_CDKey_RateLimited.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_button_l_arrow_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_norwegian-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\trackerui_french.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\vgui_turkish.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_r4_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_touch_tap_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_up.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_lstick_right_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0424.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\find_icon_up_hover.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_lb_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_button_b_md-1.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_r2_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_security_locked.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_outlined_button_x_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\url_list.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\x64launcher.exe_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\nonverified_3.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_german-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\turn_icon_large.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_r2_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_mouse_scroll_up_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_status_mobile.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_r_down_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_button_b_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_lt_soft_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_l1_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_r_ring_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_lg_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0321.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0528.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_030_inv_0326.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\dlc_installed.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_color_button_square_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_rg_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_color_button_x_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_l2_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_r1_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_dpad_up_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_settings.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\dualshock_4_brazilian.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_lstick_up_md.png_	steam.exe

Drops file in Windows directory 7 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12720_797822366\_metadata\verified_contents.json	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12720_797822366\manifest.fingerprint	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12720_797822366\_platform_specific\win_x64\widevinecdm.dll.sig	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12720_797822366\_platform_specific\win_x64\widevinecdm.dll	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12720_797822366\LICENSE	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12720_797822366\manifest.json	steamwebhelper.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\SteamtoolsSetup.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamtoolsSetup.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 40 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steamlink\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steamlink	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steamlink\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steamlink\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steam\Shell\Open	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steam\Shell	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\SteamtoolsSetup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 759749.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 47351.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4896	msedge.exe
4896	msedge.exe
2708	msedge.exe
2708	msedge.exe
4448	msedge.exe
4448	msedge.exe
832	identity_helper.exe
832	identity_helper.exe
5800	msedge.exe
5800	msedge.exe
3476	SteamSetup.exe
3476	SteamSetup.exe
3476	SteamSetup.exe
3476	SteamSetup.exe
3476	SteamSetup.exe
3476	SteamSetup.exe
3476	SteamSetup.exe
3476	SteamSetup.exe
3476	SteamSetup.exe
3476	SteamSetup.exe
3476	SteamSetup.exe
3476	SteamSetup.exe
3476	SteamSetup.exe
3476	SteamSetup.exe
3476	SteamSetup.exe
3476	SteamSetup.exe
3476	SteamSetup.exe
3476	SteamSetup.exe
3476	SteamSetup.exe
3476	SteamSetup.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
6000	msedge.exe
6000	msedge.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe
12660	steam.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
12660	steam.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	5172	steamservice.exe
Token: SeSecurityPrivilege	5172	steamservice.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe
Token: SeShutdownPrivilege	12720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12720	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe

Suspicious use of SendNotifyMessage 43 IoCs

pid	Process
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe
12720	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3476	SteamSetup.exe
5172	steamservice.exe
12660	steam.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 2932	2708	msedge.exe	77
PID 2708 wrote to memory of 2932	2708	msedge.exe	77
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 1896	2708	msedge.exe	78
PID 2708 wrote to memory of 4896	2708	msedge.exe	79
PID 2708 wrote to memory of 4896	2708	msedge.exe	79
PID 2708 wrote to memory of 4288	2708	msedge.exe	80
PID 2708 wrote to memory of 4288	2708	msedge.exe	80
PID 2708 wrote to memory of 4288	2708	msedge.exe	80
PID 2708 wrote to memory of 4288	2708	msedge.exe	80
PID 2708 wrote to memory of 4288	2708	msedge.exe	80
PID 2708 wrote to memory of 4288	2708	msedge.exe	80
PID 2708 wrote to memory of 4288	2708	msedge.exe	80
PID 2708 wrote to memory of 4288	2708	msedge.exe	80
PID 2708 wrote to memory of 4288	2708	msedge.exe	80
PID 2708 wrote to memory of 4288	2708	msedge.exe	80
PID 2708 wrote to memory of 4288	2708	msedge.exe	80
PID 2708 wrote to memory of 4288	2708	msedge.exe	80
PID 2708 wrote to memory of 4288	2708	msedge.exe	80
PID 2708 wrote to memory of 4288	2708	msedge.exe	80
PID 2708 wrote to memory of 4288	2708	msedge.exe	80
PID 2708 wrote to memory of 4288	2708	msedge.exe	80
PID 2708 wrote to memory of 4288	2708	msedge.exe	80
PID 2708 wrote to memory of 4288	2708	msedge.exe	80
PID 2708 wrote to memory of 4288	2708	msedge.exe	80
PID 2708 wrote to memory of 4288	2708	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://steampowered.com
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xb8,0x10c,0x7ff9e3da3cb8,0x7ff9e3da3cc8,0x7ff9e3da3cd8
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2360 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7708 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8100 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8412 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8632 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8732 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8860 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8900 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9128 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9276 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9280 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9148 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9972 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8476 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6472 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5800
- C:\Users\Admin\Downloads\SteamSetup.exe
  "C:\Users\Admin\Downloads\SteamSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3476
- - C:\Program Files (x86)\Steam\bin\steamservice.exe
    "C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2508 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9960 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9196 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9676 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9492 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10120 /prefetch:8
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=9240 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9972 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:6000
- C:\Users\Admin\Downloads\SteamtoolsSetup.exe
  "C:\Users\Admin\Downloads\SteamtoolsSetup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9968 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:6408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9148 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9456 /prefetch:1
  2⤵
  PID:8872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10628 /prefetch:1
  2⤵
  PID:10168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9464 /prefetch:1
  2⤵
  PID:17392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10752 /prefetch:1
  2⤵
  PID:17844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:17724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9896 /prefetch:1
  2⤵
  PID:17880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10384 /prefetch:1
  2⤵
  PID:18120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10276 /prefetch:1
  2⤵
  PID:18256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10488 /prefetch:1
  2⤵
  PID:18372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9456 /prefetch:1
  2⤵
  PID:18488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10976 /prefetch:1
  2⤵
  PID:18504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17579852017778213518,7803747110545672133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10800 /prefetch:1
  2⤵
  PID:18980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4444

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:1600
- C:\Program Files (x86)\Steam\steam.exe
  "C:\Program Files (x86)\Steam\steam.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:12660
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=12660" "-buildid=1731433018" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SendNotifyMessage
    PID:12720
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1731433018 --initial-client-data=0x298,0x29c,0x2a0,0x294,0x2a4,0x7ff9cfc8af00,0x7ff9cfc8af0c,0x7ff9cfc8af18
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:12776
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1560,i,15315630416174017685,10877082046295708906,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1564 --mojo-platform-channel-handle=1552 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:12872
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2180,i,15315630416174017685,10877082046295708906,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2184 --mojo-platform-channel-handle=2176 /prefetch:11
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:13004
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2772,i,15315630416174017685,10877082046295708906,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2780 --mojo-platform-channel-handle=2764 /prefetch:13
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:13388
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,15315630416174017685,10877082046295708906,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3108 --mojo-platform-channel-handle=3076 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:13496
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3708,i,15315630416174017685,10877082046295708906,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3712 --mojo-platform-channel-handle=3692 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:14532
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3920,i,15315630416174017685,10877082046295708906,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3924 --mojo-platform-channel-handle=3916 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:14912
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=4176,i,15315630416174017685,10877082046295708906,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4180 --mojo-platform-channel-handle=4172 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:16884
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4060,i,15315630416174017685,10877082046295708906,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3652 --mojo-platform-channel-handle=4076 /prefetch:10
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:19388
- - C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:6048
- - C:\Program Files (x86)\Steam\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:13608
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:13808
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:13888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:9508

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x000000000000047C 0x000000000000048C
1⤵
PID:13196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\bin\SteamService.exe

