hxxps://github[.]com/Da2dalus/The-MALWARE-Repo

Analysis

max time kernel
929s
max time network
429s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
13-12-2024 18:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo

Score

8^/10

steam defense_evasion discovery persistence phishing

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 16 IoCs

pid	Process
3552	SteamSetup.exe
3160	steamservice.exe
1048	steam.exe
2228	steam.exe
3816	steamwebhelper.exe
3876	steamwebhelper.exe
1776	steamwebhelper.exe
3548	steamwebhelper.exe
2036	gldriverquery64.exe
1212	steamwebhelper.exe
3928	steamwebhelper.exe
4596	gldriverquery.exe
4668	vulkandriverquery64.exe
5072	vulkandriverquery.exe
2588	steamwebhelper.exe
4688	steamwebhelper.exe

Loads dropped DLL 60 IoCs

pid	Process
3552	SteamSetup.exe
3552	SteamSetup.exe
3552	SteamSetup.exe
3552	SteamSetup.exe
3552	SteamSetup.exe
3552	SteamSetup.exe
3552	SteamSetup.exe
3552	SteamSetup.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
3816	steamwebhelper.exe
3816	steamwebhelper.exe
3816	steamwebhelper.exe
3816	steamwebhelper.exe
3876	steamwebhelper.exe
3876	steamwebhelper.exe
3876	steamwebhelper.exe
2228	steam.exe
1776	steamwebhelper.exe
1776	steamwebhelper.exe
1776	steamwebhelper.exe
1776	steamwebhelper.exe
1776	steamwebhelper.exe
1776	steamwebhelper.exe
1776	steamwebhelper.exe
1776	steamwebhelper.exe
2228	steam.exe
1776	steamwebhelper.exe
3548	steamwebhelper.exe
3548	steamwebhelper.exe
3548	steamwebhelper.exe
2228	steam.exe
1212	steamwebhelper.exe
1212	steamwebhelper.exe
1212	steamwebhelper.exe
3928	steamwebhelper.exe
3928	steamwebhelper.exe
3928	steamwebhelper.exe
3928	steamwebhelper.exe
2588	steamwebhelper.exe
2588	steamwebhelper.exe
2588	steamwebhelper.exe
2588	steamwebhelper.exe
4688	steamwebhelper.exe
4688	steamwebhelper.exe
4688	steamwebhelper.exe
4688	steamwebhelper.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0340.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\joyconpair_right_sl.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_rstick_click_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox_p1_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0404.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_right.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_color_outlined_button_b_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_l3.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\templates\controller_neptune_mouse.vdf_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_l_ring_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_rtrackpad_right_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_touchpad_click_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\offline_latam.html_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\steamui_postlogon_swedish.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\minithrobber01.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_lstick_left_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_outlined_button_a_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_030_inv_0319.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_lstick_up_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_r_up_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_button_y_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0338.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_rt_click_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0347.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_110_social_0301.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_r3_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_outlined_button_square.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_r_left_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_lt_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0318.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steambootstrapper_tchinese.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_l_left_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox360_button_start_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\logs\systemperfmanager.txt	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_050_menu_0040.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_download_hover.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_button_menu_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_button_a.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_rstick_left_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_lt_soft_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0302.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\btnOvrOffRight.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_details.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\hp_l4_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_right_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_sr_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\nonverified_3.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_060_vehicle_0010.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\ClickAndBuy.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_dpad_right_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0328.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\joyconpair_left_sr_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_l5.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steampops_english-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_r4.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_r2.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_color_outlined_button_circle_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\filter_banned_finnish.txt.gz_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\SDL3_ttf.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_100_target_0120.png_	steam.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133785896076244073"	chrome.exe

Modifies registry class 40 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\URL Protocol	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\Shell\Open	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\Shell	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\DefaultIcon	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\Shell\Open\Command	steamservice.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 6101.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3560	msedge.exe
3560	msedge.exe
2380	msedge.exe
2380	msedge.exe
4684	msedge.exe
4684	msedge.exe
3076	identity_helper.exe
3076	identity_helper.exe
1964	msedge.exe
1964	msedge.exe
4676	msedge.exe
4676	msedge.exe
3612	msedge.exe
3612	msedge.exe
3916	identity_helper.exe
3916	identity_helper.exe
3304	msedge.exe
3304	msedge.exe
3552	SteamSetup.exe
3552	SteamSetup.exe
3552	SteamSetup.exe
3552	SteamSetup.exe
3552	SteamSetup.exe
3552	SteamSetup.exe
3552	SteamSetup.exe
3552	SteamSetup.exe
3552	SteamSetup.exe
3552	SteamSetup.exe
3552	SteamSetup.exe
3552	SteamSetup.exe
3552	SteamSetup.exe
3552	SteamSetup.exe
3552	SteamSetup.exe
3552	SteamSetup.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe
2228	steam.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2228	steam.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 47 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	3160	steamservice.exe
Token: SeSecurityPrivilege	3160	steamservice.exe
Token: SeShutdownPrivilege	3816	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3816	steamwebhelper.exe
Token: SeShutdownPrivilege	3816	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3816	steamwebhelper.exe
Token: SeShutdownPrivilege	3816	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3816	steamwebhelper.exe
Token: SeShutdownPrivilege	3816	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3816	steamwebhelper.exe
Token: SeShutdownPrivilege	3816	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3816	steamwebhelper.exe
Token: SeShutdownPrivilege	3816	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3816	steamwebhelper.exe
Token: SeShutdownPrivilege	3816	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3816	steamwebhelper.exe
Token: SeShutdownPrivilege	3816	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3816	steamwebhelper.exe
Token: SeShutdownPrivilege	3816	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3816	steamwebhelper.exe
Token: SeShutdownPrivilege	3816	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3816	steamwebhelper.exe
Token: SeShutdownPrivilege	3816	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3816	steamwebhelper.exe
Token: SeShutdownPrivilege	3816	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3816	steamwebhelper.exe
Token: SeShutdownPrivilege	3816	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3816	steamwebhelper.exe
Token: SeShutdownPrivilege	3816	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3816	steamwebhelper.exe
Token: SeShutdownPrivilege	3816	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3816	steamwebhelper.exe
Token: SeShutdownPrivilege	3816	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3816	steamwebhelper.exe
Token: SeShutdownPrivilege	3816	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3816	steamwebhelper.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	3816	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3816	steamwebhelper.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	3816	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3816	steamwebhelper.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	3816	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3816	steamwebhelper.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	3816	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3816	steamwebhelper.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	3816	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3816	steamwebhelper.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	3816	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3816	steamwebhelper.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	3816	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3816	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
3816	steamwebhelper.exe
3816	steamwebhelper.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
3816	steamwebhelper.exe
3816	steamwebhelper.exe
3816	steamwebhelper.exe
3816	steamwebhelper.exe
3816	steamwebhelper.exe
3816	steamwebhelper.exe
3816	steamwebhelper.exe
3816	steamwebhelper.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3552	SteamSetup.exe
3160	steamservice.exe
2228	steam.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 3664	2380	msedge.exe	77
PID 2380 wrote to memory of 3664	2380	msedge.exe	77
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3476	2380	msedge.exe	78
PID 2380 wrote to memory of 3560	2380	msedge.exe	79
PID 2380 wrote to memory of 3560	2380	msedge.exe	79
PID 2380 wrote to memory of 1640	2380	msedge.exe	80
PID 2380 wrote to memory of 1640	2380	msedge.exe	80
PID 2380 wrote to memory of 1640	2380	msedge.exe	80
PID 2380 wrote to memory of 1640	2380	msedge.exe	80
PID 2380 wrote to memory of 1640	2380	msedge.exe	80
PID 2380 wrote to memory of 1640	2380	msedge.exe	80
PID 2380 wrote to memory of 1640	2380	msedge.exe	80
PID 2380 wrote to memory of 1640	2380	msedge.exe	80
PID 2380 wrote to memory of 1640	2380	msedge.exe	80
PID 2380 wrote to memory of 1640	2380	msedge.exe	80
PID 2380 wrote to memory of 1640	2380	msedge.exe	80
PID 2380 wrote to memory of 1640	2380	msedge.exe	80
PID 2380 wrote to memory of 1640	2380	msedge.exe	80
PID 2380 wrote to memory of 1640	2380	msedge.exe	80
PID 2380 wrote to memory of 1640	2380	msedge.exe	80
PID 2380 wrote to memory of 1640	2380	msedge.exe	80
PID 2380 wrote to memory of 1640	2380	msedge.exe	80
PID 2380 wrote to memory of 1640	2380	msedge.exe	80
PID 2380 wrote to memory of 1640	2380	msedge.exe	80
PID 2380 wrote to memory of 1640	2380	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbea2c3cb8,0x7ffbea2c3cc8,0x7ffbea2c3cd8
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,4790881675828570800,805950028415994188,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,4790881675828570800,805950028415994188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,4790881675828570800,805950028415994188,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4790881675828570800,805950028415994188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4790881675828570800,805950028415994188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2064,4790881675828570800,805950028415994188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4790881675828570800,805950028415994188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4790881675828570800,805950028415994188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4790881675828570800,805950028415994188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,4790881675828570800,805950028415994188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4790881675828570800,805950028415994188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4790881675828570800,805950028415994188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4790881675828570800,805950028415994188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4790881675828570800,805950028415994188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:1412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffbea2c3cb8,0x7ffbea2c3cc8,0x7ffbea2c3cd8
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,15528376317693145269,2686031558074032707,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1852 /prefetch:2
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,15528376317693145269,2686031558074032707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,15528376317693145269,2686031558074032707,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15528376317693145269,2686031558074032707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15528376317693145269,2686031558074032707,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15528376317693145269,2686031558074032707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15528376317693145269,2686031558074032707,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15528376317693145269,2686031558074032707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15528376317693145269,2686031558074032707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15528376317693145269,2686031558074032707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15528376317693145269,2686031558074032707,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,15528376317693145269,2686031558074032707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15528376317693145269,2686031558074032707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15528376317693145269,2686031558074032707,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15528376317693145269,2686031558074032707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,15528376317693145269,2686031558074032707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15528376317693145269,2686031558074032707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,15528376317693145269,2686031558074032707,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6204 /prefetch:8
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15528376317693145269,2686031558074032707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,15528376317693145269,2686031558074032707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3304
- C:\Users\Admin\Downloads\SteamSetup.exe
  "C:\Users\Admin\Downloads\SteamSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3552
- - C:\Program Files (x86)\Steam\bin\steamservice.exe
    "C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:3160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4220

