2aeadc854ba132259d78e5ce9fa040f02d04a00187f7dd6881a5f991efe9c7bc

Analysis

max time kernel
478s
max time network
465s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
08-12-2024 21:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IMG_6366.jpg
Size

778KB
MD5

a66867b8b2901da146fcaeb3319ab8f0
SHA1

93f317d95f40058c23248951ffb56a6e6a60a911
SHA256

2aeadc854ba132259d78e5ce9fa040f02d04a00187f7dd6881a5f991efe9c7bc
SHA512

47e15631ada1c2d5834ba2d6e552de073b20cc669f44ab83617e54ca76186ee99b3571e4b085a1602a8fa9e0e57ffbca97a2f5c9a027d8a0e5b46ece60ce70e3
SSDEEP

12288:PVwNqwWnfeH0ENYbVe7bQLXdwrs0+2col+fCtZ05H1U5fp96s+c6LQ2n:NwNbgeH0VVPgcZCX0I1r+cyQ2n

Score

8^/10

steam defense_evasion discovery persistence phishing

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 27 IoCs

pid	Process
1780	SteamSetup.exe
3436	steamservice.exe
1544	steam.exe
9028	steam.exe
9076	steamwebhelper.exe
9120	steamwebhelper.exe
9412	steamwebhelper.exe
9524	steamwebhelper.exe
10628	gldriverquery64.exe
11060	steamwebhelper.exe
3848	steamwebhelper.exe
12324	gldriverquery.exe
12388	vulkandriverquery64.exe
12464	vulkandriverquery.exe
16220	steamwebhelper.exe
5160	steamwebhelper.exe
18252	steamwebhelper.exe
22088	steamwebhelper.exe
22072	steamwebhelper.exe
24492	steamwebhelper.exe
24480	steamwebhelper.exe
10852	steamwebhelper.exe
8632	steamwebhelper.exe
14388	steamwebhelper.exe
17116	BadNorth.exe
17176	UnityCrashHandler32.exe
18392	GameOverlayUI.exe

Loads dropped DLL 64 IoCs

pid	Process
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9120	steamwebhelper.exe
9120	steamwebhelper.exe
9120	steamwebhelper.exe
9028	steam.exe
9412	steamwebhelper.exe
9412	steamwebhelper.exe
9412	steamwebhelper.exe
9412	steamwebhelper.exe
9412	steamwebhelper.exe
9412	steamwebhelper.exe
9412	steamwebhelper.exe
9028	steam.exe
9412	steamwebhelper.exe
9412	steamwebhelper.exe
9524	steamwebhelper.exe
9524	steamwebhelper.exe
9524	steamwebhelper.exe
9028	steam.exe
11060	steamwebhelper.exe
11060	steamwebhelper.exe
11060	steamwebhelper.exe
3848	steamwebhelper.exe
3848	steamwebhelper.exe
3848	steamwebhelper.exe
3848	steamwebhelper.exe
9028	steam.exe
16220	steamwebhelper.exe
16220	steamwebhelper.exe
16220	steamwebhelper.exe
16220	steamwebhelper.exe
5160	steamwebhelper.exe
5160	steamwebhelper.exe
5160	steamwebhelper.exe
5160	steamwebhelper.exe
18252	steamwebhelper.exe
18252	steamwebhelper.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Detected potential entity reuse from brand STEAM.
phishing steam

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 9028 set thread context of 17116	9028	steam.exe	143

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_dpad_click_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_l_touch_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\Receipt_CC_UseLimit.res_	steam.exe
File opened for modification	C:\Program Files (x86)\Steam\steamapps\downloading\688420\BadNorth_Data\Managed\UnityEngine.AnimationModule.dll	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\client_login_bg_grid_china.jpg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_l2_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0320.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_touchpad_up_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_p4_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_color_button_x_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_buttons_e.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0410.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_list_over.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_right_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_button_menu_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_rstick_touch_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\1407200_library_header.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_rfn_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_touchpad_down_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\StorefrontDialog.res_	steam.exe
File opened for modification	C:\Program Files (x86)\Steam\steamapps\common\BadNorth\BadNorth_Data\Managed\UnityEngine.StyleSheetsModule.xml	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0020.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_030_inv_0010.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_back.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_color_button_b.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_080_input_0070.png_	steam.exe
File created	C:\Program Files (x86)\Steam\config\config.vdf~RFe5a18f8.TMP	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\vgui_danish.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_swipe_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\244210_library_hero_blur.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steam_messages.ico_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\pl.pak_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_020_ammo_0053.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\dlc_generic_header.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_rt_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_l4.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_rstick_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_button_circle_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_r2_half_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\convertcontentdialog.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\chatroom_unlocked.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\switch_controller_latam.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\trackerui_brazilian.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_right_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_mouse_4_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_right_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\layout\downloadsummarypanel.layout_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\c9.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steamui_bulgarian.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_r_click_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_r_down_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_dpad_right.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_rtrackpad_up.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\layout\pagination_panel.layout_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\btnOvrOffTopRight.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_touch_doubletap_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\it.pak_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\636480_library_hero_blur.jpg	steam.exe
File opened for modification	C:\Program Files (x86)\Steam\steamapps\downloading\688420\BadNorth_Data\sharedassets1.resource	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0090.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\StorageClips.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_l_down_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_color_button_circle_lg.png_	steam.exe

Drops file in Windows directory 7 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_735117609\_platform_specific\win_x64\widevinecdm.dll	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_735117609\LICENSE	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_735117609\manifest.json	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_735117609\_metadata\verified_contents.json	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_735117609\manifest.fingerprint	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_735117609\_platform_specific\win_x64\widevinecdm.dll.sig	steamwebhelper.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BadNorth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GameOverlayUI.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe

Checks processor information in registry 2 TTPs 15 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	GameOverlayUI.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	BadNorth.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	BadNorth.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	BadNorth.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	GameOverlayUI.exe
Key opened	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000\HARDWARE\DESCRIPTION\System\CentralProcessor\0	BadNorth.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\Shell	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\ = "URL:steam protocol"	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4249425805-3408538557-1766626484-1000\{3A577AEF-A31F-4871-830A-49EEAF5551F0}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\Shell	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\URL Protocol	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\URL Protocol	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\DefaultIcon	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink	steamservice.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	steam.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 548633.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4152	msedge.exe
4152	msedge.exe
2492	msedge.exe
2492	msedge.exe
3028	identity_helper.exe
3028	identity_helper.exe
3548	msedge.exe
3548	msedge.exe
2708	msedge.exe
2708	msedge.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
9028	steam.exe
17116	BadNorth.exe
18392	GameOverlayUI.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	3436	steamservice.exe
Token: SeSecurityPrivilege	3436	steamservice.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe
Token: SeShutdownPrivilege	9076	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	9076	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9028	steam.exe
9028	steam.exe
9028	steam.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe
9076	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1780	SteamSetup.exe
3436	steamservice.exe
9028	steam.exe
17116	BadNorth.exe
18368	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 1448	2492	msedge.exe	81
PID 2492 wrote to memory of 1448	2492	msedge.exe	81
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 1924	2492	msedge.exe	82
PID 2492 wrote to memory of 4152	2492	msedge.exe	83
PID 2492 wrote to memory of 4152	2492	msedge.exe	83
PID 2492 wrote to memory of 2668	2492	msedge.exe	84
PID 2492 wrote to memory of 2668	2492	msedge.exe	84
PID 2492 wrote to memory of 2668	2492	msedge.exe	84
PID 2492 wrote to memory of 2668	2492	msedge.exe	84
PID 2492 wrote to memory of 2668	2492	msedge.exe	84
PID 2492 wrote to memory of 2668	2492	msedge.exe	84
PID 2492 wrote to memory of 2668	2492	msedge.exe	84
PID 2492 wrote to memory of 2668	2492	msedge.exe	84
PID 2492 wrote to memory of 2668	2492	msedge.exe	84
PID 2492 wrote to memory of 2668	2492	msedge.exe	84
PID 2492 wrote to memory of 2668	2492	msedge.exe	84
PID 2492 wrote to memory of 2668	2492	msedge.exe	84
PID 2492 wrote to memory of 2668	2492	msedge.exe	84
PID 2492 wrote to memory of 2668	2492	msedge.exe	84
PID 2492 wrote to memory of 2668	2492	msedge.exe	84
PID 2492 wrote to memory of 2668	2492	msedge.exe	84
PID 2492 wrote to memory of 2668	2492	msedge.exe	84
PID 2492 wrote to memory of 2668	2492	msedge.exe	84
PID 2492 wrote to memory of 2668	2492	msedge.exe	84
PID 2492 wrote to memory of 2668	2492	msedge.exe	84

