hxxps://www[.]google[.]com/search?gs_ssp=eJzj4tTP1TewzEouKzZg9GKvzC8tKU1KBQA_-AaN&q=youtube&oq=y&gs_lcrp=EgZjaHJvbWUqDQgBEC4YgwEYsQMYgAQyDwgAEEUYORiDARixAxiABDINCAEQLhiDARixAxiABDINCAIQABiDARixAxiABDIHCAMQABiABDIGCAQQRRg8MgYIBRBFGDwyBggGEEUYPTIGCAcQRRg80gEIMjEyMmowajeoAgiwAgE&sourceid=chrome&ie=UTF-8

Analysis

max time kernel
648s
max time network
650s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
16-12-2024 21:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.com/search?gs_ssp=eJzj4tTP1TewzEouKzZg9GKvzC8tKU1KBQA_-AaN&q=youtube&oq=y&gs_lcrp=EgZjaHJvbWUqDQgBEC4YgwEYsQMYgAQyDwgAEEUYORiDARixAxiABDINCAEQLhiDARixAxiABDINCAIQABiDARixAxiABDIHCAMQABiABDIGCAQQRRg8MgYIBRBFGDwyBggGEEUYPTIGCAcQRRg80gEIMjEyMmowajeoAgiwAgE&sourceid=chrome&ie=UTF-8

Score

8^/10

steam defense_evasion discovery persistence phishing

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 24 IoCs

pid	Process
596	SteamSetup.exe
476	steamservice.exe
3564	steam.exe
14092	steam.exe
14152	steamwebhelper.exe
14180	steamwebhelper.exe
14308	steamwebhelper.exe
14364	steamwebhelper.exe
14616	gldriverquery64.exe
14760	steamwebhelper.exe
14864	steamwebhelper.exe
15192	gldriverquery.exe
15232	vulkandriverquery64.exe
15312	vulkandriverquery.exe
17048	GeForce_Experience_v3.28.0.417.exe
10892	setup.exe
14888	steamwebhelper.exe
5452	steamwebhelper.exe
5708	steamwebhelper.exe
6692	steamwebhelper.exe
7556	steamwebhelper.exe
7988	steamwebhelper.exe
10496	steamwebhelper.exe
10484	steamwebhelper.exe

Loads dropped DLL 64 IoCs

pid	Process
596	SteamSetup.exe
596	SteamSetup.exe
596	SteamSetup.exe
596	SteamSetup.exe
596	SteamSetup.exe
596	SteamSetup.exe
596	SteamSetup.exe
596	SteamSetup.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14180	steamwebhelper.exe
14180	steamwebhelper.exe
14180	steamwebhelper.exe
14092	steam.exe
14308	steamwebhelper.exe
14308	steamwebhelper.exe
14308	steamwebhelper.exe
14308	steamwebhelper.exe
14308	steamwebhelper.exe
14308	steamwebhelper.exe
14308	steamwebhelper.exe
14308	steamwebhelper.exe
14308	steamwebhelper.exe
14092	steam.exe
14364	steamwebhelper.exe
14364	steamwebhelper.exe
14364	steamwebhelper.exe
14092	steam.exe
14760	steamwebhelper.exe
14760	steamwebhelper.exe
14760	steamwebhelper.exe
14864	steamwebhelper.exe
14864	steamwebhelper.exe
14864	steamwebhelper.exe
14864	steamwebhelper.exe
10892	setup.exe
10892	setup.exe
10892	setup.exe
10892	setup.exe
10892	setup.exe
10892	setup.exe
10892	setup.exe
10892	setup.exe
10892	setup.exe
10892	setup.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Steam\config\config.vdf.async14092.tmp	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_l_swipe.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_dpad_right_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_p4_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\SDL3.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_lstick_down.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\ml.pak_	steam.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\theme.cfg	setup.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0337.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steambootstrapper_vietnamese.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_color_button_circle.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_touchpad_up_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_l_right_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_r2_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_rb.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_040_act_0030.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\html_lock.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steam_updating.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\platform_japanese.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\libavutil-59.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\229950_library_600x900.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_color_outlined_button_circle.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_gyro_yaw_md.png_	steam.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\0809.ui.strings	setup.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_friendslist_over.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_scroll_handle_over_horiz.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\hp_r4.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_swipe_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_button_y_md-1.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_lt_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_color_button_square_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_r1_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\startup_newbp.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steamui_english.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_ltrackpad_click.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_mouse_l_click_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0360.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\btnDefBottom.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\cloud_localfiles.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_lstick_up_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_rstick_down_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_button_b_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\crashhandler.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\flag_bottom_hover.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_button_steam.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_rtrackpad_swipe.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_sl_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_p1_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_hungarian.txt.gz_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0332.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\vgui_romanian.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_lb.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_outlined_button_a_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_down_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_dpad_up_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\support_flag_top_hover.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_r1_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_button_mute_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_rb_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_dpad_right_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_ring.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_button_x_lg.png_	steam.exe

Drops file in Windows directory 7 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping14152_660662460\_platform_specific\win_x64\widevinecdm.dll.sig	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping14152_660662460\_platform_specific\win_x64\widevinecdm.dll	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping14152_660662460\LICENSE	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping14152_660662460\manifest.json	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping14152_660662460\_metadata\verified_contents.json	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping14152_660662460\manifest.fingerprint	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\GeForce_Experience_v3.28.0.417.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GeForce_Experience_v3.28.0.417.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RunDll32.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	setup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	setup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	setup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	setup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	setup.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\Shell	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\Shell	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\ = "URL:steam protocol"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\URL Protocol	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\URL Protocol	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\Shell\Open\Command	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steamservice.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 919951.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 477504.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\GeForce_Experience_v3.28.0.417.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5064	msedge.exe
5064	msedge.exe
1704	msedge.exe
1704	msedge.exe
2940	identity_helper.exe
2940	identity_helper.exe
2464	msedge.exe
2464	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
2980	msedge.exe
2980	msedge.exe
596	SteamSetup.exe
596	SteamSetup.exe
596	SteamSetup.exe
596	SteamSetup.exe
596	SteamSetup.exe
596	SteamSetup.exe
596	SteamSetup.exe
596	SteamSetup.exe
596	SteamSetup.exe
596	SteamSetup.exe
596	SteamSetup.exe
596	SteamSetup.exe
596	SteamSetup.exe
596	SteamSetup.exe
596	SteamSetup.exe
596	SteamSetup.exe
596	SteamSetup.exe
596	SteamSetup.exe
596	SteamSetup.exe
596	SteamSetup.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
14092	steam.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 50 IoCs

pid	Process
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	1584	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1584	AUDIODG.EXE
Token: SeSecurityPrivilege	476	steamservice.exe
Token: SeSecurityPrivilege	476	steamservice.exe
Token: SeShutdownPrivilege	14152	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	14152	steamwebhelper.exe
Token: SeShutdownPrivilege	14152	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	14152	steamwebhelper.exe
Token: SeShutdownPrivilege	14152	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	14152	steamwebhelper.exe
Token: SeShutdownPrivilege	14152	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	14152	steamwebhelper.exe
Token: SeShutdownPrivilege	14152	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	14152	steamwebhelper.exe
Token: SeShutdownPrivilege	14152	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	14152	steamwebhelper.exe
Token: SeShutdownPrivilege	14152	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	14152	steamwebhelper.exe
Token: SeShutdownPrivilege	14152	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	14152	steamwebhelper.exe
Token: SeShutdownPrivilege	14152	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	14152	steamwebhelper.exe
Token: SeShutdownPrivilege	14152	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	14152	steamwebhelper.exe
Token: SeShutdownPrivilege	14152	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	14152	steamwebhelper.exe
Token: SeShutdownPrivilege	14152	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	14152	steamwebhelper.exe
Token: SeShutdownPrivilege	14152	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	14152	steamwebhelper.exe
Token: SeShutdownPrivilege	14152	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	14152	steamwebhelper.exe
Token: SeShutdownPrivilege	14152	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	14152	steamwebhelper.exe
Token: SeShutdownPrivilege	14152	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	14152	steamwebhelper.exe
Token: SeShutdownPrivilege	14152	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	14152	steamwebhelper.exe
Token: SeShutdownPrivilege	14152	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	14152	steamwebhelper.exe
Token: SeShutdownPrivilege	14152	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	14152	steamwebhelper.exe
Token: SeShutdownPrivilege	14152	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	14152	steamwebhelper.exe
Token: SeShutdownPrivilege	14152	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	14152	steamwebhelper.exe
Token: SeShutdownPrivilege	14152	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	14152	steamwebhelper.exe
Token: SeShutdownPrivilege	14152	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	14152	steamwebhelper.exe
Token: SeShutdownPrivilege	14152	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	14152	steamwebhelper.exe
Token: SeShutdownPrivilege	14152	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	14152	steamwebhelper.exe
Token: SeShutdownPrivilege	14152	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	14152	steamwebhelper.exe
Token: SeShutdownPrivilege	14152	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	14152	steamwebhelper.exe
Token: SeShutdownPrivilege	14152	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	14152	steamwebhelper.exe
Token: SeShutdownPrivilege	14152	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	14152	steamwebhelper.exe
Token: SeShutdownPrivilege	14152	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	14152	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
14092	steam.exe
14092	steam.exe
14092	steam.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe
14152	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
596	SteamSetup.exe
476	steamservice.exe
14092	steam.exe
17048	GeForce_Experience_v3.28.0.417.exe
10892	setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 2808	1704	msedge.exe	78
PID 1704 wrote to memory of 2808	1704	msedge.exe	78
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 2388	1704	msedge.exe	79
PID 1704 wrote to memory of 5064	1704	msedge.exe	80
PID 1704 wrote to memory of 5064	1704	msedge.exe	80
PID 1704 wrote to memory of 2540	1704	msedge.exe	81
PID 1704 wrote to memory of 2540	1704	msedge.exe	81
PID 1704 wrote to memory of 2540	1704	msedge.exe	81
PID 1704 wrote to memory of 2540	1704	msedge.exe	81
PID 1704 wrote to memory of 2540	1704	msedge.exe	81
PID 1704 wrote to memory of 2540	1704	msedge.exe	81
PID 1704 wrote to memory of 2540	1704	msedge.exe	81
PID 1704 wrote to memory of 2540	1704	msedge.exe	81
PID 1704 wrote to memory of 2540	1704	msedge.exe	81
PID 1704 wrote to memory of 2540	1704	msedge.exe	81
PID 1704 wrote to memory of 2540	1704	msedge.exe	81
PID 1704 wrote to memory of 2540	1704	msedge.exe	81
PID 1704 wrote to memory of 2540	1704	msedge.exe	81
PID 1704 wrote to memory of 2540	1704	msedge.exe	81
PID 1704 wrote to memory of 2540	1704	msedge.exe	81
PID 1704 wrote to memory of 2540	1704	msedge.exe	81
PID 1704 wrote to memory of 2540	1704	msedge.exe	81
PID 1704 wrote to memory of 2540	1704	msedge.exe	81
PID 1704 wrote to memory of 2540	1704	msedge.exe	81
PID 1704 wrote to memory of 2540	1704	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.google.com/search?gs_ssp=eJzj4tTP1TewzEouKzZg9GKvzC8tKU1KBQA_-AaN&q=youtube&oq=y&gs_lcrp=EgZjaHJvbWUqDQgBEC4YgwEYsQMYgAQyDwgAEEUYORiDARixAxiABDINCAEQLhiDARixAxiABDINCAIQABiDARixAxiABDIHCAMQABiABDIGCAQQRRg8MgYIBRBFGDwyBggGEEUYPTIGCAcQRRg80gEIMjEyMmowajeoAgiwAgE&sourceid=chrome&ie=UTF-8
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8fd713cb8,0x7ff8fd713cc8,0x7ff8fd713cd8
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2500 /prefetch:1
  2⤵
  PID:104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1168 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5412 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5892 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6748 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2980
- C:\Users\Admin\Downloads\SteamSetup.exe
  "C:\Users\Admin\Downloads\SteamSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:596
- - C:\Program Files (x86)\Steam\bin\steamservice.exe
    "C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1716 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6784 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7396 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2000 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7520 /prefetch:1
  2⤵
  PID:16284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,14533563878409270701,13830611316429573089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7516 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:16736
- C:\Users\Admin\Downloads\GeForce_Experience_v3.28.0.417.exe
  "C:\Users\Admin\Downloads\GeForce_Experience_v3.28.0.417.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:17048
- - C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Checks SCSI registry key(s)
    - Suspicious use of SetWindowsHookEx
    PID:10892
  - - C:\Windows\SysWOW64\RunDll32.EXE
      C:\Windows\SysWOW64\RunDll32.EXE C:\Users\Admin\AppData\Local\Temp\NVI2_29.DLL,DeferredDelete {F3771A21-A192-4B08-B064-09C4B8802065} 10892 C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4144