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:1048
- C:\Program Files (x86)\Steam\steam.exe
  "C:\Program Files (x86)\Steam\steam.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2228
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=2228" "-buildid=1733265492" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:3816
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1733265492 --initial-client-data=0x298,0x29c,0x2a0,0x294,0x2a4,0x7ffbe87faf00,0x7ffbe87faf0c,0x7ffbe87faf18
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3876
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1576,i,10700401295424361208,6500108335591791038,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1580 --mojo-platform-channel-handle=1568 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1776
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2152,i,10700401295424361208,6500108335591791038,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2156 --mojo-platform-channel-handle=2148 /prefetch:11
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3548
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2724,i,10700401295424361208,6500108335591791038,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2732 --mojo-platform-channel-handle=2712 /prefetch:13
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1212
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,10700401295424361208,6500108335591791038,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3096 --mojo-platform-channel-handle=3088 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3928
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3660,i,10700401295424361208,6500108335591791038,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3280 --mojo-platform-channel-handle=3648 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2588
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3876,i,10700401295424361208,6500108335591791038,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3880 --mojo-platform-channel-handle=3872 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4688
- - C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:2036
- - C:\Program Files (x86)\Steam\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4596
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:4668
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5072

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004E8
1⤵
PID:1720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd671cc40,0x7ffbd671cc4c,0x7ffbd671cc58
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1784,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1872 /prefetch:8
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4476,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4732,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4680,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4444,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4576,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4552,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4516,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3760,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5340 /prefetch:2
  2⤵
  PID:5700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4260,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5584 /prefetch:2
  2⤵
  PID:5708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5724,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:5788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5576,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6148,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6452,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6620,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6612 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6776,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6792 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6780,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6896 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6784,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7056 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6764,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5140,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:5996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6636,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6352 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6732,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6856 /prefetch:8
  2⤵
  PID:5656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6880,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4332 /prefetch:8
  2⤵
  PID:5592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6428,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6828 /prefetch:8
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6640,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6876 /prefetch:2
  2⤵
  PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6860,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6992,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=4592,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4324 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6404,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=6572,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=6320,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=5320,i,8580713764580726736,2623655263157384291,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7072 /prefetch:1
  2⤵
  PID:5784

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1960

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5136

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
12KB

MD5
7da925f4fe01f4b41d469a515500244e

SHA1
6f074f646fa02707a4bb1879fd11e01bbc77b72f

SHA256
f75e8e4fa177105a2372bfc19bd591daf67be3dcd1d716c30811353b2c817625

SHA512
5661cb0ec6b05198f20a23f1cd9357c93ab44ba0b189406d01721280dbf5d70810536b924331d208b61933c99da8bc39d34a05ea95c3303919f69d00e7a954c7

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf~RFe5a06f6.TMP

Filesize
184B

MD5
3cdebc58a05cdd75f14e64fb0d971370

SHA1
edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe

SHA256
661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7

SHA512
289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

Download Submit
C:\Program Files (x86)\Steam\logs\cef_log.txt

Filesize
1KB

MD5
6a5221429a6f3208bea98f5e15539a5e

SHA1
05a49462e4fb7d7a235b8bbaf8eca3e8e28f2dcf

SHA256
b9a575d76229dcb06650a2ffe5791dbe96d9a93ece5caae6a370b562c2232fc6

SHA512
b267c5c4bf99c62c1469347cffa4d17c4e27de0c718fe5f6d7a7f935f5726eb4b0b513c3c54d76b758050725febe1dd56a23715b9196ee4cd093261eec2aa974

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5616fbdf919b2eb99c68f6ac0128ac06

SHA1
d1f052419048b2652f39ce0837b2ad032ff8d148

SHA256
2fd35bc2a49da4eeea72435609b27effe9965fc565de13689f37b02092595c5d

SHA512
9c9a674356a35dfa01b6f530f44dfccb43ebedba195d6d49282649aef4ed8bfc17faf7c51cacdff8f9639207e0b1e6b6b81d61f0d9232e31b0c5089e7e92eb56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

Filesize
189KB

MD5
1221a812e4c70d38d0283584586c2add

SHA1
482c85a81897f931d12aaa243faac1af4843f273

SHA256
1d52c98af7b40a4d6f209501cdd68263164db4d9dfa6c973983a361aff4e9e1a

SHA512
07a057e116695dc6253b42789220c37bf8e8f93a9b362140fc08bdd9cbfb5ae2432129b8edd32c221eca42ee68b3906cb7b75fc7fca2a1299ae50379396fa9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
59454832fb341c0a06ea47bf9d762201

SHA1
287800a00c2ed016138ab7cd804814d883c67566

SHA256
555c84995c7f8de0fe9f28d1dd4667d92becc27c70db61d5283090afcc000e51

SHA512
b22248e8bd0073b82d3229342fd94e460fc30fd8d18c9b1b87839483d3652a4e20154b6d485564ea46fcb4a040b6300f1309937c155773f9f8de0c6d16cab6a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
ea68434fe85f959eeca6137738eab26a

SHA1
b4be27a2ce2232dc699b9bfa7a646a75305f6096

SHA256
1b23b4862708cf2118b204391f92addcca842c6b096da0a9bf99903a38ecf4b8

SHA512
810a376d716b4fd4c9f29b3b8a9a2d8bb4e60d15a3d2b39136deef522232bca643dd52c68033196a186ea516d0357f69a42a00107fe14180bb1b714201bcccc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
dad5c754c00639593087bca3fd8ff942

SHA1
4d5442b18bf0ce58b1df79b400a0cbfa9d21f6ab

SHA256
5ea53af993752d23afbcc40656c3121bd2e5cd6715bb8503d189e831c2c5fdb8

SHA512
725ca8ca0643a02776b9d0f722b312c6adea77a3e33bf8fc0ab3885f5844f5c6cf393c5a7e2772c7624dce29851179e96e04d98259c1fa040ab573a21cf84f5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\f5af92b7-3d12-45fd-b799-5a6db71e0494.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
726705eb7634c060b99b5131eaec1b83