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\IMG_6366.jpg
1⤵
PID:3540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8f9be3cb8,0x7ff8f9be3cc8,0x7ff8f9be3cd8
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,5126168235332272907,5900670133001098186,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,5126168235332272907,5900670133001098186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,5126168235332272907,5900670133001098186,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5126168235332272907,5900670133001098186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5126168235332272907,5900670133001098186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5126168235332272907,5900670133001098186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5126168235332272907,5900670133001098186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5126168235332272907,5900670133001098186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5126168235332272907,5900670133001098186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5126168235332272907,5900670133001098186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,5126168235332272907,5900670133001098186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,5126168235332272907,5900670133001098186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5126168235332272907,5900670133001098186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5126168235332272907,5900670133001098186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5126168235332272907,5900670133001098186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5126168235332272907,5900670133001098186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5126168235332272907,5900670133001098186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5126168235332272907,5900670133001098186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5126168235332272907,5900670133001098186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5126168235332272907,5900670133001098186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1932,5126168235332272907,5900670133001098186,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6296 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,5126168235332272907,5900670133001098186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2708
- C:\Users\Admin\Downloads\SteamSetup.exe
  "C:\Users\Admin\Downloads\SteamSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1780
- - C:\Program Files (x86)\Steam\bin\steamservice.exe
    "C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:3436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3784

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:1544
- C:\Program Files (x86)\Steam\steam.exe
  "C:\Program Files (x86)\Steam\steam.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies registry class
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:9028
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=9028" "-buildid=1733265492" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:9076
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1733265492 --initial-client-data=0x294,0x298,0x29c,0x290,0x2a0,0x7ff8e8fcaf00,0x7ff8e8fcaf0c,0x7ff8e8fcaf18
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:9120
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1572,i,3671908691933489838,16224862782930063273,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1580 --mojo-platform-channel-handle=1564 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:9412
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2180,i,3671908691933489838,16224862782930063273,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2184 --mojo-platform-channel-handle=2176 /prefetch:11
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:9524
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2716,i,3671908691933489838,16224862782930063273,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2724 --mojo-platform-channel-handle=2664 /prefetch:13
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:11060
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3096,i,3671908691933489838,16224862782930063273,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3100 --mojo-platform-channel-handle=3092 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3848
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3820,i,3671908691933489838,16224862782930063273,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3824 --mojo-platform-channel-handle=3816 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:16220
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4004,i,3671908691933489838,16224862782930063273,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3808 --mojo-platform-channel-handle=3856 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5160
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4500,i,3671908691933489838,16224862782930063273,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4168 --mojo-platform-channel-handle=4504 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:18252
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3988,i,3671908691933489838,16224862782930063273,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3864 --mojo-platform-channel-handle=4040 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:22072
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4412,i,3671908691933489838,16224862782930063273,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4044 --mojo-platform-channel-handle=4516 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:22088
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4540,i,3671908691933489838,16224862782930063273,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4616 --mojo-platform-channel-handle=4512 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:24480
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4536,i,3671908691933489838,16224862782930063273,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4612 --mojo-platform-channel-handle=4548 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:24492
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=4396,i,3671908691933489838,16224862782930063273,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3768 --mojo-platform-channel-handle=3736 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:10852
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4692,i,3671908691933489838,16224862782930063273,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4652 --mojo-platform-channel-handle=4700 /prefetch:10
      4⤵
      Executes dropped EXE
      PID:8632
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=4512,i,3671908691933489838,16224862782930063273,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4100 --mojo-platform-channel-handle=3756 /prefetch:12
      4⤵
      Executes dropped EXE
      PID:14388
- - C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:10628
- - C:\Program Files (x86)\Steam\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:12324
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:12388
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:12464
- - C:\Program Files (x86)\Steam\steamapps\common\BadNorth\BadNorth.exe
    "C:\Program Files (x86)\Steam\steamapps\common\BadNorth\BadNorth.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:17116
  - - C:\Program Files (x86)\Steam\steamapps\common\BadNorth\UnityCrashHandler32.exe
      "C:\Program Files (x86)\Steam\steamapps\common\BadNorth\UnityCrashHandler32.exe" --attach 17116 7081984
      4⤵
      Executes dropped EXE
      PID:17176
- - C:\Program Files (x86)\Steam\GameOverlayUI.exe
    "C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 17116 -steampid 9028 -manuallyclearframes 0 -gameid 688420
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Suspicious behavior: GetForegroundWindowSpam
    PID:18392

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004A8 0x00000000000004C0
1⤵
PID:10260

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:18368

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:17892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\appcache\appinfo.vdf

Filesize
1.6MB

MD5
b89625095e32a3e49e442f248a359c2a

SHA1
5fffd86eb548383ba64fa626b1921e4a27ea2348

SHA256
fb98b20e95c4b8fed281d57601ee2eeff05797ffdf8aafad528ca61498a29c83

SHA512
6d275053d488087735f9578e717da005dcb22685ff0f4222ea2355e88b11c215e0ca6f366d7d87da71eef352c0fefe4d955bdcd14753eca49220e5cd10461898

Download Submit
C:\Program Files (x86)\Steam\appcache\appinfo.vdf~RFe5bc928.TMP

Filesize
1.6MB

MD5
d9c5efccc6a3c9b6391f05b68c0ae2d9

SHA1
4d8621545a139e52e11c26d9e855a26e4ad98bf1

SHA256
4f579204b1f94bceb453a2476ea5c8ee7c00993b97e75da2663887aa354d3162

SHA512
8dad9d5ae457fe6eef4bb8772c236259f1d7c7446ede909d65225de84d834673ff780ef27e95ed79e41e19603fe09a1af97136e6f2c38fdfe902559b56825b9f

Download Submit
C:\Program Files (x86)\Steam\appcache\librarycache\1144200_header.jpg

Filesize
63KB

MD5
f6e4af37f54af02deaeb1620b6c71d1a

SHA1
acafe8ec4125aa2cde4add804e5f66207b066cdd

SHA256
eab6fdffbe18d62d1f7cde2f261d1c9d2f6e498475953cafa2017dee23b70998

SHA512
0bd974f51fa7729e11eb25a1120ab2628bb766a40aa596f45614b213d3a09bab0785d81891351d8b9a8efca358633588e0bb5b1cb40b1497afd46e22b9b98d6e

Download Submit
C:\Program Files (x86)\Steam\appcache\librarycache\1245040_icon.jpg

Filesize
638B

MD5
7ecdaf8a54ec52b20640a88527512903

SHA1
3133a4d748ad3be61fe9db759339cd5de73339b5

SHA256
7bd8b75aec0a4d4a377f3ca3a023fd8b7c5fc7dc6a2a66d17f8cdfe5b731ab0c

SHA512
60ae2031eed0c38264f0d8db22a9b6efeb3f80c791e916e15a1730853162d56e0da014dbd93a5479bae4f3bdd5705ca89be70c90574a524abd1c276ed5c55a2d

Download Submit
C:\Program Files (x86)\Steam\bin\SteamService.exe

Filesize
2.5MB

MD5
ba0ea9249da4ab8f62432617489ae5a6

SHA1
d8873c5dcb6e128c39cf0c423b502821343659a7

SHA256
ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d

SHA512
52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
19KB

MD5
3d5ee152ce80514ea2438e6125e7b12a

SHA1
17355b33e96e03d56b322f33aaa55d9fbc681549

SHA256
5114c85868bcc238138dbb4f9047eee26d7526b14eccf0c092bdae84fca39221

SHA512
36857270c7a943aefefd0844a5f5b0c86da93ecfc2f9eeff9d3f4cd934af1a3c7687548f09a37f79d15cfa17ade689220551414176a360938502c4174a6ab602

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf~RFe5a18f8.TMP

Filesize
184B

MD5
3cdebc58a05cdd75f14e64fb0d971370

SHA1
edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe

SHA256
661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7

SHA512
289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
197451ccba3445f0649ea70af2478b67

SHA1
d5d8870de59dd92b2689bba27aee85f85211fe7b

SHA256
d3af480fe975487ea4754c88dd56df0d4cfe68633eb9abb2458f42ae3df34479

SHA512
348b98e050c6f9525e3a6aa291e4da9b30542e62d229e002b0e325e6d967903d18d853eb9eaa460eb152f3add3583e7fdf3b69d48f024a830ad929878b12f651