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x000000000000046C 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4704

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:3564
- C:\Program Files (x86)\Steam\steam.exe
  "C:\Program Files (x86)\Steam\steam.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:14092
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=cs_CZ" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=14092" "-buildid=1733265492" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SendNotifyMessage
    PID:14152
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1733265492 --initial-client-data=0x298,0x29c,0x2a0,0x294,0x2a4,0x7ff8ea69af00,0x7ff8ea69af0c,0x7ff8ea69af18
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:14180
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1540,i,11674971857618964322,6454248996721645308,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1556 --mojo-platform-channel-handle=1532 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:14308
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2148,i,11674971857618964322,6454248996721645308,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2152 --mojo-platform-channel-handle=2140 /prefetch:11
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:14364
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2752,i,11674971857618964322,6454248996721645308,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2756 --mojo-platform-channel-handle=2736 /prefetch:13
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:14760
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,11674971857618964322,6454248996721645308,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3124 --mojo-platform-channel-handle=3116 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:14864
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=3656,i,11674971857618964322,6454248996721645308,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=656 --mojo-platform-channel-handle=3640 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:14888
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3716,i,11674971857618964322,6454248996721645308,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3820 --mojo-platform-channel-handle=3824 /prefetch:10
      4⤵
      Executes dropped EXE
      PID:5452
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=3772,i,11674971857618964322,6454248996721645308,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3808 --mojo-platform-channel-handle=3788 /prefetch:12
      4⤵
      Executes dropped EXE
      PID:5708
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3568,i,11674971857618964322,6454248996721645308,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3528 --mojo-platform-channel-handle=3984 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:6692
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3924,i,11674971857618964322,6454248996721645308,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3928 --mojo-platform-channel-handle=3940 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:7556
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4564,i,11674971857618964322,6454248996721645308,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4528 --mojo-platform-channel-handle=4168 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:7988
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4724,i,11674971857618964322,6454248996721645308,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4712 --mojo-platform-channel-handle=4704 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:10484
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4556,i,11674971857618964322,6454248996721645308,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4192 --mojo-platform-channel-handle=3900 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:10496
- - C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:14616
- - C:\Program Files (x86)\Steam\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:15192
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:15232
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:15312

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:8268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\appcache\librarycache\1113280_icon.jpg

Filesize
638B

MD5
7ecdaf8a54ec52b20640a88527512903

SHA1
3133a4d748ad3be61fe9db759339cd5de73339b5

SHA256
7bd8b75aec0a4d4a377f3ca3a023fd8b7c5fc7dc6a2a66d17f8cdfe5b731ab0c

SHA512
60ae2031eed0c38264f0d8db22a9b6efeb3f80c791e916e15a1730853162d56e0da014dbd93a5479bae4f3bdd5705ca89be70c90574a524abd1c276ed5c55a2d

Download Submit
C:\Program Files (x86)\Steam\bin\SteamService.exe

Filesize
2.5MB

MD5
ba0ea9249da4ab8f62432617489ae5a6

SHA1
d8873c5dcb6e128c39cf0c423b502821343659a7

SHA256
ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d

SHA512
52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
15KB

MD5
6b5434b2db426596c638b3d1ef2121cd

SHA1
4e62d39bdde38350a871ddbeca9186f91d3d4624

SHA256
03eb41ab76b7ae8837ff898b4c2d36189b4ffa9c7cc5866f1690b184f858ce8d

SHA512
fe6c2fb54aab33878fc3b6e5a197c6ec9f7167ac4e3c4cdf66fca425d4e04605fff73890d9741065f02000742b5d2ad7af99a465ef56ece4139eec7c8c06eab8

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
21KB

MD5
44b371455f7e3f0ba5e35c6a5bac87a1

SHA1
03e16a02aae317ecf581d25a8ada0f96da331544

SHA256
1c1832f7c0e0056dbbdc773e932ca3da9d176df64dbe16eccebe076f4f20fe8c

SHA512
4b7f60598a67100ea534724f9f7c6172644160d8e70f5ccd9dc871dd929be119df320ec916f6829e25753c67549536f03e2b93e7991fb04b619e2d646dd3b91b

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
23KB

MD5
ea08a58ab0de9370eef0d4ac20741b96

SHA1
cdf31ee31182cf8ade1bbb3b08773142a0453111

SHA256
e9cddc3c356f9154da008195457eb8ef63c21631c4a32022d00b7c61527e77ee

SHA512
8a1221676516ed71faef690f44baeee5c75ccba8adf415eeb5bbb4f791d676c28c3088b1aee3878245f20257196847493f90a2a2418f2c9eb84f9fd2c3b94c82

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
19KB

MD5
5616552dda16ef3b57de414be49d3a68

SHA1
31e55c2480f266a5cf0ebefbd67a1cab67e866d7

SHA256
d10e7f78ae4ec8a6da319e1e82733c12a56362f33fee3871773e6a1d6bc6345a

SHA512
70b82456082286ef344c520b595de0e218b3b210c2563454bc4397cd5b4ba0fa010680f7cf55d0fde4c8a57c26c7352bd46de62edd36bd30db3c59411d030eba

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
15KB

MD5
644d007390a91ece3d19a2fc0cbee07f

SHA1
1fba98c70f780160bf5fbe1375664bb8b608693d

SHA256
83113e5482a7012d32ea7fb82b08f8abd341d5586cc27e481d5f86395eccbac3

SHA512
0020021d2a0cde02a42b740ecdfe672e9cf07860bbb792055839929a6fd9c40b96638f8a4e76d54df85950f0695cee2d4be7a746c3f36148adb27103f67582b7

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf~RFe5c84b8.TMP

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

Filesize
4KB

MD5
0340d1a0bbdb8f3017d2326f4e351e0a

SHA1
90d078e9f732794db5b0ffeb781a1f2ed2966139

SHA256
0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544

SHA512
9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

Filesize
6KB

MD5
4c81277a127e3d65fb5065f518ffe9c2

SHA1
253264b9b56e5bac0714d5be6cade09ae74c2a3a

SHA256
76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9

SHA512
be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

Filesize
4KB

MD5
2158881817b9163bf0fd4724d549aed4

SHA1
c500f2e8f47a11129114ee4f19524aee8fecc502

SHA256
650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7

SHA512
f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

Filesize
4KB

MD5
03b664bd98485425c21cdf83bc358703

SHA1
0a31dcfeb1957e0b00b87c2305400d004a9a5bdb

SHA256
fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115

SHA512
4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

Filesize
4KB

MD5
31a29061e51e245f74bb26d103c666ad

SHA1
271e26240db3ba0dcffc10866ccfcfa1c33cf1cc

SHA256
56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192

SHA512
f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

Filesize
4KB

MD5
da6cd2483ad8a21e8356e63d036df55b

SHA1
0e808a400facec559e6fbab960a7bdfaab4c6b04

SHA256
ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6

SHA512
06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

Filesize
4KB

MD5
9e62fc923c65bfc3f40aaf6ec4fd1010

SHA1
8f76faff18bd64696683c2a7a04d16aac1ef7e61

SHA256
8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7

SHA512
c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

Filesize
4KB

MD5
10c429eb58b4274af6b6ef08f376d46c

SHA1
af1e049ddb9f875c609b0f9a38651fc1867b50d3

SHA256
a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13

SHA512
d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

Filesize
4KB

MD5
5c026fd6072a7c5cf31c75818cddedec

SHA1
341aa1df1d034e6f0a7dff88d37c9f11a716cae6

SHA256
0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382

SHA512
f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

Filesize
6KB

MD5
189ba063d1481528cbd6e0c4afc3abaa

SHA1
40bdd169fcc59928c69eea74fd7e057096b33092

SHA256
c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695

SHA512
ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

Filesize
4KB

MD5
18aaaf5ffcdd21b1b34291e812d83063

SHA1
aa9c7ae8d51e947582db493f0fd1d9941880429f

SHA256
1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5

SHA512
4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

Download Submit
C:\Program Files (x86)\Steam\resource\filter_banned_czech_cached.txt

Filesize
350B

MD5
1fafd0391c74081a569038c09b0d6184

SHA1
0114ce446c063265cf32cff5910ab1076a301172

SHA256
99bf0f14cc59636e50f74f56e0f0a9a7f6fd31146e501abab62921cbd27cc375

SHA512
c7c3021e959cca27bb43996fb282e336294f2a702f8486c46d0440a0994a7f68c97696c64d35269ae662963fa1c11300cf8e6184158e65155f5285afcf259d43

Download Submit
C:\Program Files (x86)\Steam\resource\filter_banned_czech_cached_timestamp.txt

Filesize
29B

MD5
d80a0b70f5f20fb9857dccd4242ed6d3

SHA1
c6d1bf9a89244e5ff8ac88a3b47abb14d3f98293

SHA256
ab9a1f3509c1ce35ef19e6e216b8372e378c3904d1947b1d807ea8066e4bfbb9

SHA512
bae77ec97393ce40ce5647d862c0885c813dabec65fce455571b774c97648bfe57e7340e575224fdce5ead67512e1ddb70e2c9b16852b64ddcd374b7f1e7c33e

Download Submit
C:\Program Files (x86)\Steam\resource\filter_banned_english_cached.txt

Filesize
1KB

MD5
009ca439b8e68dbdb83850d51b07c736

SHA1
b8dd1986d15aef3dcba09c954577c780b549c582

SHA256
4bfbbfd0114ee78d7795835c64aae6dc6b525547748c5dd1150d7d1ff8757c43

SHA512
25e90b8b737b30879ec9073457cc7b30bdc46ed71b8885ce14f9c1946476d65c6bbdd0ddc19bb09c406cd9439837aec5c8ad007dbb5a4378842e1634429b093e

Download Submit
C:\Program Files (x86)\Steam\resource\filter_banned_english_cached_timestamp.txt

Filesize
29B

MD5
7954ed04e135879f813d64a716277c5a

SHA1
7038b229edbb5df363bebc56b54d993de61fb0ad

SHA256
b3f2212ec42efa0a5e75bbb24f2fa879a45e42976db272a611f08877566bb461

SHA512
264e3248f6fcfc3d23f9ab244605c2e7ff5d37b88bbe155084d1fc46e1660c2b2a2a4b13f1836f9f1740d70ef581d2c86f4e3d6c5efd472fa61862155430bc31

Download Submit
C:\Program Files (x86)\Steam\resource\filter_profanity_czech_cached.txt

Filesize
470B

MD5
fabc6d8f5fcef4a8afb426c12e74a64d

SHA1
b4c9b0557e04f737c561c7774c865b46f9ebb2cf

SHA256
4dc9e72df2b450d1b38771d8de413b1a209b8d5c9df9c20978e026e556982d08

SHA512
9dae3cffaefc8c70dfe56230a745fbff580f55559f22187c904b79e842b99ba428a3387832526d70a09c71f8672a4defc133042cb14d1015d97a77ec57446966

Download Submit
C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached.txt

Filesize
2KB

MD5
597a022be713f9c4a5bf3c3355b2349e

SHA1
daa98c451fcd353629fa8a475d74a172699f8a4a

SHA256
6f08519304e2ecfbd3d554cd5bf3b7b2658b55c70042ac5064ce04d0bacda5af

SHA512
f1da1d40abc2e59667d93dce4b5dda1fe7eb9258e1fc307cb461ce3733e9bad322703e2e0da7ac915ecc403a8ad4633b79dbe4e1e50985e53fa4844248a6a91a