SHA1
5f1d546e9a6384fecb508ae7a09210760cbb8038

SHA256
1e68f7440bdfa44bf4f817a458bb76c0b6fa74aa490dbe8ccb168b4615f638c0

SHA512
e3f18cb9a63a742315cf59aab6fb325b0f29de964795eea37d19aace9eda90cf4709c3505343870c58e2a7eb8c137e5f75a407d6357060f0b7be98efd02bfd8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
21d3befedcd9db08e6ec1aad7548f984

SHA1
e15e1db209ebaa9c5fd8eea86bf5effb96d6513c

SHA256
32a4d8df2fce692b659bfb286325bcdd0c82bef84b5c045f22bf39add01afc53

SHA512
8c4d4c753d03685a4c35af6294b5f7c8e492bd63764dc09970605619f4af908b970bc0b5e13c43a24ebd0c7509775c7ad55f60fcab43880507ff4f3e668472f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
226dfc06710a6bc7a0a808f7137bf537

SHA1
9a09542626e5f55dfe888ef64ff858affeb39eae

SHA256
b3ffbb5735750c374d2a5da19c429dbecf3bdb7dbe7f8e43129757b52b4c5212

SHA512
da537193accde4f4a05cc4c0006052351795b4c9e60e9cf55b61db883a60334dac1fb19f732654898779371a87d3c54c20693d306bc79edd85419056c28ce891

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6ca261c37aaea6407114cd0c53e8200c

SHA1
67a44efcbda0e952d354004b97534edd6235cd94

SHA256
a9f431b57161f40cab9f5569314bbff7e8d56c69b31d4859780d7e54a6a7c905

SHA512
99626a32b58ce3db13a55978d761d9be1985bdb32b0242c6b61a0d6ff4297680a067a0a7b320a335c55748c28082023738dceefc0d570ed2369b82f7e73ed53e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f0d04c5f-f870-498a-a842-148dabc9c818.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
1d57509f9d3e106ae3218c55be610b7b

SHA1
e24780b0562838a3f606bc15d6f405d6e86f3d81

SHA256
4284358494e16698128083968f7966875b81e95e4bfa6d8ea1a881dea0ec3d31

SHA512
3f591a6186e21fb93a1bc7146e6e7f9d67f44d5a8eb65b7a3bc8db50139fcfb393bcd366c0b69d418722a0787d1d11ab4760afb878d319e63664ce6d8ceb312b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
213cfdc00b1bb5de5757fb46e610930c

SHA1
c696a043fae9b1b52d40e3510fd8c5751e0992b5

SHA256
19b2a312347f745e78f521259d8f83e88dc2b1aaf05440b8bb535fed520098f8

SHA512
a8bf4a709cba3aa94ec35d6343f3e81061a38202a99e75bb94da857fd46e85f09c7ef1ab47380c08bc1643db11cbe202115f6deebf2031407ea493c2494b26a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
50425d78c24755d95ee375c4ba790fab

SHA1
bd60a19c1e4e3af20f62b668b91b653d81e4f33b

SHA256
6c78fb40ba19fb7ff54e021ca41c87f7e1a75e10e35997244b422c725270059c

SHA512
71e0db7ac1d89ccb96618a5a3591e5892aa0fc75a53a4a3d2a76e88e33bd489a00593f53500c613015c44a7ad6c643b62f76e7d12045932474ed5986e2ab31a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
9e4248c62584e18fad351112fcdc057c

SHA1
cf8d1b9edad44e0161e8a83ca9234a3f450ff1b9

SHA256
54749dd6479dc4e24666dece0c0d331a5c7765d32267b661ce683cbb9744f716

SHA512
03c7420cbec0d4999df25415ba6e0baec618f8f004dc3b0edd944a4b40dfcab6d9018f0b54548820bc6a06e5936a2083944172c00a425ad39a7f0fb1166a651b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\js\index-dir\the-real-index~RFe5ac8fe.TMP

Filesize
48B

MD5
cfbed71e0a3b1b259a0aea383b6d5cd9

SHA1
a939f15351ea766b58826aea22f01af630ff1532

SHA256
bf0aaf38b15f1ec70c59a91f5aafdcd0b4682aebe53616f77c604376c0a5a622

SHA512
a5f8775bd1de1009a4c1acdb3fd3ac1f081ae92ee293d44b8c3bbe6253269f3064252afcc219413a761aa34abaf791cfb7ba5e781867257cabb31848473adcef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\Network Persistent State

Filesize
885B

MD5
e9b9aadb21afb47979fcbe6c939150e1

SHA1
860dd0d872d9251a11730e759c20598048bb0f2c

SHA256
75965e6fe932819f92d698b608036635d9b3839056316bf0417dc7c42dd02b82

SHA512
2f30b78bf720bbcec10bcca02a42bf2f0bc0ff150764e3ff91705e4f3c533a868de33e27fcd5808fc577f50358b6bcc0d25838c320963a6d896dbdef3ec96a63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a3deaab9627e94b269be5a950baee882

SHA1
e1b6eacc5579d9e5eda76f4fd29dfd13349808df

SHA256
6b686cdbc2b442d9cd1fd5f5e99b9117e3bc1d7faf17794dbfe91fb9d4d09a98

SHA512
7e5ee1987e1fb782d23c02b5a25f989b571515b2d1469aa7bdc367c78d9e79bbb44f8c802766de26be8fac9099184ae9377b491e5878019577c20fb4976ac162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ac8c0.TMP

Filesize
72B

MD5
1c234071b4e37be5b87b9039702fd3b7

SHA1
a0c192e3273f72deada2e7e84b7b4c245e4046b0

SHA256
6b9fc44768a53e84a31c7431e8a0669eaccc9157deb7830a4dc69ff342f246bc

SHA512
b1b2ac4369c9cc646d83ec5e9e3fdd5416a570403f3448e055333178abb55b40fb4fd0e7ab4c4e0c75fbb86745f55b9f2106c757da3dea839093082b28a7b4b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\32.png

Filesize
1KB

MD5
40c4ea664da063cccf37a00d0dea5f88

SHA1
f524c4c8544d5e8b7d5a29ba74fbe865c0fa303b

SHA256
91289705a496311822aa52d067f2a029025293f1c22779f3a8bc483e211ce1d8

SHA512
bbe182958560fa196423bc1b50575b078e4a3b2b170427074442a42a3f21ae7d91d3115e75f38335c778070142d2d1bc929bfa22bf0fb2ae644c0478f6d58d51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\48.png

Filesize
2KB

MD5
9e1a6c45e7a5b26e6dfcb060fe4ec411

SHA1
8895839baaf4a6ce1189fd8c5572c3c8298ddcc0

SHA256
102aeb88e02ce1cd5c91ce4ab3c5880be33b6a440ee7f24c9e38741e79b46273

SHA512
323180dbdb0ebed3f398d5e7233f681ec85bd0815ef463d8351e17e99ee6f9f47badc9bdd9ab197249fe85e2c0d2457760f7bb7550c9c55110f333d13bfbe8fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\64.png

Filesize
3KB

MD5
65e00211feede352e87ff869cd3d1b1e

SHA1
2ede8e165651f24a165f31bd2b4591d124d5fdde

SHA256
dc78a4be5b92c40c32dbbd4bcc3c65057105db062c088fadcf835a5e161095a1

SHA512
1fec808d0591868de3e27863e095ded619cfb825239eb05aab61f9ddb09bca28534e5a1a6f0d39a47affb7a3371d07cca9701b8dabcd297ff2fd116c9123fe61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\32.png

Filesize
1024B

MD5
ca6289a7d8f9ecc17f8de717faf1af27

SHA1
4ccf3c6a9291f0a8a3090c22aca6f1872c860073

SHA256
3d7283090cf1a87baae4032266e4d144f7ec2ea465e7b2bf02728aa394c678f0

SHA512
100fb108d3eb74eea016af82a5a6758f22173b3d9a60c5237e9a570aa14549397b224d9d4234661855ffec47930a33536d05c0eb56ac61c551184fa89b18697c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\48.png

