a9e270217d12867c2609d9423d1b2ed83fcf7cd08aeeee3ab09a4afdf9e9418e

Analysis

max time kernel
1581s
max time network
1582s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
19/12/2024, 15:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DOSBox0.74-3-win32-installer.exe
Size

1.4MB
MD5

10f38d3d4b19c58c04d465bd1acd24f0
SHA1

c8c1f5a5d17336607c886444518e74e3d1a4e041
SHA256

a9e270217d12867c2609d9423d1b2ed83fcf7cd08aeeee3ab09a4afdf9e9418e
SHA512

c77310392eda80a98bbb6a5ac3446659b78ce85fdaaa2ef42b1d9b8ea1152722760c1af16696cf48cee43206c9da434fe191bc0b68e6fda99dfb33e479efaaf4
SSDEEP

24576:TA3AA3f646/58tQN2UR7l/TR8EalSxNhCkQTCE2wJnGl0uTskAs+giMbfJyDS:QAAS54K2UH/1xw2wJntunAGrjb

Score

8^/10

steam defense_evasion discovery persistence phishing privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 32 IoCs

pid	Process
1096	SteamSetup.exe
4820	steamservice.exe
1448	steam.exe
5172	steam.exe
3576	steamwebhelper.exe
5136	steamwebhelper.exe
4952	steamwebhelper.exe
6768	steamwebhelper.exe
2356	gldriverquery64.exe
6172	steamwebhelper.exe
5012	steamwebhelper.exe
1660	gldriverquery.exe
3060	vulkandriverquery64.exe
5116	vulkandriverquery.exe
4548	steamwebhelper.exe
1260	steamwebhelper.exe
3992	winrar-x64-701.exe
5612	DOSBox.exe
5752	Steam.exe
4296	steamwebhelper.exe
404	steamwebhelper.exe
1660	gldriverquery64.exe
5388	steamwebhelper.exe
5812	steamwebhelper.exe
2328	steamwebhelper.exe
3380	steamwebhelper.exe
5184	gldriverquery.exe
6888	vulkandriverquery64.exe
2248	vulkandriverquery.exe
6744	steamwebhelper.exe
2304	steamwebhelper.exe
1896	steamwebhelper.exe

Loads dropped DLL 64 IoCs

pid	Process
1096	SteamSetup.exe
1096	SteamSetup.exe
1096	SteamSetup.exe
1096	SteamSetup.exe
1096	SteamSetup.exe
1096	SteamSetup.exe
1096	SteamSetup.exe
1096	SteamSetup.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
3576	steamwebhelper.exe
3576	steamwebhelper.exe
3576	steamwebhelper.exe
3576	steamwebhelper.exe
5136	steamwebhelper.exe
5136	steamwebhelper.exe
5136	steamwebhelper.exe
5172	steam.exe
4952	steamwebhelper.exe
4952	steamwebhelper.exe
4952	steamwebhelper.exe
4952	steamwebhelper.exe
4952	steamwebhelper.exe
4952	steamwebhelper.exe
4952	steamwebhelper.exe
4952	steamwebhelper.exe
4952	steamwebhelper.exe
5172	steam.exe
6768	steamwebhelper.exe
6768	steamwebhelper.exe
6768	steamwebhelper.exe
5172	steam.exe
6172	steamwebhelper.exe
6172	steamwebhelper.exe
6172	steamwebhelper.exe
5012	steamwebhelper.exe
5012	steamwebhelper.exe
5012	steamwebhelper.exe
5012	steamwebhelper.exe
4548	steamwebhelper.exe
4548	steamwebhelper.exe
4548	steamwebhelper.exe
1260	steamwebhelper.exe
1260	steamwebhelper.exe
1260	steamwebhelper.exe
1260	steamwebhelper.exe
1260	steamwebhelper.exe
1260	steamwebhelper.exe
5612	DOSBox.exe
5612	DOSBox.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	DOSBox.exe
File opened (read-only)	\??\K:	DOSBox.exe
File opened (read-only)	\??\N:	DOSBox.exe
File opened (read-only)	\??\Q:	DOSBox.exe
File opened (read-only)	\??\Y:	DOSBox.exe
File opened (read-only)	\??\U:	DOSBox.exe
File opened (read-only)	\??\V:	DOSBox.exe
File opened (read-only)	\??\W:	DOSBox.exe
File opened (read-only)	\??\H:	DOSBox.exe
File opened (read-only)	\??\I:	DOSBox.exe
File opened (read-only)	\??\L:	DOSBox.exe
File opened (read-only)	\??\R:	DOSBox.exe
File opened (read-only)	\??\T:	DOSBox.exe
File opened (read-only)	\??\X:	DOSBox.exe
File opened (read-only)	\??\Z:	DOSBox.exe
File opened (read-only)	\??\E:	DOSBox.exe
File opened (read-only)	\??\M:	DOSBox.exe
File opened (read-only)	\??\S:	DOSBox.exe
File opened (read-only)	\??\A:	DOSBox.exe
File opened (read-only)	\??\B:	DOSBox.exe
File opened (read-only)	\??\G:	DOSBox.exe
File opened (read-only)	\??\O:	DOSBox.exe
File opened (read-only)	\??\P:	DOSBox.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
181	pastebin.com
196	pastebin.com

Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_outlined_button_circle_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_lstick_right.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_turkish-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_touchpad_click_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_l2.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_color_outlined_button_y.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_button_share_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_ring_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\logs\controller_ui.txt	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_home.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\xbox_360_spanish.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_rstick_down_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\templates\controller_ps5_gamepad_joystick.vdf_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_color_button_x_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_ltrackpad_ring_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\offline_czech.html_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_button_capture_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\repairlibrarydialog.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\uk.pak_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_ring_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\resources_all.zip.vz.3c8b3203e5c69d75ea0684c2409b86fe4d0d6f83_2856188	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_030_inv_0308.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_060_vehicle_9999.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\overlay_polish.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_l_ring.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_r_down_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_color_button_circle_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\templates\controller_mobile_touch_wasd.vdf_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\templates\controller_xbox360_wasd.vdf_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_vr_down.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox360_button_start.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_color_outlined_button_circle.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_buttons_e_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_dutch.txt.gz_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\filter_profanity_tchinese.txt.gz_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\vgui_schinese.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_color_button_x_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_ltrackpad_click_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_button_b_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\SDL3_image.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_090_media_0030.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\steamui_postlogon_swedish.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_rt_click_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_rtrackpad_ring_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\addfriendresultsubpanel_failure.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\platform_thai.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_dpad_left_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_dpad_down_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_r4_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_l2_soft_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_l_up_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\hi.pak_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0529.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0509.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_brazilian-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_dpad_down.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_touchpad_down.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox_button_start_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\DialogSendMessage.res_	steam.exe
File opened for modification	C:\Program Files (x86)\Steam\.crash	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\genesis_b.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\broadcastapp.js_	steam.exe

Drops file in Windows directory 24 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3576_910165485\_platform_specific\win_x64\widevinecdm.dll.sig	steamwebhelper.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3576_910165485\_platform_specific\win_x64\widevinecdm.dll	steamwebhelper.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3576_910165485\LICENSE	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3576_910165485\_metadata\verified_contents.json	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3576_910165485\manifest.fingerprint	steamwebhelper.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3576_910165485\manifest.json	steamwebhelper.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

System Location Discovery: System Language Discovery 1 TTPs 22 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DOSBox0.74-3-win32-installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DOSBox.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	steamwebhelper.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\FFlags = "18874369"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874369"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 1e007180000000000000000000008894cd1728122f4b88ce4298e93e09660000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials."	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\HotKey = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use."	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Mode = "6"	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\LogicalViewMode = "2"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupView = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:PID = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Vid = "{0057D0E0-3573-11CF-AE69-08002B2E1262}"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\1\MRUListEx = ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:PID = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\Shell\Open	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Applications	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\NodeSlot = "5"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\IconSize = "48"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers"	explorer.exe

NTFS ADS 5 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 464727.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 377645.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Hello Neighbor Alpha 4 Trainer v1.1.rar:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

pid	Process
5428	explorer.exe
5428	explorer.exe
4256	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
840	msedge.exe
840	msedge.exe
4760	msedge.exe
4760	msedge.exe
4804	msedge.exe
4804	msedge.exe
4704	identity_helper.exe
4704	identity_helper.exe
1672	msedge.exe
1672	msedge.exe
1096	SteamSetup.exe
1096	SteamSetup.exe
1096	SteamSetup.exe
1096	SteamSetup.exe
1096	SteamSetup.exe
1096	SteamSetup.exe
1096	SteamSetup.exe
1096	SteamSetup.exe
1096	SteamSetup.exe
1096	SteamSetup.exe
1096	SteamSetup.exe
1096	SteamSetup.exe
1096	SteamSetup.exe
1096	SteamSetup.exe
1096	SteamSetup.exe
1096	SteamSetup.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5408	msedge.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe
5172	steam.exe

Suspicious behavior: GetForegroundWindowSpam 5 IoCs

pid	Process
5172	steam.exe
6944	OpenWith.exe
4256	explorer.exe
6148	OpenWith.exe
5752	Steam.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 52 IoCs

pid	Process
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	4820	steamservice.exe
Token: SeSecurityPrivilege	4820	steamservice.exe
Token: SeShutdownPrivilege	4444	control.exe
Token: SeCreatePagefilePrivilege	4444	control.exe
Token: SeShutdownPrivilege	5428	explorer.exe
Token: SeCreatePagefilePrivilege	5428	explorer.exe
Token: SeShutdownPrivilege	5428	explorer.exe
Token: SeCreatePagefilePrivilege	5428	explorer.exe
Token: SeShutdownPrivilege	5428	explorer.exe
Token: SeCreatePagefilePrivilege	5428	explorer.exe
Token: 33	4064	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4064	AUDIODG.EXE
Token: SeShutdownPrivilege	3576	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3576	steamwebhelper.exe
Token: SeShutdownPrivilege	3576	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3576	steamwebhelper.exe
Token: SeShutdownPrivilege	3576	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3576	steamwebhelper.exe
Token: SeShutdownPrivilege	3576	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3576	steamwebhelper.exe
Token: SeShutdownPrivilege	3576	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3576	steamwebhelper.exe
Token: SeShutdownPrivilege	3576	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3576	steamwebhelper.exe
Token: SeShutdownPrivilege	3576	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3576	steamwebhelper.exe
Token: SeShutdownPrivilege	3576	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3576	steamwebhelper.exe
Token: SeShutdownPrivilege	3576	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3576	steamwebhelper.exe
Token: SeShutdownPrivilege	3576	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3576	steamwebhelper.exe
Token: SeShutdownPrivilege	3576	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3576	steamwebhelper.exe
Token: SeShutdownPrivilege	3576	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3576	steamwebhelper.exe
Token: SeShutdownPrivilege	3576	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3576	steamwebhelper.exe
Token: SeShutdownPrivilege	3576	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3576	steamwebhelper.exe
Token: SeShutdownPrivilege	3576	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3576	steamwebhelper.exe
Token: SeShutdownPrivilege	3576	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3576	steamwebhelper.exe
Token: SeShutdownPrivilege	3576	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3576	steamwebhelper.exe
Token: SeShutdownPrivilege	3576	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3576	steamwebhelper.exe
Token: SeShutdownPrivilege	3576	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3576	steamwebhelper.exe
Token: SeShutdownPrivilege	3576	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3576	steamwebhelper.exe
Token: SeShutdownPrivilege	3576	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3576	steamwebhelper.exe
Token: SeShutdownPrivilege	3576	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3576	steamwebhelper.exe
Token: SeShutdownPrivilege	3576	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3576	steamwebhelper.exe
Token: SeShutdownPrivilege	3576	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3576	steamwebhelper.exe
Token: SeShutdownPrivilege	3576	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3576	steamwebhelper.exe
Token: SeShutdownPrivilege	3576	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	3576	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
5428	explorer.exe
5428	explorer.exe
5428	explorer.exe
5428	explorer.exe
5428	explorer.exe
5428	explorer.exe
5428	explorer.exe
5428	explorer.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe

Suspicious use of SendNotifyMessage 39 IoCs

pid	Process
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
3576	steamwebhelper.exe
3576	steamwebhelper.exe
3576	steamwebhelper.exe
4296	steamwebhelper.exe
4296	steamwebhelper.exe
4296	steamwebhelper.exe
4296	steamwebhelper.exe
4296	steamwebhelper.exe
4296	steamwebhelper.exe
4296	steamwebhelper.exe
4296	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1096	SteamSetup.exe
4820	steamservice.exe
3436	MiniSearchHost.exe
5192	OpenWith.exe
5280	SystemSettingsAdminFlows.exe
1400	OpenWith.exe
5172	steam.exe
3992	winrar-x64-701.exe
3992	winrar-x64-701.exe
3992	winrar-x64-701.exe
6944	OpenWith.exe
6944	OpenWith.exe
6944	OpenWith.exe
6944	OpenWith.exe
6944	OpenWith.exe
6944	OpenWith.exe
6944	OpenWith.exe
6944	OpenWith.exe
6944	OpenWith.exe
6944	OpenWith.exe
6944	OpenWith.exe
6944	OpenWith.exe
6420	OpenWith.exe
6420	OpenWith.exe
6420	OpenWith.exe
6420	OpenWith.exe
6420	OpenWith.exe
6420	OpenWith.exe
6420	OpenWith.exe
6420	OpenWith.exe
6420	OpenWith.exe
6420	OpenWith.exe
6420	OpenWith.exe
6420	OpenWith.exe
6420	OpenWith.exe
6420	OpenWith.exe
6420	OpenWith.exe
6420	OpenWith.exe
6420	OpenWith.exe
6420	OpenWith.exe
6420	OpenWith.exe
6420	OpenWith.exe
6420	OpenWith.exe
6420	OpenWith.exe
6420	OpenWith.exe
6420	OpenWith.exe
6420	OpenWith.exe
5132	osk.exe
4256	explorer.exe
5132	osk.exe
5132	osk.exe
5132	osk.exe
4256	explorer.exe
4256	explorer.exe
5132	osk.exe
4256	explorer.exe
4256	explorer.exe
4256	explorer.exe
4256	explorer.exe
5132	osk.exe
6148	OpenWith.exe
6148	OpenWith.exe
6148	OpenWith.exe
6148	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4760 wrote to memory of 4736	4760	msedge.exe	82
PID 4760 wrote to memory of 4736	4760	msedge.exe	82
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 2064	4760	msedge.exe	83
PID 4760 wrote to memory of 840	4760	msedge.exe	84
PID 4760 wrote to memory of 840	4760	msedge.exe	84
PID 4760 wrote to memory of 1900	4760	msedge.exe	85
PID 4760 wrote to memory of 1900	4760	msedge.exe	85
PID 4760 wrote to memory of 1900	4760	msedge.exe	85
PID 4760 wrote to memory of 1900	4760	msedge.exe	85
PID 4760 wrote to memory of 1900	4760	msedge.exe	85
PID 4760 wrote to memory of 1900	4760	msedge.exe	85
PID 4760 wrote to memory of 1900	4760	msedge.exe	85
PID 4760 wrote to memory of 1900	4760	msedge.exe	85
PID 4760 wrote to memory of 1900	4760	msedge.exe	85
PID 4760 wrote to memory of 1900	4760	msedge.exe	85
PID 4760 wrote to memory of 1900	4760	msedge.exe	85
PID 4760 wrote to memory of 1900	4760	msedge.exe	85
PID 4760 wrote to memory of 1900	4760	msedge.exe	85
PID 4760 wrote to memory of 1900	4760	msedge.exe	85
PID 4760 wrote to memory of 1900	4760	msedge.exe	85
PID 4760 wrote to memory of 1900	4760	msedge.exe	85
PID 4760 wrote to memory of 1900	4760	msedge.exe	85
PID 4760 wrote to memory of 1900	4760	msedge.exe	85
PID 4760 wrote to memory of 1900	4760	msedge.exe	85
PID 4760 wrote to memory of 1900	4760	msedge.exe	85

C:\Users\Admin\AppData\Local\Temp\DOSBox0.74-3-win32-installer.exe
"C:\Users\Admin\AppData\Local\Temp\DOSBox0.74-3-win32-installer.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc67253cb8,0x7ffc67253cc8,0x7ffc67253cd8
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:8
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2604 /prefetch:8
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1672
- C:\Users\Admin\Downloads\SteamSetup.exe
  "C:\Users\Admin\Downloads\SteamSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1096
- - C:\Program Files (x86)\Steam\bin\steamservice.exe
    "C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6776 /prefetch:8
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7512 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7652 /prefetch:1
  2⤵
  PID:6436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7724 /prefetch:8
  2⤵
  PID:6220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:6996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:6908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:6912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9120 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8988 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9164 /prefetch:1
  2⤵
  PID:6720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9148 /prefetch:1
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9196 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8956 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8792 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8832 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8528 /prefetch:1
  2⤵
  PID:6724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
  2⤵
  PID:6528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8452 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8372 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9044 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8344 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8100 /prefetch:1
  2⤵
  PID:6968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8340 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9056 /prefetch:8
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,3675082028830747017,13022325684449973979,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9132 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:1328
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:560

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:1448
- C:\Program Files (x86)\Steam\steam.exe
  "C:\Program Files (x86)\Steam\steam.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5172
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=5172" "-buildid=1733265492" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SendNotifyMessage
    PID:3576
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1733265492 --initial-client-data=0x28c,0x290,0x294,0x288,0x298,0x7ffc51b4af00,0x7ffc51b4af0c,0x7ffc51b4af18
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5136
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1568,i,4738307929011772917,10581455803241266002,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1572 --mojo-platform-channel-handle=1560 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4952
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2200,i,4738307929011772917,10581455803241266002,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2212 --mojo-platform-channel-handle=2204 /prefetch:11
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6768
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2768,i,4738307929011772917,10581455803241266002,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2772 --mojo-platform-channel-handle=2764 /prefetch:13
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6172
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,4738307929011772917,10581455803241266002,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3148 --mojo-platform-channel-handle=3140 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5012
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=3720,i,4738307929011772917,10581455803241266002,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3636 --mojo-platform-channel-handle=3728 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4548
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3788,i,4738307929011772917,10581455803241266002,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3716 --mojo-platform-channel-handle=3708 /prefetch:10
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1260
- - C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:2356
- - C:\Program Files (x86)\Steam\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1660
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:3060
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5116

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3436

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:404

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3152

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:2184

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:3468

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5192

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" TurnOnDeveloperFeatures DeveloperUnlock
1⤵
- Suspicious use of SetWindowsHookEx
PID:5280

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:5196

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:5272

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1400

C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" /name Microsoft.AdministrativeTools
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4444

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:3524

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5428

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:2456

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:1884

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:3688

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004E4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6028

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\f9e0f815351c430cbde8e6d1f76e4552 /t 6136 /p 3992
1⤵
PID:5896

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:656

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6944
- C:\Program Files\7-Zip\7z.exe
  "C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\Hello Neighbor Alpha 4 Trainer v1.1.rar"
  2⤵
  PID:2436

C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\Hello Neighbor Alpha 4 Trainer v1.1.rar"
1⤵
PID:568

C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\Hello Neighbor Alpha 4 Trainer v1.1.rar"
1⤵
PID:1948

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:6420

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:6996

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:1096

C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" /name Microsoft.AdministrativeTools
1⤵
PID:6816

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:3568

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4256
- C:\Windows\System32\osk.exe
  "C:\Windows\System32\osk.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:5132

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:6448

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:4636

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:2800

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:6756

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:1396

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:5760

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6148
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Hello Neighbor Alpha 4 Trainer v1.1.rar"
  2⤵
  PID:5588

C:\Program Files (x86)\DOSBox-0.74-3\DOSBox.exe
"C:\Program Files (x86)\DOSBox-0.74-3\DOSBox.exe" -userconf
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:5612

C:\Program Files (x86)\Steam\Steam.exe
"C:\Program Files (x86)\Steam\Steam.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: GetForegroundWindowSpam
PID:5752
- C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
  "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=5752" "-buildid=1733265492" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\Steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Checks processor information in registry
  - Suspicious use of SendNotifyMessage
  PID:4296
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1733265492 --initial-client-data=0x288,0x28c,0x290,0x284,0x294,0x7ffc51b4af00,0x7ffc51b4af0c,0x7ffc51b4af18
    3⤵
    - Executes dropped EXE
    PID:404
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1556,i,7742713997671760368,2738523024073298476,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1560 --mojo-platform-channel-handle=1548 /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:5388
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2484,i,7742713997671760368,2738523024073298476,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2488 --mojo-platform-channel-handle=2480 /prefetch:11
    3⤵
    - Executes dropped EXE
    PID:5812
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2664,i,7742713997671760368,2738523024073298476,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2668 --mojo-platform-channel-handle=2696 /prefetch:13
    3⤵
    - Executes dropped EXE
    PID:2328
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,7742713997671760368,2738523024073298476,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3132 --mojo-platform-channel-handle=3124 /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:3380
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3752,i,7742713997671760368,2738523024073298476,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3756 --mojo-platform-channel-handle=3748 /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:6744
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4128,i,7742713997671760368,2738523024073298476,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4132 --mojo-platform-channel-handle=4060 /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:2304
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4108,i,7742713997671760368,2738523024073298476,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4104 --mojo-platform-channel-handle=4088 /prefetch:10
    3⤵
    - Executes dropped EXE
    PID:1896
- C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
  .\bin\gldriverquery64.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Program Files (x86)\Steam\bin\gldriverquery.exe
  .\bin\gldriverquery.exe
  2⤵
  - Executes dropped EXE
  PID:5184
- C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
  .\bin\vulkandriverquery64.exe
  2⤵
  - Executes dropped EXE
  PID:6888
- C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
  .\bin\vulkandriverquery.exe
  2⤵
  - Executes dropped EXE
  PID:2248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\DOSBox-0.74-3\DOSBox.exe