Download Submit
C:\Program Files (x86)\Steam\userdata\1848939362\7\remote\sharedconfig.vdf

Filesize
164B

MD5
02d8484fdddefa5dccbaf1d9b9325db7

SHA1
793b792faff0e61109f4def77135deec85256d98

SHA256
faf8e0e57bcdcaf892c42c5c1be135e635aa701501fe8a752a04f73b2613de42

SHA512
172bff912a1f458aa1a9e53b8ce6abb52bd7c3245bff0e057f204d5dcb03dbac165ec3c4d8fdc4f336c851ef66bab8a88e86348b9691149ea238fd7e609f966e

Download Submit
C:\Program Files (x86)\Steam\userdata\1848939362\config\localconfig.vdf

Filesize
3KB

MD5
575e1ca5ed45d4b4debec9997e53d931

SHA1
385294144cea05d64f298e8c1b17bb473b3e3c6d

SHA256
de61c654132967c7bbacd0957eb912965658adc4b7e836a304b13ea412ded2ae

SHA512
bb42cd7b9d3c33462eb6c4b3b8381ccee3f035fb1b2df926357964c6cd817273de7db043dc81c909a931d8a0ad62627866c95e921136b6ddc87ae0180c04d0a8

Download Submit
C:\Program Files (x86)\Steam\userdata\1848939362\config\localconfig.vdf

Filesize
3KB

MD5
a8be1f0e3d6eeb862d3b7cd4b9ba83eb

SHA1
30341523cd986fb3f7c2a78be7e4736ccb7ea0e1

SHA256
56f2125c6c8be960d0741b8f4fc273310aebdf15cfb8c76fd27b54736e681855

SHA512
f6f714cc9a3d37208df4b916b7fb99d00a2b54ec5bac9ada31425ac73ee805189e5012d0790ad4b355ef1b9bb08a26217dbb95fb26cc5300a175d1d9e13db661

Download Submit
C:\Program Files (x86)\Steam\userdata\1848939362\config\localconfig.vdf

Filesize
24KB

MD5
376392f146d508f039f2ca0f53d0f535

SHA1
20a466c181590762ec03bf6e82215c2d32dc8e9a

SHA256
45f74d3a395c489a76cf909b8a58dd64646189a17e05fb194bd7a48720f192b4

SHA512
5ac3cbe25d6626c63459373723cfb5b9dc54d68fa8d38f4e21d021dcb93a54af2a78f000c8f043f79456a29e5fdd0a6dee73410e4ed8f8f28f677aff8bce86b3

Download Submit
C:\Program Files (x86)\Steam\userdata\1848939362\config\localconfig.vdf

Filesize
3KB

MD5
3f1362414354e16165fc83254375591a

SHA1
a06a46d3bf41ce7cd71901e6146db2e17db0c809

SHA256
660ec11238a58dcadd853c935c653f8ac45baf1774a123e920342a992a7b1bf0

SHA512
6f1dc58fab26a41b14acd9aa676b19399b77500c373aa70a709ea29d60a3397b76ae88d9429378d39fe4526fda5885a2de40424747c6abafb3e9343399428a60

Download Submit
C:\Program Files (x86)\Steam\userdata\1848939362\config\localconfig.vdf

Filesize
28KB

MD5
4cf07d4e594db8137ac9f794fa3b8c35

SHA1
8e02bf2939b1feedacd89e9ff3eacb1e088c4622

SHA256
ba21b539b3602824ae5127a4be74009e399827b01bbdb505f89b0e0295cd21e6

SHA512
db81e12eb30564dfe5a5bdb3666024b4f7e1cb18f11c6fba354f70523d127e191f5feb026518ade7162667f38aaa623aba73fdc63bb6b5d7782ceaef93900a63

Download Submit
C:\Program Files (x86)\Steam\userdata\1848939362\config\localconfig.vdf

Filesize
40KB

MD5
a38f136c7c25de16de76368763eb010d

SHA1
cce6e0a4d1babf94ad575cd70511f339dec08eb6

SHA256
38b209a4ec2150156abaf0d049f416106637208c069b923e21cbd69d38ad2d49

SHA512
d2939a6974b1ab281ae5ea81866845ffdbd4ff52e9fa289e276e1d8935c02747e61c4123f0a9b050d9039d147e0814017111674e23f442fa6684aed2f9ae0299

Download Submit
C:\Program Files (x86)\Steam\userdata\1848939362\config\localconfig.vdf~RFe607c77.TMP

Filesize
231B

MD5
ebe9366f2d99336fc6a996e38e81a912

SHA1
90a63ba9ebd85032ec8de6f62e21b6d7e631959c

SHA256
0ddad653acc1f316555c16fbdd8d8fa9b01c7429d707ff780d2559df0767b8b8

SHA512
7c29b7c588d032b01c2bfca1ed1076cf07a8059ece200960ef239dbff6b483bccc885842d55be5d6a03db7418b8f41a542655d7a0b708f2dae595636be47da6a

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{3F17B05A-98A6-4198-A168-CFA1C74D1C92}\NVI2.dll

Filesize
6.5MB

MD5
ea49d013810bfe52f6528b25394dd04e

SHA1
5466bdc97d372b3558a9bc504e0f54d1bd1df2c9

SHA256
416f469906d931c519576a78aa33b180a8339696d1522757503ae6bb17d6999f

SHA512
53a414fc76f5ef7fd0b3024743a3e5ce166fd96956ba1b4b2fee4ffeda0ef4f03cd044010a690440c1db9918c0a0382fd713cd93643c1848a5e5d48c965cde52

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{3F17B05A-98A6-4198-A168-CFA1C74D1C92}\NVI2UI.dll

Filesize
1.9MB

MD5
8573f64ff65810e83822d1bc62deeeef

SHA1
bb880e087c784698937ef683e12f72735c7aa88e

SHA256
713daea7f59e8dbb2952d35ad29e38d6cdcca6dfa2fb83d797304ffdc4fc08d6

SHA512
b920b6b70e39b464112ed55f4e8355bf342a2954719393ca2569c8363919e4d472d34af2013207ab9eb3e440a404b7b2ba4ec254e3f2c115e95f638c56d47140

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\0000.ui.strings

Filesize
1KB

MD5
40daaf261dbe301aa4e72a994e524b10

SHA1
e366ca1aa25c3cbafd54a6bdb344ba48e651d5e2

SHA256
cc29f5ccbc467a4c0d88560f01d07ba5337e3560259b87ebc75e1859752f6b30

SHA512
af67cb52df6c06c81b1c656e6a2f6d4c993569bfbcec1930563ada54443db19d6574b1236f9b37c4e5cf9ff143689411bd7f6f786eecf8afc906bc729fcac66a

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\0404.ui.forms

Filesize
5KB

MD5
f19b05d0b03ff5e15b3d452f1e1b7fc2

SHA1
f99dbf38b7e9ddee61b1f518cad3fb16313e4473

SHA256
b01ef781c96e3f50a45a3547c45d1837bf59adb86c27e328c1e654fa19ec2daf

SHA512
ebcbf848d83b1456696abb26c343aec43c8d2063eab078e4793e87ee5ffdd9163acbf2df0e497a8e5d7e946ac65c4eaca12f5638c15f49856f0c09b2e055c906

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\0405.ui.forms

Filesize
5KB

MD5
eb0026ac03b9b0b1d8dbd42ba261300e

SHA1
3e45d731046a507986da45f89b576b2b664e6413

SHA256
36ebc97d7dcd1edbb6de89cd4aba6375e9c1cc9b940239a68de825307a1f2599

SHA512
b358cfaca27e1d393cb4877d1f6597f5fc0c0cd7ddc41899207e2fd590742fcfcef8832b1afcfbad76fdb794e8c9b0b868631ff4503b32e70b329fe2bf1f257a

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\0406.ui.forms

Filesize
5KB

MD5
dba64e3cd8775660e9c57b7164b9721c

SHA1
35dbb5b239d3a6cb438ecbada0301ed456ff4bef

SHA256
fad9bb64495ab479fc6db7a0b94f8535fa07d62615f9170b8aea4914d7950e3c

SHA512
da07be3babd74207fb6ec453424792220cd9c8cd423f6e56c879a85d172415efe53d20d4b6e8d758f2a5b696bedd7ac5d01579958c05c5b7b48276062e81b4bb

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\0407.ui.forms

Filesize
5KB

MD5
225a52850bec8d8116d7e3bc63c0f125

SHA1
160d5e13da644d9c0719dfa45486b47bc49bb8d5

SHA256
917d491b008d0c2c7e46ee47e8862cd8a6b2a6a85545773aafab168e45e63138

SHA512
0a41c91e16d36895ec3902d64dd9a221e505675b4346b978c4bea89310c9c5c5d4dbaca97f5a9dfa59ab7312e9f090bb31ded20eb95676780b7cdc823789b106

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\0408.ui.forms

Filesize
5KB

MD5
0b4526aba732f7adc94988e3958688f8

SHA1
bc6152e96c25fc705c93cd58edc447cbc9f11646

SHA256
9a0c91051e16b75a630a76b39c04d4dacb07ed00522e67502271ef378ee43d97

SHA512
500792a8e1b2f945789d1313966c19585d0de96bddc43927778b3b4a82f1b421afeaa9dd369895f30491ff1c91ad9ac47b942a325a28f97974d79e5d7e47ec98

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\0409.ui.forms

Filesize
5KB

MD5
250cf87647de675423d2b414b8dc846f

SHA1
5ca9e6920b0757a1c6c2fb070c42b1bd4b34ae0f

SHA256
a2b3a2f20cc164ee22e9a0ce4fbfaac8db288bde8efa5c3c8ca567be63bc0782

SHA512
f46f785ff4be2249a5094c8e8d46d72f1d850674e6a66abeba50748302079e7c1f58948d63c7bf4954dbc53c545823ad3ba33ec2e1c0f24974775df18bbcafe7

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\040a.ui.forms

Filesize
5KB

MD5
dbaba2d9738a8082bb14ed49d3457c27

SHA1
3c5c72dac5002302a68b014ce883ea4212efc3c3

SHA256
60467876c5aa7251d5ff2213c0666cc9e98f4680364f9aa1328dc861a173373b

SHA512
e63de26dd77ea309b88472379ba090a0d125959a67c674b1e3235434ec7f35d93cf5558ed525a8aeed106782135d39b6ce3c3d74f461fd598161df5a70e083c5

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\040b.ui.forms

Filesize
5KB

MD5
d09be4479fc55ef8ef9e5d06c1923ac1

SHA1
f69e0108bba8ab99903fa709faec33c89d7ee983

SHA256
a6e40eef7e43546e98798c142cb55df1158a5fa0678274174a74e1dc6e2a51ef

SHA512
e640c93fabfa4ba64069f1fa7d034edcf568d514b31af346803f260578f3f992954c2289363d033b888061e67ff0b66a89710c8cb10b3d083e9aca7f5589476a

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\040c.ui.forms

Filesize
5KB

MD5
531ba8817b5cee98021f856e91548b4b

SHA1
549177d0b7a57b5356b6bc717def28a0a122db7f

SHA256
44ca9ec4a300ce5e623af6e75060b467876eff5e190ad2bb67e9cc580c94c639

SHA512
519fd13a367f70d40d9ffec0391cfd8ee9acbc22731cfad06c66782c2c36524c77233f0f3e4b1bfaa24754c3a4a4aa78d03fd35c81ac8291b9bbfaeca6dc4d86

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\040e.ui.forms

Filesize
5KB

MD5
63d190e0428028c156d9e3afb86acaa3

SHA1
bfc715bebe016a650560374101b694c8ca32d8e9

SHA256
db9eb7d8440c99f474a775d79bcc0864b06ceb3bc38feb88aec4633d471f8886

SHA512
d03e3aa27c80504b0c6ce4535a68f0dbff9cb1a23d74f19f04e21612a845b5536fa0bccff6a3430e20007980a0610c321f8eeef736ef67771f3dbd4727d44877