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

Filesize
4KB

MD5
0340d1a0bbdb8f3017d2326f4e351e0a

SHA1
90d078e9f732794db5b0ffeb781a1f2ed2966139

SHA256
0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544

SHA512
9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

Filesize
6KB

MD5
4c81277a127e3d65fb5065f518ffe9c2

SHA1
253264b9b56e5bac0714d5be6cade09ae74c2a3a

SHA256
76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9

SHA512
be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

Filesize
4KB

MD5
2158881817b9163bf0fd4724d549aed4

SHA1
c500f2e8f47a11129114ee4f19524aee8fecc502

SHA256
650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7

SHA512
f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

Filesize
4KB

MD5
03b664bd98485425c21cdf83bc358703

SHA1
0a31dcfeb1957e0b00b87c2305400d004a9a5bdb

SHA256
fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115

SHA512
4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

Filesize
4KB

MD5
31a29061e51e245f74bb26d103c666ad

SHA1
271e26240db3ba0dcffc10866ccfcfa1c33cf1cc

SHA256
56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192

SHA512
f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

Filesize
4KB

MD5
da6cd2483ad8a21e8356e63d036df55b

SHA1
0e808a400facec559e6fbab960a7bdfaab4c6b04

SHA256
ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6

SHA512
06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

Filesize
4KB

MD5
9e62fc923c65bfc3f40aaf6ec4fd1010

SHA1
8f76faff18bd64696683c2a7a04d16aac1ef7e61

SHA256
8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7

SHA512
c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

Filesize
4KB

MD5
10c429eb58b4274af6b6ef08f376d46c

SHA1
af1e049ddb9f875c609b0f9a38651fc1867b50d3

SHA256
a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13

SHA512
d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

Filesize
4KB

MD5
5c026fd6072a7c5cf31c75818cddedec

SHA1
341aa1df1d034e6f0a7dff88d37c9f11a716cae6

SHA256
0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382

SHA512
f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

Filesize
6KB

MD5
189ba063d1481528cbd6e0c4afc3abaa

SHA1
40bdd169fcc59928c69eea74fd7e057096b33092

SHA256
c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695

SHA512
ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

Filesize
4KB

MD5
18aaaf5ffcdd21b1b34291e812d83063

SHA1
aa9c7ae8d51e947582db493f0fd1d9941880429f

SHA256
1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5

SHA512
4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

Filesize
4KB

MD5
1514d082b672b372cdfb8dd85c3437f1

SHA1
336a01192edb76ae6501d6974b3b6f0c05ea223a

SHA256
3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4

SHA512
4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

Filesize
4KB

MD5
8958371646901eac40807eeb2f346382

SHA1
55fb07b48a3e354f7556d7edb75144635a850903

SHA256
b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585

SHA512
14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

Filesize
5KB

MD5
7e1d15fc9ba66a868c5c6cb1c2822f83

SHA1
bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7

SHA256
fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265

SHA512
0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

Filesize
4KB

MD5
202b825d0ef72096b82db255c4e747fa

SHA1
3a3265e5bbaa1d1b774195a3858f29cea75c9e75

SHA256
3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314

SHA512
e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

Filesize
4KB

MD5
7913f3f33839e3af9e10455df69866c2

SHA1
15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25

SHA256
05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c

SHA512
534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

Filesize
4KB

MD5
58e0fcbee3cca4ef61b97928cfe89535

SHA1
1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b

SHA256
c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425

SHA512
99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

Filesize
4KB

MD5
9b0b0e82f753cc115d87c7199885ad1b

SHA1
5743a4ab58684c1f154f84895d87f000b4e98021

SHA256
0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32

SHA512
b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt

Filesize
4KB

MD5
eb8926608c5933f05a3f0090e551b15d

SHA1
a1012904d440c0e74dad336eac8793ac110f78f8

SHA256
2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04

SHA512
9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt

Filesize
4KB

MD5
6367f43ea3780c4ee166454f5936b1a8

SHA1
027a2c24c8320458c49cd78053f586cb4d94ee6f

SHA256
f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998

SHA512
31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt

Filesize
6KB

MD5
e04ad6c236b6c61fc53e2cb57ced87e8

SHA1
e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4

SHA256
08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e

SHA512
0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt

Filesize
4KB

MD5
56dcf7b68f70826262a6ffaffe6b1c49

SHA1
12e4272ba0e4eabc610670cdc6941f942da1eb6a

SHA256
948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f

SHA512
c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt

Filesize
4KB

MD5
66456d2b1085446a9f2dbd9e4632754b

SHA1
8da6248b57e5c2970d853b8d21373772a34b1c28

SHA256
c4f821a4903c4e7faea2931c7fb1cf261eba06a9840c78fdca689f5c784c06c4

SHA512
196c2282ba13715709ece706c9219fe70c05dd295840082e7d901b9e5592e74b1bb556782181cdbe35bd1ab0d6197fef67258b09491fabc6f27606dbed667d49

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt

Filesize
4KB

MD5
b2248784049e1af0c690be2af13a4ef3

SHA1
aec7461fa46b7f6d00ff308aa9d19c39b934c595

SHA256
4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690

SHA512
f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt

Filesize
4KB

MD5
194a73f900a3283da4caa6c09fefcb08

SHA1
a7a8005ca77b9f5d9791cb66fcdf6579763b2abb

SHA256
5e4f2de5ee98d5d76f5d76fb925417d6668fba08e89f7240f923f3378e3e66f6

SHA512
25842535c165d48f4cf4fa7fd06818ec5585cc3719eff933f5776a842713d7adb5667c3b9b1a122a1152450e797535fc7a8e97ebdd31c14b4d4900a33ede01f3

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt

Filesize
7KB

MD5
53f7e8ac1affb04bf132c2ca818eb01e

SHA1
bffc3e111761e4dc514c6398a07ffce8555697f6

SHA256
488294b7faff720dc3ab5a72e0607761484c678b96d6bcd6aad9ee2388356a83

SHA512
c2e79c2505a6fd075df113ffce92ad42c146424ca39087601daa4ed15a2b5528d478a093921d9d8a738c7b6b963275a0693ebe526b6e2135d14ced03639d0e70

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_turkish.txt

Filesize
4KB

MD5
29f9a5ab4adfae371bf980b82de2cb57

SHA1
6f7ef52a09b99868dd7230f513630ffe473eddf8

SHA256
711675edb20b3cb70acf6cf75f2eea8e0d87c8ace3e11c8df362b4517427a34f

SHA512
543fe63f791250e05e8fda24fd2ceadebb4c8925e8927de49ae490895c87eed3e61a9ad50237532649f99fe3165836261de215ee3f66ffbfc6d677ddeea7732a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_ukrainian.txt

Filesize
6KB

MD5
cadd7a2f359b22580bdd6281ea23744d

SHA1
e82e790a7561d0908aee8e3b1af97823e147f88b

SHA256
3dd0edfbe68236e668fb308f92fe7c6493dbb05bfca85a48de93588f479ccc99

SHA512
53672dd13e6ccbe96f6d4a61297c595b6d6cba8de92caa51ccf8ab1d8a82eea5a425eab348f295b9ec27de0026ef849d9230f751a46e040be8863923f91b8519

Download Submit
C:\Program Files (x86)\Steam\steamapps\appmanifest_688420.acf

Filesize
651B

MD5
a4a6ad02fbe2e952c61c9b6d71cbc330

SHA1
a018d34d27aeb2a65c6aaac2722a8971b3d5bf8e

SHA256
ac9917514ac4a66be10b87f72a719244b79db908d944ca3384935e2feed5624b

SHA512
19b9b084950492b5b2b0f4a9de93b81883067741594870c0bd41f79a4e3da2f7e4b7f8b0f9d4926864b5280a2d5d4f2be7c706f1da8f10139108b7e4ec9b897e

Download Submit
C:\Program Files (x86)\Steam\steamapps\appmanifest_688420.acf

Filesize
791B

MD5
e90677e4ebb5b2026a1343cfe29ff21f

SHA1
bcf1c84ce8e41329d3065ebfaad33fa45d3b8dde

SHA256
03c727e3568ed5b61e375e3aca55c5eac8ccf2a9318280906b083c92500b1803

SHA512
996bc8e555711801a4340872d8e2812881993b50ebf609d19ee780349d805cd1756e8783d74050d8f4070d0274611564edc0fb0a17f7059ef45f07636e3228e9