Filesize
1KB

MD5
06c47df56a44e6ec6ed68a0c1b13fcf1

SHA1
d081069ab4c69925e2c5a8e7bb9a683f620dadb2

SHA256
6e21221baad8ccd2b71542f9d3194dc5868c0f424fea640cd4915fbdb32f4804

SHA512
e23731119c43850604eaa83c7fc17cff43681890ba3e144cc0b97cc8b33dc3f90a5370c7ae599c5469e33fcffed6492308451a0f3699bca51df665a70329a569

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\64.png

Filesize
1KB

MD5
fa9b6bd6c167dc772018d4105b7f3afd

SHA1
5a8b1a8bec14f864d559667c79683735508a8036

SHA256
2a8f1a1cfac4fbe96a6cb69e9e621201875cc45b2e60bc75b08ea193c759e346

SHA512
db8b36ed049e357346a6c249dacf54a78bf7395ab8a3c8f8d2aa8d575193f59959cddfc7e1ec18b32a029aa1cfd42ffe30149d74de56d88baa0583a6c00d9a9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\32.png

Filesize
890B

MD5
e21251a768b30062a5cd8e0b01e512bc

SHA1
3fc0c1af7c6783f743021a145016023ee73a69bf

SHA256
280a7fc31d9ba2169f4d0801c7c52bb970061c17c7b4a7959a07e8313c055df0

SHA512
f6104bcce1f2613b5f6baacd354fa6dfe448273b79e5579c7c93ab703e953e49711459bd6ef3d10ee449d9d69c4bf6bca62ac9d6e864670f4503a618425f389a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\48.png

Filesize
1KB

MD5
67e185e7131868c3af81ee10251a3205

SHA1
3f52bcd8f6dd96a2613d4e0023a6ca87f54d2bde

SHA256
fe6cef43018dd0cf284366ab4c5bc75039274374a3654b58197bfe5ebb3dcc46

SHA512
d155a9e9ad4c0e85c97bc3ec8432213b3637cece3dafa8338662055c0c593e3ce10405b5adccfc92ee6da96d01f7cbf29623bff6204653f7960a84bc782aecb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\64.png

Filesize
1KB

MD5
ffd2836b1dfc3a7f5c24dcc4845f3b3a

SHA1
16b4d188780f05e0845014fb45ad6ebaa6b4d2b8

SHA256
f5eb403a4afbb48114e67cb9eb55ae136b86a2c8644167d53006848c8efba562

SHA512
810acdc6d1462416572b79b6e16cca23988a4bccb886db303b1dc1487d4a1abf36f94dbcf7fea7a22ae9892a3f9ebf98516ff2dfbbe424d82c735382f34adbde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\32.png

Filesize
914B

MD5
1958a9b92332cc7b500636c414649c72

SHA1
3433cd43afc96397650ecaa2f3d4c82d985aa86b

SHA256
282c4fd7aec92fbe494f71a136c9c9111a453ff07f701ba21cf2f14b24f9ff15

SHA512
9a6791a1ffcd7b2442ffa33a132b95bc66dcfa5b2814bf5b84d8385e69b7243bed9b6e4a1677c3b88cc9de421067468ef186584c43a90b7aba78e2e19a1fd81b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\48.png

Filesize
1KB

MD5
b7593fa2971ae16ea2aaefefab67658d

SHA1
df5455a066a4aa91aba3d2ad0df25e3634d04a49

SHA256
1407047a49f6220843e0b5eeb147273ac894fffb489ff02b7e920096f1cf23db

SHA512
0036d5d5b708feb7fa9dc96a705e0ef98c8dab39ee182e760515ae008e100200ee4645afa75359290f09dd1fc7f16c7830e39faaa5e302a8dd6a647adcd431c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\64.png

Filesize
1KB

MD5
6078ddcccd0966b6c8506d28eed2026f

SHA1
86b7c92bcfb0e02d9a72bebaa6731891fa90e29f

SHA256
d982bca9f433bfdf7f7d8f759576273ee8a131e676a784a6d6231b068e21de25

SHA512
850dd615ea2422f00001b37603f25756e6304e190669aca90aaab08d2ca97d163402b3fe7a4747e76040fc9dd944861b5639c31d1b40528ca806f5f920fa3d4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\b6aebc44-6e1b-47e7-903d-f9867961a896.tmp

Filesize
6KB

MD5
8152a59d7b79f0126e2b3e28b57e6b32

SHA1
2c505ffb09d197d878794c77572206b7f91c8a38

SHA256
ae83e3c7f4317cd197728195dd826b0059c093e487dddb3ad4949fb3047d3bf1

SHA512
187e7c6c61e328674ed01f780a6f898715192e520f0976798daffe7e32ea964c65136c434eadcbc98649cd2b9cafe4275b3dd925d7d2cca7050dd918def8034e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile\Code Cache\js\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
826c7cac03e3ae47bfe2a7e50281605e

SHA1
100fbea3e078edec43db48c3312fbbf83f11fca0

SHA256
239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab

SHA512
a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
02a4b762e84a74f9ee8a7d8ddd34fedb

SHA1
4a870e3bd7fd56235062789d780610f95e3b8785

SHA256
366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da

SHA512
19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
be8983c45152765cf6b429a3dfa9609f

SHA1
1e162eedfb3213c1ab1ec201b4aa7ba91b319828

SHA256
106989065e76bd600640c123cd1d2fa8af8c6e00a17e264a94a988ff6653b727

SHA512
429d79d7e104cbf7d1283fec2809a5d1dab38492c7b24eb447031f4ad44637bc5df16be1b04f74bc09adc1523aef90ceb402ed05da511286314e64e1922bf9aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8956fdd8a81812861268518117d3da32

SHA1
6862b764b28d922a11845bd940849c313e04c583

SHA256
c93f57a78ad76e23e1d86a9553e5fad085e40d85e97d62295cd5735f0b9ce020

SHA512
8f1532f7aad5ddfc56df1a629c983f8ba948d23c66371eec31393b6e1814ca3a37d14bc79bef6d74e27a5dc150d13b8c331a9a8300fc63f541c79a964d710088

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
07ec00cc1021d9793b7f7a4d441d73ee

SHA1
63808a71b0766af8c1d4ce34724145405a2288c9

SHA256
1a901f06ed9fa2768024f611a368518ce170d7995f60996e9c191bcc7f18759a

SHA512
fbe2eef3467ddcc84645d8022f9ba3e0083dc89077b3c3f230a403352f6a3116d2c9f42a6bd788c1caf2740516d8bad4a92f516bbf669afa19245842684d6eb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
520KB

MD5
ed51ca6f4719ebaa2fa29c72ac822bc9

SHA1
06130b51c9a4b6e773997e05d9b92d319f99dd9f

SHA256
cf88a51f8e9a6a1a260a49a85ca34bde6052ef9b95399f3c58c754abd1ebc1ba

SHA512
ac7bff2fb7bf377a28fbc4aed944d05977f231b235826059aa281f0b05032195509ed67a957f9f04454c01cc2572c9a6606769e6303a4825e78d993a358ba61b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
0622232d2fa73c49908df93e9387439f

SHA1
304f3a58201f3a0cbb8311df2b0e9c841bc6d876

SHA256
d4f613efa162a51741928d60c208c0b5ab00bf658cfad879bf056d8325e32764

SHA512
9df944446ee0a209eed3dd6b2a45f7ae98e468ae0ebb019a78711bb717969463bbdc71479011a0cdab016d02731a9d25cc4457b0821723d886f3c34dc59c0654

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
8.0MB

MD5
05948c8b36120b703e666da59abe6306

SHA1
9db5d8eff04aaecc2fda7af588c4fb4ab7f18346

SHA256
2de7994166635cee422dd91ed00d26db0f68446dc260674e2fb33673864448aa

SHA512
03cad6cde5a49d015f7d59cf046d30513fbfe10f7cc9fde3aa1b3b1d8e0eec4089f2351f8df969615e3f2717d9e826b4bf8cd8f57df2abdfd88f9b20d94814c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
4568874f5d611112c3abb7e902e3f644

SHA1
12628282ce0cfe1601055a69adb3333fab0024cf

SHA256
2f3e0f7e910a55d3978cbb8a3b2adf1e86a115c82633e066ced11fac60731872

SHA512
251b060bc4c936a6dd4fafbc809b227356ecb7f997dc90da01df3622d368a804edb512f78b44d03e96d3ec46565025c5a289a31fdeded836db10b27bd19e54bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
a0e4d3f976be00755d9c9183ece57018