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\0410.ui.forms

Filesize
5KB

MD5
7ded8c36d661275ae1bfa62be7a8590a

SHA1
5d30c33dcfaaf54fe690427389a811d45e541972

SHA256
73b414fe68ac63499b7adc50d089b9ed619492d66e2bc7250c24c053ecccd93b

SHA512
69576c3f68d851190eba4acfd3f604e40d2367f13de97bcf89bfcb24173f326549deea37fe1e822e2e0c0997917a7cf725ab6c798f693befa61dd7697edc6291

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\0411.ui.forms

Filesize
5KB

MD5
b1972e41cca36507162ec6bad898eb9a

SHA1
7e9648e7400b6a294d644e47058c56506357afdb

SHA256
396062f65a35b0f2b1ad18a24eadad80a45f176a22f429c3fdf74dd63c3bf0fc

SHA512
584e31f3f080a3c074e878f6d014e93a659c8091a0b57b6878743a4873a6d4497fe274e01b6debcdcc9d3e45d7fe2d122760468b88e01cc1841ee9ecf44142b0

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\0412.ui.forms

Filesize
5KB

MD5
5d3d1e8e7ee6e4c6210e1371bf07e373

SHA1
cf2ef27699a11a1024bbbbc80dc89d29bcf5a5a2

SHA256
93562da1c41718d3a1ace7927a5f5094f2fc841cc74486d17be2c2df4cd37a51

SHA512
84f7a6ec2e2765d927209b10544114718119a5445f777668ecff3899eb0800d97e0f1d8fd3f58faf32d64be029044c345721d73706984c42c63ba2722ab13c98

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\0413.ui.forms

Filesize
5KB

MD5
da335bac10b0a70623a06b1dc0a2b47b

SHA1
45f7a3b2843d181611c7b2088fcab3476089dba5

SHA256
451f8f5e441f59d7cc6021c1b378af32fd9d149aebb8071b25121e1822f5102a

SHA512
7f2482a861b9accd4ec9938a469fa22b3cc53cb24066eb5adf834651fc55a28cad036bb49cf05859ccebffbb4c39fcbf33d073d977dcc3964475b7647dc9b11e

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\0414.ui.forms

Filesize
5KB

MD5
502f71862c4325ca9be01fdbd88e6f7b

SHA1
5f5a463ca238c3a177943c68cf698134ba6aff5f

SHA256
b7151037d63b5d6735f097b0967229080e4a035bf1f447b5aef3b026dec04021

SHA512
7fc6d38092bb08ad510e80d6c12bf9b30c428b948494b0821fb0cc02e8b978a588cf63f23f6f4c62234ac432e1f3e2cc5ae7603e647bb2141cd81d6bb66ab4ef

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\0415.ui.forms

Filesize
5KB

MD5
910abbda8bb821d40c993e125876ba6a

SHA1
344895f2c5e5b448aaa9d313a1763c610511bb4c

SHA256
5d8ebe8031875c473d5d424487ad4738186c654c6fc577e3fac929e4123c61a3

SHA512
0bf7c1f1264aca3a16f1e47b32bf79b2d7cae8ec448e8d0afbced2cd99d30e180021009115e29571046f32741b3f6cafcbd11aed9981cae888b5dc56268b836c

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\0416.ui.forms

Filesize
5KB

MD5
a8c883aba0d620f4799b46ada0dcdd95

SHA1
5a245988b85705aa841d882dbb80d5accbbaa96c

SHA256
780eb94645ebb9ae7eeb6a67097fbb02d8c7c600d1c0159048061845d26fcf20

SHA512
4eece1890ed1c76af66b67b7835190936404414f65baebd9edb9a0e8ca5cd8d98272732bcd8c63be0d9f4dc34e703cdf067c830bedca12d31c4758ffe84e9bac

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\0419.ui.forms

Filesize
5KB

MD5
081557c35b9a7f3c1d64e364f2796c69

SHA1
37c5bf5a4da5f37b9ba70b681d5dd2241b72fae1

SHA256
827847d57981847c9d15f2f356f37fc2660deb05c1ddade9cdb399e2347aefae

SHA512
d776f1b3643922208955ba485b4d1a70b75eedc02059615d53b9415a04be74b0a193384dd67181418ea7ba0f06611d67f1e8b963d266db422fd42c3f249c561d

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\041b.ui.forms

Filesize
5KB

MD5
15a6724d0f3b4a534c50556f9f2eb60d

SHA1
70ab1b3983459741c4e47b295996fb995dd6e61c

SHA256
16ca1b05ac680b26d70485dae87707839cfb7de81e6b1cfab144900398ebaaf4

SHA512
e84f4cbf8f7a019d7cd1d60da5afc00acb2e8243a2223c567a8caf54607d660e7d8b3b30b0264052a4a0e57b8cc2daa9ed94adc24ff02551724e15f9f3e32127

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\041d.ui.forms

Filesize
5KB

MD5
deef2b89bc203e1b2e74d7b0dea91e50

SHA1
d5c2c8b35f23cdc5c4879aa172a1e119045150fd

SHA256
2079232ad4415058fb5e76e5b01826dadc7fba5d3335235cd261962f5dbe8135

SHA512
7b59e3b56d1883606b6e3fe26bb5d7630b3c04bee97e132ecc089b707b4fb7bea659294781549afb742d306a19f7b3f6f839bc6d35b40ad36e43e58e1d77b3d8

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\041e.ui.forms

Filesize
5KB

MD5
db93990873ebc8e8cd8942ded7012a05

SHA1
35af342fa9618ff83d9db17f6379f94f21286a6d

SHA256
7e68b78351008e37ca52cac8c1492382e78a4b1f787f18948bdc6787bfcb2889

SHA512
d70947fedc5506057a2fcfde13f8c7c9dfd872bbad0522606a1fb189a32ddd7e36116bee0f755043dd0ffae67092157fd2577a923f9ad40f068c53daf15c79a1

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\041f.ui.forms

Filesize
5KB

MD5
0ec99902be52015af431c5ae3c4771e6

SHA1
1c480887e6c68b8b78af3fd6e1666b4b57aa8205

SHA256
0217bb9330b0a287e3a54b3017b298989e6bf54b5783142b429b239399d3dc07

SHA512
5b154e4273ce8436c458c74e652e619dabba2ecb323d92867d1cf918ee1f1b144323da1deb0bb756972d56b4cbf264228977464cfd74e9c15173b94480a2d36d

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\0422.ui.forms

Filesize
6KB

MD5
31dfa7512ff2c4a7bcd06580fc513167

SHA1
31c2e9da1c99b717d574b6181d718dfd066d6698

SHA256
023f5fd178a5f60a928b600e44f3216ebc3993e4844ffbfa049d39de1f469219

SHA512
60f4896539349eea1f2d4c87ca4ab767e4d12c47bdc26eda3e7b9a1687236f672f4c105cf27d5ec5a3b94f52bc317794507346e16fe7f38546100a19491bcd5e

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\0424.ui.forms

Filesize
5KB

MD5
02ecd7b34fb868252c8aa0f1cf43c382

SHA1
c5297b19453e93eac6f54745999d844fbed803f7

SHA256
4086211bac4a28a935b04191e3087eaabf74d158383d51d08ef69b630eead613

SHA512
2de2f54b1a8fce6d44cfc1332a7f8b2a4f13fb1d0eeabcc9164f677da4c5e1f1b1ce4d9ce1d32411f2dafc7aa98cea4cdac2bbbe29aa49acb2542536398b4494

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\0816.ui.forms

Filesize
5KB

MD5
193bf7bf99febb554a2edf4a1414c0be

SHA1
11e58e8493b4c1e09d5f2236c4ed02bec7c3a309

SHA256
b53a19c9e2023cdcfe3b26f3bff6286c44acbc87b6c736e616615645f34d023d

SHA512
0a7b9e05b4877789d6228afa481c16ba399b8dc9ac0616ec796871851af3af27b8f11a97da83258df06a1b5e2dc94a9ed36001d00570d96ad4d4829d9e1df251

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\DynamicBillboardPresentations.cfg

Filesize
1KB

MD5
afb01b092306d419dc1fb0affee49319

SHA1
29339afc46baec22001c58a71d3793e74d91b39c

SHA256
ef8f85fa5f18105cb3d5b20bb6f72fda912a74340f4e6dc3302b600a1fb9b3e5

SHA512
1d8f5c604b86be8a1f92e247c05685cac5637d9a9223a23e0b8c1a5a7f8bf1d7adda4cf48cbadde7b77ff1cc856d993cb1fbc047866c0d7fc45b83be093e0028

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\DynamicBillboardPresentations.dll

Filesize
963KB

MD5
eb381ed3cdfc1b46f17a2fda9417cb16

SHA1
9c2da62d753504dfab5caf9877516be19010605c

SHA256
d5bb892509e97d2dbca6720dca40187bee969d3b0631bc8a9c079ee809b30e5d

SHA512
bf569e4732ef50e4c387396f296a41a4fae0ac6502b4b9b8dc381bce48b3fc76f79200682e7997cc3c73a3b3aebdf9dbf03a5b425890c2d12440dfeab280f8f1

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\GFExperience\FunctionalConsent_en-US.txt

Filesize
554B

MD5
e80ea621e18ecbd92e30de029088954f

SHA1
3ef8b6f8db4a2847955ca94eceabce917324d2f3

SHA256
68797508848a6d0d2b8ec5fb887c43d7a22daf63e3ab4ba3e9659368538e151e

SHA512
7a649f071bf78eb348ade431f365b5a96fb59bd85863d2942088855f08afc30469ab63289914c5d4d89d1115f1e93dc9461fd0bc8eec103826a0dd196f8e320a

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\GFExperience\PrivacyPolicy\PrivacyPolicy_en-US.htm

Filesize
164KB

MD5
c5828bae57eceb2b67d4e02baad1b553

SHA1
baf245981722964d2cd560e9e95b5b56e636f490

SHA256
707aa636d174b7d4056baabc134b073d0b792ac1bec447559e3c323afdc68429

SHA512
22ce68b01a7287b0d77ce329c3727c4ec46b8fa3d0805c3e785b5034bdeff2af3c4efeaf1afc3725ff7c952d39fc5c633e4552942003636f6ea47c6dc1d693e8

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\secondary_btn_enabled.png

Filesize
15KB

MD5
63674adabbc82d7b1f79f06f6fc790f6

SHA1
2d12cb48459f52d6f981ed9b264db63f237c3d10

SHA256
0827749e22907f0f732d2fcc4f3b73ce73986d61704c8cac1f6c737acc4b6aba

SHA512
7e625f7f7ae3119370dd61e82bf89fef5111e037f653652328b39b6798a5c71c8250978de6859982f4988c4ebd8b31b546740f079a03a6edf7f79692b64fecf2

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{04DFB422-295B-4AB0-9B56-C3D6C32BAB11}\secondary_btn_hover.png

Filesize
1KB

MD5
00e9167f523be89ac9fcaea7612c6bb8

SHA1
0484077c6775be036d49ccdd5f0e1fb2bce35739

SHA256
0516f8ca19e93589852dd6419ac8981a3029f6fe33b93bafc43113deb23150cc

SHA512
3a8708a720a1aeb28a13485ed6b44037d517dbea9781e2b5571614f37d69f953559c63c158c376f4d39d29ea66098454512f5954f256e74a20fb045a5089c595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d68c7edc2a288ee58e6629398bb9f7c

SHA1
6c1909dea9321c55cae38b8f16bd9d67822e2e51

SHA256
dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b

SHA512
0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c03d23a8155753f5a936bd7195e475bc

SHA1
cdf47f410a3ec000e84be83a3216b54331679d63

SHA256
6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca

SHA512
6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
70KB

MD5
807dda2eb77b3df60f0d790fb1e4365e

SHA1
e313de651b857963c9ab70154b0074edb0335ef4

SHA256
75677b9722d58a0a288f7931cec8127fd786512bd49bfba9d7dcc0b8ef2780fc

SHA512
36578c5aedf03f9a622f3ff0fdc296aa1c2d3074aaea215749b04129e9193c4c941c8a07e2dbbf2f64314b59babb7e58dfced2286d157f240253641c018b8eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
26KB