Filesize
3.6MB

MD5
90c338efc128025736084c05ae664a60

SHA1
5c5c465b48d09c0586ee465dfe5df0cb0c1c1028

SHA256
dcfd46fa521f5ce89dce3bf026056f3a1d15533f80321ee887403e30d7949f5e

SHA512
814d28162e68655088ff4b858274c3c33fe2b9c9dd654e7d0614ee5bad3c28a776ab7799efaea136a5cfbb93601fee5675b64eebee7722500324d896dc6f0ca8

Download Submit
C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\bin\SteamService.exe

Filesize
2.5MB

MD5
ba0ea9249da4ab8f62432617489ae5a6

SHA1
d8873c5dcb6e128c39cf0c423b502821343659a7

SHA256
ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d

SHA512
52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
15KB

MD5
53433bb6ea09111be19b786bee05f579

SHA1
74306f91b349e81bdbb0822c9a6706a4f2f0e5ce

SHA256
7c05dc37241f4ef7c58e0e7be229b08dfb1e077170569cef53d81c79651f94de

SHA512
f8eef20c1c824016de22795f9012f64db6379f2252716c096c0690db332ec3fe803aff9d75b5cc9fa105451efca012a5232a026e337ed3ff1108776cfd6b9a51

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
17KB

MD5
15494c526f65029e32f9a5ea1dabce84

SHA1
4f442da7dbaa5b0e66f8b50f5f3cb28b3bba8e4e

SHA256
bb82dc990fec2b63e08c165cb1c966e9d8b0073c41d4556ec4a68d653a92c0c0

SHA512
b828babac27ac1318e00dc68c4e9a17349425974eaffdd5f6b77f5007de06ca8c094be78efac19d6fd548beb0ff3f521128263d634d6ca71b1c3ee85824a8c21

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
16KB

MD5
b55976077cc42e20de959882f809faab

SHA1
86823076aeb739a69303a66892593561f30fe6bd

SHA256
ca3499ca0fd52ae7529c1c7e8cd234bc9a6c34e6eaf9390d2a72c24d19b949a7

SHA512
fccd8f785e6413be60c3e394bbccf289161f3730ac2290d17b7b3651a55077c6909597ffef3377303de1d29e5cfe6195cd9a986475e50dc293dcdc53bbd2af79

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
23KB

MD5
26af8e90ff91b1a61fc5b699b1221b0b

SHA1
c27e3045b268597353f57ec3017aaf3388b4484b

SHA256
f7eb5143242fe48d188af4fe1a1777d532e8ffeeddd6eb9df64d731ef2349cfa

SHA512
b15e65fd0356c78f856622813384568f3ae90b9bb7759518586fb8795ec7075f6334e5dfd0e71db4b345d4636458f0282aa53c2f5c316bb16b7d8a61c5f09d5e

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
22KB

MD5
580faa821c35e5dc471fdaade2bcfddb

SHA1
83311df012c86967caed6d277867d3b2df622812

SHA256
aec564baa1e344153af101fe30725ee515e562cc30be0435702d8a7dcce062e4

SHA512
80ffa22e197e975fd7ea2d865ee1286b5a35c2429c8751b15d47cf9afffd93dae5a1878cc3cc060a624f35e8b62918e282bb5495eebd73c962ea4f04a1064d5d

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
18KB

MD5
b88b1b8c49311e9ad4d5cca8467d02ab

SHA1
c774ccb60bb9ae490d59968a33c7e0f91a312bf3

SHA256
ac280e8408f091dd536c6a18eb9b8d9efba5071c813637fb1725ddc267390fd9

SHA512
d3854a8132969736f92aef682ac78491004ba8e431ed37b4d0ceb36efb9b1751ed0ffebc2153c6f376e5f78b338136f775d3dd9c1339e86fedcaf897c9f83912

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
18KB

MD5
89db525cd8bd9b90bc0238f631caed3e

SHA1
5cfe7ea125d6aaea761dcfebcfa324c450188ab4

SHA256
870f36d436f9d5a8caebf82d72bbb215cb0a56dd25c9f233a9da2e32bd747ad6

SHA512
3ad4a81150b39d869d93eea9a5a0ecdd95edc5ecf077d237c723e47df501929a3f090a5204dc0419dd3ec425bf6e1c3f04c1cabf12de5ecfd41e3350c9220cc8

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
17KB

MD5
dd8ba6eec382d1e63c98ae4ed1c8f272

SHA1
4b995ddaa7ba7bb279554d40bcb11c94d4275cfa

SHA256
7f2aab4c7aaf68b29107fa2fbedba9055f3ca7ea354e3fe446e9a8a7373df8e9

SHA512
1a8c0d5c0b1cf6bb08eac835882801ee2e65ec0930311269aa2955a6cf0f6cfc89a35dcb8f0fc34781a67b5ec546e13e038955c3b0fb9d135b37f24e4c4633d8

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf~RFe638523.TMP

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Program Files (x86)\Steam\logs\cef_log.previous.txt

Filesize
1KB

MD5
50b6363fcd33817f22e229e4d17117e9

SHA1
023129d5699318fcd507d853f84340d373627d44

SHA256
d2c0c95ed1246623469bbe997a2d2a41e405cc6cf3d7f541ee357dbc01fe829e

SHA512
5453423670ab6d2f669f895dc29d186c331d63e8453772e33b2097f129075659451e361a18ccc7d0618f9845af49a27b79d96130180c2084f3a827c2eebf94ce

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

Filesize
4KB

MD5
0340d1a0bbdb8f3017d2326f4e351e0a

SHA1
90d078e9f732794db5b0ffeb781a1f2ed2966139

SHA256
0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544

SHA512
9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

Filesize
6KB

MD5
4c81277a127e3d65fb5065f518ffe9c2

SHA1
253264b9b56e5bac0714d5be6cade09ae74c2a3a

SHA256
76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9

SHA512
be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

Filesize
4KB

MD5
2158881817b9163bf0fd4724d549aed4

SHA1
c500f2e8f47a11129114ee4f19524aee8fecc502

SHA256
650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7

SHA512
f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

Filesize
4KB

MD5
03b664bd98485425c21cdf83bc358703

SHA1
0a31dcfeb1957e0b00b87c2305400d004a9a5bdb

SHA256
fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115

SHA512
4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

Filesize
4KB

MD5
31a29061e51e245f74bb26d103c666ad

SHA1
271e26240db3ba0dcffc10866ccfcfa1c33cf1cc

SHA256
56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192

SHA512
f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

Filesize
4KB

MD5
da6cd2483ad8a21e8356e63d036df55b

SHA1
0e808a400facec559e6fbab960a7bdfaab4c6b04

SHA256
ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6

SHA512
06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

Filesize
4KB

MD5
9e62fc923c65bfc3f40aaf6ec4fd1010

SHA1
8f76faff18bd64696683c2a7a04d16aac1ef7e61

SHA256
8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7

SHA512
c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

Filesize
4KB

MD5
10c429eb58b4274af6b6ef08f376d46c

SHA1
af1e049ddb9f875c609b0f9a38651fc1867b50d3

SHA256
a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13

SHA512
d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

Filesize
4KB

MD5
5c026fd6072a7c5cf31c75818cddedec

SHA1
341aa1df1d034e6f0a7dff88d37c9f11a716cae6

SHA256
0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382

SHA512
f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

Filesize
6KB

MD5
189ba063d1481528cbd6e0c4afc3abaa

SHA1
40bdd169fcc59928c69eea74fd7e057096b33092

SHA256
c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695

SHA512
ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

Filesize
4KB

MD5
18aaaf5ffcdd21b1b34291e812d83063

SHA1
aa9c7ae8d51e947582db493f0fd1d9941880429f

SHA256
1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5

SHA512
4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

Filesize
4KB

MD5
1514d082b672b372cdfb8dd85c3437f1

SHA1
336a01192edb76ae6501d6974b3b6f0c05ea223a

SHA256
3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4

SHA512
4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

Filesize
4KB

MD5
8958371646901eac40807eeb2f346382

SHA1
55fb07b48a3e354f7556d7edb75144635a850903

SHA256
b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585

SHA512
14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

Filesize
5KB

MD5
7e1d15fc9ba66a868c5c6cb1c2822f83

SHA1
bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7

SHA256
fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265

SHA512
0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

Filesize
4KB

MD5
202b825d0ef72096b82db255c4e747fa

SHA1
3a3265e5bbaa1d1b774195a3858f29cea75c9e75

SHA256
3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314

SHA512
e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

Filesize
4KB

MD5
7913f3f33839e3af9e10455df69866c2

SHA1
15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25

SHA256
05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c

SHA512
534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

Filesize
4KB

MD5
58e0fcbee3cca4ef61b97928cfe89535

SHA1
1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b

SHA256
c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425

SHA512
99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

Filesize
4KB

MD5
9b0b0e82f753cc115d87c7199885ad1b

SHA1
5743a4ab58684c1f154f84895d87f000b4e98021

SHA256
0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32

SHA512
b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt

Filesize
4KB

MD5
eb8926608c5933f05a3f0090e551b15d

SHA1
a1012904d440c0e74dad336eac8793ac110f78f8

SHA256
2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04

SHA512
9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt

Filesize
4KB

MD5
6367f43ea3780c4ee166454f5936b1a8

SHA1
027a2c24c8320458c49cd78053f586cb4d94ee6f

SHA256
f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998

SHA512
31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt

Filesize
6KB

MD5
e04ad6c236b6c61fc53e2cb57ced87e8

SHA1
e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4

SHA256
08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e

SHA512
0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt

Filesize
4KB

MD5
56dcf7b68f70826262a6ffaffe6b1c49

SHA1
12e4272ba0e4eabc610670cdc6941f942da1eb6a

SHA256
948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f

SHA512
c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt

Filesize
4KB

MD5
66456d2b1085446a9f2dbd9e4632754b

SHA1
8da6248b57e5c2970d853b8d21373772a34b1c28

SHA256
c4f821a4903c4e7faea2931c7fb1cf261eba06a9840c78fdca689f5c784c06c4

SHA512
196c2282ba13715709ece706c9219fe70c05dd295840082e7d901b9e5592e74b1bb556782181cdbe35bd1ab0d6197fef67258b09491fabc6f27606dbed667d49

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt

Filesize
4KB

MD5
b2248784049e1af0c690be2af13a4ef3

SHA1
aec7461fa46b7f6d00ff308aa9d19c39b934c595

SHA256
4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690

SHA512
f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt

Filesize
4KB

MD5
194a73f900a3283da4caa6c09fefcb08

SHA1
a7a8005ca77b9f5d9791cb66fcdf6579763b2abb

SHA256
5e4f2de5ee98d5d76f5d76fb925417d6668fba08e89f7240f923f3378e3e66f6

SHA512
25842535c165d48f4cf4fa7fd06818ec5585cc3719eff933f5776a842713d7adb5667c3b9b1a122a1152450e797535fc7a8e97ebdd31c14b4d4900a33ede01f3

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt

Filesize
7KB

MD5
53f7e8ac1affb04bf132c2ca818eb01e

SHA1
bffc3e111761e4dc514c6398a07ffce8555697f6

SHA256
488294b7faff720dc3ab5a72e0607761484c678b96d6bcd6aad9ee2388356a83

SHA512
c2e79c2505a6fd075df113ffce92ad42c146424ca39087601daa4ed15a2b5528d478a093921d9d8a738c7b6b963275a0693ebe526b6e2135d14ced03639d0e70