SHA1
a94f5cca52d5e25668e588bb51c8c1a16569ac56

SHA256
0d3797c2f6474b8c5b18f880288c02871b9e4da83537046f274015fecea7153b

SHA512
798dac9d76ba3348acd6cbc96fede5998314a34caf8bc2a0c9210a7af5e757225bdb75d0f2729b8853ef3aeef6f708257f2cd6364eab4a421fa8660964a4f88e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
28KB

MD5
25281fd66cc35f4a4875325d3ba5e634

SHA1
5307d8681a7984b854028de1b496cd76db417816

SHA256
c17e272d0a1522d6dcc60d349e90a031336fa58efbda655976a55aee0cf547e5

SHA512
9e3aeb9b473f211dee5d7f281cec277453f473fe55b784af68874078f4b23ade3d5d9b84814c550238126587c73e8f42867f0ec6d2312eb66648f4976b514994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
813fe2b230e081c4a090a7d2738e6979

SHA1
4d4712b3a1f067068ecb1213b84c4f8afcb90675

SHA256
2577fa0180e0c0da4ff558b2e5c079c8dfc829e659622e91402f02d7de0178d0

SHA512
8e2bc1c4f58d51f6825f9a50f1da081b9dd313ba676dc893dc7fdcacf2e8f7e047ddbe91b8c65b7d812423f47a39b6a496d5fb7afcbb3fea7508e8da4a60cb98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
7a9ecc954dba6fb43c8575862c59f676

SHA1
570cdc6b87cbc7d2780cac76d92cb2c36a05dc9c

SHA256
b0d21af1bc973cf36eaba1b4008eb8facb61a9aea9e623fdee0066fcd5351291

SHA512
c875652e2b54e23ba8029cdad9602090b48712781aa7e9388a042ea9b51f89f0e7f9f361fdb6c9f06fded7de3956c3279912735f468d7674811b8b33485ec815

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
9c77393d4c7f7c5236d6cbb1bf91ec61

SHA1
2f1d547395eb72cc6c779e4871ec3774f71e4474

SHA256
54fd95f8768b77b58019320571a63b79b6e0115cf30b8b43d2d59a9882755f19

SHA512
ee2ca8a19dcab4f69d52da011a745ac4970738d1f5457c05134ab9cb89b2c449c684dda2afebbd720ecbdf8a39969004ef3df88a3005abfdb46dae9f63e6e3a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
2KB

MD5
3a847e7a8740f45f7f91b1f5590a2ccf

SHA1
88ee5e4e8fc8a47df1104fb01b272853b8e63032

SHA256
4a7d2bb704a23c3f2377774c6d64b19bb31bf121c62450d748530b56f5f00598

SHA512
3c32531295b718216d8ae1983a9464e38e77d4621b845b8f5a8b7e78df27bbfdf5f4f611726db933369c5dc45c7258ee50c211168a266b32806f9e335b66d5ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
12KB

MD5
93e05c128a72135031baeafca2ad04f4

SHA1
b2c1c9b563004a3034305323c9e15575a6970e14

SHA256
1c865b823c24ba86a19c5b1dcc6c099f1ab84767b8d9dab8fd25f183e66744cc

SHA512
368527c76b7bf55b107fba427d3fb8815f05ae53633aec5c3e25023019416fdc4c5b7b451c2d983cd60a0fbe6ae13b83e30245b69e2a75a922feec9f85fa6fb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
ebddb3467e88f1fec750c8f93eed496c

SHA1
183d00edfa774d981fd30345d507d33204be5f3c

SHA256
28dcc3cb16e95226f013dedf0cb3d12f38c53b57febe09cc7362d89f1a241351

SHA512
6e3cde87cac3252104a39f92b5db0b1b542dc8b4ea76625b46b3fb2b29539a4d662930801b8886eff8276d9218e489dc32ed60f8c994678a48fdce05ac2ecc98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
dcbda1720ccbdc865e5df7000d5def18

SHA1
e945c547b2d827181da1a5a69aa064de0b0c42ca

SHA256
78314d4a8552c20c40ec573c0ca70f343906ba581efa23ba1d28f286d0e5a926

SHA512
09a7631d154fb1a7f4414ddec8be15b59766490839d580becda5cfbc3a2f3878e3b85acc0ecada515ca7f19b594526aeff6307209c1ae9cbeb907685f2e29010

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c5cf9ba504f82a4e5c975e3ee478b19a

SHA1
a9d6befb08bf8f54b0ae179f6b04dfea599bc2a8

SHA256
a2a3159bf84e8e4e4a747fd58edcafd569641415828b7f1ce2f6ad0770081a7b

SHA512
93fe81379029be9d68295eb5f7d2a218ef4d7fe229ffeb82407d3a267e532950b9ee51ba1a56acf9cac10667174f81a05bc0286db4304dbf4a6138c9c717be42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9872b3928b1f602ded136d30e118f139

SHA1
f047dac39ac85d54348e561ae55d6f37b4325e41

SHA256
ba8fd2bf3ea030c92e71992f005cf28ad92d590f03cb9785320aea9590d27118

SHA512
68e9ebcd908622b1e9eaf5d939cf8b6dd70048bbfb4d1563072d02e6c955fdd3e4abcaf001792aacc0dd7bed42e32ffd9618c22517725f8b24f86e19697d51bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dd02e790bd1b582fe3a45b7a8d6915bf

SHA1
cd21b96ad7a284822d628bfb54e718cba3357383

SHA256
3073b40fbf354cddb1e1e794c9b4d0c4db43a4ff5d39448b691e239b19f0a916

SHA512
2e9047b8cc9b3132651abb134f150df4d8522cae2e19e5d0fbfae1d6b4e24e80c11f04507ef1c81835d5237f27c4f394c205ad12d2161980c2db79da3588bcfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1d1955e1f2220362920d84cbd8063355

SHA1
c7d863a0fb98445958e7880a528f613c6fba53a2

SHA256
ecae9f985385d94264052d21fe37f91f771eed056099ee39b8fa4ff7b1f4d455

SHA512
d2f3f4066ed0dc178c3acbb941f75064d7e5dab8da9c46eb79dfe8fa16b6abfb3b71a74233c71d72029c29879369fad0d36baff74838aed492ded1484eb2410c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
12503c8920e400a83eb357ee60e8b0ad

SHA1
43a6df81bccfa4d15dae5c4be09cb040822a3c32

SHA256
83535f595d9f30abb9a9e8550e958a853d2776c0df72eb35c36e0f872e60df68

SHA512
be53c2f718003982de4945cb2d48a0809830fe1953820970a4df9c8b6e699a5f3c075b7750b72a9db4e759c9220af62626498f1a9c15129649fbeaf635f184a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
08e005ad306f81c4c1fe36c6db79bdfa

SHA1
0e1d24441c4781a7cf1e0e17610e0264c661446a

SHA256
0552129d8ea49d89b0d45c11f7ec83796e581d3500682591727d7273b50ef03e

SHA512
0ffcb4b3fa363c07d57f0192e1e83a8deaccf8b894dd6748956afe68fd820d69f1d36d4d6c94f8818234b806346c65db95ba1b60a1b2633805ffe86e90f6935a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0851d495b3c61c0e20e65a557b1830a5

SHA1
d48e6d54c527c663b1352cb695ea281a979c8132

SHA256
bf469f0c6bd5f15e8bc8f45f97e113067e21ef11a30451a94a0b1baa651518ab

SHA512
c04d988e7b013933713eabaed169e9fa53ffd9383e66f0d9d7279c769abcb66a8269e98fc8423f79d3aa649704d6d0a341035404a1527f87b996b70ea11d69c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
78307fdf85842e008f23df10b0914d0d

SHA1
960d2ca5209b40838ba16a3e41d85838b6554fd4

SHA256
ae3b72f771aeec5123b270a53930046928ab639fc92bc93ec626c974fa3e29d8

SHA512
0ba64906644db50389170bed520b16ea2c61a3d002a4e4afed515797170a6811b2d82188dd3ee0c755cce63aa1a031492d69737d6b59436060e9d1f1ddbcfdea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e2caa5cf298a2e50ef55754076dcf5f5