Download Submit
C:\Program Files (x86)\Steam\steamapps\appmanifest_688420.acf

Filesize
800B

MD5
eb5b7cec0be35fb9b3b090392edb00f3

SHA1
53696bd8b52819c87869fb90b1bcd44fbcbade56

SHA256
cbbffcf24369d0f51f26c03f4b95e527610fe0051f27afb2713e572cbb4b119d

SHA512
6ccc337789e872520b4415a1139d79782bc378c109bc9b4190655aa572fb35746a7dbeb7f9a27f43a2304d94901db77da04f151a27daf9c424cf7a0f02f22616

Download Submit
C:\Program Files (x86)\Steam\steamapps\appmanifest_688420.acf

Filesize
800B

MD5
9ed2c9441f472394af57cea8126cc3ca

SHA1
35cb90abde24ca01dbc6701bc4c45f5dc1ecb2d8

SHA256
0d4a71e479631c3404ef0015efb1f01201d8c5476d8d6a93c4a37c4d374526e6

SHA512
c35963944cb9e3553c624c453f4199f2aa145ff6f9e942c5ca4ac6fe1dd30a973ada37e702288bbfe5eb3404c7cba9b29f532d1e5168fb0de752b56f8c2cdc8c

Download Submit
C:\Program Files (x86)\Steam\steamapps\appmanifest_688420.acf~RFe5b920b.TMP

Filesize
625B

MD5
4ee00b92a988689d068a9de027aa940a

SHA1
f335a4ee12b19fbfb1f0eb4bc3bd83f608c0a761

SHA256
6a732ab1d000a493d38d0af08d2c94d5e29ba6e233981554716723241f235dc5

SHA512
c514ea7c6f61bc78f11e5c0c157e4fca74307f54869f5fb9e73822a24f505b9d4c5256abbb350f2206becb7f33fe3c8f19a4a43cf12ec8199bf5be54110fa8ff

Download Submit
C:\Program Files (x86)\Steam\steamapps\common\BadNorth\BadNorth.exe

Filesize
631KB

MD5
da66e56b44086d618b1ae2116dba6c31

SHA1
d33b1ad42606783d520d334240e3fd0dcb48883e

SHA256
65f364d3851411cf15d158141ec3feb890abd9cb605e4d1bd364be9f5fafc8a7

SHA512
7e7e814a07b6183527d893e09b0d40f9fe299ca57dcd80f0ebd43adf95620f69e0cff8afd915d10e35370da904cb685f0f55d3aeef3b7b3019920b923c90e1cb

Download Submit
C:\Program Files (x86)\Steam\steamapps\common\BadNorth\BadNorth_Data\Managed\System.Xml.dll

Filesize
1.2MB

MD5
00111aaa6b9700c0d4fb52d374994022

SHA1
8f5825adcadea21fbf28af591dfd58909e074773

SHA256
11bf4db810f99ac9f526b6313f570e320089c7344934715f1100c4a0c54b4f1e

SHA512
d6e6760f4468c7626be8018dd751b56dff9d171764dc7df7616e156b3a744583bf00bb96104f8a6ca6f9f52f6be81396969e7805eae02265067e8900d91a892b

Download Submit
C:\Program Files (x86)\Steam\steamapps\common\BadNorth\BadNorth_Data\Plugins\GalaxyCSharpGlue.dll

Filesize
1.1MB

MD5
d577c1453ffbf9100c1b2e747186ae7f

SHA1
2587d82fdbb4e6a11daf3931eafa890b6b5ce496

SHA256
d867af5a02c48973db76948a07a7c31f5ee3248da878dcc6b248b5ff5b0b62c4

SHA512
00981527fd4aa33fe2a25c21568d7182965257b80c30fef16a454f4adf74da62ad26706b515a9731e2ae8fe8145fc03e269394cabbedae5d467008c6a9736c7f

Download Submit
C:\Program Files (x86)\Steam\steamapps\common\BadNorth\BadNorth_Data\data.unity3d

Filesize
47.1MB

MD5
7281ef3cdc47ffa976d516ce70c951a7

SHA1
bc938e85aac4cc62aa692bd97f64f4c49e7ad9a7

SHA256
7481bda003dcc62ac41f2710d056af58ad13ac82d15451039aad28e123951c3a

SHA512
2aa5f0308ba383052e7eb0e09dac5ded6ac700c8a11760951671b7056f2fd94951ef40525404c288d3e29ef79e211c5898882fe7e1a0230116f34de2e1e2c27b

Download Submit
C:\Program Files (x86)\Steam\steamapps\common\BadNorth\UnityCrashHandler32.exe

Filesize
1.3MB

MD5
d62afb263e4ca1f52d54493f383555b8

SHA1
c7b5ee97ce731431585fa9f57eeb3b4fa9e2b8e9

SHA256
a5a5cbfeb70c9496df6c5858215a79c2700f4d5abdf07a0be0423683f20ddce2

SHA512
45a2bb1eca870034a030254e914e0a7fc73539de9d667c1aae240aea8d09669085740f86a55f62ad0e857259322cb20945b015cb10df2cf99b5aeb8c2e022a0f

Download Submit
C:\Program Files (x86)\Steam\steamapps\libraryfolders.vdf

Filesize
231B

MD5
97cbf39d0773f2080905292cdcc01d98

SHA1
05e8e459720b6fb96159708c02385a593ea08ce5

SHA256
33227ad41df3372da59471d6e9019f09bd6330a370bad6010190c3702861b170

SHA512
cee85b0b4ba75d7c91768b37eee9fdc93daee3ebd225be5033880ca06dcb3f90d7b8929a7742313eebe66935da860254a3a651ab0abe53d8714e406e9d2d44d1

Download Submit
C:\Program Files (x86)\Steam\steamapps\libraryfolders.vdf

Filesize
265B

MD5
daec9a6a194178fc6a573664d0055769

SHA1
0f33593ebeb82b2c5328b5a2c2b42460e9e5ce14

SHA256
b14b3f1df6b04e92c377df6b899a4fd505471169057215a104e01f04006311da

SHA512
1420c56cc234ac3c59a3a66525d2c351818427ea7c6f6b765fbf08b76891e593d499738c28ad9dd66df74d14fbc5a23fa826c63720dc9c250d3c2a1685e03580

Download Submit
C:\Program Files (x86)\Steam\userdata\1456296740\688420\remote\campaign - 0.meta

Filesize
1024B

MD5
11d80c3269cd260abb242932f937ccdc

SHA1
88b51c32fa65764de83e5ec5e09969520d817f5a

SHA256
851af592fbcebe904c89f66a4df2cc30bd4b3bb9c95adbde0e278a681ca1c977

SHA512
eaec8b5fe6fcdb65f410d7a53aa318bd4be7858c316f20e2e452486b4467531013af05418aab4c4ad9c4e9c4f0f64dd1b26828ace5772a39c020302fa9a94c9f

Download Submit
C:\Program Files (x86)\Steam\userdata\1456296740\688420\remote\user

Filesize
8KB

MD5
700463c670c0c1419a3b38856765961b

SHA1
8ad8bbb64a1e5166dd1cb15e938d475ab0f0f677

SHA256
6f50eb63fb0b8beba41c668ca828750c604513f2032281ac08328c96a937cc2f

SHA512
5fabc3fbb880b1faaf56d71280cada2e0dd3e6b355797ca3cdd0359462e2cd69cc2673dc9c64ae6eb42b194e12774031804b6882881a6367f16476a54a0f94f1

Download Submit
C:\Program Files (x86)\Steam\userdata\1456296740\688420\remote\user

Filesize
8KB

MD5
5add8f15635628da57636bdc785a14d4

SHA1
cf968cc65d118b4c38e0a857294e3011ac1e9795

SHA256
19cf9f6cac492efdab008f6d6f2a8225a0745e45d19d64685421fd19e43a15b7

SHA512
490b94fccdd9c43c13e67ee7520f2145c6e29f0fc126524290d9e93b27aeb12c53d2b3a09c6abea7c69ba51b7b5edb8a2c216a95a9d1cd8797d6a994672e893d

Download Submit
C:\Program Files (x86)\Steam\userdata\1456296740\7\remote\serverbrowser_hist.vdf

Filesize
795B

MD5
38f989f72e2a4962e5da62e7f27418b8

SHA1
103571787e5f696b472e990b3f1e1b126aa9c28d

SHA256
c005174996568f87030c54f63b00b3e37443398c3c4e0e48badd034c7eb00ac3

SHA512
c64b47003e806444a25b66319195f6ea1e533ad47289b70d0857becb8967a4a41d053020ac85ef80e99b7f43b3181cd947d94e0e0e8845ab1e1cf27a9ca35678