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_turkish.txt

Filesize
4KB

MD5
29f9a5ab4adfae371bf980b82de2cb57

SHA1
6f7ef52a09b99868dd7230f513630ffe473eddf8

SHA256
711675edb20b3cb70acf6cf75f2eea8e0d87c8ace3e11c8df362b4517427a34f

SHA512
543fe63f791250e05e8fda24fd2ceadebb4c8925e8927de49ae490895c87eed3e61a9ad50237532649f99fe3165836261de215ee3f66ffbfc6d677ddeea7732a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_ukrainian.txt

Filesize
6KB

MD5
cadd7a2f359b22580bdd6281ea23744d

SHA1
e82e790a7561d0908aee8e3b1af97823e147f88b

SHA256
3dd0edfbe68236e668fb308f92fe7c6493dbb05bfca85a48de93588f479ccc99

SHA512
53672dd13e6ccbe96f6d4a61297c595b6d6cba8de92caa51ccf8ab1d8a82eea5a425eab348f295b9ec27de0026ef849d9230f751a46e040be8863923f91b8519

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
02a4b762e84a74f9ee8a7d8ddd34fedb

SHA1
4a870e3bd7fd56235062789d780610f95e3b8785

SHA256
366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da

SHA512
19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
826c7cac03e3ae47bfe2a7e50281605e

SHA1
100fbea3e078edec43db48c3312fbbf83f11fca0

SHA256
239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab

SHA512
a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
26KB

MD5
5dea626a3a08cc0f2676427e427eb467

SHA1
ad21ac31d0bbdee76eb909484277421630ea2dbd

SHA256
b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6

SHA512
118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060

Filesize
35KB

MD5
3817b5ec367eb3dd00eeb4e1d8a53543

SHA1
de1e4e012caef3d0ebd8b832d92a73de24f85a33

SHA256
4a1e7bf9380cbcbc3d9f324c56b8b08c35c42289e24ffaafc3844524ed1e41ac

SHA512
a008b4e9c1df1f03c49e54408f0fa816ff3b34b3500c07d32c4edd927f546895f3a68dede39faf63af0bcb9dceab80b968c5b33d31f9ce017b866f1307c99831

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062

Filesize
50KB

MD5
02ba0eab953db3cea75083080ba40117

SHA1
980f7d1b6656069e07db10fe445302ac7f87a45f

SHA256
741a41aff007c6d9d48686b99cd4a14892782bf4414f323e16ccb863d1c1d06a

SHA512
47a2629f4e9b815e693135005596da7e4357e118fc68ab2e7eece6cc0e2bb9d55ea463d861cd65602f924766c392b8bfe87ab435edaf6b74e9078f40f914ad52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000066

Filesize
49KB

MD5
7ca090d5f0c1a9e7d42edb60ad4ec5e8

SHA1
7278dcacb472ec8a27af7fbc6f8212b21e191042

SHA256
4039fef5575ba88350a109b2c8d9aa107f583acb6cbe2ac8e609071567c4cc76

SHA512
c4f2d23eacf74f87de8dea6e4532b120253bb9ad356341532f5e1aaf2ce90d137f46b50df7de5250bce4eca1fbfb74da088accd7c626fa853dc524abad7bfe8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069

Filesize
635KB

MD5
b537ca5fec304dcf3ce3171edf1e8fa4

SHA1
52665eefc08697d21f82719269fbfef687a643d7

SHA256
50b93c8ccbf1304dde0b424bafadf2fb654597bf4a35def9f29356988dfeb2ca

SHA512
81ae8df536c60aa8eb9a687625a72de559d15018c5248e0bc12ce7ed45aa7b960e999b79a8e197c38ddde219aa942ba4534f154aa99386e5e242d18a7d76c805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000093

Filesize
112KB

MD5
f91354dee893e5b5f7eedf08fb503e05

SHA1
a291685de177c087466c10c920907d99b3472bf4

SHA256
50d56951f0baa312d62451574206a628c60e3a195361e373a36543eba12ae8e8

SHA512
f31b12d4735a4be4a4934cb816d210be9b461afd36b69d931cddb74cdd3b2ca1b04e955c801b7d8978db40b6b4d496b667cc73d54c61a3f5fd249204433ce42a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000bb

Filesize
27KB

MD5
158a0cc3b8390b268676b3fc3644dbe3

SHA1
bf06cf6e7d96d7808b0c245be28d79c6b963a5e0

SHA256
544c11dc585731e0fb13a885e55fe671f69b9d1adb7d7f9ab3b63d5cd1886b48

SHA512
d41616ba3fd2bafd80926c890621b0bb2b0e50e7625badc6e25d86b26eefa7526451b9f0d3777c54c4cf383cb87e5e2361294b79edf19e9f514d72c4cc0d100b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ee

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
2KB

MD5
4c2b34e90983614236850df55acbca50

SHA1
8539dee7834dac1474da01a5e8d4d14cca1855de

SHA256
65579b5d9ca1857bfa0dd5c288bc401d922a19e302f8de7b7ef367af98d6f74b

SHA512
631514b6d3bf036b81e648e40db952a5ad0a9d78c9901fb7fcb460047dd52d49b25a03fc388e4b90ec8530119d39afe9c9bcc3dc7447aa94d5a0a7839f73160d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ff7ebf35700d908_0

Filesize
294B

MD5
b67e91caf26eca48d35ef37b00c945f2

SHA1
9c6687a11bfb6b1503404c8d5375de1cb66f0792

SHA256
3138a3b2c699eeedf45d8d16129280a93eda798bc00b9e4896d6ec0c3e38111e

SHA512
4545d6e40469ee539671e158774d79e1db77840f3a40e9e9147ac1a13919edf38e72af00341c12fe6856527d4995020d83fa158ddf9c04d6f0e84b4392441795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
e4c0bfbb63850a45990333bc1b17c1ff

SHA1
7fc8f9ff087931034111d564bca2d04c0e670aa7

SHA256
eafef47a3bb7fb8ef046ace88e8a7ff440d01e2d3e6a3d5f6125b3a608436f33

SHA512
a199bb0cbb68b1f4db20b567e378c051bad254640341e28e6509e3f2ea10af17c744d9fea503e2af941051ff85ed69fac739d9ad0cf5c8a045de69d2acbdbac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\37afe38eb817b647_0

Filesize
27KB

MD5
36406928c0ead9dd131d9295a331b36b

SHA1
00dda1e71501d8eba63ef18498cb0bcde730b58e

SHA256
99c0a7fbc5da6cb56bd21af5d08c16ec305fbd9c9770ca8c725a6471e9bed17f

SHA512
c6af03001ba1afb81cf5cac2ef48bb49aae1a586531751fe70ed6866d14e2cb44cbd2ef69a0e2aa65055e3fc5428b90ca0531f504a84f7ff802db93f554630d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a4259a0181983ba_0

Filesize
7KB

MD5
c48a8420500a5cc134d6d26d1fee9f12

SHA1
8fcbe93b59c873d15e4d834cb932e2961c589afa

SHA256
f9f216fdb854947352773ad972fe298e28d3bdd91c5b6fc11153eadf0f299833

SHA512
043651d2427d138675e10ffb2197730b7397eb359f8865c3d1d59eab201b622dcd08d559d543a88c5ce8d60c4d10433f9d723ab2d9a0d5b37661c1b0ebbe240e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f139f229e6f0497_0

Filesize
5KB

MD5
94e7070f9e363fc9ab2cafc09982859c

SHA1
38a899e2cfaf0f7a9bd7bc795dd6466d04888e72

SHA256
7f4ad11b4c9b54905b345cc9465a596aa8951d0ef8ff5c0d7c35e7a53df2f476

SHA512
048405e74ed59f7723e8b8b11bc64f88b539b46cbf18d819938f91c496f5e59ca3012cdb304e81678044fa49aec8c1100154ad55b5ddf8f95bbabbbf5d1271ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
8f44f943c6b4f7f93ab2cc11ecdbe0ac

SHA1
bd5d428660bbb51f9edb9ba5a26540dc6c25c212

SHA256
417232645e106510766d383d91d9e0c26118c38d464555088ff314998dd814fd

SHA512
302c0031baaefcbbf4501044fda6bc8135d9cef68995de2b38051f5cd56e08d87879050cfe338fde9c073e3141c53736a13a3f57abc60d2a7f52325341107d45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
dba8af3af71c170f9090b0edded483d8

SHA1
068a62f5740c3615d0fc6254359de7e9849199bf

SHA256
8518cf23a84d52700d96cb9757281f00a44a97e132c1909e3a012a234119f383

SHA512
d67deb70949383b8c84c3e79a8534c41c5e25591407e6421a02ec79e8239110f733eaf0056de42a9bc4e39f08e793c01a0e36e19cf2c4dc53aefd750248f7ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

Filesize
2KB

MD5
6a587d2bec6afd60bb32a30699f81774

SHA1
273cf4c3bd0067de491b42951da4ccc0b068aba9

SHA256
eb0dc56dd17d5dc420a42f472f3101676aab8b57129c588ded87878563823cda

SHA512
10719515e55071d37ee9d2041fb39ec8cf6652f9da4e3469b144791bca3c8ef42df7927a609b6672fdbb8b25b8e69c2f7d8381ad9d4a6ce32bed5d846e4662d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a0b4d20ae0e222_0

Filesize
4KB

MD5
caf258a7fff3f1c2e580ae71705e1a7f

SHA1
fe4520e3a9eef212a27e8ca819bac843b15ab3b9

SHA256
be3aae91212e4b4ad5a6aa02d3040fa016fd0a86c57c12a535ef96961bb30e71

SHA512
6b6009ed0fd9f24a924354431922a5ee553a625a66dae801bf1309a496cb9f28f3940126d46eda3d6a4281c694e44128671795f1781977c96ec9ad6f567a0d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6db290dce274a012_0

Filesize
4KB

MD5
ce8189040928d26720ed001d5fd485be

SHA1
dbd00a22e0d88b0d914bb037f46066a2c6364690

SHA256
223de629c01fa587fd65154c6d1bf83cc4e3e31f3fef3ed4c9fc89623eee52a5

SHA512
f4f6bb4a31255195c6670d359add037821ab489e74082f6668efcccb70db02e5855e7fbef65daeea8abe10618ce9a332a1e6266fcc93318e038082f2497dc962

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
1KB

MD5
c1999c0c702713e0e62a8d2b7b886ac8

SHA1
4afef129829a4b242c43194e4451aac56c899c31

SHA256
f9bf54f7edf8c81b8da57e60a0bec1d7f7b337d32fdb819aaa3705ab229a1141

SHA512
533ee9b87e319cc582264c0f33b4b182db02853424f5e111c7aeb952ece07431f5cbe965fe3607ac5661cf62bb88c367baee3f3369dfcc50c5435c50a6ba4f3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\78bc646c0524ce58_0

