hxxps://cdn[.]discordapp[.]com/attachments/1311132903513784388/1311379460439670867/SteamtoolsSetup[.]exe?ex=6757254b&is=6755d3cb&hm=6ff1dda99a5dc913e3645f609584cf02a861a25bbb26f55383f4b6bb433391f2&

Analysis

max time kernel
478s
max time network
481s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
09-12-2024 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1311132903513784388/1311379460439670867/SteamtoolsSetup.exe?ex=6757254b&is=6755d3cb&hm=6ff1dda99a5dc913e3645f609584cf02a861a25bbb26f55383f4b6bb433391f2&

Score

8^/10

steam discovery persistence phishing

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation	SteamtoolsSetup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe

Executes dropped EXE 30 IoCs

pid	Process
3740	SteamtoolsSetup.exe
1780	SteamSetup.exe
5228	steamservice.exe
5136	steam.exe
8408	steam.exe
8356	steamwebhelper.exe
8300	steamwebhelper.exe
1592	steamwebhelper.exe
232	steamwebhelper.exe
5512	gldriverquery64.exe
5108	steamwebhelper.exe
6196	steamwebhelper.exe
7544	gldriverquery.exe
7520	vulkandriverquery64.exe
7388	vulkandriverquery.exe
10192	steamwebhelper.exe
10780	steamwebhelper.exe
7884	SteamtoolsSetup.exe
9816	Steamtools.exe
7716	steam.exe
6912	steamwebhelper.exe
2444	steamwebhelper.exe
4324	steamwebhelper.exe
5976	steamwebhelper.exe
6788	gldriverquery64.exe
8312	steamwebhelper.exe
7524	steamwebhelper.exe
6308	gldriverquery.exe
1744	vulkandriverquery64.exe
2768	vulkandriverquery.exe

Loads dropped DLL 64 IoCs

pid	Process
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8356	steamwebhelper.exe
8356	steamwebhelper.exe
8356	steamwebhelper.exe
8356	steamwebhelper.exe
8300	steamwebhelper.exe
8300	steamwebhelper.exe
8300	steamwebhelper.exe
8408	steam.exe
1592	steamwebhelper.exe
1592	steamwebhelper.exe
1592	steamwebhelper.exe
1592	steamwebhelper.exe
1592	steamwebhelper.exe
1592	steamwebhelper.exe
1592	steamwebhelper.exe
1592	steamwebhelper.exe
1592	steamwebhelper.exe
8408	steam.exe
232	steamwebhelper.exe
232	steamwebhelper.exe
232	steamwebhelper.exe
8408	steam.exe
5108	steamwebhelper.exe
5108	steamwebhelper.exe
5108	steamwebhelper.exe
6196	steamwebhelper.exe
6196	steamwebhelper.exe
6196	steamwebhelper.exe
6196	steamwebhelper.exe
10192	steamwebhelper.exe
10192	steamwebhelper.exe
10192	steamwebhelper.exe
10780	steamwebhelper.exe
10780	steamwebhelper.exe
10780	steamwebhelper.exe
10780	steamwebhelper.exe
10780	steamwebhelper.exe
10780	steamwebhelper.exe
7716	steam.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_060_vehicle_0010.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\dualshock_4_norwegian.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_dpad_swipe.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\shaders\D3D10Overlay.fxo_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_rt_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_color_button_square.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_l_right_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_rb_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\filter_profanity_brazilian.txt.gz_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_070_setting_0302.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_030_inv_0304.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_090_media_0160.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_p3_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\c13.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steamclean_thai.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_l1.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_touchpad_swipe_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\joyconpair_right_sr_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_l2.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_ltrackpad_ring_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox_button_share_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\EditTokenDialog.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\loop_8.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\vgui_hungarian.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_button_x_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_color_button_circle_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\chromehtml.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_rt_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_thai.txt.gz_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0330.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0070.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\friend_join.wav_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_down_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_dpad_touch_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_up_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_ltrackpad_right.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\cmnd_mouse.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_color_outlined_button_x_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\subvalidatecontactemailintro.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0518.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\switch_controller_brazilian.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_mouse_scroll_up_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_button_b_md-1.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_ring.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_touchpad_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\chrome_200_percent.pak_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\templates\controller_mobile_touch_gamepad_platformer.vdf_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\sounds\deck_ui_tile_scroll.wav_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_110_social_0130.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\loop_2.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\btnDefTopLeft.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\vgui_spanish.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_ltrackpad_up_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_rstick_down_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\bins_cef_win32_win7-64.zip.vz.5d41c5768c044ac28d94371cf8ba81848fc607cc_106341955	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_050_menu_0306.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_ltrackpad_left_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\layout\htmlpopup.layout_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_070_setting_0040.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0410.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\creditcard_back.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_security_steam.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_rtrackpad_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\friendsui_romanian-json.js_	steam.exe