Filesize
2.5MB

MD5
ba0ea9249da4ab8f62432617489ae5a6

SHA1
d8873c5dcb6e128c39cf0c423b502821343659a7

SHA256
ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d

SHA512
52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
965B

MD5
2c0545b265309c79b2110cb6ba1c5564

SHA1
12b7e653f8a32c540f920405a134c50c7d09b1da

SHA256
66f3f49300a602ec120df558f6166fb2f52b72eae13e06e6b471315b35716745

SHA512
bbb305cc7dbf379aac5d24c7ff1a15629f9dd3b4784adffacf41709c19f0c65c37a505802556bc188a8bcc15c8a99dba83dc3a992409eb46674c5a50fbe83822

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
12KB

MD5
be09c66ff119dae09204dd50a31ce1e4

SHA1
ac41276abc79f53b8c24af6a473b296f78afaeec

SHA256
eac1e6e18977ba7986fdbc7e1716b05c8b57139f9a0007b52ae9d250a3e2e180

SHA512
c4a4eed7ac2879a547b6ddf31a1004d48c54facc6e213889e5020755ffc9333b398f02371006400054386c8f2ca1a1fd3b121581a55288a8556a1ebc5dd3e572

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
20KB

MD5
bda44593be24524df711bc4b5f5a1440

SHA1
5866ff1422d7be7c07a766224a1c87f27e352e77

SHA256
42234172520e6db150b3538291962ac4785f9f3f14e727d37dcceeac0ecd9c3e

SHA512
aef6256f234fdf3d16732c7f2c71206fef3456af121bedc999b246b7a49a84eb2f0affad1715ed4f2ea8df62c01590750f825c1eb6c14ed63fe7a0652fe79f05

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
18KB

MD5
c7998c51516c5c79af2f7e63038aa3a7

SHA1
7e041c45987b97cfb658b848b8e6134358d9fd00

SHA256
14e8dbd0b2a83add892437a65e114cad9b4731630ccf687520fc4dc39b73538e

SHA512
524658886402483f54e7eb5e1b0895e2ddf00bfcaaa0cff9f9cc49802653ed30b465d04deb94d29afe11a7ade0947f9035bbe421827509d365edb1195bb4efaa

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf~RFe5a3a7a.TMP

Filesize
117B

MD5
b46cdf246adb25dd32b81a328e154f53

SHA1
181a1ead2bf44bfafa67339153c4e446863b450f

SHA256
a3d8a2cba6e356e02c0f33b50e3a9e61d2f9dfb6a26b5983e30e7786da95dba7

SHA512
9230a9ca314bc2ab9dfffbf2ff069e7fb7ab9f57f130cb20e44776b7a82060fb0c2f93359b91d7be95f50ddfedc203a58a623cafbb07170c5822dd06f8a549d3

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

Filesize
4KB

MD5
0340d1a0bbdb8f3017d2326f4e351e0a

SHA1
90d078e9f732794db5b0ffeb781a1f2ed2966139

SHA256
0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544

SHA512
9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a2c784e6d797d91d4b8612e14d51bd

SHA1
25e2b07c396ee82e4404af09424f747fc05f04c2

SHA256
18ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6

SHA512
fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1fc959921446fa3ab5813f75ca4d0235

SHA1
0aeef3ba7ba2aa1f725fca09432d384b06995e2a

SHA256
1b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c

SHA512
899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\604ec616-9a48-42e9-bf8c-a3aba1f68830.tmp

Filesize
5KB

MD5
89f95c53174c0e1389becead7ada90b2

SHA1
cc19fba548cc1779d9dcf0cc651285065c8ab0bb

SHA256
ddeb192d6978cb2913ad243aa6a8b2067939c9fedd6529660036df72f5c20bf3

SHA512
72d637e5094f7f6e7319724977948832fa126fdd92492e56f1c0432be64215db49aff7e1a09a7e46b5703db6320c40bba6e58dd93b2846eeb58d3d1dc8c4c784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\63d62f65-ff22-486b-971c-828c6b927556.tmp

Filesize
5KB

MD5
1602306a13171b88a8567355d5c3d66a

SHA1
4b0ba2faeef10252898d67bd03962eb765d80d1e

SHA256
9c38dd68bc6d9684d9e888cdf1a7d9386d6d43b92b75a1478785571840783baf

SHA512
93d71bb719ecc5d3933dfdc27c3e965de0a4909a2fa8fb595c4e87406c23608fc3cf34134dc7fa10dcf8d871e64500fe59b8f3581cf38add0ed41e0743575c11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
32KB

MD5
31b05e57c066452d73ab005bb42865f7

SHA1
2a8efd5d7753dd756c539ad66831b01f603fb13c

SHA256
84d0be622ddeef6d0793df5d274965d6d13a756979b4b484185dc7a051eb4071

SHA512
f793863cec23493b58311d37720fe7d48e21c92da5cbc9c5d4562e47a046e33be4584d58a1c031513298c55a9c33f5e591fd5ce831c9c33af9c2594bb071c277

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
48ffef4fc267c7350a37339001bd1a02

SHA1
9379041d4d542c116b420d014c7ebb68137a008a

SHA256
254467e453cf3cae3c70085b41462cd71b233c247b5e212f444347537b4c4873

SHA512
34b459dde39b3056e2f0a4c593b342d32829c9eebb2b01f146aefa0d54f0b52ecf4954873cf76b424abb25f84370d0b5ac06fdac734b397a7444b4b64b4d52f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
36KB

MD5
80c484a058ca2ae0f9bc62a38223d496

SHA1
8315360b781e7161b79df6bc8def9a66db7530a9

SHA256
d7530b224b4842c08b3bd6e33a059d33cff50653f06b3080504785c6c3997c7a

SHA512
5b3aa4494da9bed0fc7e7fefe00e8343e3e63322b7923bbb959a0d274716da283cbea5ebc4b59f4e508b8167c32479ffa3ce8b36465c6563bc20101aad9f8608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
19KB

MD5
4d01e326592ce2f559ff1613a10a00f1

SHA1
fb1c762040ee1e36bcb7c44674638b32040fb74c

SHA256
56c9ff85451fcbe3d0c8a80051d5cc690d9731fbdedb6549b4386c6010519078

SHA512
e8f9cb416f7ef90613812861ac6033d712526dc3fa11ef59a1b5929f649a063c176024d2e3e3cffc5ec33e7f516e5fb3d082947b059ef812f701eabaff17b16e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
279KB

MD5
1044a2c8b2a2fbe3768b96eea4febde0

SHA1
d358bb622e287edffd920f3d48d7d81d824729f5

SHA256
263dc1acc920ec09e81d5c67e2edd8e53194a121167e08513410174a3b1e3022

SHA512
6d7f68697c7142060bc25e2e9263525e5e50ac1b2081f7741dda59a15779bb0ce9a29283887ff37d80c438a227494e78ceb648a3677bbfc73f6331b4c9794df3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
492KB

MD5
e6c22f81a83dab728f8ff2ec574be89a

SHA1
385e4f0be0bc2f346f144b6a0d9664c2e5e3ddf5

SHA256
eb5a01cf443b59d70949042cb8f9aeda3752b8010b6401543e0c24adbc0f7c16

SHA512
fb50a1e7388a324013b3ad7826813ea005a996073d6edbb22f6df7a25b7df1a9ee986b7c335761d764fe0b1245f862524f3698689e02937bbde01724128adeac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
66KB