Filesize
2KB

MD5
61ca382f9ad18930103fda4b4f5250c0

SHA1
c2eff53198c8e10aa8f03a67cf56ddf1b402f08a

SHA256
d40e9cfd1debd166ef082d9fe29a891c27a424ca6ca391064c8e2c3e5670f2d3

SHA512
52edea5ccc191b13ae2f3dabf3c317ad9ea1ebd5b0253c465a4b20d1183e81365e021d2b8cfd99b267cb4974e838a1a0f0ed7d594a1ae666529d2ecb661769da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8551150be49776f3_0

Filesize
3KB

MD5
e53838c4d420029cb78a4eeb3fe13d62

SHA1
1fa6e5bbd532eb1c53f0925808eb95f167f2ec39

SHA256
dfd04d72a11346ca9b6fe86638474ee6075fe9aaf8a1d2a1281bb6279443b94d

SHA512
9c5109ae02fdc8585a5c3859e5928d4c037d7b3ed4343eee19a3e0a88aa78e769bcc13a352d9c045b9e920e182fbc4a140b464f351f4e14d62044f169f44850d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90d7d7591a1b39bb_0

Filesize
262B

MD5
4cca26a3722dfa71b6766d872d01d417

SHA1
8d8084fd8021862df38d5be15a522b5d3710fab2

SHA256
60fc86a470650dfc7df2b02ccdf231d7f2d69aa56032594fdc6617f5ff60aaa9

SHA512
4ddcbb48429cfc5a1e8fc3651387b1aa0b3c6d2cf232bf322ad7eb548a3291f620f02586bb0e7af0b7cf5e90d17b168f90f125dc9db3907fa1697fdc297e1b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d693ac0f52716b_0

Filesize
3KB

MD5
264b33e59b6e0549a28384bc5537f3cd

SHA1
27cfa60e27a51faf6c97464cde4497bb3ee4e1bb

SHA256
44d5c9ea08a8b24ad08a7c087b4acfdbc92e6967650587e2ec7cfa783187b069

SHA512
9a01a0f91e2c8d2f2ca1b413774543a192375367442756818150e11bef5abf249ee94ee509b7d99a3187ac59bdc5a828d3a03fab044fd8d5134e0fa5189fada2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b7c4f0f9d476654b_0

Filesize
291KB

MD5
8b3dcfa0f77b7bb842ced73a1c172fba

SHA1
05023007033978bd295e8a5cf4452ae2ae508d42

SHA256
50a718994378f6160b09e06d0e20be1ac9b1680ecfea21c0233021145267628d

SHA512
f5f350660e272c027feeb3769d198535e7137bcc68eebf8efd422467e1585c1b84723c235d823a348c7aae67e4b3ec2b4dd75ba0dbaa49cae3190d24ba58a47d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be6d12311ce2b399_0

Filesize
1KB

MD5
697cf9650e0c0ef12563a4cfb2a11219

SHA1
f799ef741e6c92ade4f9b901270cb19e590f166b

SHA256
8b831041e5d97b62d652e334c379ad2ea7247dade06d1478905361fd7747f8ec

SHA512
0f1300542e91b78095cd473e1b2b98daa92a111c70cbc704bbbf98d8e82e310945bd14f36ebca53f1410a3cfe38dc0491581cee44dc16547938a882ecc386a25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c91c845c83814759_0

Filesize
14KB

MD5
dda541055a09d1e11dfe2dbfb4322ab3

SHA1
6d3cdf428ab3b06fa464ced0288bb9c378ba948b

SHA256
fcd11eacf22eb1b8e628678ba2f5d0bb8c5a33c67ca4f0cc8f275b71a009ab94

SHA512
baf592f73d50e46d6b3fd3dd5c72f79579884f046e2c6f32bc62de431aece12a9b3aa7dce0ceab3bafd759a6ee499aa20dbdc9a3279a5cc567a19590b11284a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca5bb3c84b908d6e_0

Filesize
2KB

MD5
d576add013e71d442923553d2518aa83

SHA1
99c903745bc135558a422cc3448b86c4c7af5f58

SHA256
b4f4d8845d4609b8363031acbca9c9cf62a3f16d19f5776942280c65fca4ae2c

SHA512
520472afd9edd38a2787a08abced4f6fa80503baacae467183505e024b88fe808a8bbda543aafc3b438dcaa56cb3f8800a7db9b14941efb06d44e4258ddc8d28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d45aae6d8d9c9ff2_0

Filesize
2KB

MD5
df489d5a107b050b98049011f525a959

SHA1
b1706ead6bf4f55e83668c6f07a9e5fc7e9d82cf

SHA256
f7e6f219b9c909794b71200b7246997ca3969fe95b8b7400ba0191d18a3b22e0

SHA512
377b0bfd42c9dc1bcc4c0ff3737f5c7ef8d79d7bcc8baf87d5bec4ffea931dab4d12afe2c8e8021d34d2289717aeb496e2e96f1e147f7cdd71f497a0b596e359

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\da82014a94532e8f_0

Filesize
29KB

MD5
b9d46d0a4973aea46f8e4d92f9eb6984

SHA1
8c594d16f22ee16842bd155275fe8f936ef801b4

SHA256
f2f6f50a460fba4976dcd5130ab05fce15c1aee3cbbcb8e71f518febd688bef6

SHA512
135f54b1004526771ccc0b8229ea27b03b342d57d29379ccbc6f5f498f849ebf6307a9a15b01513011c1276f5b182e558aa7ec604513094e5ada0932d32746ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e146fd968644d345_0

Filesize
6KB

MD5
06cb912991a96a976f9408e51e15d319

SHA1
b56d806aa69c9c9886c42ee2eb1986c21691564f

SHA256
4ab821c19af39692296ffe2c0f43ee8f949375608a40b457eee55a0db677abfe

SHA512
63dbc91bea78d02963d0a0bb23da83be5f79f84104e701fbe67a81ef8b1c8433ed6248762bedd0ec5fe0258ed8dfa6c1f237a3f8f6ac9baeb05891347bdaa058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\edde2aa1d5e04fa4_0

Filesize
200KB

MD5
9941d0b52a14b1394ab6488ffc7c660a

SHA1
b3ef9184ea754dbf564bb79c90ad5c54d86583d3

SHA256
3798dec640f0271424dfffa2942de74bc4a2156cb11bdd87072fbf685376aa1b

SHA512
ff5a1beb4ba063126c690e76db3e07fc24a86fe2ab23894aab260d2d29f24f3be4795a9a6f54f30405de4951c1b625fe38b6cf9055de499fbef32b3d8f575a9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
91d65367ddf46fd8cbdd4e65b543c419

SHA1
0a519621b6950ef28e06c512e871762b612fcaca

SHA256
33451a4871436d7d2cbfb9739e397f7beb3044e96608bd2a5ad51a988f47b57f

SHA512
7c0aad68f96c5758e16eae8cd2d583887c2fca92dcc5647ad6158f225b61f7027787703810a73571df92107ef0e9ff159c594538dca3f91a1d1dd4bcfb7129b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
5e5d6b8cf1fd389cf6c7c42871f54b53

SHA1
38cb2258948449e8f17f25bded9466cc3ff9d0e5

SHA256
7b0194e2de8513d3dc22640ca11a3da5d23a9fca553df63682b2779a646bc190

SHA512
7f7979e3743d1e19e2444c992c6a003a0018413b8ca2a4bb4cf1d2514fc7d5cba66cef3450db802d78518bd0f359f53cc19daa09ea33a1f4051ff7769af2747e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
6068801ca8e31194ffc9e5ea1b6582ff

SHA1
34984840e50919645a9aff21d67efcd42f642181

SHA256
b41df2661aedcff2b0216254338dfd78aed8d3285aa7a5a9446393a84b4e7a3c

SHA512
1def13acb2f279a303fa5efb9300018ba3ce17a6dfbac3bb12f4521f441b34cb603cd05d8951d8a1a7fbdb3824071af629bcf975020e88f579bf468498b12897

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
53ceca405674b40031fca95b0458cae0

SHA1
5c7f944ae1faaab680630a8dd8b7d9076fdd9dff

SHA256
ec45783dce5bd9472da35ee21e824b428f74feeefb22305f32e37b8a43ba5243

SHA512
b89cb8d28e255133abbadd0635aec89240ac32449436b53d6c0d22af97a6751305c4f4354df46cb88e9721ecb8c0dd098a9d004be21ff84b4f963bc9384994de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
050a37ddfaeea28e92a1f46c7d9822cf

SHA1
8bca1b10c1e2b4480e2b83fbda4628d70f091a92

SHA256
a261d1169d9a645be0914a80ad2441d625e97d44d9a5561fb680ea6448e2a12e

SHA512
918a0bc75734db0a1f068363f97798779f0b382d58d8457994e912b00a66a6dd0e96e126dfe8267e64a88a59697128320dff25fcebbae88720a632fb7a4a7c61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
d158b3340911013c6052f40d2f3add66

SHA1
841aecf9ddd4c4158d55952d43bc6cbc598a0542

SHA256
42bfed1a27d8f3c44e8f8f7e5f947305781ed757a0a7fd940adef5930eccdd87

SHA512
0d3eb1bd9e7da0e2f63abd3273b8399f990efb7e46799d1a9ef6da7a19dddcd49a6c2edc94ba041e47c8d58b9de9ba4cc9fa1970c86c505d98703dc444467e5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
040a11f220c1f39f56595ba2ffd3ed15

SHA1
6d8071c7f1548558c65943fc2c09079eaae4426c

SHA256
499c59ffad94e24f8b6a6e9c304c2623595202cb65996187432511781c475dcc

SHA512
670ec01e77fc5ef8f7fe277266854ce6feefd55c8fa279735cea989d42997268e53f2ff689f1b15b51da8561cf37a1923e583699270a5ff70c722d2e44c5a984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
807B

MD5
5fc91412903f6b6e5d58d22ec95e16ad

SHA1
e64d6754b17ec7cf3e006ccc60c736398204b395

SHA256
7b4aeb8052e68bd50685664cb32803b765b475ecbbadb8e4a6bb37718f2ae8e5

SHA512
50cb7f681d6d156d994c3b64bf117a70512340e174e2135271847c4583cece850ecf6cc42d41ded0a75b4cef14d39d14de3e13798ac088b2f4948dc4bb754513

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c46110a637d7a50314d83eed978bd174

SHA1
548fa873aba9ab78a796b6266d92d6c98fda8f09

SHA256
735da4060b17b3eac79020de66a56cbb07f05dc89e06d060ef815ef2c71e373c

SHA512
732a23f0598a32491539d0c667f43d1125df7b14146fc40ff892ef19395158638aee3221de4cba36680d9c80fd08cf3d2a8d074d1741ce77133e99afc9dba7ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bb5d4a78e8e96f991b4cdcbce423abc4

SHA1
dfeb36778d95b51211d8d31ae2444fc1e938d959

SHA256
df91b64ef4b9f4813ad6549f54461993166f2514989649d87472cada083b9985

SHA512
3c2dda204257a62912b24a9d5e058c9968baf174fe1cfb941fc2d85c0ee7797356f2dc3519226c70d586063e0f7eb5214f6816f54e94067bd336fbd9d5fd92d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
34d0cba53bae27fcf308522e8f2c313d