Drops file in Windows directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8356_470113370\_platform_specific\win_x64\widevinecdm.dll.sig	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8356_470113370\manifest.json	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8356_470113370\_metadata\verified_contents.json	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8356_470113370\manifest.fingerprint	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8356_470113370\_platform_specific\win_x64\widevinecdm.dll	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8356_470113370\LICENSE	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
8640	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133781820538013805"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 41 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steamlink\Shell\Open	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steam\Shell\Open	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steamlink\DefaultIcon	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steamlink\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\steamlink\Shell	steamservice.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 492470.crdownload:SmartScreen	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
9816	Steamtools.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
528	chrome.exe
528	chrome.exe
4816	msedge.exe
4816	msedge.exe
888	msedge.exe
888	msedge.exe
5336	identity_helper.exe
5336	identity_helper.exe
5688	msedge.exe
5688	msedge.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
1780	SteamSetup.exe
5984	chrome.exe
5984	chrome.exe
5984	chrome.exe
5984	chrome.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe
8408	steam.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
8408	steam.exe
9816	Steamtools.exe
7716	steam.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
8356	steamwebhelper.exe
8356	steamwebhelper.exe
8356	steamwebhelper.exe
8356	steamwebhelper.exe
8356	steamwebhelper.exe
8356	steamwebhelper.exe
8356	steamwebhelper.exe
8356	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
8408	steam.exe
9816	Steamtools.exe
9816	Steamtools.exe
9816	Steamtools.exe
9816	Steamtools.exe
7716	steam.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 528 wrote to memory of 3080	528	chrome.exe	81
PID 528 wrote to memory of 3080	528	chrome.exe	81
PID 528 wrote to memory of 4288	528	chrome.exe	82
PID 528 wrote to memory of 4288	528	chrome.exe	82
PID 528 wrote to memory of 4288	528	chrome.exe	82
PID 528 wrote to memory of 4288	528	chrome.exe	82
PID 528 wrote to memory of 4288	528	chrome.exe	82
PID 528 wrote to memory of 4288	528	chrome.exe	82
PID 528 wrote to memory of 4288	528	chrome.exe	82
PID 528 wrote to memory of 4288	528	chrome.exe	82
PID 528 wrote to memory of 4288	528	chrome.exe	82
PID 528 wrote to memory of 4288	528	chrome.exe	82
PID 528 wrote to memory of 4288	528	chrome.exe	82
PID 528 wrote to memory of 4288	528	chrome.exe	82
PID 528 wrote to memory of 4288	528	chrome.exe	82
PID 528 wrote to memory of 4288	528	chrome.exe	82
PID 528 wrote to memory of 4288	528	chrome.exe	82
PID 528 wrote to memory of 4288	528	chrome.exe	82
PID 528 wrote to memory of 4288	528	chrome.exe	82
PID 528 wrote to memory of 4288	528	chrome.exe	82
PID 528 wrote to memory of 4288	528	chrome.exe	82
PID 528 wrote to memory of 4288	528	chrome.exe	82
PID 528 wrote to memory of 4288	528	chrome.exe	82
PID 528 wrote to memory of 4288	528	chrome.exe	82
PID 528 wrote to memory of 4288	528	chrome.exe	82
PID 528 wrote to memory of 4288	528	chrome.exe	82
PID 528 wrote to memory of 4288	528	chrome.exe	82
PID 528 wrote to memory of 4288	528	chrome.exe	82
PID 528 wrote to memory of 4288	528	chrome.exe	82
PID 528 wrote to memory of 4288	528	chrome.exe	82
PID 528 wrote to memory of 4288	528	chrome.exe	82
PID 528 wrote to memory of 4288	528	chrome.exe	82
PID 528 wrote to memory of 392	528	chrome.exe	83
PID 528 wrote to memory of 392	528	chrome.exe	83
PID 528 wrote to memory of 2848	528	chrome.exe	84
PID 528 wrote to memory of 2848	528	chrome.exe	84
PID 528 wrote to memory of 2848	528	chrome.exe	84
PID 528 wrote to memory of 2848	528	chrome.exe	84
PID 528 wrote to memory of 2848	528	chrome.exe	84
PID 528 wrote to memory of 2848	528	chrome.exe	84
PID 528 wrote to memory of 2848	528	chrome.exe	84
PID 528 wrote to memory of 2848	528	chrome.exe	84
PID 528 wrote to memory of 2848	528	chrome.exe	84
PID 528 wrote to memory of 2848	528	chrome.exe	84
PID 528 wrote to memory of 2848	528	chrome.exe	84
PID 528 wrote to memory of 2848	528	chrome.exe	84
PID 528 wrote to memory of 2848	528	chrome.exe	84
PID 528 wrote to memory of 2848	528	chrome.exe	84
PID 528 wrote to memory of 2848	528	chrome.exe	84
PID 528 wrote to memory of 2848	528	chrome.exe	84
PID 528 wrote to memory of 2848	528	chrome.exe	84
PID 528 wrote to memory of 2848	528	chrome.exe	84
PID 528 wrote to memory of 2848	528	chrome.exe	84
PID 528 wrote to memory of 2848	528	chrome.exe	84
PID 528 wrote to memory of 2848	528	chrome.exe	84
PID 528 wrote to memory of 2848	528	chrome.exe	84
PID 528 wrote to memory of 2848	528	chrome.exe	84
PID 528 wrote to memory of 2848	528	chrome.exe	84
PID 528 wrote to memory of 2848	528	chrome.exe	84
PID 528 wrote to memory of 2848	528	chrome.exe	84
PID 528 wrote to memory of 2848	528	chrome.exe	84
PID 528 wrote to memory of 2848	528	chrome.exe	84
PID 528 wrote to memory of 2848	528	chrome.exe	84
PID 528 wrote to memory of 2848	528	chrome.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1311132903513784388/1311379460439670867/SteamtoolsSetup.exe?ex=6757254b&is=6755d3cb&hm=6ff1dda99a5dc913e3645f609584cf02a861a25bbb26f55383f4b6bb433391f2&
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffacd87cc40,0x7ffacd87cc4c,0x7ffacd87cc58
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2020,i,2898705381401246365,6886265459737240924,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1916,i,2898705381401246365,6886265459737240924,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,2898705381401246365,6886265459737240924,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2252 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,2898705381401246365,6886265459737240924,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,2898705381401246365,6886265459737240924,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5024,i,2898705381401246365,6886265459737240924,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5008,i,2898705381401246365,6886265459737240924,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4024,i,2898705381401246365,6886265459737240924,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5324,i,2898705381401246365,6886265459737240924,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5480,i,2898705381401246365,6886265459737240924,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5772,i,2898705381401246365,6886265459737240924,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5780 /prefetch:8
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4972,i,2898705381401246365,6886265459737240924,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4140 /prefetch:8
  2⤵
  PID:4080
- C:\Users\Admin\Downloads\SteamtoolsSetup.exe
  "C:\Users\Admin\Downloads\SteamtoolsSetup.exe"
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3716,i,2898705381401246365,6886265459737240924,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5656,i,2898705381401246365,6886265459737240924,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5244,i,2898705381401246365,6886265459737240924,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3844 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5312,i,2898705381401246365,6886265459737240924,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5360,i,2898705381401246365,6886265459737240924,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5268,i,2898705381401246365,6886265459737240924,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5744,i,2898705381401246365,6886265459737240924,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5984

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3600

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffabab446f8,0x7ffabab44708,0x7ffabab44718
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,11795483762907332729,8565069436974480738,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,11795483762907332729,8565069436974480738,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,11795483762907332729,8565069436974480738,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3068 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11795483762907332729,8565069436974480738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11795483762907332729,8565069436974480738,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11795483762907332729,8565069436974480738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2760 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11795483762907332729,8565069436974480738,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,11795483762907332729,8565069436974480738,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  PID:6104
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x264,0x268,0x26c,0x240,0x270,0x7ff762285460,0x7ff762285470,0x7ff762285480
    3⤵
    PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,11795483762907332729,8565069436974480738,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11795483762907332729,8565069436974480738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11795483762907332729,8565069436974480738,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11795483762907332729,8565069436974480738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11795483762907332729,8565069436974480738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11795483762907332729,8565069436974480738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11795483762907332729,8565069436974480738,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11795483762907332729,8565069436974480738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11795483762907332729,8565069436974480738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11795483762907332729,8565069436974480738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11795483762907332729,8565069436974480738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,11795483762907332729,8565069436974480738,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6908 /prefetch:8
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11795483762907332729,8565069436974480738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,11795483762907332729,8565069436974480738,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:6136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,11795483762907332729,8565069436974480738,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5688
- C:\Users\Admin\Downloads\SteamSetup.exe
  "C:\Users\Admin\Downloads\SteamSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1780
- - C:\Program Files (x86)\Steam\bin\steamservice.exe
    "C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,11795483762907332729,8565069436974480738,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11795483762907332729,8565069436974480738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:6564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11795483762907332729,8565069436974480738,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1428 /prefetch:1
  2⤵
  PID:6576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5284