MD5
57291ad92055da48f5e907b84bb97124

SHA1
0cea7c1f808d5d31630de0421e77d015e48a263e

SHA256
3eb84427a4f257ad45321f16b36294e0ef5e21b717fd21edb16c265ba19ee569

SHA512
84781d985e14d68234324823f35c3ccccda3bf09bb3f5310e08090e44856cced184153e4b9312ed4b563b9faedcedd26e01267ed59de0e2659036732cb6bc706

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
22KB

MD5
9d53309ac2415ed6efe77b43a5a2b2b6

SHA1
31d26e32f551242c037116da7fe1f039bd1c4b41

SHA256
31e667f7d809056c4199b4204f46dbc6cd118a97530308229bbb9d450c42f89f

SHA512
25510c4cd3ac3388a1c91b5011e12a34c409f272d8f7fbec1a89cbff45f2553f7061c1f63d1a2c06f8773b885bcabd9c96501434b8905778132fffef80989476

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
17KB

MD5
a421438ebae11fcb4808982f78536c8e

SHA1
cb3287d6dc2557343cc2e4723f6bb5e5534ab075

SHA256
8d40f05f3d7b0c08cc959534185a4ec52963c06322e7c31dbf90266d9a0c6bfc

SHA512
5f6e88895377f671f867464313290d9cea0ccf4377ed74153c3fa745456ac35f9686fcf0a2e9643316c60f5bb677dfabe1ff408a56318c48e0f7853954abfe1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
215KB

MD5
c7302f195082508a88d2b0407af2f14f

SHA1
4d3c2eb45a9422cef3438365ef343754e319b26e

SHA256
5232055f9a78fe210d30a2c179a7e0a2d37ffa868f0fd2f97c201aa5da1e73a7

SHA512
9cb1a11f43ca8ee459eb8097df4a3c8d77221b036c676aaafeb05ae29062ec3eb242b4e78fdf7f49bb6b0a988db0a1a3ae9791886ab7c0f0d9b34041681cd926

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
167KB

MD5
fb17bae56d4d325248b2cc887983ddc2

SHA1
448667c9ea5b7e91fef7f4978f805bd5162e24a7

SHA256
4f9f9529e93974afdf3314247d05dd48f67b8b23c47dc3dd917de4588fb7dedb

SHA512
d45e6ebf258ec61319bd9ad80527379fee8d4c86a2ce56d40206394cafb04ec2d89369f2b0ef049ebfcb231738a60d0b01fbb12f39a22155b38a239445195297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
20KB

MD5
7182dab792dbc9cc2928f499d10807aa

SHA1
edb2741e45fda4b9707f16a8c4fccdb4567e3607

SHA256
90468387a08481e00d3a0366954fe8b71bcbbf0037cae6e67ebd8c54dd742a54

SHA512
32ac22dd170e8a52835f45e4fa3b719c27ac5f9d840d62f5fdcee3b8ff0cfac7327723faa4a0d1133ff83867681cd857e72fd6bb96b663ef6267c64ee0c60de5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
36KB

MD5
21f4955f4e7a07d5cae4a46fc74ab263

SHA1
3e3e25ca71bb03ce2c9b2a495b346b9653568b1d

SHA256
0870954849b1ccc0e6a9754cfbd3ce33f791cde77156d1f84519713ac47c37c5

SHA512
ec857db1522f15d6b769dc775550eb0023e27c080de45f6c091bae25b8524ed17fba0ca84af38459bb1d772bf479327b031e5ef677d3eb7f65c703c03fc70b84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
115KB

MD5
ce6bda6643b662a41b9fb570bdf72f83

SHA1
87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8

SHA256
0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6

SHA512
8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
25KB

MD5
e29b448723134a2db688bf1a3bf70b37

SHA1
3c8eba27ac947808101fa09bfe83723f2ab8d6b0

SHA256
349cc041df29f65fd7ffe2944a8872f66b62653bbfbd1f38ce8e6b7947f99a69

SHA512
4ce801111cb1144cfd903a94fb9630354bf91a5d46bbbe46e820c98949f57d96ec243b655f2edeb252a4ec6a80167be106d71a4b56b402be264c13cc208f3e2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068

Filesize
67KB

MD5
ce58019b091dbdb1895be63d765b1177

SHA1
37a38458a92835c43b270069c0629c6975b2ba69

SHA256
8defb86fd585d1e578370bac22698f0de49d509d7398a0e83fbae7a9d11e0fcf

SHA512
36be843dd5630cf0c76219459b2ff946fa91ab90be31e3ac62452642a79a062b9d7aaae14a0ad8fd92b1a6d468394f1aa8bfe45f262f33e34048b46e046a1b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000081

Filesize
20KB

MD5
fa4cc25f0f72ac052e9413b46705327a

SHA1
72127f17a73fdeaf1d867ff721f8115e90d82e8b

SHA256
62215bb3463a1bdbeab484739c056495d60f9e6feab8e3974cde6bf69504f05e

SHA512
b33ebe5aad7802e7aadf31bc490bb697a7a941c4ec9a03c211b42bf54403f05dba02fdbe42bd7c28a27e309c868f4d74c060840a4aefdff57ac9c5c2cb66921c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000089

Filesize
20KB

MD5
0fd3b46fd7e5dd422bde5768a83ffdef

SHA1
00bbe47c66179502aba235f9f5c01a0cf2e76051

SHA256
4027d8ff4ab76b54c34765b96344808d7ec72c0d8e1c26060a8a300f2933a72e

SHA512
d63690a50479d19b959ec1e7ec27214a4a53bb2205b9008982ccc68bab93f1cacc7bf788d20476dd9e0d9b12299f66803f5377136da28470dd460c875dbcea2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a5

Filesize
297KB

MD5
ce7d17fe317a065808243da413f6bd72

SHA1
305c0fe3e9d4b00980a4b7a682bad13384356d87

SHA256
5c929cb981d750efdb1c0716beada6ed00dfe4eac55d7ca0288307939dc44fc2

SHA512
c2206951cae9c09c91905a7d0ade646f4c1183fc6802bacfbcc3973f63be8bc4d684c33245921ac938cbae7828579277861c2fba2bfa783ae63e208657f1d574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a6

Filesize
32KB

MD5
e7eb40a17f017e7b0651dec263c01ffc

SHA1
26fea5c5c688b2ecf33bb6892c9905159b6d48d9

SHA256
afb8e284cacb33c4d52af3a501a871cf560e4ec94358761743c02f3a21cb1810

SHA512
d7af8ff7adb71dd5ed1620efd913673e108846e02a7775d012825357fa81ab28dde7bce06592256e9f9c2e91ede6a249a7e6bce91a392f6f7ac0b53ac3ca0123

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a4259a0181983ba_0

Filesize
7KB

MD5
4391079249bab6c99b35333967643387

SHA1
80fa5a843163e24cd92615216bf41ad86171f677

SHA256
9404b31c7060ce214d940c9b2798ed2561266199b3b21f57b86c3dc6a8b0602e

SHA512
41397b8ced3941162f06202a8045e434d9586ca54d07d30c7f23d3dd84dcabb863ee3cbf981285321d896d0743d4c98b7d9cc7ee5538167e13067698be98ca48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
b3a6cab4563995cd90ce156f79ad686b

SHA1
5fa4e5584e0b737ee800af33bb2ca9fac43e795e

SHA256
00c6a56ea8d533a3736663ad8461f3b24dd705d07f53c203dc8bf99e52629ad4

SHA512
329316d0e1ddb172df208d4bd207e19ca08547fdc2aa029bb1bb56ad7fbf1f99a85729bc506cc4398c9524a88b3c7c6114f04db35773af1558f86fd96b31e0fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
2KB