MD5
5dea626a3a08cc0f2676427e427eb467

SHA1
ad21ac31d0bbdee76eb909484277421630ea2dbd

SHA256
b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6

SHA512
118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
37KB

MD5
dbb2777fbbdfc8cfff86e991c02a90cb

SHA1
f191bfd7b1f4c9d0704f29d92d1825e9ee77d538

SHA256
6fafc314cd4e70125554f166e94b1a4966d8323b3012ca5640fa273c57ffdefa

SHA512
cb9ad2641eee1591e98675ca0dbf4ed6b51e97a53729004603f80aa1aa1895088113160688b111fe41acbc555dc4ab2630b73ef6928611060d1407f47a4ea634

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
52KB

MD5
d84e81f0ffa8f63015ef7126679e34c1

SHA1
088b48d5a4533160759e5ef93dcd666f73b40225

SHA256
d6fd8e00322dd733f2f2c6147a74e69f33139ffabd492ebef0283e8f843db83e

SHA512
cff8ba7228e7451e828b0023ffc3a785da7a0198671d59388cc9cd83a48ec782cb446e69733294005245693c7cae9ba307622beafe792a38772dcc711ceb3cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
107KB

MD5
6183d68d4820da1f66034533dacdcded

SHA1
02a1f35c4922a10819ca0e5ff98a5e4ba66ccfb3

SHA256
b24cfe34af8daefaa99a4547956635d822452672bd41d99509b8a079b9d709d4

SHA512
869d86f4440b20764fe62ed2178ef6f9c4d5b8ed376a1b6a57f3da71d75938ad7823d2e9e4c5d2d5d877ccc8fd056a1442f573c4cd6ce565b7e6ac53ad1b8099

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
144KB

MD5
c69a5d6043d7bc59794f7cd9c6d3b80a

SHA1
78e4df6b863bacdfd10d40c93e88baf65d44a286

SHA256
65bb75cab3103371c06256cc320046d37e46246084b35a01f4729855de16f395

SHA512
a35139c81661e72d891dc9e29eeae6d648def412de4f21993071b2667bdc7464635769581d1dc84d97d449b091df1e51010c1991fd885aca209eeaab3f2fa848

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
110KB

MD5
aeef15e975b1150c39ce4c0f7be8813c

SHA1
d31fb30ca5f6f6d9983495f60b40d104ba0534f6

SHA256
56678b42139a67cf0e21b7364f6b2ea8db3c168221c65b671c784d6170ff6b96

SHA512
e429b1b7f91adfc83294f35238249dbcb3e1f38b4dc37ef33a31e881240e1cd708b2847bae23e87c8f3fdf364659e3aca78373424c6af657520117077520cfa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
251KB

MD5
1eebc0237ac9209f05bb86cb6bdb450f

SHA1
61e822a4c70509be8352b18fbc036b1d3ee109f5

SHA256
72c10a214420ba943a71df14c089212290c7f64c315148303785fa455b9281b7

SHA512
dfc68a228d114aa885773d19a848e3a78402dfc88d78f38187f99f62caf1bd3055f05e4a4961d678b49507de852ab91ce84f718c0275679f2cfca785c74a0b4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
1adbb344dcaaf8ff2407d76ef1b23049

SHA1
470e064547ee5856bd29aeba233bb4a77d2f25f8

SHA256
d1d990ca42aede511feddd38148cd4116ca8193c6858ff82b469d605508b5963

SHA512
c573cf53ffde81d164a0834c0ceb1aa32bef78dcd69372de0b8c8bcc65e148d36808a8529ce0d9e1347e9adc111129d0cfbbb453c3d55ff49d9572cff99a3053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
178f7cbe38adf36520518da920950b31

SHA1
9a367cfd45064158819b5c90db6ab7845f4dc1ad

SHA256
05ffd342f31807f7ba26702c8d26c2a8cea463b91bca458e4bac263adfac89e6

SHA512
c8553fd4541f43d2b183a91fb2818cfed7d4cfc89f729b02e5f5d74f820602ebf5fa4739df517db6d4b4d620db38e16592369449d138a1374216375c8767a9c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
829e201c0f9297f11bb449845d9a85a1

SHA1
58886d6ae6ee25cf222160e98cac99703ebee1e5

SHA256
8c3e19f767c30dddb94455f91bcd4c008a6b08477b67df00913272f9c5f9d592

SHA512
4322bf0483e1bd602d99373478f81257df4605f396ef975be5f21e4aaa543390ee931b18d6c8c3193787ab3f9bf673d486381d5f8d56702fb5cf1f089dcdb9ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
abd60ebdc18ec2ef623e7cf7dead758e

SHA1
40b01a54c42f4bcb05ff34517d9aa92a5b48893a

SHA256
1dd76134eddfae579392c6420061c796adcef2e0ee146701b7a0029289c558db

SHA512
4755545d138f9bb93630bcd7fd28a320d82017749c1e46461f5ccd6d541d7668e445a89f32a722d2e8670d4ba43db8a2f2b1e62892e41a48d11c513fc04362df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
320907723de81ef5501517f369990c31

SHA1
f11a3ad4ec80b0a2e0e1eb6cdd35f7f2e1f2d6eb

SHA256
f04cd17ecfad6d6f5a40022a717c29ded837f18fc56d603fa27b073f15efa96f

SHA512
e774859ea0cecaed5c865dd2cd604caf679e3ef32efb637d90fb7ae23c5d08cb1d9aadc6351723a69fc5d254302c99f75bc229b2cf1afab726edcb7bf714f2cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0d5181016543d1a8e3cbcca2b4b8180d

SHA1
ab41c21e19cc4716dc527e5eb6433cee1ce913c9

SHA256
42f04c238a7a8a4380bafedf815d8b4ede6d970a0dde7c95bfe72d43b38657f0

SHA512
98af2a03baf0d9578012a0076a1fdaa86b507f2d4dac32a8ab6da45a2606e9a7aa6492b937cb1c2aeacbd201c23fb1987d57b088af5c208e2fdfe3f45f358ee1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
306e80f07810189d33909e23ca64d5db

SHA1
de3cc451c95649feea7b08e8d807e35fb58ea240

SHA256
49bade7ed34db9d4d107a7c4ae8ee25e1c8487d5a39e63345dc5ae2790c56419

SHA512
c841974a725aae54e10e9f21cccf56212c1d4c603c1d58a13198a11f8c95854311b4c1f53ebbb65aa31d1bb6f3b170973ceabc7edd1a0e50e56417511ca987b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
93f415ae15a373f46f445941e11f3281

SHA1
50419ec5151f191285da2380f97bf6de30fddc28

SHA256
00d11441c761874a5933c2f8fb1f8eb80812996743405c25ff8383f5d987f0e9

SHA512
e6e3defeecfad4c75bf8940b82c94e529654566fe8c8b711d7ccce38f06a0f81883c7ce748c789451b23b240b48d0cae20d9c2c11dd1cfb65c4b76fa880d27fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
f594119279ad7ac18c4481ee5187abd2

SHA1
f5c381df893a76616f9eedcfc19fd05bb5b8b36f

SHA256
877c3455057d9dfe613f2294230d732f6e7c5204238998a4d1ba941e290f4df8

SHA512
ebd77af55ffc82bc902636649f8f60f726e9fd2d58b981e2317c422998966ad1f07ffed47fea8cef89c42f280e8dff848fc281b5a4e09baf83358327516aac25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
735f1dc1aa4f07ed32a5f98edeb54655

SHA1
47afecf7845effaae2bee4917dbf0dffbd81135f

SHA256
685ae4aedecb2523574ac0ab7732422d40a23ef6d890b62ec8acbd8b432d9eb6

SHA512
1eb1a6c855df69014f3b5bb5857c885e30eb6624712f73e9cfcf2721cacc1e3d72d044a8e4c46b4a6e26db82cfcff5047a5e2c38085c6bc218f1683b177bda40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0ff7cb8bd3ac78e83703dd6d07f55913

SHA1
9298a66beae97679b6ef278e817bfc5407a707e3

SHA256
6e308b0e248ced737b87ff2f7acb9c19db21df579febb162c9716e3dd4693fc2

SHA512
f671061d95fc03cbc6699dc1a63d50a71b7c52bb7db400e299d227cbd484ec6d29b38623fdf58d7a47b88984ab5c0972c0dcc12341594acebdc9dd3676a0f139

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
aa37b628e072dd187df10a009dc167e4

SHA1
b2075808b0ef1878ee95a924d163838b31345df1

SHA256
7c426508e03fed1438710a4d278bb493503e52f660e3018d573138c475a62e9d

SHA512
820473fbfcc221206a2fdbc79fff6d16a04faf05129e262d4461bed70eb8515c79791244efac0d51be945abf2c01c785d9322a222b6ab07702c54bcfae42f86f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b497e6de98a8a2bcf32a2044f9e4c873

SHA1
1f6cf35b3fe58ae456217088fc385accf29c147b

SHA256
6bea0fc1b5ead543688509f42d6b1be6058fb6c95df095486dc932585122387d

SHA512
368c3de358413e7231f99fa45c3e242f7bb5cdc002c5e6cc2fa00ae69b75bbddc48a11f78e2ecb21578dd4bb602500b43898d413d89516097629a6953707a27f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
646a3a03cac0bcac0d8c0cfed580e4f6

SHA1
06431cf0611529f7f9a029b8890324e80be0f589

SHA256
16d110f9c9c4dde3d3b6c67ce6f3381f59c84845e6e1dfa549858efaa262f6b4

SHA512
5644f5e1a0fb2b160a583f21ee5e28a001ee883364896736da0234b59781c19f2bcffec3daab54cccb4e9e8f8c07b40d221cfc0408aa6cd5d3206c4922eb98a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
375ee19f2b787e08f5d24c098db07abe

SHA1
c1c12a926ae768cb2c2bfc009c94f43a6e62f997

SHA256
be7501986ae6acd78f88e62b0b18bcb5a98536d820bf26db3be3a3291aa2195c

SHA512
fcaa2a7e2b646018795551497bf2d062d619412f60c276494fb93efec2a07ec0f597ac2536bc133d50d35043fe2527861dc82eeb215afbe0b1b87be0fa4711e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
85f41dbac683084848ab60b82da82fb8

SHA1
df245631fa306d71550068b0a9a879abba47f836

SHA256
49537e84b9cb7571686d2afac02d90015806f9ef397cacd03dd075c636127e90

SHA512
47774341821f9ec20af54ba0e0acf86316dfc7a2fb72da65c79aa3159c7341369446eec6bf7790bea2e9af3ed461b9cb1bb31feab49823fe1d146f34567bf437

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
20485e967463ab5605f646bfb9468fd7

SHA1
f94e021d0f7d9d985c8ec1186097113a440b896b

SHA256
0b5baf4ed12e981e3151b8945364b111c5bb7b607e354b46bcc505091a35fc1a

SHA512
f61ce650d8784a93e9d36cfa6bc7870ee9b795d52ddf7795b3a633d52c95a9c61f0b31d53a50089ae3764e1011f528e1421012bb6ab658ba04876428a046f44b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b91ccce79e47e496803ffab57444cc51

SHA1
ff5383e84be624ebdbb349b9e01a8ce343c98323

SHA256
4f1ad4642532e0350473128cd47d06345e0aa07ec0a4a88abc6079940da339cb

SHA512
427468a125773a4a573335b3a079cc3e6de522089689c8f42e72ff4f5419a29804aa260ccdc52cdc6df8da8d3757ff8c97bcac3f9c6b5a579fc0d34107f65e70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
2149f92234b49b5bfa4ed8b480d75cbc

SHA1
ce5ed0adebd3deaf97e577ab8be6091af4fe2f84

SHA256
e345c7d3a601ba794d0ea71937bbe224ebfd7fb77f4523c90e37bf83cda7b4a7

SHA512
13bd837aa781f95a16efa6c533685fd8d6b991af4af9584be37d92ba1d051c78c9e805a9eff6be6a561e040aa99c6a3c948b68c695d235e13d11b1aa17119a48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a9b37f0b72e774e2b6f648f71f792c95