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:5136
- C:\Program Files (x86)\Steam\steam.exe
  "C:\Program Files (x86)\Steam\steam.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:8408
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=8408" "-buildid=1733265492" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - Checks processor information in registry
    - Suspicious use of SendNotifyMessage
    PID:8356
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1733265492 --initial-client-data=0x28c,0x290,0x294,0x288,0x298,0x7ffabbe6af00,0x7ffabbe6af0c,0x7ffabbe6af18
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:8300
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1580,i,14112190666237499418,3366020078591747224,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1584 --mojo-platform-channel-handle=1572 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1592
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2192,i,14112190666237499418,3366020078591747224,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2196 --mojo-platform-channel-handle=2188 /prefetch:3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:232
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2784,i,14112190666237499418,3366020078591747224,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2788 --mojo-platform-channel-handle=2776 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5108
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,14112190666237499418,3366020078591747224,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3144 --mojo-platform-channel-handle=3136 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:6196
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=3656,i,14112190666237499418,3366020078591747224,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3660 --mojo-platform-channel-handle=644 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:10192
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3852,i,14112190666237499418,3366020078591747224,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3840 --mojo-platform-channel-handle=3788 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:10780
- - C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:5512
- - C:\Program Files (x86)\Steam\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:7544
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:7520
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:7388

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x3b0
1⤵
PID:7836

C:\Windows\explorer.exe
"C:\Windows\explorer.exe" shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
1⤵
PID:8964

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies registry class
PID:9664

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3056

C:\Users\Admin\Downloads\SteamtoolsSetup.exe
"C:\Users\Admin\Downloads\SteamtoolsSetup.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:7884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /IM Steamtools.exe /F >nul 2>&1
  2⤵
  PID:8712
- - C:\Windows\system32\taskkill.exe
    taskkill /IM Steamtools.exe /F
    3⤵
    - Kills process with taskkill
    PID:8640
- C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe
  "C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:9816
- - C:\program files (x86)\steam\steam.exe
    "C:\program files (x86)\steam\steam.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:7716
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=7716" "-buildid=1733265492" "-steamid=0" "-logdir=C:\program files (x86)\steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\program files (x86)\steam\clientui" "-steampath=C:\program files (x86)\steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Drops file in Windows directory
      Checks processor information in registry
      PID:6912
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\program files (x86)\steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1733265492 --initial-client-data=0x284,0x290,0x294,0x280,0x298,0x7ffabbe6af00,0x7ffabbe6af0c,0x7ffabbe6af18
        5⤵
        Executes dropped EXE
        
        PID:2444
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1588,i,10785863420854029744,12979695208440452652,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1600 --mojo-platform-channel-handle=1580 /prefetch:2
        5⤵
        Executes dropped EXE
        
        PID:4324
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2344,i,10785863420854029744,12979695208440452652,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2348 --mojo-platform-channel-handle=2340 /prefetch:3
        5⤵
        Executes dropped EXE
        
        PID:5976
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2804,i,10785863420854029744,12979695208440452652,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2808 --mojo-platform-channel-handle=2700 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:8312
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,10785863420854029744,12979695208440452652,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3176 --mojo-platform-channel-handle=3168 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:7524
  - - C:\program files (x86)\steam\bin\gldriverquery64.exe
      .\bin\gldriverquery64.exe
      4⤵
      Executes dropped EXE
      PID:6788
  - - C:\program files (x86)\steam\bin\gldriverquery.exe
      .\bin\gldriverquery.exe
      4⤵
      Executes dropped EXE
      PID:6308
  - - C:\program files (x86)\steam\bin\vulkandriverquery64.exe
      .\bin\vulkandriverquery64.exe
      4⤵
      Executes dropped EXE
      PID:1744
  - - C:\program files (x86)\steam\bin\vulkandriverquery.exe
      .\bin\vulkandriverquery.exe
      4⤵
      Executes dropped EXE
      PID:2768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\bin\SteamService.exe

Filesize
2.5MB

MD5
ba0ea9249da4ab8f62432617489ae5a6

SHA1
d8873c5dcb6e128c39cf0c423b502821343659a7

SHA256
ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d

SHA512
52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
14KB

MD5
e928a7953602819a0fe2995663eab350

SHA1
498b68d3b91dd1a9ef1cd1c3c91bad8d54336df5

SHA256
791c11838b1ffbc5d3aa518296edbaf17bc568741ef80c2919bf18156e122424

SHA512
83e72df1c878e1f807388f753f6631ac60a522a7ce4a852c29e72b5058422678f014e1794779da6e9a08eafc62a5c830446119899b8082580111519f717e29d8

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
15KB

MD5
77ac6038d0675653e4f186ee988728fe

SHA1
383fcad3bbe534c51b04c782c66db9155680445f

SHA256
0b7d75b81197067ed85305ed5cc7f00ae496e435cbe31a4948fb7f5249d3b886

SHA512
58562c4e66f2fdd8031acb5f0e42cf9f5878ca88dfed78b2ba87074b37bce0e19d6fb5f241e33fa1042426c592d0128d521691382a72d71cc640c268ecac1b6a

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
15KB

MD5
6aa0df40624ae2b4bf9b9cc3d9b50095

SHA1
239ec3e34ea4e02cd521c5e2928c0038bad213d2

SHA256
a73a20c45c349670ea8014502ee5b52a7efac70bbed576833b09dc8117aa683d

SHA512
201c713204f0b62eca5552376c67df807b521780ed2f4635b82a2b1026554759b742cfdc3d9098514085096746e56397579b960169f231178087cb28d1ec321e

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
14KB

MD5
304dd9b2e5b0a69dcd5f274c56a8e8e0

SHA1
a7728cb159ca060d2c3c4bc4f23cb0dd59cf3c13

SHA256
9f286efc001ada6aba3025883d6d0f50d6457146ddf5ef0aa53dded49d01e5db

SHA512
e40a301c87c2471ebd69a3d973471c83a242d5d5f5576ff790b3ce1da86f6c072c385cf74c307f1de4e721e271b9ad0c5fe3bc2b045833ac9eae2ea26b2ccd73

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
14KB

MD5
3db999394571cf58bc4d744e5a6f19da

SHA1
48c2f1e4f91bead0771e5ad5b9e3a7501a5646cf

SHA256
b3c4eed85b4a060b145eee7531b5508894235424fd99db3afa7df93f37d9e84e

SHA512
c310c18efab2ce8ace62fac5289994102f5b5d0ebded27825e92a36ed045e43f0dc40e9dd87ac070de32dfe6d664c50aba56ec8c55de19d81779acd7069c9d70

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf~RFe5a8473.TMP

Filesize
184B

MD5
3cdebc58a05cdd75f14e64fb0d971370

SHA1
edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe

SHA256
661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7

SHA512
289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

Download Submit
C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe

Filesize
16.3MB

MD5
1a475aa5000d3958df447de17e0dc14b

SHA1
8a45a8a2b38a524633a99abc7994aa0ac46c03ce

SHA256
1208c4d240918ab0b4767bc6a5c0cbe83ee7f21408fb0c5ea68769ebea759b3e

SHA512
e86be352a5732d18db772f3fc80a70ebb223d68148057663ed18aab5c2221fe6d1cb48d4f4e22940419e9144aeacdc03ea05739352f86aed7ce967afd7e80911