Download Submit
C:\Program Files (x86)\Steam\userdata\1456296740\7\remote\sharedconfig.vdf

Filesize
165B

MD5
0b7765037fff002484ff20c37bcfd619

SHA1
c818da256b671d222c493c0762feb9a5603d2d37

SHA256
87e7e6fc1035395b3d5e788996a775c46c94652da5ba980d836d1d8dbfce3e3f

SHA512
b3b49495ba4322414b0c468e8102994767ca6f0656071021c6c64befc70b5ae46351e9cbf67fc85fbc3fe95b6e03766d388c5c9cdaf806af0b9d785318ce004e

Download Submit
C:\Program Files (x86)\Steam\userdata\1456296740\7\remote\sharedconfig.vdf

Filesize
231B

MD5
aada85cdcd04887e485be841170b7522

SHA1
5c310791114ba636768e172a84833a6d4a14eba2

SHA256
742d0d11e06ac06886f1930bd70c45fa72131b7a87b37dd709d8f2c6677dd964

SHA512
60f55fcdd829d43e57ad3c7a1822d78cf76dc2173770fdf20a1799f04cd1ebe0c5f4667246c0b81eb191f36185959ff486677108b55effec3b8e5ad11f6c6656

Download Submit
C:\Program Files (x86)\Steam\userdata\1456296740\config\librarycache\2371090.json

Filesize
126B

MD5
5216ef382c2d09e344ae46f2c073acab

SHA1
91040770b2b51d00e6b7c32a37315eef249a55bd

SHA256
2200afe5bd5dccc0cfe9d34b29eedc49014dd673e5b9b2d1797e3f52a14b5617

SHA512
0a5bc2a98fec77d33e0aca0934d547746883d5ce2b6cfe23e36dc9afe5fbd51dfe12d955213cd0123b4ca004e225182bea6722d0870ea65ba5a808756e893f7a

Download Submit
C:\Program Files (x86)\Steam\userdata\1456296740\config\librarycache\688420.json

Filesize
8KB

MD5
7917874dfee8e06c7875356d604482de

SHA1
c9f6adfd4f5cb0a6e60a684558c917f00c0ae7d3

SHA256
400699e61bd002795c8655cb9ba77a41bc407bc1857ea7109b33ac6c63665cc0

SHA512
5eb57d16efa188307767274d01e084335b85099ba1e807620db6e22ed3b548c042b7fc2d3068a7fd475bf2b9c2f2350da1d3bed31b3e46da7ca425d49b5bf8dd

Download Submit
C:\Program Files (x86)\Steam\userdata\1456296740\config\localconfig.vdf

Filesize
3KB

MD5
d2c6cb0e9f81caf37208c4170dd1da7b

SHA1
291755765e844c069bde3714a5f0f2a14194824c

SHA256
188d913fad780ee2f9a50fac9911c1b381d0611df731dbf80650bef32dc764e5

SHA512
31369c77c92050dce9cf9dffc4f12396d55e98c7147b32a4fbe6d508d9daaf9aa515a70d823a44a4a0328412b3a13e0865c423cc3e31dd24490673c24e5eec15

Download Submit
C:\Program Files (x86)\Steam\userdata\1456296740\config\localconfig.vdf

Filesize
41KB

MD5
be18bf6e26cf5608f99deb9c99f2f29b

SHA1
81175c36a82203fa7205c31ef262d0d736a1b3df

SHA256
7794d233a4f3c80e86b6365f1bcf95d6be81c54546542cf2d14a71dd2e4f5eaf

SHA512
12e668e0022bc4c724e2588b7ece8f2e844b41dc1080e210e18fb073cc3a93718827afa343144fea50dbdcfa17dd5a53d5390ff7aafc74c84df106f65809a464

Download Submit
C:\Program Files (x86)\Steam\userdata\1456296740\config\localconfig.vdf

Filesize
39KB

MD5
2ded6754b4eac7f7fd818a55913cd5a8

SHA1
0744682bb03116324782e6558139a7e884b33ac0

SHA256
ac1b4e9dddc2693444bd4a8a95683ebf723c095387801475e85f88bfe2e6c403

SHA512
7e0e90599047d564dd9e180a1a3f3eefb48e5bb8a1b5db7c7084cf8869d0825eecfd1a9d6e616ea3566c91c8db0ca47859a4c4f0663cc0916e2beac306812d8e

Download Submit
C:\Program Files (x86)\Steam\userdata\1456296740\config\localconfig.vdf

Filesize
3KB

MD5
e5cdad2984b0bddb935a290043fdcd77

SHA1
30b5e5c16dd3575be36aa94dfbe4143f6ca5c455

SHA256
10a2154df4ab3fd8c9786bb49ba2f29201ac8ac233e22461648fdc2fbfe1af5a

SHA512
af156ca8fa323e6863c38e6f8f6fb249b2896c58e39344eb4e4bd8e73292d1dc35a8e5735bbac897617f90943e4dd65a97abd5517e7a3b1d18fbafb7ef954005

Download Submit
C:\Program Files (x86)\Steam\userdata\1456296740\config\localconfig.vdf

Filesize
8KB

MD5
1b5463a0f5486fb4da76608281e916cd

SHA1
1ba1675ef7cfe0a349a7f58db2d8d07b9ea3234a

SHA256
6ef60d44974b4ff929fff2743bc5931d04dd3f95df470d6f854b864e397036fd

SHA512
5e47c5634034e756b97368fa0bc7500dfc828ced1feef31af19ed9107efde272942a562df45dd6ddea952ee6ef3f2fbad9d3cc69d99b355b02cbba76ca4770ee

Download Submit
C:\Program Files (x86)\Steam\userdata\1456296740\config\localconfig.vdf~RFe5ac6bc.TMP

Filesize
235B

MD5
6574371dad657be506d4cc38c160d98f

SHA1
dc9d4e1711691f6c2013d84fa5143af3580ef653

SHA256
6871639b456ff3db034e040344a2e8f5084c0e0b6c061f293a3e6ad62360097a

SHA512
d18094a38cf4ae731b442d569a6fce8b8e207357804624c729c9bfd512b80312a2a075c307a83652b3d3b582c894900ee68ba775e9f7dd04a84b78b4b6b74b62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1f5d6420-965d-4b0e-affe-57c82a782f4a.tmp

Filesize
10KB

MD5
f3491754e48d19c2b40f3ab274c39e04

SHA1
d1d9f86ea7cc5a98cd9ab06d1bbd018645595e60

SHA256
34d6d6f9ce8739148d2377ca6983b2f05e0ee1e8747dcc08209ae569c75e86b6

SHA512
dce046b8fb2b8982b0eb1a0c146a6ed86217e077286d42455edb0c892aae53f2b4f4ac3a95cb43f044b284600a5c1c5fa03b3802048d75ac00ec0ac41cfda60c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7145ec3fa29a4f2df900d1418974538

SHA1
1368d579635ba1a53d7af0ed89bf0b001f149f9d

SHA256
efc56eb46cf3352bf706c0309d5d740bca6ac06142f9bdc5e8344b81d4d83d59

SHA512
5bb663ede88f8b7c96b09c1214aac68eda99bc09525ac383baa96914ff7d553ea1aed09e3c9d16893d791c81ddb164c682dfbb4759ac0bc751221f3e36558a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d91478312beae099b8ed57e547611ba2

SHA1
4b927559aedbde267a6193e3e480fb18e75c43d7

SHA256
df43cd7779d9fc91fd0416155d6771bc81565e98be38689cb17caece256bf043

SHA512
4086c4ebe410a37d0124fc8bd00c58775e70ab2b7b5a39b4e49b332ce5b4866c6775707436395467aff9596507c96fb4896f3bf0249c5b9c99a927f31dcc1a96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e0862d495f0826dc2bae09d610ca44a5

SHA1
e6d96e6b75b173c69109b9dfcf588d64fca53958

SHA256
2060f7a8a60b5ee80131f0d567c9e33e9f3321769fe4c1d989a188487bba8e7f

SHA512
fb84ea5fe7c45e77e24ddbb34e89cfb0b1109872ec067b59eff98fef29b74da7cc960750655008f5f95e6cf331945dc83852cd97a40e188765b21f1e83bb1fac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
738B