SHA1
28dccb0008f6b54da01f5b15e4792b90ad3d5af7

SHA256
e7398ee3ec417fb89ba4d039d66862673215ed706022b1f0afe224399c6ae4e9

SHA512
861d9b40a64d4e6229604f7e89707d66b59538fb14b240b824e0b3a81a7b06f8711b377bd1235cd07a1a818a72035836d0744d3b1fc7ed8fedc48f1a1eb3a170

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6766be4b8c1099e0e069f7bac8b183c9

SHA1
0ba8469a5a94b4995d1d5a9d7bd95d3011e9fb8c

SHA256
81dc0125a6ec80f2f29303692b6e90a6834bbc1b4387a9fb1e900a0e1e57296c

SHA512
e7ce10e5908a6373280458aa4e7b08228b02980ce1f77164853cb2c11ac4cf716f53eb786c96fcb3a06a63281ff11b1f49d279f2899519bda1ad264eabb7858d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
55f5353644bb241b64a328fe5971509f

SHA1
82086dd19ed3747e77893bbd8214a3e021055621

SHA256
aa71db2cc24b51c17d2a9966c8a08e4b1397344e2f328679ed8871cdcb88491a

SHA512
748d14d840f281a3739491a55c78a85ecb61a9dc1a73adb9ed23a968d74e8d0ce3f09619eca14b234617295df241236f2e1cd2522a8319d882fa6654194a104c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
640ce472b08e2143735a2d66a584b175

SHA1
7d668a2678c3a0a8cb8784258ad29026fcca45e6

SHA256
d7fe0752f86dc54f2c2c8b243f5e8910263fef5652e92ad005167ca1d41aa482

SHA512
17379bd5ac81514597e57b15a97ac5408576186b03a014dd660f3b7093e46879b4cf163fa60fdead0d80d9fe56a9739fb1b565874feccda339a858609cafbbe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
56ff23a4400df8eba2f0a14ed30aff3d

SHA1
799269e34126e684ff73dab092168835d1974c23

SHA256
96c7fd6065e28f0c5045dcf221998e904aa697744a4c01fe6a42a3a209339d7d

SHA512
bf2356d9a46c30d896350387a8e20482fe5bb3c30b498121da12904d86e4526d326123c982fb03ae678d2c24d47c54026ec421c337d62dc57294d0a99490bee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
49d5bc1be12aeafed8bb1388de35be8b

SHA1
fbaa2cc86482b025b294252f9db667447eae07e6

SHA256
32934567b0e96ae32412bfad854c461ad1908c8ad1cfe2b9f1bef10cd91a5edc

SHA512
f139053de112a02297d666fa61a6c8dd8a25661fcf006539455a2a5c5937c1ec0fee1b380432d5b3048059de9cf477fba2541655f6cddd980f33db180f4c8395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ea477d982036bb7608880031cc7e6655

SHA1
e266769ecb09c3956a3245e3407251ad9c6b9b97

SHA256
fd3d61f51545eee55336b9f17bf865e57087afdaa201b7f0049ab64d6257254a

SHA512
f180107d2ed7c919e0a762afdfdfd2f1c65c99f36c06353a816d49bef0b9d9cdedb81d847984004b92fae85931999b95013aedb06da43fb0730c7d4fbdd65592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c04f85eb2597fc19225cf45b8cd927c2

SHA1
2eb569def2aaff1d00b4aa8159985a4c5c14cb7a

SHA256
78ca3b3998fd71d6658c94982a39b3fe8419ec4e3541211143a1560db25c37e6

SHA512
f20a17f4d1be97659c5ae58021dc9b6df2305d47e7b1f772089ea09fe453c1a8b158d5787f95f48047ce6989e2d2049b07465c8590d3fac7818b6d3ad4c11c77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f54444fc238a7d9a723f6c08989350be

SHA1
87c1e47e964b09ff2356411b6bb32ce699034af7

SHA256
e7d906c75182dc5f89b33111d129860f08596035db22c3826027ec9a07a2214a

SHA512
db1e8e98a5671667a260ceaa3e7486c05740e43dafe9cb8cd857d4a4dd0457df83175c35ebf26de918b60409465f5cbd4eaa9d2c74481e4e1e6a1c4f1ce98dc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3f78e4e03a97247aac9e6c18210d8e38

SHA1
a0db1da6d3d7766347c9aec81b0ab7086aec0778

SHA256
7d060a549ff2980458c9e5532e420a33f2a31bcf58c6f4d60982a9e784f0702f

SHA512
43cf410a7c9ed9f8dc4622fb4cb13a8b0e698c6b436444ce694aa05c5e1019dcfafcde0bdfe617c1be4d47525a68cfa0f6645518f41f4e5e2cbf44972702cd51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
84273e0c36f18832b09ef5e4e2e9a144

SHA1
1cadbeba4aeea1294738d5f2d4b56c5609a877d2

SHA256
0ee2c955d3518e092d9ed49714d300fb5b02fe5276325d18775f4d93b67e80b7

SHA512
58552868f9601f49a50d905fa929723c996479702ce15470860149d672ae37f4ef4fed3ee47f03bd1886991086856d421a4341cbb2f5135b8c63aa05ddd0342a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d881ea858425eece2a6e2d695a169f98

SHA1
cea592f2268a2786eb9247e780200349a9eff62f

SHA256
b86a20a38bdb1313d38f288ba4ebdbd0db0b41214fccab816c548b2c89a54610

SHA512
cbb504bd08cadd7d0ad1a2e724938925f27ba81287f6afd18cd02b726461ab885a6b4ba698492fda30aab645e5528728a1c878fe94d60eaf18ee2f775eda2d91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6bf11c89aa978eb4afd8333ea419886a

SHA1
c97d2a4665b0ef0da1cd4c4c241b6e2764a07950

SHA256
a24274e6c79cdb9f2bb27ddf6d5869e0deba7c72e73a8b0a8b1b560348ae8a5c

SHA512
230254858cfed809dc5e885538f7ecfd27ae50a51bad4bbe3dae19ffe57eab3738cd374cdae70c66f2a5144283b84a7e92190cc5ab03ad0690aba1aca4d2c1d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2075ae0f-95b3-4b18-8320-b6d614545268\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c032817a-9764-4b09-a8c7-6deedbeefb19\index-dir\the-real-index

Filesize
2KB

MD5
c0eb55a4f45aee91725e3be653609289

SHA1
510568487c37c811f26f6ff31975d7857d9d2782

SHA256
976498b1389a53b7566bb01578b0b34a6895fe0f2e97695d04a9d6d1cf5b4967

SHA512
315c8b8c76b41412b9e6e70c4c5509f19a41689d7fdfe63f7fc7299880b40758b9c03f703e37ca02686fe6b331a3c49703647b76a87ddb76c8c7a49c02f65a4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c032817a-9764-4b09-a8c7-6deedbeefb19\index-dir\the-real-index

Filesize
2KB

MD5
a253fa9537edfa51957df5dd979bbb33

SHA1
b1c6ca4019c7c3d40ae33a8af43374c6ea788574

SHA256
b6a50c3bc109623f0c362110bd59d14c51f50bbbe925ff290a813b52db75026d

SHA512
bba92ce4104d420ee0713a4b36b48f6af0166549fdc5bda058705c5afb2aa233d326e779196290510e57f64ae693789be8b75f2fa3b3e9c5b28089484b9f863d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c032817a-9764-4b09-a8c7-6deedbeefb19\index-dir\the-real-index~RFe636ac5.TMP

Filesize
48B

MD5
9c32dc2db0e79a2160fb08d2dcd6afbf

SHA1
ed77e466168e6b0276098ce8072f2bbfd01f82fe

SHA256
e22f458c45cd710e8824bf4adf1f30419764a880f24a8b9d5d677b117c6108c7

SHA512
a10ae41984c46cb0496fa3ef4aee2cd1c7977c8f20bf53e676d86e28ee5f102159d7f743ed325b3f2a4907adcc75b3588450cbd5234b49cb950ca18e26dd6a66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
dedb6bbcc6f2ccf70d3d17f184039fdb

SHA1
17218caa5525af4378a83b05709469494b0ffe05

SHA256
f1f8f12f232119a42f8e2042f0e9ac39944a932ecd5ddc573c48241cfd826406

SHA512
c8db4fd5f84331c8bd4375a0ca6a3bc42a2f47f8283ed589d62ebbf2de24455d87cb8b1881212b158b61ac0e2c167ee32faa897b32378803286485d409fb386a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
fda2282fbc57930e42612b8cd2ab3b7d

SHA1
aeb28110af38b0fc4e6d8973cec4daa96c17fc58

SHA256
a0fd96bfc5a9078650163d78c331248ce6234b97720f0a42d681664924b5f0dd

SHA512
0bef2e4e2514ce0944f8160945449079052f1a9244f18d84497b1650c1960f63cccd211bd31b29ed11992b28d575c53d6ae0552bcbf5a5df30e0b5dcb81f473c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
6cc60d586471cf59f89e33d84ccce34c

SHA1
d117b67573ecff442202feccc743ad7011caa900

SHA256
0acdff65ca6de2ad96ef75330480a1ab1e85eea377ad3fa8d4525b867f330c65

SHA512
b14d61878e11269fa74f75dec79a480fb17d2db604f99ae0d0e8a26ccc85a04f5ead0f47122ca30e37cf68cc2c07fdf5600df90e603fca91ddd1cabf10316599

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
baf3799903d302b26b03a5e2e43acbdd

SHA1
639e0de4795f4e62ae394a9fde9406337a74c963

SHA256
01375ea1a53041de9e553a73810c7a35ebd680ce3f6faffa6921a7d4d596341e

SHA512
a0dac4643af0a820b751abdbd362dfed6f02103b9d2fe89829975cb63f79103b29cae8cbce029fc5d1f26e65a11745c45289579db6a84e694b559f6012ca6786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
d0d105b7d70a5e1ccf96c43a455bfc40

SHA1
6b16918c192d0e420f47998c6dd1c61e4fcc321b

SHA256
62cd49629474272011952337f1be786cb6f1e81872353d13d8cdb8ec14ab1584

SHA512
dc0338c344cbf09d9c25739330ebd5d8e73c9593a62e6734c0fe5311cff129792aa7f0d1f95470c52cae8e7d3adb6645ed1e751e83d7acaf13e3b055de1d5b6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe63457b.TMP

Filesize
89B

MD5
309b5388a5ae9aa363f2589ed2c9b2e1

SHA1
031872b8668e93c46cc7e556c6c9e819a727a3fa

SHA256
11ea0a0e4caf91f8beb616fc4f61e3bd872cbd17ed2cfdaa5ecb45a20bd345f1

SHA512
c29e4edc9b02c91e495206fbcee354921fe5b3a7c8d034c46a86f11e3640ac68ac97acf06f3bc9c3388522e3334050b9d657372162636a12d38632ac1017121d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
6418eeab2fcbf767a976932c384c601d