Download Submit
C:\Program Files (x86)\Steam\logs\cef_log.previous.txt

Filesize
23KB

MD5
606f7ea8d96e19dfe9cbeeb5479e49c2

SHA1
ae59490e3a8bbb9b3ccff2f85142f8ab04e878b3

SHA256
4eefdf65daa8a3db28b834d1efceca3ab84e4397055fcd783deec55d7c16825e

SHA512
3e29bcaeb9cbaaa2fdee5741734e79307610cd9a5ab024b2a5737135c1ac9415b36b8ac7efdd725006868f10bad2c3d989dd885fb2a02172bd3fba47dff6c203

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

Filesize
4KB

MD5
0340d1a0bbdb8f3017d2326f4e351e0a

SHA1
90d078e9f732794db5b0ffeb781a1f2ed2966139

SHA256
0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544

SHA512
9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

Filesize
6KB

MD5
4c81277a127e3d65fb5065f518ffe9c2

SHA1
253264b9b56e5bac0714d5be6cade09ae74c2a3a

SHA256
76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9

SHA512
be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

Filesize
4KB

MD5
2158881817b9163bf0fd4724d549aed4

SHA1
c500f2e8f47a11129114ee4f19524aee8fecc502

SHA256
650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7

SHA512
f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

Filesize
4KB

MD5
03b664bd98485425c21cdf83bc358703

SHA1
0a31dcfeb1957e0b00b87c2305400d004a9a5bdb

SHA256
fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115

SHA512
4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

Filesize
4KB

MD5
31a29061e51e245f74bb26d103c666ad

SHA1
271e26240db3ba0dcffc10866ccfcfa1c33cf1cc

SHA256
56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192

SHA512
f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

Filesize
4KB

MD5
da6cd2483ad8a21e8356e63d036df55b

SHA1
0e808a400facec559e6fbab960a7bdfaab4c6b04

SHA256
ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6

SHA512
06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

Filesize
4KB

MD5
9e62fc923c65bfc3f40aaf6ec4fd1010

SHA1
8f76faff18bd64696683c2a7a04d16aac1ef7e61

SHA256
8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7

SHA512
c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

Filesize
4KB

MD5
10c429eb58b4274af6b6ef08f376d46c

SHA1
af1e049ddb9f875c609b0f9a38651fc1867b50d3

SHA256
a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13

SHA512
d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

Filesize
4KB

MD5
5c026fd6072a7c5cf31c75818cddedec

SHA1
341aa1df1d034e6f0a7dff88d37c9f11a716cae6

SHA256
0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382

SHA512
f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

Filesize
6KB

MD5
189ba063d1481528cbd6e0c4afc3abaa

SHA1
40bdd169fcc59928c69eea74fd7e057096b33092

SHA256
c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695

SHA512
ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

Filesize
4KB

MD5
18aaaf5ffcdd21b1b34291e812d83063

SHA1
aa9c7ae8d51e947582db493f0fd1d9941880429f

SHA256
1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5

SHA512
4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

Filesize
4KB

MD5
1514d082b672b372cdfb8dd85c3437f1

SHA1
336a01192edb76ae6501d6974b3b6f0c05ea223a

SHA256
3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4

SHA512
4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
3cf0c95904448d72c20a139d73722a1f

SHA1
2895131bc91a4215149f65b53b22f6f37ad7a65b

SHA256
c781eb6070e825688fbad716cb313006f3017a74d37a29f0e480cf4e4e196d26

SHA512
65a682c5e63e93064535a6556dcf51cdd80197b73e92dada908773457d7e32436e466ef43c9295623949da0b8164e05b3e2ecf3922a12cc57bec9e6a32703b46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a81d64b9c95e80ef741a5a836ec0c5f8

SHA1
047c636033dbbad5196a43b6ac28b272089b9ac8

SHA256
fe0807fced95e7128a11842247b7c13ed5adc4ea152c8f1f8ae5361b93f067e6

SHA512
ed97145d55ec9aeaf43fcaaef046c74be664d8d14456c1d9e912b4409ef60c616d94da026771ff8f9eed8c8049ebfc01c43328c49a61d9d587460591bd2d9bfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
978KB

MD5
bbf15e65d4e3c3580fc54adf1be95201

SHA1
79091be8f7f7a6e66669b6a38e494cf7a62b5117

SHA256
c9f2e2abb046ff2535537182edf9a9b748aa10a22e98a1d8c948d874f4ffb304

SHA512
9bb261b4ed84af846e07ffb6352960687e59428fd497faa0a37d70b57a1a7430d48ac350fbb0c3f0f11e4231a98ebca4d6923deba0949fdd7a247a3c02737355

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
5f50f46f2e818bcf0da73ec4045c4ab9

SHA1
9c018626e9e7aadf830e092df1dce21e6bd7635c

SHA256
d90234fe5d0c563a71b2583bb3cfac4cc38a62043f3f5649919c8baf9cbf0d67

SHA512
2081dd696ce06bf5436d014010bf747399331aa5c8fdf4963c8af1aebd5364410d1f5dceb873a93fcbd3b3de35f6bd01647593a8ff36de131332ba01ff9b8a31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5c7042af3ce41bbbdb878e276fcfa2a2

SHA1
bb97a18bc39aa3e4845f12a38f4207f7244dbd7f

SHA256
0489db8f7e904a73c0402e41c5a7884d605fcf2f2a7bf79cb7049c8ff52105ca

SHA512
500750f06e557d758f1b79401d380ab87b81b40f9df501b2b21f0471fa13d3dd0e64d6f71a5ef5addc9cb158f1ff01be1ae8edb9a728b4301feb5a65c789c550

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4a57bb84a779c7398a05fcf6cd28f4af

SHA1
d9101a2fd113c03450bc51e1fe2611daaa21ea4a

SHA256
2e95dbe555f351a88c2621038b994c1eaac36f2214e4a68c17b93695852a3de7

SHA512
faa4073afe1ec016bc1e85c8d6b1a5ddf107e3a2d86110d01bf5b9e1a25264b953a371f8d73c7e601a63aed1d4b2fe191313c209511141473d0375a0d67cff2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
24f2db9d029163acbba378f2b9471690

SHA1
a3010801fce9a888d0372e95b2d85eb4f7e73304

SHA256
40590565741ef2a6a4b7928d7e7f400a1606ada1a8e747106afd8d1d471acbcd

SHA512
bf0e0bb252001638237a1c46d56f54009d6a13de45728e15bf04f2b82981d34b8d32f08758701d76c6693070889cd15b7220bcb455d4142f1958c6dabefd9894

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
86e342f08291a3863c5376dfeea46f9f

SHA1
27cdbb30aadcb621fcee66ab8b5ccf12cc6a4d0a

SHA256
9233c35cd34b60a79b2e85018cfdb76e5f8d9c813213b8127058223d4cbc40de

SHA512
3181dacfebcb358cb6432016c54f66686ec5a39b97599482d8a5f5b375da52b7294ac25e59df1a5ea5fcf135d197aece06bb948b5770a0f5d2831e2e425cfb76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7bcbf32d436a6f4a7e84463a9a44f37d