SHA1
097658aa1b82d2963aa864768cb7c124ddbc820e

SHA256
124872e95b0447b00b706b3b4474570378f7f40070a7f387e6ace6971f95a6dd

SHA512
7fc4221e232daa589474c5bafb73f60fc392d2a8b8aaa2853d1d4afc77ced3a0cc12e161f51579538f2ffa4cb4c1a03c54c53663f6d6b72e2b915e4c9a52f146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1.4MB

MD5
5e059b38b34c2d2209cdbc5b4f90bd5a

SHA1
a8a172667c6c5288d8deb80c621e2869a28da548

SHA256
ec6f4c6a30693880a57f18833037d48fea1af6601109203e826e81d62a2d4477

SHA512
5328c3b28b6f781221405d027328b8d5143ba59a80ffc4c00198b6894a45c7b62d81cb2cd770fa7f76025a798935e0b95a981108384d6922e79a8c7099b97ae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000004.log

Filesize
464B

MD5
2e6406e5253366f902e68bdb7780b83a

SHA1
26a12df485f310cfd7f75d68ebc3b7f52cf9d0d6

SHA256
4e81bd5a2adba18081109230729fa16758f28fda485658467f43fd0b5b3b7c86

SHA512
373957eb151aa8ca9ff4e71bb8ce1e5c9db9bae4ca0aa9a30e812692eb383b95ce558d5719a1312a85b504d144b03ae9eb8288a120e1e2d767a40afc1bee7d7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000005.ldb

Filesize
424KB

MD5
69a245dba9c14ec70a5f6ab9b572c523

SHA1
779d85b00b30c9d8a6030d01dcafb5368faf91ae

SHA256
49c45dc717761bece8b8b8fa83852d96f12e4d87dcbae63e26667783d76b64c7

SHA512
ab1397f54b448c4e4df89fd631a61f4577c306eb2c7086799c0813e0e9e12cc64ba2ec04d68dc8ea677b38e196018d369cbb2800a6dc3ec8ddfb7d1a0a1e5cf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
373B

MD5
48797ebffa10110a41e00878da9521c8

SHA1
86816b36d35f96a95e8fa2e3c05315a3b60a674d

SHA256
c19d6c34f547c10d4daf9a416f239e4ff0632d0a70542f67741b2c0cc3d3d480

SHA512
a485fc8f69381d485a609a156705e1e9626b62fb7c4f694cabf5735b158ac30913ee43cf2e3126e5223bceb52188de74ddf45baee2320ecb23fdfa6cd659cb3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13378589439296790

Filesize
10KB

MD5
85d158be8dba6998c28d7d4f488a277d

SHA1
8dbe8b381b7dd1c49a10e129e2c6f71661311356

SHA256
cd4a25d2d610d0c40ae792712f4ba3a2a0b02a600793f7b42a3bc606a328efb5

SHA512
78cbe521aa1b555a0c724da4b81f21d622d2c8871b07c790671c45e226f34209901af078692ca5dbb3d491f2a49b6b6e5ab21a57b83f407dabbf961b519850c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
244B

MD5
46f5ccd8c9beac509c1d8afe1fb10467

SHA1
760fbd7a1dad098db6fe73a23d9772c655803209

SHA256
b23b2f39d4610dcd2664faca0f4329b7844bb7677ee957d8cfca3882cfecdd12

SHA512
d2ea4bec41f1be4c185b812c535d593f29d9e802b9e5c655ac39e95b23f4e4a2194ab2a14791600ee800d482bc23d1b7921d337627456dbf24144aec4e66e7d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
dce981ef9d9e7111529b1cbd2aeb3063

SHA1
e7d045f9ca9eccb4babba8dc42283f810953ccee

SHA256
2bf0fe00ea375cdae4e41212d4536e74815900e4368dbb5692dd954e4d33217a

SHA512
181b95c51d17f91158398edbc32052932a61e8fbb4563fae601788601527dc9bd7e3e1165ac1169401283491e09cf8667e82c95fb64f3f730d76b061f6c59c56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
bce1d750c64688633c2037a8befc951e

SHA1
97df132ce888f0230ec06d3f38373c049e6174db

SHA256
0d6826aeefad4696247bc11b202d262d79bcd225c6c54cc1d788c7745f029db1

SHA512
3b44c4d0e348f64d113b3f144cf874ac67ebd88b2d31ad3e475af9756f8b29937e26d907c05de292f0112a0491f5e63e568c1ba506264f98fa6955eef5006ca5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
22ccae07f02b7cb5ba1ecddaf66d53e1

SHA1
df97836452c2c1012c08cc45444f6f2077cfd040

SHA256
e749100a6f655cce94dd9d3aed7276895301f80fd69506895f50ff84ed3ffde9

SHA512
263d5570dc16794bab02c9b56b0e118cb8db7d632df0d47bf1c04fcf8721cfd1a1d169c6797b2e1608bbbc85158e29ce47dd42f255648f0b4e8c29c26d792d62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dbfb239c754eb4b178e54b3205e1551e

SHA1
6639cc2d23d72d62b498d4d4e87058b8a22cbe95

SHA256
6e496e330092683d1141e8fad305e3d4dd1b7e50d005b154cc5a6c1f13857c3f

SHA512
939cd7dc8bf03369f63d88996415d4ff16813057520ba1d24c7108771cc2b3143342672b3524d9d18bfd44c7a1fe18e025dfdf83308d4296dcbc097e7a4f739e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5818a4.TMP

Filesize
874B

MD5
0a7c95d019c19242a3d1a5beb06c6cdd

SHA1
9071b4f9e752b23f5020c396ea872014a1c2a46e

SHA256
ba657588039f486e2549ead36b6152c21fa25a4e24eb39e3f2a33f612d44ba6c

SHA512
bc539edbd97f073e0ca1bd7851fc7730937fb125b3ff2a1502c0939c7e34cc8ecc3c779c82be040c919183cd07d6c44c3bf44066fe1c53fc93e5cf4640553451

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
ae0c1564ee60f590e296bad7e87839c6

SHA1
afc2a55de6ee87527319a97d88992456094ee5c0

SHA256
8693ab4e69a21aacf3f9e0794a49a18ec13ffde0b1985efc574089fce780f0cc

SHA512
7e192708a38383ba569b81bf17fc8adb4c71a8e7d784ae20ae6ef06c68e04002747a5af156cbe7ae5c1bef7266f3e7b94d83a3a5bacde89f957ba38b99875f9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
112KB

MD5
7483e622ff055012a4c1d2cfd52ee60d

SHA1
1969c2e84ec1d0f23b341771edc2bf22546178ca

SHA256
f131a76acab0672f49e5f3ae70952c85eed7bee7eb9531271f3cb654b339bb7d

SHA512
dbf27ac463bce3507acfaf70001069e9049c8653b36ba64f799b8695741fc11953caf4af07e8fbd989cee7d46873426fc34f9d6bf3391b6ce82e987401e466cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
124KB

MD5
42ecd3405ffe324567370380cbf91831

SHA1
14a470957117dae3575a28bfee2d3e8b28922172

SHA256
785025f2d316fe636b0727f9d020b4a5eae1db56c3275aabd34199175b3d61c9

SHA512
671fc2d65f46567b37fb439d2376f7e49084a3575937f6059201e42658565031aff2fd88790d44a4f9e70392a37da78952401004fbc8f3bcf1d77c50fc2e7871

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
19B

MD5
0407b455f23e3655661ba46a574cfca4

SHA1
855cb7cc8eac30458b4207614d046cb09ee3a591

SHA256
ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7

SHA512
3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
b3b541f65d1f206487583115ee874932

SHA1
8b9e1ddbb018faa00311b1d962dbc9ad9f85655d

SHA256
3f669119210ca900cac6aae8422f556fcb4ad4ff6e9fa45d54f82ae3dc658fcb

SHA512
8305d675769526abd85569428b5606f9b7a648ce158b9f079f5b0cff9649345eb77f17fe73e09d9095d8ae0fad33e8fb5115a5ea381499ab58abf09eef4153b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
a79b0aa502b15fa052f082d4a519bc72