MD5
88c1507490079aefea0899cde76a2d0d

SHA1
021a42fa6846fc933ed13e04d2726e457dad54ac

SHA256
70d6c542eb1242dda88fec71233f37dc939e1afd03b0686c6177cbac0e76fb77

SHA512
865ac4034ec45c4279b64a6fb3fd424b5196530ad1f687a4d9a18d7b66b8d8bca9123e3eefd6fc1bdd7fafc345f432fda4e670f7bac8c5eb138a8533b5d66244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\782d018d3f59e184_0

Filesize
38KB

MD5
909b8a887f863a6ff1f7ff6278c25dc4

SHA1
cc1b19deb6fc93a84da373863d53e925a11491a7

SHA256
dafbc18bbb844ed555629053a003b0723656c070c74c9e304a4dd48426f82e81

SHA512
54a5a53a391816b2485fa0b797be8b961ff32896d51a1739c678c3833196a2171b35013f4e4aab750245ef3bddae8191d853b2812f4cac0e4b513eb39127aaf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90d7d7591a1b39bb_0

Filesize
262B

MD5
f08a692459d9c2e5286cb0c8590142f2

SHA1
6c87c4ed5c856ad0d8089f78fb23bae4983e2207

SHA256
735b5abc59e8a6a426ad44d83997b799316d3fcc15bd3fdf08ae9f88a43626a9

SHA512
211dab023cb90d64eaceb825d2503bc7d89f16b040693c5b2531d7801ae765531c039d685910665055e413728ae2e8a71804fe7fc4f11fff2d30a2071c0b1048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
9327d019ce460be7f48068d02f3e15d0

SHA1
312010439a8f3276b0933e0d53a7d62d80197d42

SHA256
fcafe05ce5be8b10dd619d7317fded14d9a8fa2368b9009e03a6d8fdc27a030e

SHA512
7968bafa2f02ce7e84ebab7fd92bcb0b515ca3030b1511036533b3b1f659aae18db7f4b8e3ccc1abcb8bcaa8de4cc8c5e087045557ae345a70b5a3a2e1a75fd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fb2c71dc54c440b3aa386b030fd45be9

SHA1
facf18017e8ec1b9f0e727e1a5a1bebb7be39407

SHA256
4c9f72ab8076c0868062e2b13bc5e689ae7c294cef9d790ef3ddf836c6198b85

SHA512
2b03bd342750d395ab094121920086f280b6de914f58092d7d7a6f3c2c5c048d3919926a61e6efaf959ae4da0a1ad30a77fc14481ec16ea9ce1438eb733567df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
8f8cc975903368f5c24a84bc6cf36a06

SHA1
4dc74d76dd60c423d6ead767b893320a097a25d3

SHA256
c020d690c453359182cafc4c78ffec2d47aad4b25fb19c31b9383ccc77d9f352

SHA512
a080e06a1e6bed16ac5918fbe0547649a9ce9f04ebb838d5694d9e28b08ac9112713857b17ac28c8634e2d9d90b93850c4fc9d44d67c191c1db6da05a0e11662

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
15KB

MD5
8653a9e59d68a19ee4dda9a6fbc35581

SHA1
a1e10a75b22b9e08f184e3f0832673b03e1a1d9a

SHA256
cbb17ef782dfbf440deb8d295855d3e4b020e6bf20e79b1e958b2e6929dc7d79

SHA512
7b21134b26663b922b4eb3f749269a50c256474e84a6c18d1a2ca9070cd30bd38667501aed96700a48206f9d74f4a3076c574d6159eac50b8d808b5786de1ae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
a3e37c0cca4369e6ed52b6f725f68a4f

SHA1
a6aad17bc50a18f47889eae0646aec40be816222

SHA256
ac32eff5dc90e6d98db38da54b382a973a72ad46ace42977ed00c9f93464e140

SHA512
71eccd6acb15feecb3564dc0faec95e19304df66cd81430aebc28a883c64da1f258b0986ab7e3cdf7b2a4c49c0dde87e799e8c73cbfa45f0bd29fc07ed0fae70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
17KB

MD5
abef8c49a6a929aefca8a4db2b134dfa

SHA1
b0fe580a29d42dda58fad1cd8f464bce4cc42582

SHA256
9c490c7e7348d18806bbe5dfaaace289251381526b68d55f6a91cd3807c80a04

SHA512
cb812a6cde12e15942176bd69d7a4141bc2cc8a102330f2070ec8576b1336e632c4d7ea377b329d2649478b7a3823db7b5bf125cf97b956c70d07631f302ce42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
17KB

MD5
1ddb7695d8da0fea65dddd6a3b526ac3

SHA1
fe4659788d103c93115a4d840741c49682ac8406

SHA256
d344a15cf8cbebfffea22a800c8431537ffee81f70ce91fc6997c08e0226f81e

SHA512
74f8be319959924249206d1db14e588d61fd9aa20b12be1b2dbac90a2fac86573538864a8723adbe7bf8337b6a9553b21888fb49876a93d2ef1a27764d53539a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
19f615981a2a11b5dce2cf3e599f69c8

SHA1
cba170c16cfaa9cabd0a3f9fa8387fc4771f6eef

SHA256
1bbe9c78a1835d053fb1cea440b0d983843f7a2bc6584b40fc63c139eba4c41b

SHA512
4d5f5f09c7b1d1f80a3a7aded88ee71d681f3ed34e9ffdef0e7cf03c173f151a456c3c95a3e456ef3d067c66bc9bede0bbbfcda1578643687d639b2c9df06f4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
396b5d356dadec5f1062144d5e7a72c9

SHA1
e9ee9f39b49869b86366d8feab2ebd24d36c0163

SHA256
345fdfc683fa5c72f2b453900709ac886e5e2e1aeb945217b9a77778fcca4810

SHA512
b5d573222d48483822d432c3bb8c518290c3f573a10620cfb5fe33fdc1f0108f8ac605fe776d664cb347c074adad21c0de10d7649884d433b8d33e4980b35f62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
0df38ecf3a2849525fc124dc340d1f53

SHA1
23f19362d6983aa08058afc1ce4c6624096fdb31

SHA256
f52dddcf28b7f8167fee6c3964251a900801511c214ae2464a5d23ab7c749806

SHA512
8e4006766e121eedadf3717585f24072f61e340432f0d26a6f5c00d20a2cb3aa904f4886c2db9ece5e14a785fe1de2c49cf2e0e689f1819d430c64e599f5dbcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f6d2fb533c4705a5a407ef0a41a495bf

SHA1
1cc305218ee4b8992154f2cf83534f87f715f1a6

SHA256
7c98253bfaf1df1e2ab77e07e4acc532d4468afdfc849dd7c65f8c7be1af8808

SHA512
298c4fcd8032ed71696656eed62e0bedf0c8304f732ac4d5c92df15e1cb209fd39c0607caf93c83cf2aea1b5b3b2f508101d5d78ea9a49812e716f24670021d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
846fb7b014ac5744d559d4855c3c881d

SHA1
ffc1ee71baff09f35f7c7a3d4439e63b64f4d591

SHA256
5c106d741d4986da9b1ff18a59790dcd6b5b50cfbe27bba02b7de11347dd3f4b

SHA512
a6a245a59e90e26f92d64d635e98822b377d4aa0726f390ec8ea41ed608d96b755c7e6ab2887eb4b576d739542c8d6025f4087d405c7d916c65014e498259312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7fc3659b75eb089ed3689c6ab0be4634

SHA1
3137a14460d9bec1c4adfcf1a7b7ea9d7a0685d8

SHA256
4e8f5a8985637de143bef96796ef869d7152705670d98a5f2829ad1ba7f0ee12

SHA512
e9733e66f3dc9f1c190b4d3b6d60e7f6b071fc6d0f439d7a4afb9f8c0b497fd9fb84883f55be1175da9c38528464281e37b143b4094eef2571116c24b3946af9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
57a41a5c7028071508a786a7325adf3e