SHA1
29b30bfe657cabe37a7a5553fb83e62f02e6e739

SHA256
c2d60d06bdb71ceaed7f2f5a8482a3b30bf7970192368e833aca2a3f755cefdd

SHA512
ddda3807ec4bf1c42d44c272b2300bec46a5d973617d53289ee2f00d8773c7ac62c9bf1dcdc2a2b0d78f151927c08a32b76c8c876fdfc8d664159a0fa32c4bab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
99d926b7a8438e4012fd8a57850a924f

SHA1
5a69a9d6612d8980ab4be72505b3f570379b19f1

SHA256
a66ce2b592c92fdb619701e92c621f60d9b1382b25fd08eecc8a7357eda25336

SHA512
05863d67790df1bbc5f58aa8020b97da2b00c8528b87be8189302755db64124682393c7e020a9e11aa358a3a7513fc0383566dffd8843995a8f685c8b7d984c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c83f2fe4180cdb38df3798a988817e51

SHA1
4ea4fec576a65f360be42a4471741f2d2d910a0d

SHA256
0aa092908348cf44d83fbf2f880a3ae45596ccdb944ea6cde1890493c430e16a

SHA512
24615972392c6e21132168fdae670cac319acd9633bbc1732c0eb101cb492b9a80beb59fd89d887c3059a0cd39b44fb26ef33840c33cb7db2958a244aa8508f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5638e16dcb2e324a240987d9247c6248

SHA1
010e74ae266290db73f5a031552a88f0b87cc056

SHA256
b86d288b58cb0685a1b297d7fe2a4f8afd962fcd90373461cbbd1db639c80b33

SHA512
8d4054f6a4e5ac900131f57540f214b53bc43089073c52ef472634d713aa3c04bc1105ff9810e59d3f5fca006a29b5a384a8183e935668b540c1cfe68f26ed18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3655087022e4e4f0711e394952941dbc

SHA1
f85584abe7eb13213ca3852e561121d906a8fda4

SHA256
2734f39b7f46086db90c4df9db633d4319d3cecbfb7d48764a1c959257cf83c5

SHA512
f223d5f6350b5daf4a7978b38d27ac104f001a212738bcb3a720bb913b4d89b758ecc02cb71c9253ce4eab66dc0d52c664ac0e0254057ca771030457b8427a74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8c948c57f7be2bdf55ff30bb32cdd4b3

SHA1
f84fe22f03cd66d06cc844f554f4f7b5f36fdd0d

SHA256
c440fbbdd692b2dbc19df08487a5404febc8a1a87a5abb4fa9a4fbefe634eef5

SHA512
891945d7d174f5b8ea816853b6117340b04826bf5c869ce2126d3063c70966e3a88054fa447d2fab4c395ec00c768a9782ef6ac05e02d4c5509f6e0d03b74278

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fe90bf9e5cc168e0038d557542d3d535

SHA1
53852def357346e6dc118a4df501570bc5aaa7fe

SHA256
6417ece8bba68d4ac6fdda89896b12b28011db3f703a304f6ed4b9693cf6b876

SHA512
70b20e12643bb1fa01cb30cb2473a2e0c594d321fe2a7913aab0b063e33b35f9fb4bf3e22b968bc4357e4eef7cdb6acc522a9fa901bb3d16f06d4681cdb8d5e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c26b6bafdcd84bca465435231bc84eea

SHA1
544253e87427ff5938602ad7b7ec1d42044c3f6f

SHA256
4910775a82c718f0051c1b8edaaed78b0ce0b480d27f47ef72e0076a763aed4d

SHA512
bad650e4611572127e1efb88c03333f6117193ea7a382faec801824a22fcd314b148fb3be5dc67ec1f283eaa73b9dbb7e2639d4a302f67c88b53fcaed7757adc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f462c7bff30fca3a64876d56f03134d4

SHA1
1734ef0faaf2472065dfa7bbb707d99ccd06b9a3

SHA256
600fa85bf26c0c264a8acc3fa82e7b9c264fb96698e3fd38c2c0291ff1659b06

SHA512
3456b159fc03b617f72f37dafc388dfc362d5d58b77cb902a89e7ac7a4cd62783977eaa08e2aad02bf6323bb285fd4c48ff7c6cec49951410b6044914a50cb8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e3891094fb7c67f16d0e3a3d4a3d891c

SHA1
5cb7d39a155bd5d82a88d88f59b10c15af4b9280

SHA256
b3e42d454834e8c5177afcbb89cae0745ffe89d573b411b9d395f781cd852929

SHA512
3b9c1858e2b194962631af8ce0ebe39293973df68c7c2fc484f085f32fe289cf8e3612cbcc6e924f9998cfa5cc2fd48453b85eace31db4a7c602db1ae68e4453

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
755de21b0433f3996293f0931d83f033

SHA1
ff3d1ebc423ea35880c5a2d008d29a993c78fce3

SHA256
343069bd5fd2ec9072fc981c5a270dd5d74da0a289d9f053cc22140130f0c29a

SHA512
8e26a67a85f0b143dc5153e7f69e977b6f059878e0bc19561214e60e31ce9b64c6ebc87059f71e2b88f998a0f82291e0e49e0b30090098a60b978de2b3bd08ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c5584d81292719b5bf4e9bd391c9974c

SHA1
464fdda2938e07fba3588a22ebc5d8018da84df2

SHA256
079613bacfa4151bacd23a3e36865ab242b12074f9d076f3630e856e061640d3

SHA512
8b226839544e4a90f71446a9cd7d7dd379cfd3efea5f135844a91ae2d6c211cd7b6964abc7c227c74bd55e26b9ba5b02c8d51aa683d4ce37a54b1d7c1ddf8994

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
72d4520363a9d7c72b550e807694b450

SHA1
6877aa156a3fc54c0bcd7f542e7b1c59ef4a57f2

SHA256
b9d56ee826d3983263588ab69f2c0c0d3390176c0148c643457ef6d7fa7905fc

SHA512
37b0a4bd20c2e2583667e4adacf16997ec81a7972827a5470a001de94c100fa718e7022334f2befdd5e4e4359b811b743f9b9841eaeb048c45a24cfd63681d0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
53451114e07f74d0acd78348a019f2b4

SHA1
fb66899b2021bdaae78157d07ae9a2ba6052f56f

SHA256
21808839305a1e711b256b9d56a19402be1e6010594150cfac7fe336c66a95e5

SHA512
0394df8f23fc5cbc91cbcbe75bbd95dd0a177bff30a9a63582139090830b02a35479f453f03c7f7bc66f788b0b59464d674375790c8d892b80ea639c6dfb32b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8ae0ab55f54efbb11195cad208e314e3

SHA1
64b4b29925dfacdb701c773bc8d2f643b5677437

SHA256
3d04869644a13f5ea0c97d0f325fc00c243ff0df5ff10c8be9d0c1d5f4cd72e8

SHA512
693335e5b1e6c749ef0209c9d152bb8913ad54d1e883f952e619e950dc5ef4fb8558eb76d45b9e704053c5d8d7e7b2b6dba77e3c6187e8f795c3ee6ca74fa608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5ad46791afb50fbae9633ebb14235019