SHA1
f9642158d5ba0079cadfb659a589a1a5f0edfcf2

SHA256
fd7ceb5a5aaa810d9315d29449319690d091d62398e867e22a8fbf2e857ecb5f

SHA512
82099dae5dcded05c6c4c05f1d53a907a32dd00083d15eef5340474023f7c328ac32a5f159afac053f47fb8ae94807402e2a26163f48963ea6266ddb0f9ab4b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
e41fc0c5d717b4dc042db559afa8d410

SHA1
83b44445f149499e6aa249791dd81bc94f1471ce

SHA256
5320689a69951fc69ad899c39700ab9562d550cccd66afbf09641ea500a810d1

SHA512
6e07033b591613140f8b5fd392e7a0c7ab18518465dfdca6edd68a92a4b14393c797d905f62a14671b3d03ab004e183280f78b9b8a13be5e19d490ebd2284d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
b25fa001b803c3f1bfd0ba7bf3bc9983

SHA1
b5a3b5916afaff469faa0dd25982a941d6844d2e

SHA256
8625f2aec20ff182c1f2560db75820a699640650c1837044e25cb1dbb11f074d

SHA512
bc4b1dcd29706381d37bf5ff20cd7f49fa68b54be1c03bdfd2406435af2bda0f1bcbf92f51bda43ac6119aec2f641aaae3b776ad18fc1461d01151e7ebffb92a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
9b714596eb749a9acbf7f2705b672104

SHA1
18d575e681339adf18bd26d077d0b8dfc2200834

SHA256
0ed17784f4232419f5aceda6c69d7234ce6ad17244273d393883a0f7251de439

SHA512
d677ffff7847dc3d91d8b31b3edc5795582ebe6236c6ab015457c546eb22b91fd3a0ce8794ca58d734407ff0c96a22f997c15180218795464412286a883060ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
43109fed80d905a4c689c4e77e01ef3b

SHA1
4ad5e826bd1d5a226a000dc3731b9d128ba10b4d

SHA256
9f8be0f8239822faa75a207dc8a2ae087cb90eb795eba44a4c45579f5e808711

SHA512
488358db08b753371e5b1dd793dfb9a5a621b96ad60bab2c91fa77916fc9a51f117db755ee748f0642ab6910ce2dd55b24ffb66034f7f9e5851c264753cdbcc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
20KB

MD5
7e86d5c1bf2ff36b15bfbd8fcf748b16

SHA1
59a1515ddff8caec85c4f27ffb17b69a42ec6226

SHA256
82f03e141e82546b261c1a24cd9ae3cfd4b19a7b4f343a296428deeda88cf856

SHA512
943fdf966d2ca4bfb35e01431e7bae1611e86d4bbf9c27524ba4502a9a93b8c0bb39e7760a8ee76993c4099da1ff49febe0b48468f134d4121f22a0ffb41bf2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
20KB

MD5
2a029687e73114ebcb4fad10c0114e8a

SHA1
f09cbbed46b9f8c731568bdcee13024e89bda397

SHA256
fe6e92a5b020858bbdd8089533c6f22703bc5927e22f689c384164096705b11b

SHA512
211dc45e2bb5739bcf863c44ca8132f92e895b3c95d074929aa4338698d53c6ccb3a8e2f23180260d9226073f4f5cd21a200010a7a224de7c8ac2e1cc853730d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
20KB

MD5
ef9588ca82f853399e5968af99985e74

SHA1
80d9df4f75c3e789ddf10584d9ff9de2b6154cb0

SHA256
9d550015f47a4d5d502f8a2f5b33bd9cbd136f4fea7c64754c8cc5a9651f7fe5

SHA512
a77b6b0bcea459ab4fc1e5d0983e85b86a6b0835849345f6afbfb27a5e84d8d1a38ff16e21ecf862e95d0a74e3fe97fda28bea66752b8bd64fd44c8ba680a5c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
17KB

MD5
2f2d09e164a7bddc1edca269e5363d1b

SHA1
b901a3c9922a3416fbdf7abe4d6d570b3d275ac7

SHA256
be0c5e95837bdcb98becc101885a06246675c340c54c51aa07196142a3818102

SHA512
be6f0469b736204ea20c54c428a1e1111ce69ddb2e9d166da2cc101e3b3b06166ebabc4e8fb87ce061056c2c7e05e6f05e955d4892aa6d3661049686dc5c6dc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005

Filesize
19KB

MD5
c0c309b6256453fad41808c5f1cc81f7

SHA1
f12636cfcde967350f284c7b4cb90461d5ddec12

SHA256
6645b09f4ff4f5ec759836495367d858dabed404c901acc836c26a936b908337

SHA512
d4bb7b478d02e187694a13debb8aaa3a531f018501d277dbee7e49b35442ad567df9ec30bffbb45de92a538622eb70503faccd407bbc93416d338bfb8a6d2841

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000006

Filesize
17KB

MD5
01c531b6bbd06a2f0b438670f84804de

SHA1
a5095fbdd8112d83cff24536d6c769ba85300587

SHA256
28c2640e996c514e89ed0638447c3f58bd7a829290bf16d27d7960d2c1121efd

SHA512
61656b632ab006e389d8493ac008d3c670fb2f3a21cea44975c12a62f265f1c0de2ab4f516b302e298bba13dc9c5fc9841adb66f154c335416ce9b0cef89e118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000007

Filesize
26KB

MD5
8235f98068f731038d8520df4727c625

SHA1
6ef1e3ca36d59de490e593ec195b632e8e09565d

SHA256
98280dcf81e7ed7a29b2d383c12027481bf771aa6358012ee5ffcc8b3af21e38

SHA512
d75d4b688898ee9c9ee07f7be6e9dafd0154518ac54042270666969dd15dbc3b7c8cf92997c510f42f20a5ad8270d5324dd8f2ef91666a9d6d0450d60bacfd83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000008

Filesize
17KB

MD5
111397b8f86fb6e02df2d8615006125b

SHA1
c5696bf9eacb4bc578252246fb5cbe043cc0b4ec

SHA256
e37baabaa4f9f0562b980bdb8b383fa24e58fa90774363374144a30401fd5919

SHA512
17c736cb6e17c77d6fa4187c33bd7b4eec313a77b187914427366425004e87f9476d7df7b5ecb2a3166d5ef33d0e84600cc840a350a99d40bb09c09f065a8e68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000009

Filesize
26KB

MD5
ad2134ff16b8955dbcf63336d3e33d58

SHA1
1d818cc140127deca1fb5bbc4ff88fa3ff52d6df

SHA256
b0ac89e9f894fe05628c1bdead63741499df44688ccd44351d58feab09712246

SHA512
d540504b8e393cbe5438849dff802fad000227e114a4b2e155d39fe082683413c3b14b493ac0bd0e6bccf40b9a15a86b508aa76ca58a24a1a2e426b67030f09e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1147d5a8114b912ec4fede6c98a2c1ef

SHA1
5dde88f1f89721bd2d5834c722238827ea08d2b5

SHA256
1524f1c3778423cb6d15a4aa2037ea5523905e5a4c8160b47bc3821d51485854

SHA512
65954374fd2f30d2adf4190b0a35918ad0b91755a4761f97e3adf647f60803f8af6d1240fd2ed19f1c3a975f9b7802b033af0b7fd42482dabb9b917b378dc928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9c1005878791f67a672822d1c0d8880f

SHA1
c4b520c0b9ef6bb1ba23543ed217d475817bd947

SHA256
075dacac1a3b658b17523f929a1c0186a01c42b1c2b28a9456b72a36f31a905b

SHA512
d4e8564de373f727f49ee157a26074d477b213af79dcc71da080961f22b4bfde47338c6b5a400b588850dded164bb78405c580cf64eeff99526b0d4a13874cb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8d98d1124ee083c8b5f18b700bfd582b

SHA1
900e374ea2b138f148b2cba7bc972b2aea564192

SHA256
cecd59b6e38524aa9db49af7afadf845ae44291ad9e26ad4801242f87c54473a

SHA512
486a63ce3f620088393cb047e6ff35238b56c291c635f6d461607274310820a8b7c81c7f92441b86130bb3ab9826416641c12b393ffbc628f6d0b288c1789497

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c93b040a4351057f17b336b701f75581