SHA1
030a6c29b2cff72515c8155e3f783da42b459369

SHA256
82335176f7b4c48c1db1c651831a8a750c65479e052649d59941772733cfd77d

SHA512
b8a4a5135bc38f1ea35e4a80eb5e7eb0a523a566926f429ee91ce44d1475c212d2f8b8c17dc49a2dabe9c1135c62abda8debe288d9778174ae0c7e334a61eb28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
9f95e8d5844d4af90271366586c9380b

SHA1
5fe6c6ff89cbaceeb05afd14909f0c239c008d03

SHA256
88367ff73abf05ba7a94538bd7937647b64c601107dcb043750b1c33302de7fc

SHA512
7ca988b68c85c0a47665ee3b0ab9f0a9a405653094a90573e5eecf1b93ae13658c31c2cd1efee38d3344bddeb8c3c099a22c81bace78f340f3ee318fa15a3ba4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
93a5825e3b72e0518c95f478046c1e8f

SHA1
76ec0d12fbc99e20c9f104cc0468eee430e40387

SHA256
c66e059702fdc4d5b4fc58015acea6357bcf0cd72559aea0e39cce895ff3097c

SHA512
79faa699a103116ccf6560554eea674e9413720eb8bffedca87c8b4bc06e43b45d6bf907ec7336bb8c567689be77ad808376b39fa73f73fb52ad087ce12b0d28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
84bd1094a5889e290752931b53096755

SHA1
4d713f5c06c63ca998ffa29ace4fd15958352f48

SHA256
68ce6a3354641233212282b01f322c7d2043d667e7d9acafdf3e8cce6db70692

SHA512
03b2d2bf1352e82f16eda42b743a11ae73eea1a3f17e7102fc63dd4be2806fba43320a66068475e20745eba4129378bd3192051103d72ada22e8264fcf4d1221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
08b23ec992b03b367b0c99cc91a8834a

SHA1
07fd6e808a3edd8c27e0eaa17ebe19469a91c464

SHA256
c14012e994162a091ceae022b4c33a3ae378e803c2613a8005ccfb574495d2b5

SHA512
3e54e94bf01da82753b72451ff76221fb95e72b9969961263df6e6bb313392b8759f6d9cd530dd6cfa830e73baadc7528f85ec3087adedafb5c95369517c0633

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
b26e3e20e15c68c76a76ea2fb787aa61

SHA1
66de64827debff891ff0ea1dc40639b71edbe452

SHA256
0b4f2f84033411bc0f98a3a96ce7ca2596423f7386e8d5a40cd780b8cb66d351

SHA512
986bda6d61c8e4408c2ebd5698df2df8c3c83d45d8e0fd18ec672eef06656a7f92a2a8776e5dea26afe0b3b391e2c64eda9e20d88f7d2c15c397fded0def8516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
99486088989b55fd37c6a255d73eabe7

SHA1
46a82867d112fe53b708d158042bd30f3e49cf1d

SHA256
45ec8a14c7ab2dff76a31c12dc6bf74df0110af57bdb17eff4be88a20cfbda29

SHA512
75e8f86d1c3cc29156fbe46952f179df33b305597843c17a2feb24d75420e3f0011ad41e1f53aa62c2484954475f2c3d721c1b58bc9fbf9ba2d247e4b36602a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
479f10e47226502748303c1c00d3ba2c

SHA1
f51fbed6642cf9d063058b13be449c66d4908802

SHA256
a17a5fd09f1638c6ce56a6c875ecd753aa29d846a630628fce20aa36be160bcd

SHA512
22d1510742708a82ef171ed46eb7b1bd51353c3c08d55aeb4a0ddcbd113f166e2492eec532e17fd548f296610a0e1d7b24d479d8d6c9f9f452eb647767e5239e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
74c7b85bc8dbc03462e1a892059347e3

SHA1
369d2cbfee5e7b8a85e62bf96f154a80dfefe66b

SHA256
fea2621637fca6927888c6532a1d9c49872311410c7044bc40f5c3faf0521c23

SHA512
cce85486e83df6ad82db4416ab3e0d3a982458c00744bd77b38a82a571c232086aea6057bcb3a6db6cebcdaee9a7962ca3eea60c26a69579f1578673109c3288

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
a4c2a9ad1495c14eba298aa544ec5286

SHA1
061a8f5c159f64a03e7d2cfc6014dabf9fc12eb2

SHA256
57f3b06d010c5374db95391cb8392f8955d1291034c28b619cd0a9b6ed1a66ae

SHA512
a502e557ab39e92deaf2895de11a468443352658f906dbcd57763da40dc1bdb593d2299ef730e75f4eab1c7ba1751b739f3b504c17b5c73d315f27971eb4f096

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
36879630e60d17d88100a6554cd33e40

SHA1
5a0ee0076b45770d895e15eb9191c06aa5463eae

SHA256
1ec1cbb0e56b01b1032cfd037a13af438ce5355bcf1399032157406fe7bc26c0

SHA512
e418de931656611394dd528f0f40e528a66c72a333cb73307dbc5235043d916a9c459671df8fab9e2fdf84d5b977d5db52aec32e2956b45f5b08217eb3d37676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
efab1cf8a3f2634256e07f0c70d53550

SHA1
d58d438619ee78bf0a36288423eb14a9960467da

SHA256
d4318d8a928d0d8840c73c6a25726bcc4105841b9fe174332763164ac5e5a59a

SHA512
54585da7c1346254d6891501d77d17e7f5c5cba430c170612b2c3a259139c9588db535a0a9dc53f79b24fac44d3220a10724a34aae6929da047b991d99f80dfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
aca46e0ac4008d2120b85e672cfaac88

SHA1
dfcc3a0024568dbee8268a6fc6f63dbc020ebf56

SHA256
9c370213293f29586fe9fea7d5d1be679eed4a8505a7c0f92f48439ffe60e552

SHA512
377223d5b468012029bd122cc138402b2cab337afa2b4d1b7911215b727c4ab9ec47b8b7d43f488d9249cafb1695a2b2df7e4d36a3f7125f2bd276c87ab0c7bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
7e268716cc88f8a8a9aa77bd171a35a6

SHA1
c6ad3609ffbd1789faa09f721497f7fa53f0b999

SHA256
219040c889b4a4eb59b07ccdf83f08d618202e1f08d474c57d7032c082e684c1

SHA512
a986d85711d0764c8255f50e2163234d680272663a5f96699a9fb17b944210d078344a84bfde62a143860f5c20067250f06e773e9c58578069befad8f4fa4ea4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
440f3dd4290ba66854c8cc6af5d1a66a

SHA1
c3a9cf0f8ef4960e861602b4f11dc47dcf7f837a

SHA256
38e075045febcfc9d66239d09e9230704bace6eeebfccd97f8e2f07e51eed929

SHA512
76efbb25aeb2f67934934fe787a8ec73cb9816b05cecf10f5275971ee616b213659f20270d51a6bb9f468221191df58168cd98dfadf6d4444b7aff3b064ed222

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
69443217b7b846589e950e02bf48fae7

SHA1
3878fd4e54055d7fe1d64594792ea43932e890f8

SHA256
68419c2e26ed3350b7f2081f26d5b574099fda546b991593b9a8acb3759bc946

SHA512
a5005b5a4537aff7e09923e8cf9caf0b83e388328deb5776bf06b8c53d478d4886f59014c411b3abe15cc495d77457d727213c795d28b56d68d29eb357ff4709