SHA1
1893a9e435776801c1574a685c7ad87569ba9365

SHA256
5c29387eaa4e9ab0e5f530e858359ccc27f510ebdb56d8e1788492c7aa479e5b

SHA512
8f2ba117be345cfc84099c8387ee1911274ae2eedddc4c5fde359e1acfac2e1ed6cb7e5881f968e482d39a1079bfda2aff5530c30c7b184492ba55751ad5f0e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c1eb8f27a0253ef6870f833d5aeba214

SHA1
242e8da137a987ad9d37dec703a49f4b5ccde821

SHA256
1e4495122e09722ccbafd5e1e7b70a796dabbc4e7e9ebb7e7923ef8d6f66f87a

SHA512
6e60a083e73228663f5853ff2ddcf3b61dac3d09e76da807457f54d6c1f1c8ab03c3aec5b1d9e39e874aa42bc7f7c7e2663a3b725389b288a2700de5112b2fbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a5bcf849df43a2c86dfe2283931f21bf

SHA1
fb56b0292dea23b52913cd9f31d453e820e311c4

SHA256
3dcdceda7c959457741a35c0d8a8b7bff6f7c99532528c3b6395853ee5f31f87

SHA512
05824656651834c8989d4f5f3203bb445527744ccf3c58099366101db2759dad9e1701841a295787350fff0f9d0bde946617b3fe292741e9f77d5e0b863cad17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
78c61ca17fbc92759c3213bb91f9832b

SHA1
3832674631e289cf37a1a2b4dfe14fae39e59d50

SHA256
5fd3a695eebf558eb4092040dc86ef4501eb8eb81e702125a82f5626c536b12e

SHA512
bdb71b1e4bb602cdbd2de3e2597b680a3f3fb6dd27d83f4d9e1d77e55321d3088ac073140e3c2e5410c03a675f480a72d38431256e412bbcca6fdc0bd7d01310

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2111a4884ee717801884c503432c79cf

SHA1
eb400eabf85b7ccf1841f40af18f80cd23503fa6

SHA256
9cd2b6d6c771c09922d03857ca4b0dcd3b68d0fe384410e5f945fb0cc538285f

SHA512
58b270a743dcd3375ac0b69b1f48b4102e303deaffdc6b43db02e4133c2e82adf4a670c618af8ef5fc8327558e1fd3d1b5be65b8448ec5d2f034ae57f4f5399d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
813152469716ad047345c0b176f997e3

SHA1
21d327536f8f93b37b77716af7abba67446c6a44

SHA256
f6c8c417af66a84f645bdb814e64831f6cf357512d270b5fbe84726e87626fd6

SHA512
71f2a3dcccc4e124c826354138472d3f84f9aabbf776becd7736d3cd3eabee5f6a3d2441aaf06b4afbef51c665bbf5bfeeda073ed46358524b4d37e5901b4f80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ff4a608177b93f8ab4de0be174e626de

SHA1
be05b99dd164979589601496ffa23528ec7833cc

SHA256
a42a80e9c1246d93b791550b556f2d50c0a19827c6391ca5c4378075dc9d3c00

SHA512
0ce4cfdbc00d7df871759dfb8cf9ea4fa617ae6b61de0ad67ae3bb39258188689417552243a4815fa03455e84d3f9a7615a4c80b6f724387c247e63c3a2f1845

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
3412ccc2366ef562dadd5ef2e77dcad9

SHA1
5b4cfbb2c73546f6448ef380c7ca4635e4224b2c

SHA256
b4eb66b850aa0ce87b600b2ee450fa6460936bcb402a99bf6470e43e94a76331

SHA512
23a0d2ec925c716f50988e1b76e5a04da39eeb82d4b3e76977aff8ef775913b930d10c1958982540bfb6a85b3a654887f87bade12923d96ccef1e272fc29cf06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
6fc5d4ac7ddc3aa639eccbcb5d4501b2

SHA1
0bc6629fcc86d8047f79f7b47af4d11a47fbc72e

SHA256
b4c1920272146d7d19b9493f3c0cd8259f902958bfb13de2e46b7b3069ffb202

SHA512
08012e78cf9705eb2f2af9a72c41ba6cad97f1ef3d62cd0e6be6de8c525ca70ca13f4734f8988861778600c4b43b0fac896048da5c82499c3f8d4fecd3280431

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
cc636d9f92122d4a25bd1c4bfd5fe9c6

SHA1
71f7526fd450ec6d6ee65afc7ee09eb63f7407e0

SHA256
49844e9dc0e52897bc0bc9f8726c043e01d089611af1770bbd2985602af6cacf

SHA512
62002678cfa42cfe81f0432a177b39681ecda7adf06389463c5ced6cbbe159bc3e4dfda8ef3b12ef43e6be09b85f1593d72a7793fb5f32d5a493fe2b5d7b525a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
b9a14b251634a92cf0ccbbc6f960988e

SHA1
2b18833920853cc729eec3de27bcbd1e794873fb

SHA256
209761bccb795fb26091b78d5ded7690c9659bc065b828ef5a684a2792523fd7

SHA512
04ad31fd608880bb8117ff211a9fa7c9410c02e8a2aa4afc3a8a4a6c191e2737b4d5b62d150bd9e94942ea1e4462185092b3e5817f9964c5b6d0b4193a6c543e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d9a93ee5221bd6f61ae818935430ccac

SHA1
f35db7fca9a0204cefc2aef07558802de13f9424

SHA256
a756ec37aec7cd908ea1338159800fd302481acfddad3b1701c399a765b7c968

SHA512
b47250fdd1dd86ad16843c3df5bed88146c29279143e20f51af51f5a8d9481ae655db675ca31801e98ab1b82b01cb87ae3c83b6e68af3f7835d3cfa83100ad44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9fc751d5fa08ca574eba851a781b900

SHA1
963c71087bd9360fa4aa1f12e84128cd26597af4

SHA256
360b095e7721603c82e03afa392eb3c3df58e91a831195fc9683e528c2363bbb

SHA512
ecb8d509380f5e7fe96f14966a4d83305cd9a2292bf42dec349269f51176a293bda3273dfe5fba5a32a6209f411e28a7c2ab0d36454b75e155fc053974980757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
1c4676b26cc1f852fb57ec7eb0e54f88

SHA1
d0c7743930e7c10c43e7a1d01e8cc3d490530427

SHA256
c4925eb6ce1877f70f0f8684a9e6d143ca2af4100fffbe11791b00ab336fb88f

SHA512
9d403aa92fdfac05a9e8bd21518a1cc8c612923e55d8b5b34b21f7061b970160d9607eb083d3083e38b69e1e918c6c50c0cae80d3527ec3f40675b88eff479f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
77344607b5997bb6b1e749b36ec83fda