SHA1
936004b3d41c3aaec322f40c4c383b4efc4292ab

SHA256
ec95f33bbe0a3bc16e2b60f8ca1706ca51f59037430a69ffd7932c1c0e73688d

SHA512
1c3d7eba8ea71d0df9cd55edf02d9a6d99a0c36ae95edb52ccd2e46454dfa29cbcfcd2d27640e23dff90620c72153728c9fbf065ad51991399cab55d9ec6c106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
954c6bab5ef757e5c12d4cbb935f6e63

SHA1
9ce236e23f11330db63b44cdee14ba8a336b6e9c

SHA256
799a8c77b6bc1e046fc710f8fb2ee13aa5bf9ac464bdb7fe0512783d3c7d4344

SHA512
3b553169b4b2d43d399c0496ffe9714a95d17adc8e1b0af9320add09b983e56a3bb4e85ad8d368844b84b1a7372a69bf34993e623bc579f53441bf5eeff553e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
4d4341a605a2308531d1e54f13ef9d40

SHA1
a41f9a3103f4b726397bb1fc592361ee5b6096e7

SHA256
3250e804e38d01c6643672484cebbd543c64848180f5ee7588906249fa158f04

SHA512
f17526048a9c805473dacea1d0a3dc4ea5a4dbfc8941ad1c74a734b1f65fa84e08ed02ecda4735c2b90a63a384a349daac7bf360a9d85719dabf427ed1514ff4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5c2dde.TMP

Filesize
48B

MD5
bfbbfac8526b2f7e484f5b255ac74734

SHA1
1fe6eb1dafebd289711d7f754c5d5713b5779472

SHA256
26ccdb4f8c2f1535a40182bf2bb43e2886127a9a44f7750cf3f900e47083fc85

SHA512
2554c34f2ddb6118e8445df9a13e249a11d828b72daa05774ebd821c2b9189d196c8c0bac90108e2c1aed0dd6cb29de0bf5b741e12be8a4c88ba139cce3ed1ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bc3356c79bc38e45cafad5f13e214f4f

SHA1
e541a44a752548720b95a3ac3c101303c9b1de91

SHA256
ee6ba5ef00767b6b3d4cb5f48e8fd4e32fe0e14b4f7860dd7caadf3a71e1ca42

SHA512
26c6fb6b762631cec003f5fffab62d2a67a05d5be4e7e0809e36e1f5915ed5c45f0dc93e22b92567f4098550956f18cb85165094d001e7bac57e5426e740c07e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1a8c3a9c06cb58dc5d64c12eda923ead

SHA1
560b086140a285fc8891768bd6c415c878bd5892

SHA256
f263da3d0779a7505d6336e6d55202a4b04e78ef18a44cfbe1072b01c316be7b

SHA512
e5188b42313e310e123834cf16a9a1fd8743756760682dc1ce225d58d4e43b3988df229f50d383a9b1832d6ecbe07e0c747af518cdfeff0693914def3deea653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
e96b4a45f3c86d0a45a3aa2dac55c198

SHA1
ec8862dc14f6227fbbb1374d2dcf4f58c06212df

SHA256
59eae2e2b5f366705d5ac8c6372ae5d074c28bee3284cd618fbe8b94070da31d

SHA512
939e925f80907213d5e09db66ac6b8f04ee39b41e112b2d5d473c0d63fa6a281798de68dbd672f48e1f48dfe71d2318a4cdfe9b8b5af7d4f07665d34fae8b8ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cf34121a5f5476ca83689a3ded5ebdfb

SHA1
cf5bb72ab165d401e201ef13588959be04ff35de

SHA256
c27627cd3950895905adc7420b542d32d64ade54645d9c7e70524ba470d7c343

SHA512
8949785d8276ba6043e31e774a71047fac7a60fe7de45651af5d5c60a87bc3b018c54d20ae1e56dadd3e6cbbe14b8e5ea43580a46854bba0398e77ed3d903cc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
58deeffc842920f397cd692f3e31c5bd

SHA1
11ec6a8121baecba7688c36ba62f5b56afd0390b

SHA256
7336b627f1ac425ff55081812bbaacc66b5b5c2b0167cebf34ee0d80127af1cc

SHA512
bb19d0b5b579e9b1a288bf776b032825d182f3e8d5c70893d6a8f4851e2ef3cbd3a220227e7560beb0c512587dbba8cb6b7c6cc821560135583474910c7be30f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fa9c7b9e8dd3ff7b2e75707b9ed0fbbe

SHA1
e2f0e4cdfb9535f777e78e4cf8e275fbbcec4022

SHA256
24112a883ab163d95f93cd86dcfe0fef3ec4bc10ea59224dc2b5f0b79d4b0f33

SHA512
0e6624f32e98b57e7545cad7f2225b3e347b2ca65f4764db48ab92d38d1341ae0d47f2f40b5695cc0fbf4b2726425fccfab55310ab47374a39bee9915e5eae45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585ec5.TMP

Filesize
204B

MD5
ce2b674ed5c933d865e71d80ec020e8b

SHA1
a0b6e21ae6e1bf41568f95ea501537eab72eb270

SHA256
4fbdfc0bc637c91fee05c52ec948e8ded349f6cc7ae7cfff5943c95435991bc7

SHA512
7b190e011f1c2ca7e9cf17273c45776f5c59e106b22b8a540b45d0f06d2157840c7ba972f05cabba3b46b5567e8629e0269d2a220224663b6897b534687b7e5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dc66288cd113e5382741cdd92ad304bf

SHA1
b31009dac683a59ea10565fe030a8a5fa449c1f8

SHA256
58b2366c184f1cde12ed14b9cea8518b8cf9faeb78d65215a194cff7946493a3

SHA512
a09e1bfc1141ecaa758300e08fd4303fed3f4582f872fe9cfc68072b162a9220cfe621928e4cfb140c3bf61e6f8fcc074d20f176f18e58a1227fc81c6b203326

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ed141f44eb72feba38d7e0805e684157

SHA1
56bda67c460e1775b4419f148243ece62f66a1d8

SHA256
9f46ba8912085651dd392793de2c6e07b0eeade7cdf7e7edc5668fbcb94b479d

SHA512
1da9b864eb5f45d0f7519142ed10f1bd5de6d845cbb8b97dc3bf049587f6a094ac855126e6ca7b38ab93ddbafb1b6c6ee1d32e94ea00837774883a3f110ef169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
24ae6f4c33d19c325cba1bb98e241696

SHA1
2a0048b86de7ee65daf0d73371dde9bababfc80d

SHA256
2a907535c377e939e66bc102f44a51a9ce2995183ffaf84cb72b69daa3e1e6dc

SHA512
c6075a77c245b8157e5a78675747072371f2c49dc7f432ddac2579b0d6474737763751075fcbaa234c8a08dc173b13dcf6d2a9b70a5f9a4d0020eb1d305fdd8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a57d8a9df72a83d445b894712cac6a17

SHA1
7554f6011b0e69eea45c0d8110f7c2701f67c24b

SHA256
bd94217b2ac0a2dd4248181973e81b210ab86b738bb449bdcb59a66b08634791

SHA512
3d6bf01bee352177dd445322877b096727bce33fb23aad3f156cc4b665b20d1ab86edcf6f88c1c1122d004f8b71d5e5a5a99183db1ab5ea0b0cf0e0f10bb0842

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\cab4cf3f-bf7f-4b43-b700-dd4bfcea5688.tmp

Filesize
10KB

MD5
700188b1be0c2a9b12e09a2bba4466d0

SHA1
135c16c1fc444a984f294be9c708e78fa203fc2a

SHA256
5cd740ddd3c39510eaf32350f8137aee91b9aa086bf100db5c1cd08864b63b0a

SHA512
5d1744a6b234046f3921fdd26fe6e71755c9f89e7c50bddd6bb9a2f1244d2769ca4d622c79f10fa5de2cf1c22761b1e6c1d66c77779a58230f4a0333127b7dcf

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000003

Filesize
24KB

MD5
b201e8da90ef456598b8b3bb0e31bf53

SHA1
8bb524c8e9b17920c83d9a06c0b305e41cfca560

SHA256
2c8b630d1edafb8cc8c8cd73fff10c8ab6d06232929a4d458ec34628920f1665

SHA512
50126ac5b7800f5a848ef49ebc8e71d78cb5ee9c1602486b30e697ce57af32c868e46795ac2c157cdfd7fe65c03133c7a752813d520a9106adc3e50620b473f3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000004

Filesize
40KB

MD5
0c9f37673dd9c878a4b5bb419ee24b5d

SHA1
d973a8e073c1f76068f0947d495998f7f823d76e

SHA256
c1e12f630e7f356d154ffe4a7a3873e7e136e41c1c37e6c0fa4d2c52f1d269dd

SHA512
b361afedb4a910b12f7dd7b5b33d2914be39528bf4d1486661d0107c24135cff3a5393df1af85cd7d1551f0e601ea9d2ad4b147e56f469691e2b11906fd1514c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000005

Filesize
32KB

MD5
31b05e57c066452d73ab005bb42865f7

SHA1
2a8efd5d7753dd756c539ad66831b01f603fb13c

SHA256
84d0be622ddeef6d0793df5d274965d6d13a756979b4b484185dc7a051eb4071

SHA512
f793863cec23493b58311d37720fe7d48e21c92da5cbc9c5d4562e47a046e33be4584d58a1c031513298c55a9c33f5e591fd5ce831c9c33af9c2594bb071c277

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000009

Filesize
150KB

MD5
52344bfd16b4f6d1dc61922468458ce0

SHA1
142e9ec2e44f56e7e97f243624655decd4ee75ca

SHA256
d4636d2d08503bfd82c4e2a614efaac77ed9aaa38793703e16cf8f73b445aefa

SHA512
4bdf08a37c220abdb1ff30a30b10573082960ea9ad4118d3a9abe3e0334aefbcbe07eb60cf17d9f8f4539c5f719a67c803a452a4e79ab64e71e7c7b83c0de172

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000a

Filesize
268KB

MD5
0bef1003dc5bf34496bf96ed5e244795

SHA1
08c366df05fbc5942aa9b3a85f2daad3ee1af4ae

SHA256
1c187915a32372c936a5d3930b914c5583350653ee52ecfe0c90128dd5d86839

SHA512
936a64cc0eeb507b6c62218f6bd96988b7b8d8a4e9e5307e0e08f05d79cd16ccfd2b57f8f3c4abc97a818883e38b0c2b6f477a1fad6b6619ff4feb384b847138

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
80022345c3334027331babac9f89049d

SHA1
4a49ba7b6c0c4d74cd2f6f134e09b5d3993a86aa

SHA256
6e2416d914c0d17265387677495a17a49a6bf5bf2433ad135c80fbe3574f8ae1

SHA512
b44025d2ec3ff32456d2e6d05315443c5a0d2b32ca8fdf3b07da6e8c9146af3dff6e6bdb576da765774aebd23f567369967803073b5ea3040a02d3151f837733

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
463523d161e640f496fddc6afb1cb97e

SHA1
b75fc7e56856497155423339cbec024f867e1944

SHA256
4051bbac296abf7741d22fe04b11d12d9979579065980793ff6858c447e291a6

SHA512
39eded8ecd00049fb29cf4959a0dc59e988de83c16c008f084af32ab9dc6f36461ddd092470dc4f85163978a57e1e4a2e547fe5fad51355d1113908d5e8d2ad8

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe5ccfea.TMP

Filesize
48B

MD5
dc440b9fcc9fe195e532fa4fac6721c0

SHA1
3d1f5ccd0622b9295271c51e75a16ea2bb52d9d8

SHA256
b4d0f1e5f27f94cce2d7f499458c9f64d51e0e89ed4336277e623d430c5b9db0

SHA512
26c245af38e82ea7347f428509fdb7c27dbc8006cf44a9a5e2471e0d53b12c583a529517b446afeedd292bca205b722dd7069faa24e874b389980e93e015baec