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
da9dff9bda0e7a7dfbc8b771190f6871

SHA1
861ce9989f3dd7e62fa81afeb82fddf009d73e38

SHA256
bfd47d2f77618061fd8e537f0e28c5a671199739c4e28ca6ff2bad7a19807472

SHA512
7b3e4e6edfafdaacd159160f3f57c4081ab54b028d8c54bb03946027c1a92b6583390d800e23e1bf5c6b4f2af1dd760f494977ab53227367a96987e91fa67f77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
b850c31c5248fde76136c46e205d9ae2

SHA1
1c077a13d5082024f2af7210a2cf31713e11c191

SHA256
deeb5237aee056d50f2da0db614ce9d65b827e3b778ce5772453dbfdc2fd40f4

SHA512
93f16c83a7b7b05ed4cbfd732ce54f8fc07c72ceb2e7a0d7280cda7879bbe590023cb57b876f8de4fbeb77a24370d256eba89d14dc6d9903ecc3dd1cafafe75c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
b8a011258582b104f58b9fe86ae665c3

SHA1
8973f4799239629697f0fce81f8dec7e3f1cb30b

SHA256
bbd58ea4824c14b711079367fe79a1c87e86522b4f7f89a471450845ac5a6c06

SHA512
b14e4f49682f53938561242ed88a4c5b11895ab0e327ae3c0a78a8727b2459a1c668ea4e50c62ed866488e61777bada05f6c6dafee310bd540398a8c7403d1ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
84ecd1c3bf744ca3dde6578e1ffa082d

SHA1
f5b22a4e245e6544c674025962f51ba0356a708f

SHA256
4e43a800a937dc4b53fba8e2061b53f1963b16c85f65a15663ce7050553202e7

SHA512
ed121dc5aee1c3c41ae2b213941e8416bb3223ba82d4390f2a992b693aba3f03ea43349a3d5fd171d7aa8bc94b598ab00fa5b6d73235979f1149c3fc13a9c274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
ada03fbe5da5c0d684931555094d23bf

SHA1
9082e90f87ee19e7a0fc98b4893a08b87cb10db4

SHA256
4dde7c7869d9f19950fda98c32f675fcd1c766f06391e6aeff21c2961fafe2ac

SHA512
7ab29ec57f686fcee5410fa36905b1f5e88a505b57d739d50480aa7fdd44c9edf8a99bb9ec3d43bc0ff20a240193355a6df284e390edeeccf83db86517302207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
35faedae7234481113b85046b4fc06f8

SHA1
d5e79f5b914eacba1c3ba4f264e3e4658cebef14

SHA256
74c4b594f8b3fd4501ef5b7695ffaeb01de8162f054abc1b8a93c86ed4c20dec

SHA512
ce0c1106dfa4b7cc3310e26c736320e8373a866ed078254e62246803b687126e47ff1115c939e0626a8a82f3d10f4e4d5302b4b2a910b5ac686c032cdf2ca015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4a72f03c1f6eb4f6cf95aa6824ad5ff4

SHA1
e75c2f9efac60b2ca267514120b57190c719ab2a

SHA256
9fc03a284c5685a5b2cb07edc550f34493252927a63c7443371247dd0a5f8cfb

SHA512
6cb5943345dec13b628bb4dd6712619a98fcf4d28b8f7110c8094393655a4a31973c6c443f0f9fe48295c162ce48e18576eb2d66b8b9808fce70e13a56196431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dc27.TMP

Filesize
540B

MD5
751986e79ea3f39e54e7b14f40261b0c

SHA1
d7ebe40b7cddc51cc85a570523ae3ea6c0ce73a7

SHA256
9d439f8a40a9a0ec7bc84d77f9251bb3d624a1b0dd5a2e5d9d3e663779bfef88

SHA512
78858d66218db3531608de9e98c2c348ba9ba11dcb779f3d898e5a4cd707e6bf8bf7ee4da3c687afd08806e7ed28030a90a6ebaa2ac14b0f24d02cc5b9683a7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bd4cf34b1aa82894ba86d7a0078382d8

SHA1
e4c1f6dcf17a8d03b792647b889560d696a7a091

SHA256
63b12a7c155fd2129c326034bd39dc009c460c57c6b3ff337899eb8ac0c45c66

SHA512
49e029931ae257b49d3c870249de4efa0b715b08a857e61b4c6c2c5f7ff39f5ea4ceeb149d71294c7159b8fc8622eb54a2e37b61383e0156dfade8d15136a99c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7d2e78ddeb5bbfcdee7260b25e78e1e6

SHA1
f2f156fc71da54fab6a548202e3933b4ef880d9b

SHA256
f296b786e3c6eccc55f704f961355c8715c96888e167fafeecaba21a7f075aa0

SHA512
bb972eb828213bcdfd1a24c383134b4f3affe7db86b20d04f71d4ae9113b5e2d3c691f52d22457f1580d3d160eaeff3683bb3a3bd43a40dbd52eb1c93c524b65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7b4a3f0f0129fb202020fca0fd1375e3

SHA1
862c9f7c17b549ac45b0d0fc891af395594bea76

SHA256
18ec54cabbb16fbfdc161ec3bd923dbafaacec02600fbb171b7b480af69e90b8

SHA512
1b95980b4c96efc7bf79d6f50e163c84820644840f99add982d8b23849827db7cbc1de7ffd9aec57fcb8291f4a88d47d5c19a3e15d793460d25d964f04430308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8b49252d03d4e776e4232eb4694e3d9c

SHA1
b2c131cb39d960228bec2cc0f2272bb44577e492

SHA256
eb01a8e286051b65a2c2c944f55d8db6e8babd923a65b9c63a652b657347fe77

SHA512
bea1c2d40d31d8a2a2fe6ac861456d3c0f444321926a8204dbb583743f57c2b06b6c12004d2f51db8951cc393aac78a84237887edcf4fdc46bba22a4582fab89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
02b938e48aa3fa18d1c901c29d762a37

SHA1
b18d0a8d045daad71f37e5b8343607c7c03b7dab

SHA256
9428936dc686d5a5f4f801896c927032925f05484d460b18a75b18791b94188f

SHA512
c8e5daa0946a8e9c6bd5a482b73519ed656f906e87ced6767b22c8003b27478e9f92faac9d1109473a24b95ab5f1098215c24ecef061e5b09c730fb6943688f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a78a04a7ed4822d95051d7f840ef9897

SHA1
38f2bf0859a1552458243388b3fc925fb82bacdf

SHA256
7a663e016670abda21ab4b7920b53840fd9175048e6dd1c68c87b1ab9e377e0b

SHA512
ea80a88ccf1126714eb5d0cccf86735474b51cfb753e286d8fa2d0d74c2170295e37c7e280f6a38ee401993d36e96d72344769f5a1d046895498fe42873e525c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
544867d5dc84b0019230400eb58ef005

SHA1
66c224af0f71597f6ac07acf379799a487c1e7c9

SHA256
882d7834f84d91a6e878736e59ab02eabc51d228e63d47ee7595ff7b5514f64d

SHA512
22bfe323aa50d807dfe26fcd180e2da7a0a8a8982f69c630308d66fb08ea7b28c261a198970b1f2a15487cafa772e50c7fe4f3ba1cfedd8d16b134dccdfd63af

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000002

Filesize
19KB

MD5
8f661b8c2dc08d06a2992b1006fbf95d

SHA1
51f7614ee218ca027670a3bb0d7cfe1f23869602

SHA256
8bb39a6f700638d352b26ee0cb86fe5fd1127397dbc18d50a5bf37eb9ef6519a

SHA512
80789cf71769f1c03910535c610c942aa4be684433bcdff360ba309a6c15b3878920a49d1d1303c322de64f200b8e5d316b428b66668d51f9ddffaac0aa5f80f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000003