MD5
59ad368d81e15dd54b02210cae7e58d0

SHA1
9be13af37207b5d1fc044edae29f6c8e34e9ec6a

SHA256
8de5737d06bdf10d995dde3ace3814735945d9cacdeea3721ffc46f7e99dde7b

SHA512
1ac84f84bd0c869235fc357a152e224c6d0a9992aeae71cf1c85c746b8766cb02d3ed17cc8045e7e533414cf4b09ba5b749b152d4e35333e740d35d3743ab986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1707d7d0a28325192802d7a3c174a74d

SHA1
6100940912163d55d1ab473d6b4a60c9556f309f

SHA256
1026fcf9bac82bc46420318a39f1f94a5a676b47af568cdbb0c5f2b4b7cc3fc6

SHA512
c0275372efff9ab3b5a4480fbbb1d39b86e2e481648d31f24ad7bc66485194f07adbfe247f92329a89db37fa6ca7d576bc9290520f48a1844125a9becbeacd1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c0890b1017f38b5bd5f303d61063ee24

SHA1
59c1db53e628378b10474df4e25286ce974431bb

SHA256
81089c6caccbc515ff28d23ca2a4fa000db3d09f8c05c7825a45684d4b06c0fc

SHA512
8f8a5871a42c042985b56a1f9e8e8ac5a717cf4e7c0c14d95302e42775eb39e8357693ab0c0a822c5d4411f27f5d007c5bbb24003098e8c1c35c7e490d124a1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
da7a0ee3e9c215f8d931428d62019238

SHA1
fa48050f23dff0e07cbd8c78f5e944f246112d9d

SHA256
2144bf3a44cc0c8d0361debe0ca14f5678a1fc7662d016c63eff05eabe3630df

SHA512
7ac3d17862367b512f0c5a9380903bde83464447512ba87fb7d7766dd1e1e8244b47bbe17fc38fbe6aee665c1b228ede427d35b3339ba14064594f576f8aeba2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
09a8feee22b6b5b355362f2de5e8cc2f

SHA1
9ef3e2b1895b357ce1f1d6b4a4798ea7a0de473c

SHA256
15b8255174e67d17d5959ae3f20f4f1234f6f8b9ff44782e9bf57b2305b73394

SHA512
73e76ae843e566d077be03f2d7299c4209a92d94a8349b58ef86d8ecb5ba96bfe6af5e4b8bcd51136d5bab8a8bc7b31e19f7b226db4cabff7d1bd5622403f3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
15680930181eb165e7fc80f683c47d7d

SHA1
54c701a3468469a7e97d4e7cd9cfdec92bd1d5ea

SHA256
bbf5a7caffdde2ed3fa79c47b3ce83f926192a887521b89de15bc1bdecc661a6

SHA512
b0914a00a50839319d2e466e0f525f359a3fef6af8e11c10a67adc8e514ce49ebc8e38bbf7706fd4fc3595e94604127863f0df948426c6c0429635cdcfeda43a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584a43.TMP

Filesize
538B

MD5
98c0cc85adcee2b01bb15b3f6324c3a1

SHA1
f62e5e91f07e63d9ebe25342dd85a8c08d00ccc3

SHA256
6cab8cf11ff44eaf059c9b191ff1bd226e578e6715012fd54a3606395cfb5f8d

SHA512
ee07adf0503ccc7ff1f83df891ce21202d0069336e340df4bb9d13df1192997b6dc9ff29ed7f15104d1287b2f0f58223e15d92501a371f58b7398297b056e6e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f3bd972e40b22d935c3f616daa860bcd

SHA1
c7ad93242c95a4a2f4f393913a60731da1ecd504

SHA256
24de1704d8c7e5442a1aae4bde9f0da021168ae61101fd4c6901a1f575363535

SHA512
0b7242bd6af9f521e925a4b81720be660dd6b1f57f7ef3119d58ecf20540f1049cc05115b76583297bad79e4cd81f182b1595246beaaed1a27bb2d8ce7fb5ec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cbe2ea5bb195053c17a70ca5139dc76f

SHA1
ea3ba0e4a94b6aafe6440232b31183d33b7b2bc6

SHA256
acd59e2dfdf423e9fdbb92d8a16724fa5ef023ebe772dfcffeafdc08d39dc351

SHA512
40787bc37570729af277f4b1eb0e27ae2c57f3fcc7c802c839abdfea5f779a7efe4bbce050e2ed53967bdd07d15e6ab86a060f3fbc6aa47f6083e30564f6d97e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000003

Filesize
24KB

MD5
b201e8da90ef456598b8b3bb0e31bf53

SHA1
8bb524c8e9b17920c83d9a06c0b305e41cfca560

SHA256
2c8b630d1edafb8cc8c8cd73fff10c8ab6d06232929a4d458ec34628920f1665

SHA512
50126ac5b7800f5a848ef49ebc8e71d78cb5ee9c1602486b30e697ce57af32c868e46795ac2c157cdfd7fe65c03133c7a752813d520a9106adc3e50620b473f3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000004

Filesize
40KB

MD5
0c9f37673dd9c878a4b5bb419ee24b5d

SHA1
d973a8e073c1f76068f0947d495998f7f823d76e

SHA256
c1e12f630e7f356d154ffe4a7a3873e7e136e41c1c37e6c0fa4d2c52f1d269dd

SHA512
b361afedb4a910b12f7dd7b5b33d2914be39528bf4d1486661d0107c24135cff3a5393df1af85cd7d1551f0e601ea9d2ad4b147e56f469691e2b11906fd1514c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000005

Filesize
32KB

MD5
31b05e57c066452d73ab005bb42865f7

SHA1
2a8efd5d7753dd756c539ad66831b01f603fb13c

SHA256
84d0be622ddeef6d0793df5d274965d6d13a756979b4b484185dc7a051eb4071

SHA512
f793863cec23493b58311d37720fe7d48e21c92da5cbc9c5d4562e47a046e33be4584d58a1c031513298c55a9c33f5e591fd5ce831c9c33af9c2594bb071c277

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000006

Filesize
36KB

MD5
9d69a62bc96e67bf779bae3744a8f693

SHA1
bd8a95a103317e66551c2129fe392998dc45c7ad

SHA256
39ee252af15a86d1d4d54a5c3fb9ed2678ef2ecae9ad9d711290acce7a7a611e

SHA512
e1fe5393201c37a9c34196fb986e818d5a94545009c6536b3c6b1a1bf71d528d458039ef1f30eb1c064e233b7238b72f7cd69d204827ba8cdf3f783aa012ca10

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000007

Filesize
19KB

MD5
48ffef4fc267c7350a37339001bd1a02

SHA1
9379041d4d542c116b420d014c7ebb68137a008a

SHA256
254467e453cf3cae3c70085b41462cd71b233c247b5e212f444347537b4c4873

SHA512
34b459dde39b3056e2f0a4c593b342d32829c9eebb2b01f146aefa0d54f0b52ecf4954873cf76b424abb25f84370d0b5ac06fdac734b397a7444b4b64b4d52f6

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000008

Filesize
19KB

MD5
280188959917fc5a7ce9cbca5ba6fc05

SHA1
f651c19d05fb115f031342f12b36337d866c0034

SHA256
430750b0cb0ab5213be051d447bd370fa4afb2c0ca0275cd4f1beb8e0bec8f15

SHA512
fd0c1159142cfe42617bdfff51613aa6f72119e35d21bd1ef01a76697cbb8ecfff6059e52e8218be0e2fa37389a7e5582f5d6e9e0d80c2b00602337be5125eab

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000009

Filesize
150KB

MD5
49cb0b52c5d5b68bc33562eabc1c0fc0

SHA1
b4059064420dd456515bbd59808bf07b11020067

SHA256
16ae2c8506a22b7abfa8e4e45004593b6293fe0da2c13b18cbf4efaadadeef03

SHA512
eac4f647bba9ef6e58063ebbbe818401d38d316d6e8fff4406aa257b2dde071651abbea76d8c022580850a93550e8ec9cda0254db4e2e94f5e85722c2d74ae87

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000a

Filesize
268KB

MD5
bd3920d13d8e4b4462eeffd5c5425c63

SHA1
939dfe5fc40357fdb94dde49f66da2192e0271bc

SHA256
6894633d6e0f45435d98034ad75ecb5e0ec2f1e5ee27c4959d03d72e447c2b4e

SHA512
4847c71f9b419b3f3a8aceecba556ece742b55b1d91658ebd220fb76d91613f7b4126b65a6e6eb32dca1b2b793409806dff1e48b8b43c2d123b3c14c27214b17