SHA1
c0ee7693c5eadd0fc21bc83b8ea94786c33bbcbb

SHA256
a9e124538eb85d2b02f04f12345e003de5f87df2e752c4f5db62c8e986a23e7d

SHA512
07049f6c903a9477bbf48c09b490ceb5cef3c6eb753b211b329245c10c6f16167e41830d733e1d7ec9feb217c5d777b9b742dab56756b9807f516c4e325f0a16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a72ed1d54f18a8e752fd7fa396bc76a9

SHA1
c18f4f5919d452018dfe390c28f8b29f5533e64d

SHA256
d63f8dc90b71bce1bf48dcfb6c585889a1129c37ddad00f639c8dd41586e77d6

SHA512
d4dd2a957b8204e5cab225794a0cc0bd7c76d367e6bc11b550df53985635ee74bdc06b53704079e7cda679424f61a9acabbbc9c513f0198c23ad7e92d2255565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe63959e.TMP

Filesize
48B

MD5
3af1912f2d93bff30c70b4c591aa9b10

SHA1
4a5aa9a164bcb0696fd63514e5c268bf8843acd6

SHA256
4db0b4d488ed51c016425ff91869a8f7d835b74557a6dd73aa058f82c7b78eb5

SHA512
4ec58837ec2f30c37f803f5c26d20532da15eff4a587b68538b357d920bf6681fd3237546676671798a5e70e47062b075e538c36a4df9989232c6bb847e3706b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0a11ee3f820840bc80dc20c2c6b77d2e

SHA1
0c540527af4f9efc1bd2b1facb6d3bba1561341a

SHA256
fe3c052dcf1e499ad8b1c7af1e26e35dbcb8f990b2fc762007f85c6b04aea27e

SHA512
d88164620a0678747b4fa5baa9361ca846f697e35bd7bb2db985c6d0c318d32e8fbfbc2abaff3f949544c19aa68704534eb535cfc31af8222e091b00591b7223

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3f83bbeeb5df90f10a22b9546c872781

SHA1
e0d57b98a2700fc0ad924d0bab7fa51ae31071bf

SHA256
d988431436af1aacb9ae39427be5fe4eda40d7c0ee63bf0ea15edc943e794cad

SHA512
72e3d7f6a269afd23842f84aea3604f005a9343da38f2944ded9706c4a68063eccbd9d27b88c672edaaf25d1c53b7d1fa71b1278c18bfd8663629766db39d1ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0ed97c06b0ab383c52f8cca18155fd75

SHA1
64c6f6f0a94bcb80fbec284223d6aa19d5d4c71e

SHA256
3e29cd14f2cc1723cd321d3428cd18f44ee08c3b49a78e14ac853ff03e373e5c

SHA512
f2f8d7cbfde4479197df8a3c91dd199b88999dd21cd19198d4709853850ba0d977b351885cddced6e641666f269107729ba2bc960ea0d0d1ec93bc094af9d9a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
75b8ed016948f7ac82f27eb78551ee45

SHA1
f5f56e2ad563543b10627a4698b0e9c1b4f6d6c1

SHA256
68f8675b51b7a1c59b134412e7b14acb4cba443b1a3a852b9d1aac982f91364f

SHA512
e755553456961922e25d85a577ff77543287f8531167709203fef9563d547530817d646b803b83b2fa17f169aeaf54c86a4271520c9fe7f02078799c31ca0d8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3d95279c381ecaa6f3a489ac66fd953b

SHA1
491313bbd47b30390d00c6391ad654052885586b

SHA256
88d82d9c12427613496837b0af9572c1a00c4c95cb48c8643f7da86c37bd60d9

SHA512
f345518c9ec8bf65991e1e6e6ef03b0caa0b14734a5d31921589f15acc627df311d9dcfe18365a50df1841099f0c1f10d0811ca9fc49b3d64ea757b88f7acedb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a185ce65f160a7a7c7825c042fdfb3ae

SHA1
0b692de9722351a5faea887b4d18893089e017f6

SHA256
c9b3308561642e4e6d227f0706d2ac64942b7b2ae5fc829301a23e32b004a0de

SHA512
a925256e71dc6ef2141f0590fb9b316732df3c319b7ea6110f06c8eef952f636497b70780135e53204cbb0cecc3b1fe23c12efd7241ee979d96042f23c7dd48c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3157696af6a36a7dbcba96c696a6d5a5

SHA1
5cb7a773a05b302a378ccc1b894c74b71588b692

SHA256
42df948182e172a8645b41b5adaacc913a5ec1a9456fd0934342802d69aa2079

SHA512
fcb5dceb1cd3cf181d1239f3042fb05db2b74f6245886e227810ea114ff1f85f13d7e8f2e81d8785e2aae5741e8718aa471ca5030e6569772fdac4fe6def7fd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2747922dbcea4d872a48be8a2d214462

SHA1
5c4b5fdc4612ea029d1a44b4c5b7da27bc674695

SHA256
eda576102ed2f84bee5f45432aaca1874fc482f8a3a6f0f76ed508eae0a078cb

SHA512
7e4750a8e5ba6e6715a8482dca941d2c6f6c1c8fe1414ac0428424b8243e630d04d27189bd866fae07e44f97d9eb427fd84afeda3b9ca346c659de6f2385d6ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
37ae36d9c66a6e3d65358af78e4cd31e

SHA1
62160a8e57af303c06d00a34fee8fd95fb9476b8

SHA256
374ff44dcd91a7be390ad930546de42573d3704610241d7600c96d71fad49ede

SHA512
e855d65d9834b65df54f1b94e3f96fa1951e5a5c307f75d186ea08f5a5d4272efbf0f4c6f7a9b80e62c849d7bee8795976b7e4ee2b64e9feddb841bceb03ac25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e947bdc00f90a8eb2c376b8f5d6608c3

SHA1
518897d7315aff8857718ae134dde12911537c6f

SHA256
944b41484e8acb731a24d8ba2c60c22620032efa0b177a1b30c90411832302f7

SHA512
3e4f13960d95b7f7bef19ac01420e48a9cd4870dd61bdd943899cbac5f34228357e5b8c073e5dc0b3d1410f1e2f013c2266dd2d01874509da24a82e0fe83eb38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
70f251d0526dd104a5dd0118bf017ded

SHA1
afadeb59a495a8794feb0d54be3f5d765ad57da4

SHA256
7fcf47cbeac13837ab8a8c5a47191d0257a540f7c67509389e9b0a90fa0cf4e7

SHA512
0b9e69eec512b7070b6fdbf321d81e8371cccaa4f5d0a2f77181abc4a6a333f906d5e09b7d3029ffcadb3746e356dac753ee92ca8ac250777368cebbb46ae127

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a554824b4d4556850aae8cb59affad72

SHA1
630a478c04f99fdb5859b97bb4bca2b4f204dde1

SHA256
3bdfc827fbec09e4562e903571197332a3c4304ee7b0aa91931c8afb8852da53

SHA512
6372bef790c1b3c8ef8be3149a453d4db9680b0ded4bce6b89c0ff22fab5c09e88a42203176f58b70ce0f3b4470edc36a3f4c9f8d25c4c0dfa3dc2e893a49f83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
2e7294b81c764b8d5787925b8f90da13

SHA1
4206896ae8283ebaf79512550415722e510f193a

SHA256
5db1f1721db7ea6170d7ea9279ae03d4f7c307d1c93c91a4682a7889016049b6

SHA512
29ee71e377a26f117684d6cce3bbe7361100f2f18595312787c6adf279809121f7271a1feb068945675752d8deaad94be43e8808393c8c7087f6bd53cc120e40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
be7e3baa4625666579c910b45f6187cf

SHA1
cbf6abf0385f87c52d3d878dd921ff48bac4b20a

SHA256
09c3a8961e5690fe36cafa21a838f2e7c5e8e6732b5211b9916e89142b2b224b

SHA512
9a1dd8842eca411229edad84d8985972c04882d2421e9588a7be2d1950b89a7a3fc4501003bb2b716782d5b1544a8d12f7d9626238dc569be82cf5ae79855af7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5ecf83.TMP

Filesize
874B

MD5
289bf9ab4ceabf2fae597fb783855cef

SHA1
501c5008840350ead7efa0408a986d7bd782147f

SHA256
971d62a481885d48b2da49257d8654d1ced970094a795d02a5e5a97b13393a79

SHA512
72b885724df5ccc489d66eaf0bc04d3b5bd3b2d0f79b4b4b999278c1dcf057dd952b70c398b813b3e22ee45fb7002a3187c250c5c5c56e751903844386d90b67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cc32765134770960ebc5871f1d50528b

SHA1
676a4e253d413b22c4332b70a6c46b68d5c72aa1

SHA256
52d3b35e5037612ac6bc0bd064af8bfcb1b008e7b8de1e455e5a444dd10626d8

SHA512
adde3d51438667b56471342b86ec6d24c35c25500e37cc62800d33a3ebd015754aa513e310c479bbab377c01693ded62d5f778cb65208e9ac9e2287451692e96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b81e8302a7d4cda63e34d65fc0eddfb2

SHA1
097ee428b131b6f5e2c13e342b6f96f526ab80c4

SHA256
849a3646068b54777f2a06f9949e988a0791129ef79550a611797c5527200a3e

SHA512
79657722a571e6afbef532b41765b9277dce4fdc053ecf7a61a3ab37304012cf4de2dbf45f0ddd6acd445ce84942dd64fc6ed998c26fc5b91e7b1688aee15dd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
63b0976118075b5bdb0c734743e9070f

SHA1
99ad41c0ca3d9680c707c09cc32a6ae8e645e35b

SHA256
43c8c7063f9423fdb9d65452143af683c330e10f0311a54fa22bdb2bf7c66200

SHA512
8cadb499e67100ec5233a59f12f4ded3d4c26eaf8a7988133516f108e1b08a987f0b6ac3d424ea2c5cff9c3277e30ae1c2a05e29752ecf902f7de403833ccb1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
20cb8e8f1876971ea67351aacfd176bb

SHA1
523cf16caea8e4ade7ba2569df839f05ada5e1d8

SHA256
596907bbe5416b715c7471d79d40972cfce6b4d0ca6b52652aea76262dc94918

SHA512
cdb7109ef197ef7f1bdfc64a5c808fbd36fc69aa99b741095ac4212c1895cc8da36cb47a162682be8bccfbca497bf2d0e90c578ff73cb43482b61879d60ff2b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
59fa30b0e67efd73bffdbcb1a859e9ff

SHA1
9a7001ca6dd5aa0b55fc8fd0246dbfd8332551ad

SHA256
7851c49c6b8f5fec62cb3b8cd2fe4a13ecbba0fbd98c165127731f97d3d164e5

SHA512
a8ebdceef510dd60525d1755c6dddb7f1a0b4dd3a153319c5dd42e34d1ebb59d013a592ef50790d301f68fde626e20246a4013832be9921372a0b3ba51d24b10

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\1df5ec5e-4068-4f70-a57b-5af5ab9cb7f6.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
11KB