Filesize
24KB

MD5
944531387ce01bdf7ad736937b9b13b6

SHA1
df6268ebe74638714887588a1f43506b915e717b

SHA256
d6c997210287cecf290cc7c5cc99c13a46d874786d1747cace5f00713069e2a7

SHA512
25cbff327f7af6013476a5453847a5f0a4354a8efe773a4f7f8e29c4b8c12ba8105ed344109cf0a83ee6fe986468c2318b212d2eddc1dc2a6fb4ad9c7f9fc4c2

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000004

Filesize
78KB

MD5
915131c027a32635ea52ce9e420d63ed

SHA1
14f3ac48332d6d5edea86cec97b92087a1d9462c

SHA256
58634c8cbb9892cba09984db057e4409bf15d0c52031929701073527d7fa0008

SHA512
35ebf32fb6fee63565f8b93fbac38b04113e462a1aed802ab9011c342874a0a363358f37bbd10b6ffaeb261f6ec184f85ecaee951e5e42f66d42d78019c8d3a2

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000015

Filesize
99KB

MD5
1d95e2bf44ebb318972a0be7f62c2e4f

SHA1
0a2adf6949449c7e5a35b8618365db84fb822f49

SHA256
d67b3a4ee9bef0835d20d36f3b16e0a332200b8fa88646db78cf8290ccbf24e6

SHA512
00c42870eba476ebbf28ff8978c1db3e957759599fac1a681784736d848bd98cf1d7b7910ce2f1d43b4dcb94504255963ebb762a43790edad19fbb48269fe313

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
205fe81b777e9bbea1e12aa7f36e21bd

SHA1
12a55fa1c49bf6070c961706fda80315c2e3caa6

SHA256
aeef0e12b8c50fecff2d27cc10f62b0cfe572bfc3a9d356abb14d6e80f181c35

SHA512
003ca6a504a813e6a894d15d5b84824cb2db7039362e27aaaf5ba2c6c9218863fc682a127c452e6a3b4a5b79e0af75f1459f9556d5904f04e9ac9a6f5c8eca6a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
9b69836ca49b23ce47a5469619e42691

SHA1
181fe844702ae25942a72e14fd237804b6ed2ccb

SHA256
2c141105603682751d8e9ec5893c5d924824cb2a231fba127344fb5052a1419b

SHA512
cf73298c6fefb6d3e2197ff68640b30aca3dc4d858899d50ebf5bab005a63a06df21dc7f91b3182ae1690f36d2b610a61ced55ff5a563dbf7c2e4b7a23949699

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
98ee89fc7c234e1765f372541a681cca

SHA1
eb0e34d2d08e0b9554767120c5db06df6a4b2ef0

SHA256
0eca10ad4ad516376590eeb88046ab46281165bb6ae9dd9d494416b8c52b975e

SHA512
87974eb05645c30410dba2a30489e0684a45bd525c6850fbf3b229cfd31156e1e453d63b2f20f60547e9245219d8d06514877042e25f7c8cd7a2ef2e22de48f5

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
744B

MD5
c379aa3be9058acdd6bf9f9efb7361b9

SHA1
ca6504d28023d1ae75a1f0799652b980aef5bb84

SHA256
37717db10f6616708b8f67b324abecc157a56efed37066940018cdaa798516bb

SHA512
ac35c04a706b2231607c1f7da5e296b128f5cc0a0315957030b3c6832b64069b4ecc95b5f8988975ba2046aa5f547cc4940b4396814d9ff8802b94650a45ef63

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
856B

MD5
6e02b93c5e8be39df78cf4f8c3483057

SHA1
f73cdd144ef4ed14d7ccaf9da38dda324ecda939

SHA256
0c01f9615e763f57f3ecb52238af66a5416cdcfdd0de7ad6278babd0d3cbd7b8

SHA512
c10881fbe539754e1be078c2126e58e9d59988d762a9f1f89e3f8649fa034cadaeaa03b202d0dd997cc9fbdaecaf8d48baf0b7d0d6dc645f52aa7a775e54f3f0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5b46c9.TMP

Filesize
529B

MD5
0a5b516b804e1c7b61aad4526b5c8087

SHA1
461445e8cf91dc048ba0fc89ba46133f7410b3be

SHA256
bb60356c0f5ab7ad97d458c657225455aafe24a1b45e4293ce0ec037abb2f2e8

SHA512
9c88cdfdfdfb73f5ede6421e6dedfae7507db3a22f31ab4b15f4169ab9622fbeeef6135a16d07b77793b21006fa3cb9bb69ab217ed140ede0ca49fc24b52b7bd

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
be459a7cb520010072b3957111426713

SHA1
dbe2d041fb2a223db96ee9dcda11e6f6144c8030

SHA256
827a78cb76e0d0619d545f35b2143263ba5b5d09f11a839acc803ed415214b36

SHA512
2b33c978f5bba2a76146c6652ade09ea3a57cf77fe0221e18f95dfd28d0db33d6479cf165b6499bcbfbce60576cc821b64129bbdbc995bd86aea73c80649f3db

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
07b2ad4b0c624c6e14ef65226b2605df

SHA1
1df16c3ae59fa34d3f551b8f4ba03ee173ff125e

SHA256
a5798ad8b314f9130c1c8f23f03d6797bfe45fd7e1acf4777548437b7c7744a1

SHA512
876424a12e9a855553888f21824e156c52756b7eb1a6cb775dc6997978c22669289fa83109b02d808e8c92eabe98fd19614bb821749c83554869751c7ec1448f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5b5a23.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
18a93856a2febd0f2fe8f1817b52cdab

SHA1
c7ebeb05d83d2a0af3d4316d5c327748228c599a

SHA256
531baa9a27b619d69b8a16e790eabced2e184911eea1df282dd83af9f01a93d9

SHA512
2f44dcf25a6141a297cead662fb29ac037d52d36b39a11877a1e00d13380dafb85e7999c5c87eb5e877b3f54d1e7419bc8f959927cb492fb6d69f321e59c570b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
2b6576d0229c4f81da4d1f648839cd5c

SHA1
0de56f544e53ddfe964072135870af1b57e8d221

SHA256
a84fa04a58527e0f57987cecdee5dcd6824f6b82acd8dc3e779d612fbeffe44b

SHA512
01bde0fc5ceba544cbbc164aa48fa13157ad25a4a66b137c1a53f70966c5876348c9b80ce41b4b0373fdf6910ed793e2c006aa03e577cdfc69927840252bf0f6

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
31de43ecc15bc5f9364f1eb624eabdb8

SHA1
dbe2077136bf0f00c2b7d2ef158e50ccd0c4e903

SHA256
8d12363762586a8f42e2a1aaabe641af9aab97937549194083d0c035b89d8250

SHA512
ac8f84257a2f9b5507c5b52106d39f056981c233dce52778ce3b4a5121bae228c9a40df8ca31bfb42f6eb0236f8b19d888e741a1e27ea7de9668b0b43d3da02e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
91d8f75455ab9e33f8f11ed5bdecc13c

SHA1
ead2b9e59a2abc9e4d579686e33ccc9732535707

SHA256
d72927ff192d8304326d772cbd4882b7b4288de7bb109313a8e83409fc39b9ac

SHA512
0889c3547adc859f9b42af5cb31cfe655d702f919a85d8a3065629ba41b40b3f6a79fa068ce4c33c9de1250e23b090ab06d42a5d6b00b3d8ced30db9625895e1

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
3c5e39e6439d252b4b0dda7b04364d6e