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d60192de543a55aeae3029a7290530d2

SHA1
a3b8e45726db31c8f381163fa26b4d1b3d501ad4

SHA256
f9372bd94c379608f514889d627d1f95ca013af4ce917adce45abd46f3640a39

SHA512
6e6e56f3d6fe22b75dde1a86e581b7ec570aacf06efcc044f3b8e737d4dba53fa42fe94a681d1d8756e67f6f492a88e2b7d7e844d093785d67fada359a110641

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8e27533d10346fcb5afda0aecd4c590b

SHA1
b6a537316e291cb59e364414a450a9e448b8e60e

SHA256
4b7c42b4c1e00e2c6a487d89f9c785377829b517d456128fea5a51a759fe98b7

SHA512
ddc19c66249ac08ce63fdbf3f885942389a4641f0baaedd1d8d29ca8a822cdb4689973b6fc0d2d4d0d4247870c300165134e18fe6a19298a336c579cd71ba550

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe5a6a35.TMP

Filesize
48B

MD5
c5cfd182a95894de0c9ddd7aec7a9914

SHA1
7ff8c7edce93dae6a5908347fe3dceab8de39936

SHA256
3d5b9458fa913b7dcb59ca29ddfbc290a768fa32cf4068dec669d0e46aba2fe7

SHA512
9be4139cc3f96734c4a769c33270b55a733818ca45984a59ea541e9d9db4f9d377f5a8b026209b80049f3687c67fc1d95592b9f570924b97c796006bd7d2ab6d

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Dictionaries\en-US-10-1.bdic

Filesize
441KB

MD5
4604e676a0a7d18770853919e24ec465

SHA1
415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f

SHA256
a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100

SHA512
3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
720B

MD5
048933ca19bd6e2ff1d5dfc5bdbcd283

SHA1
bb4ea5aa62eedf96a80be46cb0c18d20bb8ae3cf

SHA256
5d37676b6232e4f7211d52fecb810e2dad82fee5a9e6e640830382b82ecf7e11

SHA512
2f594f910efbcbf90c3a93c260a525d8a12ff1393d67cb814a2c64161ff981b03e64c493acc3ce6d24d46f3c582faf0fda71b8a1c10b1a4280507ef4b3bee3b2

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
832B

MD5
5f122be73cc9317963ae883f2221f53e

SHA1
38895aad3c0b5e1ba542440623268e32d24ea278

SHA256
fbafe869037fdb3c8f224e85ec4c018ac77c28d5cf2c5473cfc8b7eabb282d78

SHA512
d07df8a3bf60f5ddc8953fd3622642f6d7a527a81d4d5cc6de721af89651375b7fabed2a0023e5571e2f7da95a32ab984a09674edce0cd45efcb90c7b0d47e01

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5b2632.TMP

Filesize
529B

MD5
d29f97d089a8cf5500599a9c8b377365

SHA1
efef50025986be96912da298701dbfd5fbeeb22b

SHA256
08d5d33ae1c56d78689c27b2f341537044ca38105359219daf33bf10a6653dbd

SHA512
524df04af2caf8e9bd548718b478f82886edc548b98733cecaa11d8c04a2fde23ccd47a7d4d34e4822fd622c5c87dd55ad65bc7c113ab4a77f2b4da2e0d897ce

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
44efc37d60e749c563ce5437c7c45f25

SHA1
7439a14a1d4373e8d2403b438ca3094d2e5109ad

SHA256
4ec74cb8d97d283e7ec2d51b6696c88e6c916f1cdfa8119341914b1f196f25f2

SHA512
e0508664bb55315b7b5e78bb28091b00aa852c2b5d80f879af6e521178513610c39e430de222122a7dc3163b49168889ab84d067e8d572fce572489ae3f11df0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
18d81f442f9c7cc722014c9f5d250316

SHA1
f334903cc59d0e4388dbe83e693b67e6314fc6ce

SHA256
0ad52a7cdfe0ec0781a00b4734fa33641e4f12e3d6c1ba91dd13691251024d44

SHA512
71518c9b1e8de61deae589b01a69d9777bf3b0eff601e76ca62d4dfc9c8318ce7864eb7d53b318be32a339c31b1dd83531e4fd8a3a1990a9917b050f4e68dc84

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
1da77b87119ec80f4e37a1bdf9f22bd1

SHA1
527609aba061abe08638cb29ba45c0ff85fa523f

SHA256
5e259d0a06123325e0141a5226358a7f303048bcb3bca2665750bc5b7463c4bf

SHA512
d853910f9be3b1058cf7d21f6d464f312371c6da204a9a23a0b2988e58d27d085ee7b08812948b5359d56afa49e0e3614a7502ca876bd76f8f378cb386508396

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5b39aa.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
1327b4c23a018239c421a80e62745816

SHA1
5d5d90f34d307414922ac46c5cb08f35659cc5f7

SHA256
01dc3c49967a1492fc7d3d1d5dd3efd5399e25958fdcd49e7814b080416294a3

SHA512
ab82caac934048692e3428efb7f6d0c93d3a561da0407b555b72a87067919b8f4d25b3dc64d39e5d74e58f6fdee0bfe443f215bed4a1875214e5eca48819f343

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
8bba0bc64ce24c2108f7802f767674c3

SHA1
01b4e5fcb94f92ca8724bead6aa8b79bedfac621

SHA256
8816c57a5b69ae9ca3f05ffffc88cdb9589cea116b43dc63c7fc8c805ed19e96

SHA512
14b751615e0612470aa38c98ef0350a52e3bec58aad7911abcbdcca29511178a78b9a34c66312e9275c591c8243c4e942a9b30ac1f30f9c56a0e7b230053192f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
3b67e4f1395fb1739d0449c0c1d1d203

SHA1
359fb693f3103ec6d53bcb93ddab10f2f75cfedf

SHA256
a614e512201bb4b6776d7af0bd35028ecb54bbfcbea307095606a0b261794540

SHA512
debac8243701d79ddc82cdb5bace65a0b67dea2673998c1660cad6caabd78e98fabb8dee047cae786d2cdc35d76461f94b7a0ca0ec74ffff90535a895eeae714

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe5afcc0.TMP

Filesize
188B

MD5
16d3e705f5ca04c307e458539e191893

SHA1
090e79e6a845a62c9728c3b833e1f6161ff067c0

SHA256
7f647a869ffe1cfb96aa0adf925040f0cd6c86061737c3c88874f90950684940

SHA512
deed230c4c7d2341d3512e5f7acc9e99ed07273fc00d66a21586b04c31f2c945a833184d006083e371415b1fda8f10cb94674d067c4a89c687b42eb831bb907c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\ShaderCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

Filesize
2KB

MD5
602c49f9246967bdcff45b4f43cf2fb0

SHA1
4c5796e0c724bbd7a9244cc8a0fc9e8f40181f2d

SHA256
a3ad9649c1038078038be1abd591cdba73b4b4f5cf30e11bb6cb7a432b746114

SHA512
2f273c0dd0127071f4c768cfe7277c6efff84c1ef4f4271c1326db3658c84261794b106af3198717f349fbaaaf276163700bbb50ae20fe52ed0a88a192d46f77

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe5a73ab.TMP

Filesize
2KB

MD5
68b20851ccb9834d21fb32615e42bd43

SHA1
88fab935f0b9484994097c08f785e9ecb7d68127

SHA256
a954b528dd65ad6c4c2091fa32f17abdb7a49454ce88e10bb6c377734c70c26f

SHA512
dcb0771120c8fe35213d60e9abf4b242af807324759e3c99e9b2569c00a941d885d53ef6fadfe69e6b740e0b52a6008602605d643801190a2d29175a7d065e15

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso7462.tmp\StdUtils.dll

Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso7462.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso7462.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso7462.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso7462.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso7462.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
a9ed94e7c6eeb1e7f517f6fc5d5d5341

SHA1
9e4a38a80a4753d242eee1c0e42f78ddd3c2ade2

SHA256
ddc45195cda07d5db8af65bf504c928a17981012d1b8a93010d9f0e47317d44b

SHA512
408de26e94b17c228d3135cf499794380d12845703e4f657de8dac2927505bcf8203729b40387e50b2887f1db8340540af8de0fb820043eddd8a4913747d540a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
875d223f7692786f974cceafee90b878