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
710B

MD5
1d739746324dc09a46adff574750aad4

SHA1
d769a761c3762c443f49e6329455fdd7c3002e01

SHA256
de77d7f9da659a99085640d29e4efdd0a031de0ef454689616a28b7fb47ac562

SHA512
5cb3ab37fd22a0e40fe32847099daefa943d57d6590c2def1b9136175eb5b8d42b8229e29f7c5a7189f0d1edcfeebd5c896dc90c6d7e7a0e5b8e7fca0479fe71

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
822B

MD5
32f7298b1861e23a1dda7482fe9e79c2

SHA1
04891df1d0752612b76955205e2a856446043c01

SHA256
131c788c0d2ca3a35f6e17ac259ebff647b9bb76787ec7337773886dcb6fd55d

SHA512
1f2f301fbc7afbb3d99e0328efd12c204682d174e4e45dd7b2f78248663a9a259587c8c14a756f9ec932be9da3f6d751f49003630f4f7d0ad688e8a227896f06

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5d8b7a.TMP

Filesize
529B

MD5
9ed03174ad6970550def9a317d316c26

SHA1
e63461dbf95a1d9b296236dde71c23abe1630741

SHA256
c56e110d617c253936b6a05786e74ca377586f677ab8aa0d3fda7a5c1cb6633c

SHA512
28a176f4d46fddeee4a66681aa0fd10e117d0e4e5349ac33b4fe511c6f2fdae5d74c8c51ecdfe82b40ecdfc91506f82807d252019dd7def31a414bf4135b1acb

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
300B

MD5
5d3b1a967cd4bf55e283717d46fc26fb

SHA1
e7850aebe218b042b679e88d1c84d97fd798050f

SHA256
37666fff64a3875baefc970c5c7dd72f7bd418d3d8a5d597d1d6ee78e753f848

SHA512
4cf5138aa677903ddcef969e6fdee2ce769caf72d0f8c23fa6c7e4868da9bd638584745f57475df5f3951fc674b116f04b55dcc92e322bc7e619fbae908dc243

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
686B

MD5
b77d760c8539918ee7fa97db71aa6307

SHA1
d73d57569e2c5cf42dada1d3beb111a75cad1c4d

SHA256
960c4346243141d0750a8291aa8efa5f251a7742fadfa9b4dc43851886b4a625

SHA512
85249575e373f8f2c0b335902435ef10209d5113b936ce9bf3cae69e12a5ecff4ea1aaa8566dbae5889ce11c27dd75865e72ea3a4b73dc4f79594b8c4b3a2890

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5d9ed3.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
fc2aff08e12bea9f623abff6c3177d8b

SHA1
b63a3eaff8a8804cff2efef3be5042f14642cb84

SHA256
fc9ee10b076a35047a22b38c03fff21f5897ba30686ef5419f645ee2fc460182

SHA512
4ed6d056cbb586edc3753a793d4fee50a43ce1d5632e4ca3251f6c7808eb0c7479fd247228a800536ded81195eee4d10fbfcbecf73622081f6901149377ee512

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
188B

MD5
81407be98688414d26952c3f885d4075

SHA1
7bcca4fbe4a4b50bcc23503e6afb17ffcac1e607

SHA256
7e664ad079b5ab711f6a34cd52203a1742080ccbc812816b63633381c848d85c

SHA512
8f0d6b8c4361e852b83d0f630d54b15ee22ee9f31336887dbcc101ed405bf06006f3c47ab97d8f661d5f8162d0b9ef66bfa83eef0dcd01804326ce326cc16e87

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
d472b133d954a0fd5bfd280090ca8c19

SHA1
122fdbd7ad159d75b41cc77737c8104261ea41e6

SHA256
6616b768c36b6e3b4475d2ef55d0ffe1647221193e00ce164065116bfe029db5

SHA512
d4ef800715b5def59defa1dd19698db81cd30d89f99602480ff98b66f1e0f0df5f30e72595d9254fd4f908df3364e266170046bee13a01642d383000e973d115

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe5f5e07.TMP

Filesize
188B

MD5
f51e474c32206dd56a043702ece544c6

SHA1
b43ee1512e84a20b53631556e24ca09523cb905c

SHA256
cce261549cd04c84416c0af1cf52fdf697a34b5262b18ab3f5c1857544a8efc8

SHA512
6855bfd1ddaef72c88871393191a0a3493578b481300f1c8e8e12788d5711ed876d4457e47cfcbba0b8857621de04e31e0437702d08f6d5a44c9532db0077a68

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

Filesize
2KB

MD5
602c49f9246967bdcff45b4f43cf2fb0

SHA1
4c5796e0c724bbd7a9244cc8a0fc9e8f40181f2d

SHA256
a3ad9649c1038078038be1abd591cdba73b4b4f5cf30e11bb6cb7a432b746114

SHA512
2f273c0dd0127071f4c768cfe7277c6efff84c1ef4f4271c1326db3658c84261794b106af3198717f349fbaaaf276163700bbb50ae20fe52ed0a88a192d46f77

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe5f5d9a.TMP

Filesize
2KB

MD5
68b20851ccb9834d21fb32615e42bd43

SHA1
88fab935f0b9484994097c08f785e9ecb7d68127

SHA256
a954b528dd65ad6c4c2091fa32f17abdb7a49454ce88e10bb6c377734c70c26f

SHA512
dcb0771120c8fe35213d60e9abf4b242af807324759e3c99e9b2569c00a941d885d53ef6fadfe69e6b740e0b52a6008602605d643801190a2d29175a7d065e15

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\FrameViewSDK\SDK\Private_Debug\FvSDK.h

Filesize
31KB

MD5
9c940cd0757452c460d0aeb3c2ec4565

SHA1
e8d5f1fad7c885b57230ed0add3f419328a0a807

SHA256
c10f10e64cad3d94cd771c0e4654664a1bd7fbf0bf7fc44a94e1e548fba8589d

SHA512
9d0a1277c10f1694f5f4d4ec2e961c35fa92aacc681b7e0e2cdc6c991af58fd9d2f14eb564d43414c523c1ef233b37d86b97ff15b5f52f7d3f0fc35cbc5683d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\FrameViewSDK\SDK\Private_Debug\FvSDK_x64.pdb

Filesize
4.4MB

MD5
207cf3c7b9cc61d67a3d87fe27067cc0

SHA1
aeae841e0d4f1d5b7a980812828fc186c564607c

SHA256
a391ce11ee2667e701014212f9b02a69e5ad4bed50c4b184164e5aeb64b8dcf8

SHA512
4da274709cfa98932764968780b28708243a5d404ef57125a54fc1b231733ab2fd7cbf96d560dbc42a0aaa7af0bb777cc72b401a92550dca8ba33867f5a424da

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\FrameViewSDK\SDK\Private_Debug\FvSDK_x86.pdb

Filesize
4.3MB

MD5
a49a0fc4671c4da86a25a6ab23e49f6e

SHA1
2876da1ef800b834c793c88a07cde1840d344767

SHA256
255f531439ae0826a1a5aadea1cc5f1c09fd4d79d098815ff7e276531c535f8f

SHA512
217808a9c5aac0f08303250aa59cfe801933fba97ac58e8dc4185dd866ab6f1c9a570a34549ed8fa33f1711fb937281a76b711f452564576c4f43ad640462a05

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\FrameViewSDK\SDK\Private_Release\FvSDK_x64.pdb

Filesize
2.0MB

MD5
3a3983769932ab1f67a878e78a9d163b

SHA1
843d10d56dbf5447a2267cfde2e073f7200964aa

SHA256
efee05283211637c81ec18b060a2f7c65147bffcbcc0a819831e9b5abc01ac4a

SHA512
122808c20b823b9c4bdb1f8e91dd6da83a7461f59a93499bc7f69466b62d7e8ef6f7047443b9749798915511a656742f16706922df034350483e0e646adc47e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\FrameViewSDK\SDK\Private_Release\FvSDK_x86.pdb

Filesize
2.0MB

MD5
0cffdbd3724e7f8602d1dcb4453acf6c

SHA1
1b6d2d0fd50007de6a38fae060e7d7372209a3c1

SHA256
b1e13d492bf614d253dcb9bddc15fe24f1e441b5bf05e1a6f366f0024dd49bcb

SHA512
69e68c367822f3ba9b150a7b1bd59ec9c5e85bd0e350916ba65b5155b1f6232fa5d732e2ad0e62bbd1e72aa33453c1501c6cb233074c83de25e80455f24be7f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\FrameViewSDK\SDK\Public_Debug\FvSDK.h

Filesize
23KB

MD5
7fe2ec77049357ffad14eaf8abd437df

SHA1
8514dd3a6bd0a38ef9b1cc70b801553ae88105cf

SHA256
3533e4624d8e78b7f928caf75d3168d8001ba4d43da9799b9b4c914398ca88db

SHA512
95bce5879c6e067deae17d6251f15dda3b930af49d54c19bfb742cb2c06cd8f03cef81b6a403ddeffd7fbca6c5539b85e5f1805d9e673cc47dd9951e89bb57f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience.NvStreamSrv\amd64\server\steam_appid.txt

Filesize
6B

MD5
9dc952af111a394709621878f61ee0e4

SHA1
51208326f336f2f385854b155cacfa7db382e3f6

SHA256
bb663ac530c6c35408549e04bdde97dd02e1b992dfcfb8931b8f0fab093eb01a

SHA512
cef375f95fdd20464ed4d1ab37afedd6f3b5fa237e0758114328975ea0d02e3a73132741e46c680e226e12e7e7fb774fec5bf0eceab36948e7595a63346aefe1

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\PrivacyPolicy\PrivacyPolicy_pt-BR.htm

Filesize
164KB

MD5
3e7b3e08433904539b279bb4dabb155a

SHA1
ac85c924dc03881895a7874f5f374705c9c15495

SHA256
b1b5e429046a19988fcd84296ef6cb92bcb8f1d1e09193a51a9a2bfa133c8e6b

SHA512
cca771c8a2957ee802a2c7d6b8a93b9a28a0e7aceff2e34e50a9287e1f8f0a79d24f79bb48a458e6f6772c6132645eedc08582191fa5855df0480c9fe6d0ee8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\data\configs\OverClocking.json

Filesize
192B

MD5
c84c8de82a29c5ba589c10dc63180d28

SHA1
24f57e28fbb9cdbc3b88f049aa7a08f6ad425dfd

SHA256
5cf578ceeb96b03fb5970440a1dcb6d81e71ea71819d3834fd0d6c4246491f00

SHA512
b5a80e81e3683b5667730ad226acdae1d7309f0b58b9c2f0f32f0bcbd0f65a13feba3efe20df20358f8dedd621d76d536c06ba403a38b08e1df14942723badfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\osc\wm_off.svg

Filesize
1KB

MD5
d519afb343fe93a00a7988744e66f3cf

SHA1
cf423cec31c952a5b316bb5f59a4fee4953cf92a

SHA256
6e9005614ba9f7913550e56166eab66bbcd192521ac64cfcb53efa29b6f6994d

SHA512
df198d85a2a52ed554d28e9bd254396f1cf19cf341aee68be6bc43bc049f1298f47b96698e28bc7a48d487ac79218deb28e33c15eee15fc70c1c8f02838965d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\osc\wm_on.svg

Filesize
1KB

MD5
6651caef9950b720310186155508c746

SHA1
3db8b9214d51e04e4b2877f4d9a93ef43378c791

SHA256
d1f1de2bc50f3b16c32cc385dcb7704ee773d01c146c96ce104b3935be6ec0ca

SHA512
bf5941a4333427d60f4240b6213c8cb309e948419759cfd607ac2756f589d13411962122eac4d134d89946898072c19661275d92c4c3818094c641c38b80e600

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\www\l10n\friends\en-GB.json