SHA1
dd630f7786cb69e3ca9794b532e883ef5061db4e

SHA256
1368c9c6094fadb6bd640d10d990070789d1f14c2571adba59c0faf65f6a3371

SHA512
f5f13131323a53cc759e229b81ea4fe371be461513cf3a1bf0d685ffa256ef9a3d40ac7744358a058f706f1218392d490d6f76c3bf0e64577e0699d219c181d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
807B

MD5
5fc91412903f6b6e5d58d22ec95e16ad

SHA1
e64d6754b17ec7cf3e006ccc60c736398204b395

SHA256
7b4aeb8052e68bd50685664cb32803b765b475ecbbadb8e4a6bb37718f2ae8e5

SHA512
50cb7f681d6d156d994c3b64bf117a70512340e174e2135271847c4583cece850ecf6cc42d41ded0a75b4cef14d39d14de3e13798ac088b2f4948dc4bb754513

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
807B

MD5
8986c8622dab757b6e77f28b4e69e1d6

SHA1
c1523bd0981417e9e28b8b54687dfa202290f659

SHA256
7b89fb4c93b6ecf92eb8b87b8a5ce930aa8ab0d9f25fc503b6b8dc478c0aa2bc

SHA512
1b60cd185eb8a0229dab7edda2c1c9857dce69916682a3ba4acfbd9a21a5cf6df0fd499912d57726bf703c69bfc8c4b7b95d01852f30b9f44d76d254e8de7f8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe5937df.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
10f3fffdbc55773d2caf40a0d93897d2

SHA1
ff23b0cb8565b2fd32f1ce814b9cc3ad86f7f367

SHA256
ab7cc7cba231868f5aa298a30c3896cc796758006dc9fa6cb3d97d58e1a1650a

SHA512
f37da9e85ebf55283f2aaa72dcbb7f835fa4f5d8e0c5594ee5381bb65a0279d9ca4afef1fdbb219e74886431742531b15a296a733dae5ff0a1fea7ae6a3be4af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
16614d27cc7095388131569594807828

SHA1
412321f333a4899ae6a41dc5ac98e56555e6b756

SHA256
64b2e16c470c01a99c923566a1a8213042d71e50330254df408ed84acc4edd8d

SHA512
feb91035e9bdddcdb04462118bbe15eed8057af910affbc944abbc0de749dee32b0ab54bf7e0c89d279d8339e902746ccb4a31afb8eea8c606b5224496d803c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
0b9acff59e18f4d06a68fa1f280f4cb8

SHA1
ce5fc83c926748b7df9566a1c05a87b4a11f978a

SHA256
f0110df1a4aa37b50b1cab92ea5d4629ac18247052afea3579635f5fe33859a5

SHA512
33b613ff9bbe888040a035baaa5a2bef94fb94cd601ef8f09cf347c4a1ae6f873cf6a6c0460e2cf0d78ef36e8e282e16675c6915c9a86d9e845d13d37458c0b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8557c5c2508a51bb9af88d3dd894b7b9

SHA1
cb77c58922b1830bd7378871353a5d0b41f7cce0

SHA256
ed4f99de4ef29a38de2883ce73720562217208a767a3a768e2a840fedf36c95c

SHA512
ee052cf6bd2416643ccc15bab2266a8da9f9d9cd0b713598820ff9720bb152557020dfcad7bef199ddd938b0ab9e2a171e8ee754e11c218be61764a55819bc01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1eb30b5c35e17059fcff08e52817d196

SHA1
f4d863bc4dd6bdb984d26535174b39c5c123bdde

SHA256
0957845e9e062569c7606a4f3d0d0751411685d13a3190385b2187b569ea2ac7

SHA512
da15ac9740dfcc5c6122264f71e98466da92b5b5ad0d435ca57a3822cd45c57a14f4d2506df3407655c969750f4a133dbd4470d1cbf236dc5d9d35ceaba8bcd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f9055ea0f42cb1609ff65d5be99750dc

SHA1
6f3a884d348e9f58271ddb0cdf4ee0e29becadd4

SHA256
1cacba6574ba8cc5278c387d6465ff72ef63df4c29cfbec5c76fbaf285d92348

SHA512
b1937bc9598d584a02c5c7ac42b96ed6121f16fe2de2623b74bb9b2ca3559fc7aff11464f83a9e9e3002a1c74d4bb0ee8136b0746a5773f8f12f857a7b2b3cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d3412a01d4c3df1df43f94ecd14a889a

SHA1
2900a987c87791c4b64d80e9ce8c8bd26b679c2f

SHA256
dd1511db0f7bf3dc835c2588c1fdd1976b6977ad7babe06380c21c63540919be

SHA512
7d216a9db336322310d7a6191ebac7d80fd4fa084413d0474f42b6eff3feb1baf3e1fb24172ea8abcb67d577f4e3aea2bc68fdb112205fc7592a311a18952f7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
efa6a43be210165e3c805514fcf7190b

SHA1
1039a179e8175780606603afaa593d4fb27e38f5

SHA256
8de6b4e3510dfe9e130508119ccf293cc046a1b1cc16c619eeb6c1692831b306

SHA512
e73592af49057c3f314ef2bb0ef5187cca13b2e47f311c7c1248dd30a4415607031a60f47ffba9e10648d62c0cb785f1537b09244ddbef7325b66c6c280b9a70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
27e2220a7bb406c45fe0c8dba7451128

SHA1
d1e9dab00bd1cccf43a1deb4998c0ad408dbc20d

SHA256
3b6d8c491b0e00c591d86e9a7bd014998d8ec853892ecf48032869184db5d86a

SHA512
b4e3f81dadc4e71b645faaf5414a1c251ca91d37f8880e53b3d8d4f5b5a46caa796b62c63d4603943a7a083623b990abc192f4d7812a662159f49d0f06a0a8bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8a3afe40e429eb00f314daf10632c6ee

SHA1
d704731cea24ad33fb951b91ac85b02960074b67

SHA256
25e14de3df0ee815e63537ee3b1fa81a62f6b718aec2339e2ca511f562106d4f

SHA512
f5e0f2abc94c66942f7cda068f6a00b787cd26c87e4bf00f905724b4c900a73cc2ff1f1554c845b770bd9b710e89dacf01e0feea4d11a970e4481e4ca15f990e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
b94431060e3eef459e372b7949060927

SHA1
b3d1ae416fe2920c2e9c002f1481c9e5c42b74f3

SHA256
921b1acf4beec975eb2ba0eb240e446aaafede7807f138e130122cb39dc0ee4b

SHA512
5e81ffc11902b2d5bf855d230976a4a617e4fe942f712e1b985ab77409d3b69c18bbe66fd5de5ea3718b17a3761ff4bab5585d39b3baf8db4cbe908a80bf4703

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
af5faa249fca874fe3dffa2e72d5f7cb

SHA1
7128cd2ab4104fca8f5b7e88e90caeeaef7acd6b

SHA256
1c38a82337c0352556dc435e88d69e9d7897195647c9499cd771442fabadedc8

SHA512
6771e1ac65303a16feeed9a3fd7bfa537368b4b4b006e4cdf1cbe180c5b6407421a08a379d756e223d40c03cf02a84aae74988220e5c3b286afdd8844f43156a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
b1583f56be7a5b9f4ca16cd8ac2f4a4a