SHA1
fe72be5374f57c990b447368124a7160fedc2c1b

SHA256
dc0750491c91c6c968c2172b0bd240ae6bc8ba7fbe860ccfc778e5f8d75169ce

SHA512
4863381c2035581a43778c54982b1106e39a6ee7e32d695bf71620ef0cd027d2b3493f9544b1598d0d414715baab45352f36aa57d5557de5f5b955d3193307ba

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
a68ab30f45fecf7c46f00eacc2b7af39

SHA1
481b352c133122785a8f9a52e3870e0a61b18ded

SHA256
ffb2392a32c18b1309c7f1f0256e3dd5cb88d0d37e63a4a853277a69b0fa95e7

SHA512
36bc647d4d6279a55be4011fd4309e95cf93cbc004a80c4d855a3060304249e5523a3a6cc13635958d5a9e4f2d8dfd8dd0d274016bc1b69aba70ca5591771ddd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
12KB

MD5
a21ad8cc3f979e46ad8e648af762069d

SHA1
ea63536d1687922441a7b951ee88b00bccb19a80

SHA256
81d3ab0b86951eea29b902bbc15c9d5251301e0b22f6fd3aadd8c48c7f5c00e6

SHA512
5359ff56672fc29ae04075301415f7ad94b9e6b31dfdab5fbaf52a994da322c07d3ba3e89dbee74e309bbd10fa548d6108ea0fcf9cfa9c505c4daf2894af36e7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
12KB

MD5
60e064bb88ef341e62bf6d7e120f8eaa

SHA1
738c7273f42a20acc4418c8426ef12e14b9aef4e

SHA256
420f5ac5f0709abc5b28029c69ab3de56673754f9548d8d5cd2ab288271773d4

SHA512
f688e0d140415dafc72c189f098eb34bdc7467001b60d833086e9eb5b1eea8d8a0ba1c652920f0a61bb751cef181e8145f9b750af8e06587bef3542c118ade9e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
12KB

MD5
981245b84f2900b26834cce345347ef9

SHA1
4b7ccc82c8cc1ee09f56ba02dc932360f89b4e7c

SHA256
6bb8debdb3521ba5adac789099c572dd8a3f79525764af5b8b609f38c259f38e

SHA512
f502bcf60b81617a3bd217e205e5df19f5c780ccde80bf6552b4bdb6ca8f144ea96efde0bb9f0ced920bd7bf8d25779f6b60597bfa7580175aec9f3c15495c41

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
24795042ac7d8db9a9a9b94b071eed8a

SHA1
22fcfea5d1b0762551f040a9192a020252c83765

SHA256
45c95c99df2114d61b8078305cce513bb1988137598775b479f0d0e32978d29e

SHA512
1d9d2e36ca9a7158983829ee3dc9de52a808dd7c34096a253222b604e17edceac9bb11bf276f736334d20a99163e8d8a80d986dc3729a8a25971bc697e2754db

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
64f89073b5c7096a12eb242d81ba17b1

SHA1
ea6df45ab0192a6a6a1dcb48609e8562d7e755cf

SHA256
27933115921fdfe914d69686a1e3a138874f05da4e8194f2a165dc5170fb4e71

SHA512
d1b6432d8d4ca9c62c0a626d0d0c0da32f528ce94177f2123269e4c1b8cf71751ee04e04828bdf0b1c0d3039275fc9ef5fc0252e1a1670f157db5503941c2971

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
12KB

MD5
64767290f4f05ee5eecde8dc2e152931

SHA1
fb95b6fb4b111674e4b00fd7d155130b34cf491c

SHA256
7fb1c1094506c44cbb0d2dcaf5f1321f7c33f000d4ea3b204bd6f36f52c19a77

SHA512
19c497eb0dc0abe60225f2d09e4eab4c4a8f526b7cbec5abb3501d507578fff34e93293a2224df5cf573a8b550c7896b36977694cefa017f4c1abb61a5451863

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
3e71e9280bf57b8af4d7adae0556f4d4

SHA1
7cacac4e544b71e600925b71a705b22721b134f2

SHA256
46fcb26fb639ae06136f98c3ce82d21eae4cb57a62297044757dd75925e6b8cf

SHA512
2214ace832215b7b41aa0808c483ede9d2c5687ec15db190d2b281a277fd7f9a7eff5c8cd563510093856496f4546ca38a293d7ac17f426b68646078d315614f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
12KB

MD5
7bf8ba92ba09340351fd4816b1b6c06b

SHA1
752a46f0d3bfd46801b6915b38c142dd75168209

SHA256
89660bf9d36db160c6b794aa65481b83e460acadd0f83272e57133fc2bf44f99

SHA512
3c091792cd9a494845d5f384655726d6aadc225c670e44eeed43779199e6f7fdd7c09164ade9f703345415f328da3c15eaba7cc6ff457aff99eb62267435b92b

Download Submit
C:\Users\Admin\Desktop\Bad North.url

Filesize
222B

MD5
1b42847d25b84f129d856eff6393a936

SHA1
d0de07ed021ed652135f3ef0808a4a62fc0920b3

SHA256
dac69de2df80f4d7220f75c395144da6142c70d1a6dffc1ee87decc9807fac54

SHA512
1bcd116de487ad710929734555dc663fde0a0374eabaf276e23a2496cf21d5874704beaf8173a3fcb13ace281670817d26b0ce42d037b0d5015f88279200608c

Download Submit
C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier

Filesize
71B

MD5
75893359e269074f05562f12c3e0d376

SHA1
e5d7ed64495dada6a0b41742692352087a74a951

SHA256
435d3ec89839125cf974c8e1a15fe188acaa1e76239758145cf74a726680421c

SHA512
13e5220d5f8eaf32f30bf78c75665c0548774edf6a5a56086721586fa2ba5513a7eb0c151e6ca18dd61830952c1a38e25ca37c6c71136b29b9dbb190ad1d479d

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 548633.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_735117609\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_735117609\manifest.json

Filesize
1001B

MD5
2ff237adbc218a4934a8b361bcd3428e

SHA1
efad279269d9372dcf9c65b8527792e2e9e6ca7d

SHA256
25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827

SHA512
bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542

Download Submit
memory/1544-12909-0x0000000000410000-0x00000000008C2000-memory.dmp

Filesize
4.7MB

Download
memory/3848-13057-0x000001E406680000-0x000001E406756000-memory.dmp

Filesize
856KB

Download
memory/5160-13642-0x0000020197B10000-0x0000020197BE6000-memory.dmp

Filesize
856KB

Download
memory/9028-13063-0x000000006E530000-0x000000006F871000-memory.dmp

Filesize
19.3MB

Download
memory/9028-13896-0x000000006E530000-0x000000006F871000-memory.dmp

Filesize
19.3MB

Download
memory/9028-13923-0x000000006E530000-0x000000006F871000-memory.dmp

Filesize
19.3MB

Download
memory/9028-13050-0x000000006E530000-0x000000006F871000-memory.dmp

Filesize
19.3MB

Download
memory/9028-13232-0x000000006E530000-0x000000006F871000-memory.dmp

Filesize
19.3MB

Download
memory/9028-13093-0x000000006E530000-0x000000006F871000-memory.dmp

Filesize
19.3MB

Download
memory/9028-13087-0x000000006E530000-0x000000006F871000-memory.dmp

Filesize
19.3MB

Download
memory/9076-13051-0x000001F00D670000-0x000001F00D78E000-memory.dmp

Filesize
1.1MB

Download
memory/9076-13064-0x000001F00D670000-0x000001F00D78E000-memory.dmp

Filesize
1.1MB

Download
memory/9120-13052-0x00000226B8F00000-0x00000226B901E000-memory.dmp

Filesize
1.1MB

Download
memory/9412-13053-0x000001577EBE0000-0x000001577ECFE000-memory.dmp

Filesize
1.1MB

Download
memory/11060-13056-0x000001D55AA90000-0x000001D55AB66000-memory.dmp

Filesize
856KB

Download
memory/11060-12947-0x00007FF907D00000-0x00007FF907D01000-memory.dmp

Filesize
4KB

Download
memory/11060-12948-0x00007FF908AE0000-0x00007FF908AE1000-memory.dmp

Filesize
4KB

Download
memory/16220-13900-0x000001E8CB8F0000-0x000001E8CB9C6000-memory.dmp

Filesize
856KB

Download
memory/18252-13848-0x0000016501CC0000-0x0000016501D96000-memory.dmp

Filesize
856KB

Download
memory/22088-13916-0x0000021CDB280000-0x0000021CDB356000-memory.dmp

Filesize
856KB

Download