SHA1
07b3090fe1f9e8bbca11456b6449438fafed005a

SHA256
7a312b61dd8e4f7c8fc2064dcd1a90ec4a55a783ee0d140628a82758cb8fc019

SHA512
9d008bad167881df8dcd684d9ef66a834eea48f5bedee6988aa7bf3c26e85d012d57c319f02ef151baa2f90282929fa01abd28551b0d2c72c4be59e298db766b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6f8dd09c946e5f0108e91cc3bc0fe1a9

SHA1
78396fcf99c9e8770e0a7fa2936ae330d27e61c7

SHA256
8554fe43d3af1bd8feeaf973a791ac573ee88eb0b77caa78dc9561a879a9fe9b

SHA512
5b0b17c20d2ddc51fc1741c03b4be4b22f267e25053ab58bb03c9518ee2b6b789e9ad11976a354d36ce0f1a7307a055b81009fcf471ccfd7f7b0bde6a990019f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000003

Filesize
24KB

MD5
b201e8da90ef456598b8b3bb0e31bf53

SHA1
8bb524c8e9b17920c83d9a06c0b305e41cfca560

SHA256
2c8b630d1edafb8cc8c8cd73fff10c8ab6d06232929a4d458ec34628920f1665

SHA512
50126ac5b7800f5a848ef49ebc8e71d78cb5ee9c1602486b30e697ce57af32c868e46795ac2c157cdfd7fe65c03133c7a752813d520a9106adc3e50620b473f3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000004

Filesize
40KB

MD5
0c9f37673dd9c878a4b5bb419ee24b5d

SHA1
d973a8e073c1f76068f0947d495998f7f823d76e

SHA256
c1e12f630e7f356d154ffe4a7a3873e7e136e41c1c37e6c0fa4d2c52f1d269dd

SHA512
b361afedb4a910b12f7dd7b5b33d2914be39528bf4d1486661d0107c24135cff3a5393df1af85cd7d1551f0e601ea9d2ad4b147e56f469691e2b11906fd1514c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
a3368744745c21ad0435b78e86ae1d84

SHA1
39c8d4a547884f45fb14926eefa5b506b4b2819d

SHA256
0eee4c9c6a0a5e8b54d382e88dc440a4d5cd427abb5edaf4ccc8ec3372b96d80

SHA512
6fd7d55a31db198b91ce68c53e2791f0fb406b361de45a0103f02b39500331af7a3c3da89f7a7cc36b5560e6cc7a5ac97fdb83e46c593d11037ba198c5aebc41

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
718B

MD5
3fe5d022eac37153b4e568b925e87add

SHA1
ef5558841d96a54deb30be68a904537ab7371bf4

SHA256
f8db4e2914fa9759fb3233e761aff6adcb03d7a7181669c70dc749d843892f4e

SHA512
b324d959f74ad2ce153aa9cedc6a4603583b83f2718c79f2a2c2c2bd01918a0d539eb618cb352d0eb989468836bf83135672842b7e2bebc56db28993c118e2a0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5b03c5.TMP

Filesize
529B

MD5
52162f2e99fc8923aec772a3cdb13ca4

SHA1
403f36f4ab7e9bf6bebe44dabf96d253f64f2f03

SHA256
10f5e5fb431e8ce42216881e49b61af9a1ed4da0205cfb923ad4b604e2c34883

SHA512
fecba5b21b7557bbf26e5f7e9f90c2f5228f4bd6f5c7409215e60e72b893637dbb7443deb5c1b186612da8e0cea2ec290b3dfdab1eb9879c152f66609795f451

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
6ab6528db4806f8a596ea32d0c6d82d7

SHA1
3b3d6a46f76ca09f89af7d01d90ff1b9a8214fc7

SHA256
cfba60196895422eede878f3b40d346f5a5d09ebf243c4204765b4520e461207

SHA512
88f63224cf67dc11c0f07ca639fe4a9f9dbf57aba890f564c9e4aed91041d170fa7c15dc56815d30af3131d8eabd0f034c8de422653947ef205bc183d09feb1a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Shared Dictionary\cache\index-dir\temp-index

Filesize
48B

MD5
d1fe0b2213ec1729eece89c4c69af59b

SHA1
1716bf314a6f61096526f2d18b8f5bee4fc439ed

SHA256
80cd70579d4cad70e81c80c2521c51dc9028a8b69e0a638de908323c94a313ae

SHA512
f19f0491ef0879ecc1da53f1c82268de4e099239e59aaf3b699e22073e5486c53449edabb94f7bc3d0cd873714c997831c0d517822509b031c7ba658436092b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\40d6a779-e8e2-4625-b806-2cef67b06d90.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn976B.tmp\StdUtils.dll

Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn976B.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn976B.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn976B.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn976B.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn976B.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5060_1307499758\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 6101.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit
memory/1048-13234-0x0000000000080000-0x0000000000532000-memory.dmp

Filesize
4.7MB

Download
memory/1212-13447-0x000001F135AB0000-0x000001F135B53000-memory.dmp

Filesize
652KB

Download
memory/1212-13276-0x00007FFBF7500000-0x00007FFBF7501000-memory.dmp

Filesize
4KB

Download
memory/1212-13275-0x00007FFBF8B40000-0x00007FFBF8B41000-memory.dmp

Filesize
4KB

Download
memory/1776-13505-0x000001B5ECF80000-0x000001B5ECF81000-memory.dmp

Filesize
4KB

Download
memory/1776-13509-0x000001B5ECF80000-0x000001B5ECF81000-memory.dmp

Filesize
4KB

Download
memory/1776-13514-0x000001B5ECF80000-0x000001B5ECF81000-memory.dmp

Filesize
4KB

Download
memory/1776-13511-0x000001B5ECF80000-0x000001B5ECF81000-memory.dmp

Filesize
4KB

Download
memory/1776-13506-0x000001B5ECF80000-0x000001B5ECF81000-memory.dmp

Filesize
4KB

Download
memory/1776-13512-0x000001B5ECF80000-0x000001B5ECF81000-memory.dmp

Filesize
4KB

Download
memory/1776-13507-0x000001B5ECF80000-0x000001B5ECF81000-memory.dmp

Filesize
4KB

Download
memory/1776-13510-0x000001B5ECF80000-0x000001B5ECF81000-memory.dmp

Filesize
4KB

Download
memory/1776-13508-0x000001B5ECF80000-0x000001B5ECF81000-memory.dmp

Filesize
4KB

Download
memory/1776-13513-0x000001B5ECF80000-0x000001B5ECF81000-memory.dmp

Filesize
4KB

Download
memory/2228-13388-0x000000006EE10000-0x0000000070151000-memory.dmp

Filesize
19.3MB

Download
memory/2228-14384-0x000000006EE10000-0x0000000070151000-memory.dmp

Filesize
19.3MB

Download
memory/2228-14336-0x000000006EE10000-0x0000000070151000-memory.dmp

Filesize
19.3MB

Download
memory/2228-13572-0x000000006EE10000-0x0000000070151000-memory.dmp

Filesize
19.3MB

Download
memory/2228-13540-0x000000006EE10000-0x0000000070151000-memory.dmp

Filesize
19.3MB

Download
memory/2588-14626-0x00000236CE1D0000-0x00000236CE273000-memory.dmp

Filesize
652KB

Download
memory/2588-13547-0x00000236CE590000-0x00000236CE63F000-memory.dmp

Filesize
700KB

Download
memory/2588-13546-0x00000236CE1D0000-0x00000236CE273000-memory.dmp

Filesize
652KB

Download
memory/3816-13396-0x0000025111A60000-0x0000025111B0F000-memory.dmp

Filesize
700KB

Download
memory/3928-14354-0x00000262FF1A0000-0x00000262FF243000-memory.dmp

Filesize
652KB

Download
memory/3928-13450-0x00000262FF530000-0x00000262FF5DF000-memory.dmp

Filesize
700KB

Download
memory/3928-13449-0x00000262FF1A0000-0x00000262FF243000-memory.dmp

Filesize
652KB

Download
memory/4688-13612-0x0000019E2EB20000-0x0000019E2EBC3000-memory.dmp

Filesize
652KB

Download
memory/4688-13555-0x0000019E2EB20000-0x0000019E2EBC3000-memory.dmp

Filesize
652KB

Download
memory/4688-13556-0x0000019E2EEF0000-0x0000019E2EF9F000-memory.dmp

Filesize
700KB

Download