SHA1
b9f3547cb001a460ac48692e29f5dc36e0b37ebe

SHA256
209ea751160feec6dde35badcf83f214c55ff0f3f86c1d58d15a6e5aee4e7eb7

SHA512
b57e2553659c49f93301db9d249e886a308c22c720b64e70e35d14a7ea5105f8eb149f2106668d01d6a86a79a4565915a4adf77909a794fd43313b76dae4b573

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
e3626ac0ef176653c2bfe32940338e63

SHA1
d138986b5385cb59f2d25d5a24830806e3ddb34f

SHA256
4137a34ee3e451a2f52c09015fec4121bdce0394c4276dcb99e8c5e545db1eff

SHA512
5fa7da7485cc50b73dde6ad0ddc3bd3c91772b4b56d33f73ed3e869d2695dd976900a043144993ddbd96c44c3e83596f1cbba36e64afcf5f71c1e54e43b144e3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GraphiteDawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GraphiteDawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
720B

MD5
6be1aa6eedf9eb2e9a90309cbdf43089

SHA1
f6c4c791421d34c9ecccbbc9eb2d763b59c0625b

SHA256
0167f7591b1e559db9e3e689a35f31c820be741b20f60a1a9fd1fc53636548fa

SHA512
a1ad3632723ebbb3d3e9b2ec4ac6f8055a17c8f89093485c9d30d42b59aae145b1df7c6249fbc2812d6398852bdf48575fd6ee396acfb481f9b4fb3f02cab3d4

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
832B

MD5
82c7bdf9c2063f2534d418a17c419aeb

SHA1
3305946c28db61286185b4411ede781f1bb2abc1

SHA256
49f396d9db707b0dfacb557c5bc3e66296ced14bcc9f116ab431834914869b83

SHA512
a8ee414275a6e3148a5ccc182ad130e170ba137ffd4ee6348e09d90112914902eff9ceb18afbc285b920ba68bd665f791165076b81040c07b61e5e55ebaef9a6

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5b919e.TMP

Filesize
529B

MD5
a4cd1bffdcad0bb197510d6361a7e241

SHA1
d006177d39d5da5b5feb1fd466693ff347d3a064

SHA256
244b08ab604d89373de4df4e3ab8cedfd0d898e6a0c6d92d7a3fc309beb26bf9

SHA512
c918343f05716a0bd759916767c75dea5624bbf81b2f8a8330ec229c46b39c575fd6113b245310cd238e123388637971bdaf099d99dce016a1bcc479b7a9b966

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
300B

MD5
a0c61670327991c912ebb397a6edde14

SHA1
cd08e0a1d5c549213e3d4aff174cf6b016a5da58

SHA256
cc67009c6eb30034d6f4048d6213bb822391c4cc8cf279ab084bbbacaa7e56b9

SHA512
5d644146923c221eda9c462eb71afaac973ddf91c98ae10547985cebb9714e40b624afc934517c9223e2c409fa8938dbd0d8b49d7e1ad044c525927f2812f4b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
188B

MD5
a8e1f898d21ec0b1726a2bb7f24661ef

SHA1
9d30a4f81cbfe897143209ef12ac4610b3c32108

SHA256
6449dd6551cd87eec214e5d0991a28ea95ea99598d26d376f77fd296fa5c6d82

SHA512
ec920470ab7470a7e6c481a119b7afa101126b240ef2a7ab6e98a4ec67e921204104710c87b7f6e9026249bf4c0f2dc5066ada9f467d37e5401d0245038eaff2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc64B2.tmp\StdUtils.dll

Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc64B2.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc64B2.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc64B2.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc64B2.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc64B2.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
63719fa8830d18643985bab5064588b5

SHA1
53d3e1bb429f63ef663ed135ba4635a74ef9ff5e

SHA256
2cc2cce48702cad5dcec22489b824a02b52fe26fca18c8a4bd35e35e9a49d0f1

SHA512
d8bf7eef66a06895085203be2440f0d89c3b95cb625a2a0fa47c6200b4f7ac16b7968d450e954dd79a8e63157f6b0128490ba1cb8c63bc30f8092a6762406024

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
50816895377f53c1374896e09aae0a45

SHA1
50b27ccbb970c200fc70c50829ee3533e09bc55f

SHA256
82fb95a31cde6f274d8ce6ce92ea6655b1fb7ea352e043ed9f310e6ea0c12f6d

SHA512
f117aaf8afe3ca0b9849552febb34731ea4ab930e82a4a7f87a8a80ef54779c8aebbf22b928da3276368888d03dfaadcfe0d4b22c088ecbfec602cd4926a63a1

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 492470.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit
memory/5108-13228-0x0000016A51A60000-0x0000016A51B10000-memory.dmp

Filesize
704KB

Download
memory/5108-13106-0x00007FFADB8C0000-0x00007FFADB8C1000-memory.dmp

Filesize
4KB

Download
memory/5108-13107-0x00007FFADBB30000-0x00007FFADBB31000-memory.dmp

Filesize
4KB

Download
memory/5108-13229-0x0000016A51D30000-0x0000016A5219E000-memory.dmp

Filesize
4.4MB

Download
memory/5136-13064-0x0000000000F50000-0x0000000001402000-memory.dmp

Filesize
4.7MB

Download
memory/6196-13231-0x00000231428D0000-0x0000023142D3E000-memory.dmp

Filesize
4.4MB

Download
memory/6196-13230-0x0000023142820000-0x00000231428D0000-memory.dmp

Filesize
704KB

Download
memory/6196-13232-0x0000023142F70000-0x0000023143019000-memory.dmp

Filesize
676KB

Download
memory/8356-13225-0x000001C761990000-0x000001C761A39000-memory.dmp

Filesize
676KB

Download
memory/8408-13220-0x000000006DF80000-0x000000006F2C1000-memory.dmp

Filesize
19.3MB

Download
memory/8408-13299-0x000000006DF80000-0x000000006F2C1000-memory.dmp

Filesize
19.3MB

Download
memory/8408-13283-0x000000006DF80000-0x000000006F2C1000-memory.dmp

Filesize
19.3MB

Download
memory/8408-13276-0x000000006DF80000-0x000000006F2C1000-memory.dmp

Filesize
19.3MB

Download
memory/8408-13319-0x000000006DF80000-0x000000006F2C1000-memory.dmp

Filesize
19.3MB

Download
memory/8408-13260-0x000000006DF80000-0x000000006F2C1000-memory.dmp

Filesize
19.3MB

Download
memory/8408-13389-0x000000006DF80000-0x000000006F2C1000-memory.dmp

Filesize
19.3MB

Download
memory/8408-13235-0x000000006DF80000-0x000000006F2C1000-memory.dmp

Filesize
19.3MB

Download
memory/10192-13416-0x000001F05A3F0000-0x000001F05A4A0000-memory.dmp

Filesize
704KB

Download