SHA1
15179747c7e3de0f263e79f5d82f77089b0df9bb

SHA256
406f02f611ffbc1e46af20fdfd70dac690ef8f167a777a7c2a2e715f373c38bf

SHA512
833bd8a0d5bb87255149faa18d229f9f8472ab3ba6b92e56af9f9de19c938fed4480ba23a2d3ca2deb6a45dd35a47c8b100e836c108b6af151395bab324d4c11

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
f28c0d4d10fd1116cdef89b7800a40c1

SHA1
a9aa9092590845d2c2b7b4ca8fff27e6fcdc6272

SHA256
d172bcd0bec39f515594173d6129602052e80c9e0c430163694464a31a77117e

SHA512
0bc5674e3190512c7443ce2350a2db0cc2082b90da0a1a2c0dfda337f5ea7ee0e85e4ebe8e254f7282ebc5d7e8988ab6f78350e6c4e5d78cbec0a0ca7c0fdaa9

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe5adb3e.TMP

Filesize
188B

MD5
785bee6ec99e4ed798566860670a6fb7

SHA1
66cc4b98c091d5c513e317472dfd6d357101dc2d

SHA256
5c8c4456d29d0e5a5c94926e976a6654642ec68d7adeb5cdfa8a3dbd687d2361

SHA512
63fd4aab95b273cf9066b67bd0d36f8d357df24b024207623313d03e05a21053e13b1870f04968d64411994d00ebe65960d7a1202bb5e0975426e7a608c69efd

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

Filesize
2KB

MD5
68b20851ccb9834d21fb32615e42bd43

SHA1
88fab935f0b9484994097c08f785e9ecb7d68127

SHA256
a954b528dd65ad6c4c2091fa32f17abdb7a49454ce88e10bb6c377734c70c26f

SHA512
dcb0771120c8fe35213d60e9abf4b242af807324759e3c99e9b2569c00a941d885d53ef6fadfe69e6b740e0b52a6008602605d643801190a2d29175a7d065e15

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

Filesize
2KB

MD5
602c49f9246967bdcff45b4f43cf2fb0

SHA1
4c5796e0c724bbd7a9244cc8a0fc9e8f40181f2d

SHA256
a3ad9649c1038078038be1abd591cdba73b4b4f5cf30e11bb6cb7a432b746114

SHA512
2f273c0dd0127071f4c768cfe7277c6efff84c1ef4f4271c1326db3658c84261794b106af3198717f349fbaaaf276163700bbb50ae20fe52ed0a88a192d46f77

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl6195.tmp\StdUtils.dll

Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl6195.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl6195.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl6195.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl6195.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 47351.crdownload

Filesize
837KB

MD5
93ef55f275e12608889ba7c2e908e6d8

SHA1
969a31955b49a8bd82567fa582b3f29528ceb6f1

SHA256
7af03f9f3e8d96c931d69b1ecd531ee976c6e504d678bbf44f553ffea8943291

SHA512
fa3dfb36608777a5942cc3ffdb5d1599efd0420dbd436def11d860312b6dff64af6d9c3022964c78eaf34c3173a8907a3b58e88fda8f83a4e8e4063287ba7c53

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 759749.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12720_797822366\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12720_797822366\manifest.json

Filesize
1001B

MD5
2ff237adbc218a4934a8b361bcd3428e

SHA1
efad279269d9372dcf9c65b8527792e2e9e6ca7d

SHA256
25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827

SHA512
bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542

Download Submit
memory/1600-13773-0x0000000000620000-0x0000000000AD2000-memory.dmp

Filesize
4.7MB

Download
memory/12660-13942-0x000000006F260000-0x00000000705A0000-memory.dmp

Filesize
19.2MB

Download
memory/12660-14265-0x000000006F260000-0x00000000705A0000-memory.dmp

Filesize
19.2MB

Download
memory/12660-14229-0x000000006F260000-0x00000000705A0000-memory.dmp

Filesize
19.2MB

Download
memory/12660-14337-0x000000006F260000-0x00000000705A0000-memory.dmp

Filesize
19.2MB

Download
memory/12660-14190-0x000000006F260000-0x00000000705A0000-memory.dmp

Filesize
19.2MB

Download
memory/12660-13969-0x000000006F260000-0x00000000705A0000-memory.dmp

Filesize
19.2MB

Download
memory/12660-13979-0x000000006F260000-0x00000000705A0000-memory.dmp

Filesize
19.2MB

Download
memory/12660-14407-0x000000006F260000-0x00000000705A0000-memory.dmp

Filesize
19.2MB

Download
memory/12660-14736-0x000000006F260000-0x00000000705A0000-memory.dmp

Filesize
19.2MB

Download
memory/12660-14674-0x000000006F260000-0x00000000705A0000-memory.dmp

Filesize
19.2MB

Download
memory/12660-14100-0x000000006F260000-0x00000000705A0000-memory.dmp

Filesize
19.2MB

Download
memory/12660-14131-0x000000006F260000-0x00000000705A0000-memory.dmp

Filesize
19.2MB

Download
memory/12872-14201-0x000002898B130000-0x000002898B131000-memory.dmp

Filesize
4KB

Download
memory/12872-14092-0x0000028983C60000-0x0000028983C61000-memory.dmp

Filesize
4KB

Download
memory/12872-14204-0x000002898B130000-0x000002898B131000-memory.dmp

Filesize
4KB

Download
memory/12872-14093-0x0000028983C60000-0x0000028983C61000-memory.dmp

Filesize
4KB

Download
memory/12872-14094-0x0000028983C60000-0x0000028983C61000-memory.dmp

Filesize
4KB

Download
memory/12872-14095-0x0000028983C60000-0x0000028983C61000-memory.dmp

Filesize
4KB

Download
memory/12872-14096-0x0000028983C60000-0x0000028983C61000-memory.dmp

Filesize
4KB

Download
memory/12872-14097-0x0000028983C60000-0x0000028983C61000-memory.dmp

Filesize
4KB

Download
memory/12872-14098-0x0000028983C60000-0x0000028983C61000-memory.dmp

Filesize
4KB

Download
memory/12872-14203-0x000002898B130000-0x000002898B131000-memory.dmp

Filesize
4KB

Download
memory/12872-14099-0x0000028983C60000-0x0000028983C61000-memory.dmp

Filesize
4KB

Download
memory/12872-14205-0x000002898B130000-0x000002898B131000-memory.dmp

Filesize
4KB

Download
memory/12872-14091-0x0000028983C60000-0x0000028983C61000-memory.dmp

Filesize
4KB

Download
memory/12872-14202-0x000002898B130000-0x000002898B131000-memory.dmp

Filesize
4KB

Download
memory/12872-14090-0x0000028983C60000-0x0000028983C61000-memory.dmp

Filesize
4KB

Download
memory/12872-14200-0x000002898B130000-0x000002898B131000-memory.dmp

Filesize
4KB

Download
memory/12872-14199-0x000002898B130000-0x000002898B131000-memory.dmp

Filesize
4KB

Download
memory/12872-14198-0x000002898B130000-0x000002898B131000-memory.dmp

Filesize
4KB

Download
memory/12872-14197-0x000002898B130000-0x000002898B131000-memory.dmp

Filesize
4KB

Download
memory/13388-13812-0x00007FF9F2B00000-0x00007FF9F2B01000-memory.dmp

Filesize
4KB

Download
memory/13388-13811-0x00007FF9F1760000-0x00007FF9F1761000-memory.dmp

Filesize
4KB

Download
memory/16884-14373-0x00000264D6230000-0x00000264D65A8000-memory.dmp

Filesize
3.5MB

Download