Filesize
1KB

MD5
6aeaf4074175998af56ab41703887ddf

SHA1
d75bd9419f54bdc2848bbcf13b2c9988fbb23538

SHA256
384da424c001beaf39e830f3a32ac1c2679dcd7180af699a7b4eab8d50256324

SHA512
37c7006107a00fd23160142bb4e91c576a3b12df652ed2904a26634a976de20c54b1953edf8cb65cedf8b6807c28d647ff34a4ba4a3394569301ae3b6c6d4594

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\www\l10n\gallery\en-GB.json

Filesize
288B

MD5
052a01624414c50764a073250c229aaf

SHA1
cb688e592361cec76b153feb21752e424365a7f1

SHA256
b27d4812afafe6486744541e9507cd2a7b5fa2e555f0ae0c182f9a55acf9ce9e

SHA512
934f270a97cc80da912a0405b11c548a66039f3d71cca25dfec826252f9319cdf30c6135177a8c4ea95dfecc886f3c41969f402b9880dce31a4a87f99ddc2f29

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\www\l10n\gfn\en-GB.json

Filesize
319B

MD5
1b58466d8277a8995919792cf1aeae0a

SHA1
20878c202fcf1fd8521a28185364bcef5416dbc7

SHA256
4761d8beeec64836e9228839e4733b75e5b81b5f8317f3c0ec878888def24dc3

SHA512
d2ad29517606ce0019acd02d038f879fc4c889e12e28140f61ac480e81a0c08e545736ca7e30ec2cbdbd8bf1d58dfea529e588dc423243e0062cdb560f912761

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\www\l10n\settings\en-GB.json

Filesize
124B

MD5
a6f257aa67c1f69e78d6c3cfea1eb7f1

SHA1
b1de507f66d00698060b4dd7f90a2f3ae61eff13

SHA256
2671bf7cfe5c8ad730a0d5802c3df59c3686044b21257e627ef92c0bdb56888d

SHA512
54854b42e14f51b56e87dafbba0bb7ddacb1f90f54ae7e083967f84492820c4cf461be3096ee4acf1757c91bf35809474924e3a69450a57a88160c55edef4bbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe

Filesize
632KB

MD5
103fd60de31cceb0290f948e30251259

SHA1
518e799ebbabbd02c477e0507ffd26f46e81d789

SHA256
76fe28cb93ba6b84b4c9342cb91fa9e2bccb0a05a1b01cb1189deb5c5a6f990a

SHA512
7cf90a62c3a6bd7da1ac6908b8335e619b75950a0472680caf0d7f52dc02e6c4ec9e785187e8830846c0311ed6f0fce43cc2aa91e159b7b61e1022206d5c14d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\NvidiaLogging\Log.10892setup.exe.log

Filesize
376KB

MD5
71049b3f6de3eb421eb73b995634b213

SHA1
f7a3cf90308c13c67a903dd3eca93c87d7d6b04d

SHA256
f06532d5ec10863cb130ae369db8352aa18f7f98bde46d80704adb25ff2d0fb5

SHA512
63dd6e2fe8bdecd93c66d68a2bc0aa9179d9c4f95756a40652c1cc1085b87911ba194e143a50047e2b05f0a58d9114207f10c8717e8d19ee3246e2a71b28aa91

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh3905.tmp\StdUtils.dll

Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh3905.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh3905.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh3905.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh3905.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh3905.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
3600994f5b6ed579805234c8ae7e73bf

SHA1
4322f3c3da099a0912bce91f2c51585c2b4972e6

SHA256
25fe6de5a85b9bb8dea333c8e4946838c2904859acb7e21a8e247d270997602a

SHA512
411777b95203dba11fefd621a5bd29d4389baa4a270c449ed7f4236889986ec606b4c0b99369887969c55522a8422fa44521047af025187fdf305ee834c451d1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
e5422bf35c2406527a6cadc3fabe894b

SHA1
5be168798cc075332b87205ef08e9e7dc18c43c0

SHA256
3a8c256f07211955931875265b451b20f3f9c08f934d542f2270e9ee6642a0b0

SHA512
87230beaff593d4b78dc0a83f144908bec476d442ced5969c6a8f76f4cc0dd7574eb2a5ef605998712d6a73e4020c5e8849a40d1a2b77803cd3a4fef4852ce37

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
3f2d684d911064df5bdd672ee164c99a

SHA1
e6f75410a945d2866bcec9350c8bed9bdf0784f8

SHA256
002714749e197e0d56f3323dc27d5992a85039372a448b32fcfed87276b1fbef

SHA512
19127cecd042caa3be5672a1cc52b958e7f7360453bd423f14786ea831c32a647ce9177de2e6680dd45a2fa166992c7904e4fc590da9968af892278f578301f4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
b9f8f3a708b5fd2a6f8164647780c1a6

SHA1
801af6e073e975ae484d3eca80e958435635399f

SHA256
e6159ab85e7fc9f8f85c20508128d70963298accc05d04dccfcafc2a9552564c

SHA512
0906c5570a3fd1ba10e372d54aeb0b74f60daf99b9b521ee0d354a926b556d8d2c852901a16ba027596a348c5f9b9e45e9b479f560bcbed0499c9d79be8a4f28

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
43b66080e0025f5be5efa2e04d761e8d

SHA1
cec969c964d22f25c4dc5f391b0512b547006522

SHA256
6148de51b15e59b27f4135da94c36d1f51335d5a44dc8827f03b660ad98c3337

SHA512
25caa423bf0a7cf07b2d2ef6048814db6dcc5c992fe138759bb003eb1f34c8dfc2e69348fedf29ce735bb204585c9567d7c92d7219f81ce93d8684d5a52a42a8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
64dadf6bf1a3e07f20b813fbaf63bb1e

SHA1
5c7825b53fab945f9c395d2344fcd8c5cb4b811a

SHA256
57c26d12d0d02a053946ec63d07fb6e0b856ffbdcfe2439029138346d12a309b

SHA512
34a8dc940ca60a75fbdded2e690888311bd38b8322180092f7e0f117e76247056e6754533f26f25daa2c2226d7503eefab6af61cdca9a6cb1fe2ea385a786e37

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
fb8b81d454f84f498534fa6a6575337d

SHA1
70540e55a9769a20a9c350f7033f69d4e2340fb0

SHA256
21e50042ceda8fda4caa1ab62abbbf55864c5beec204094f865aecfb19201a11

SHA512
532c0d17298a857980983833ca2e268e7fc92fd20e961b7da45231ef5e90b8be19e674a23d67a1bfeb2e18b0b999c448c9dc11057480e58a065171286b4135f2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
cc69747c25d129acc1aec001586a8a39

SHA1
196b2a8b20c8f8d04e60746d46d441ea75b1d9fe

SHA256
06e2e40b146f2a99b94058f72072a99aa2dfb675ef0774b736a52e22973188ec

SHA512
e05439c88211c23dcf99b86c9217e7be34f84042895f43fc6bc96bd9438f9234ee16be76e77732c47f86441f5d531739c95329becbe7293d877389055a4f2b05

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
c5192b597bcb088d11c91e60877c5182

SHA1
f53fd7ba1f13bb79b39d6d1e7c23d7e458ccdf30

SHA256
952fcc3b12552831498626fca610b3475208f356c07fe821c8583f445ee1da38

SHA512
eb2a94bdb966b2d3af6b5612ed17d7eac097eea0fabacd11e84ca869bbb3c2be93cec53cac288a482c820a6918592707dad52149aeee5982579c71e5c1463789

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms~RFe60859f.TMP

Filesize
6KB

MD5
d29c10aefb7dc111b5e138f9bb40ed63

SHA1
c652539e1fb5bee249d9ffd3db226699632f5c2d

SHA256
eb78c4f588bd583e168a242e36b242a998cd9a8aaceed6c175451dd26b7aa6b3

SHA512
d339362fe51f394444a3022e1d7e9b54689f6155e7b88202fc11b99b8161e33693eb6434128f52729458594f1f8fd9dcbddf48d2da9d8cba4d16f72e94b74125

Download Submit
C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 919951.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping14152_660662460\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping14152_660662460\manifest.json

Filesize
1001B

MD5
2ff237adbc218a4934a8b361bcd3428e

SHA1
efad279269d9372dcf9c65b8527792e2e9e6ca7d

SHA256
25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827

SHA512
bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542

Download Submit
memory/3564-13741-0x00000000003F0000-0x00000000008A2000-memory.dmp

Filesize
4.7MB

Download
memory/5452-18319-0x00000195EECD0000-0x00000195EECD1000-memory.dmp

Filesize
4KB

Download
memory/5452-18318-0x00000195EECD0000-0x00000195EECD1000-memory.dmp

Filesize
4KB

Download
memory/5452-18308-0x00000195EECD0000-0x00000195EECD1000-memory.dmp

Filesize
4KB

Download
memory/5452-18309-0x00000195EECD0000-0x00000195EECD1000-memory.dmp

Filesize
4KB

Download
memory/5452-18307-0x00000195EECD0000-0x00000195EECD1000-memory.dmp

Filesize
4KB

Download
memory/5452-18316-0x00000195EECD0000-0x00000195EECD1000-memory.dmp

Filesize
4KB

Download
memory/5452-18317-0x00000195EECD0000-0x00000195EECD1000-memory.dmp

Filesize
4KB

Download
memory/5452-18314-0x00000195EECD0000-0x00000195EECD1000-memory.dmp

Filesize
4KB

Download
memory/5452-18315-0x00000195EECD0000-0x00000195EECD1000-memory.dmp

Filesize
4KB

Download
memory/5452-18313-0x00000195EECD0000-0x00000195EECD1000-memory.dmp

Filesize
4KB

Download
memory/14092-18332-0x000000006E6E0000-0x000000006FA21000-memory.dmp

Filesize
19.3MB

Download
memory/14092-18350-0x000000006E6E0000-0x000000006FA21000-memory.dmp

Filesize
19.3MB

Download
memory/14092-18306-0x000000006E6E0000-0x000000006FA21000-memory.dmp

Filesize
19.3MB

Download
memory/14092-13896-0x000000006E6E0000-0x000000006FA21000-memory.dmp

Filesize
19.3MB

Download
memory/14092-18329-0x000000006E6E0000-0x000000006FA21000-memory.dmp

Filesize
19.3MB

Download
memory/14092-13925-0x000000006E6E0000-0x000000006FA21000-memory.dmp

Filesize
19.3MB

Download
memory/14092-18303-0x000000006E6E0000-0x000000006FA21000-memory.dmp

Filesize
19.3MB

Download
memory/14092-13939-0x000000006E6E0000-0x000000006FA21000-memory.dmp

Filesize
19.3MB

Download
memory/14092-13951-0x000000006E6E0000-0x000000006FA21000-memory.dmp

Filesize
19.3MB

Download
memory/14092-13954-0x000000006E6E0000-0x000000006FA21000-memory.dmp

Filesize
19.3MB

Download
memory/14092-13957-0x000000006E6E0000-0x000000006FA21000-memory.dmp

Filesize
19.3MB

Download
memory/14092-13989-0x000000006E6E0000-0x000000006FA21000-memory.dmp

Filesize
19.3MB

Download
memory/14092-15764-0x000000006E6E0000-0x000000006FA21000-memory.dmp

Filesize
19.3MB

Download
memory/14092-18300-0x000000006E6E0000-0x000000006FA21000-memory.dmp

Filesize
19.3MB

Download
memory/14092-18288-0x000000006E6E0000-0x000000006FA21000-memory.dmp

Filesize
19.3MB

Download
memory/14092-18353-0x000000006E6E0000-0x000000006FA21000-memory.dmp

Filesize
19.3MB

Download
memory/14760-13903-0x000002357E4F0000-0x000002357E95C000-memory.dmp

Filesize
4.4MB

Download
memory/14760-13772-0x00007FF90A670000-0x00007FF90A671000-memory.dmp

Filesize
4KB

Download
memory/14760-13771-0x00007FF90BF40000-0x00007FF90BF41000-memory.dmp

Filesize
4KB

Download
memory/14864-13904-0x0000025F1AE50000-0x0000025F1B2BC000-memory.dmp

Filesize
4.4MB

Download
memory/14888-18270-0x000001E636520000-0x000001E63698C000-memory.dmp

Filesize
4.4MB

Download