MD5
573e55a4cfd1a9bc94339ef8a9143d60

SHA1
b9b43bef4fa04f2b602ec7d47c0651e088e99356

SHA256
2c885154a649a6ab1475153bce5ec356414c4f4edc21d27101b18b0f7f2e0ce3

SHA512
f18bb1ebfe1665ec509fe4db4ca9c6e4f700189d0a4850e0b90a8d6cd32cefc2fee5d8bc441f7ced46013d442e9e8f62dcf34dfe8977578b7ebfa83a27840eea

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
11KB

MD5
70b5a792480885d15b0f97218362fbd0

SHA1
7e8d53e1cebcf8c746a726009c468961c3d32b85

SHA256
1aa77e1c049902101748011a5168934224afa250356ce93252e341dca29acde0

SHA512
8d20b7547cb04dde76e48bc3e1d3cf10f382359540f95cc1f5e30f5ca494f8653a9941af52f75d629d446f336244f1591672d3d84375bbcbd740e85bd1dded4a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000a

Filesize
215KB

MD5
eacecba98e67f8f56955f04607fdf075

SHA1
20c99a5040d911c6f6c050f90115b0a142d581e7

SHA256
d6f1945b10d768831770bb1459cc5b11e247c5b5a757190a41a4edc51d34269c

SHA512
2b6a0c2bf5017a6b06d6cc67e49ed1280864cbde7b202d4314a18b4fd237202cd08234de07c895d7ff2574473288d00a25048143df2459bf1cb85c6b5360cbad

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a477b6458a0a54b2a92580a758d6756a

SHA1
ab5966690c8c4960e63ab67ae54625d832fa63d2

SHA256
433582fc4a20d85218d3361ed822a9e35c539f3312db79c90f456509ae5e6a47

SHA512
a088766cf978d3106563cd40ec673e1b0daa417b0c958208ca46b20f816e8a46baa3d1ef5c40dff5f5edd9bbb735ae413a9edb61277bc4ce8e041eed511b18ea

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
870865801bf118fd1bed7c795f942261

SHA1
7390443b9b4a7fc72ada23159cce390e80f11961

SHA256
3f126040b7be4d6e9598264ca17e998f1f277a2f3fdde0145caa0a1b57360529

SHA512
66bc1bb212c5b7ea06cc502783ee1521eb70e79042f750d1819ea3d5b7457e1154b441ef74b2cabfcf580453fab97554af42aba830bbbc9115e1bd1cc3827b20

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
53d7d086324474a3c6f9e30342e7fdab

SHA1
c21333e259217f224650fb9ba338ee2964b7131e

SHA256
d4f092cfa1739d22de28592d5b3c1ec5a412a9d77ef8e7d44cdcc74407cfcfce

SHA512
5b2cd2cce1b0264340873d50393476dd4f272d115b8b4d25820c921ceaf8409afc5c0853ea72f640a1f4f50941716740b6809748acdd5c0233cb5955319866e7

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe63cea0.TMP

Filesize
48B

MD5
0fc676330c1e967840ea2c777406f0c2

SHA1
a573add096113e72557b7f8310b2e350c43dfa36

SHA256
11a5e3dcf8dd6b2ce5a180446d636f512ae7a5673c6f1f98d99f8bdf4d6a0d51

SHA512
7a221661d913ef335c3acbf30436dcc3697264ed47869ab1753af9e104c7c378722a8255828bc788c9f4048c2fd90f3d28d33667d672c8c1e2062054209ebc00

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
710B

MD5
aecab0188a0679c101b94df59455a7e8

SHA1
16eb265fd5989b41cf4f78dbf199ea65b0899935

SHA256
799b8897325948cf98802f7418cf15a8c6305e84746fd7c1d024ee08a7d0128f

SHA512
733f7b53d87cbeb292a8d6db664bf40ae17b3d6792cb5d324393d22bfac22935e5a5a4903a901df571a93791776feba8bc75741b66abdf9e9fb25ee9cfb05dd6

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
822B

MD5
31b84a9161a9e5019d56fbfd242de1ec

SHA1
8a452911652b3e3e2b74fbfa5b88aa6d705994b2

SHA256
afc5eb5958bc9155ae06a83850b488445bfb82e6706e9e58f38b7238207c3011

SHA512
e9c44403132fb9aceb015388d43c2ce78948d79de573a2720e9a911835442b1c49fba2c40752442051785bc8d0e42e3359ff262c8d5612884d9473740c9dfcf5

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
822B

MD5
e371275ebd5aa0d39131f2f29b292c8b

SHA1
c5715037154556663d111436db6445a1ac98fb32

SHA256
71aea72bdac75988dc4914864fd0919d4fbbde31f0c6d9142b0415ed27caaf91

SHA512
1134631ed37ce512dab2f4b837f4bcff63b4f921307a3e32683f1ae5540eec4ba8f3982ebff6f071436c0401e2b755f629ad9ece67629635a18b67f6c34fd594

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe648bd5.TMP

Filesize
529B

MD5
a263915606e44171cba120a99d4d3a2a

SHA1
365bc206e351fde4b7997ef42025370790f53ba5

SHA256
76ed0327e669c99ee54d73970c943b15162e40737d5a9e095e4495bb8663795f

SHA512
507b637165dfa756e9bfe25ff1bed4b4f80c729774270043b832206403616739e33b1f4b9c570a25661411398a5119253e45c7e9bfcc763e40d17e1a748e00f6

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\8bae23ba-55f1-44ec-864f-0f3b8d716483.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
300B

MD5
3e88ee94ede064ececf2dac6554d089c

SHA1
4175c95452f6925bed83ca3d9ebfbb3432db1bc2

SHA256
6bb9f45fa31f40f2b9519e9c4440ee2f61818d5bd709a7fbaa27b128badcd2d7

SHA512
a351f42f58559b2c46f908eb964ee0b42c9aa5835a535355fe61364a0f6290419621a40f331dfe5a2c4c4ceb0004837873d3a832f2d1b87afbd901affb91b77c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
f66561236cc846311d0fc775d8090f70

SHA1
2cffa23554384d02a9280567f7682642325f3ec2

SHA256
576c56758e9bc9d0385257377eef108c5ea45ccc3b0d4b143178b9511b9ec499

SHA512
f36ae5d2b589a6a409ffec45947091fc893e226b1a64d25a0b98661188bcf9ec2e07012e36f4da3bcb4494502b92cd7028068773125836a01323aea3e9f64417

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
6902a7734503cb3a83959e0c4134595e

SHA1
cdc2733fe3eff31203b133cff5be4b880c0c006e

SHA256
57546d2c8722ca8ab7e55b381f6c0a98d8a8fd53dde06243cbd546e9eb2a4e90

SHA512
84f14ddb5e0fd70c61d6613b33d0b16a1ad39174821eafe84a011d80d15d78dec37c55643105e93ec382689b9b3fe6384a66ff820a60d4120d81077f689fd7c5

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
589B

MD5
7c5df9b617a4efe048c588bde0824d83

SHA1
4f847a7f351454e1731ed4692825cdcfb967d4f9

SHA256
1bdef1337d57d47ef001eeb18700ac6c6aad8d96c28530a4cca31417219aa0e7

SHA512
a1be15cbb716f8437a55419396623d065a57a7138d23944d4596968eb9cdb8b95ad4647dd42dcf3588fed3f0b2d227b59a50c190e2063df6edb3fd07a41d57ce

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe649f9c.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
355B

MD5
3b23a33f5515fb8ab5f966802af74820

SHA1
b8c013b30da10ea170853d97d06d57668a14c2f3

SHA256
3a5c692fb25a52be88fcc0cb99be363a9946827955ea5d5841c82f11f4dbfa88

SHA512
ab9fa2aa5ec12812afb48a754de1981e93d15d778ac8996cf16af90534087e491c15a7dc90b435889e8b7e45294f3dd0685080d4ef4a3f790466ea63aa5e44c7

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
355B

MD5
06d76362569da44002cbc9bc39af517b

SHA1
baee9cc0ef26d02c5f8f4e0862324aa7ea3718ec

SHA256
229c3acc0b06f13ffe19bfa1c094a7af63fad1727eff5863075ffd1b642c334a

SHA512
7f31d31cdc511cf176ad3d6a2f7bd306d8e0cbe19ba36be7a18e0a5996fe1e0d886544e41903ff6fdeb4ae9b29d702fe5c1f158536bb4dfed8debfa98ad048bb

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
188B

MD5
0dfbac30d726c523c543b58b8e457325

SHA1
f6d93dc0a3200f1ee755e9569899e8c28c1f7366

SHA256
39534aafd2d5edb0f1de337b3c5a1b4dbde01bb6240db4bcd7d6a65e2b106e3e

SHA512
16b0b17fd8fa6b9304bf9b645086676d0b8506e44f40b3abb26c31660a8c3961468a3f6e292c0abe977f33d74d40a3e0a7184a3e438de50aeb6d43ad946fca12

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
188B

MD5
45be3f80cc63f6550e115ed191360816

SHA1
9d442495cd30b915842ba174ad14ee7da78eea7a

SHA256
9f352eeebe188d148eef6d47047af79a5d9f8a7c60da13d050a7adeadc2424f0

SHA512
1e13b1eeae63097a483b1e6ab62d20acf20e03ac7e0505256eda9cfe4f6bce6c6c7845f64f8efd4d51564b9a803b9d3f50abc7067da845cbf67d53b49d0bbd65

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

Filesize
2KB

MD5
602c49f9246967bdcff45b4f43cf2fb0

SHA1
4c5796e0c724bbd7a9244cc8a0fc9e8f40181f2d

SHA256
a3ad9649c1038078038be1abd591cdba73b4b4f5cf30e11bb6cb7a432b746114

SHA512
2f273c0dd0127071f4c768cfe7277c6efff84c1ef4f4271c1326db3658c84261794b106af3198717f349fbaaaf276163700bbb50ae20fe52ed0a88a192d46f77

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz1BEF.tmp\StdUtils.dll

Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz1BEF.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz1BEF.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz1BEF.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz1BEF.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz1BEF.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier

Filesize
71B

MD5
75893359e269074f05562f12c3e0d376

SHA1
e5d7ed64495dada6a0b41742692352087a74a951

SHA256
435d3ec89839125cf974c8e1a15fe188acaa1e76239758145cf74a726680421c

SHA512
13e5220d5f8eaf32f30bf78c75665c0548774edf6a5a56086721586fa2ba5513a7eb0c151e6ca18dd61830952c1a38e25ca37c6c71136b29b9dbb190ad1d479d

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 377645.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3576_910165485\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3576_910165485\manifest.json

Filesize
1001B

MD5
2ff237adbc218a4934a8b361bcd3428e

SHA1
efad279269d9372dcf9c65b8527792e2e9e6ca7d

SHA256
25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827

SHA512
bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542

Download Submit
memory/1448-13483-0x0000000000820000-0x0000000000CD2000-memory.dmp

Filesize
4.7MB

Download
memory/3576-13825-0x000001F123080000-0x000001F12319E000-memory.dmp

Filesize
1.1MB

Download
memory/4548-14123-0x00000172200C0000-0x0000017220163000-memory.dmp

Filesize
652KB

Download
memory/4952-13842-0x0000022355CB0000-0x0000022355DCE000-memory.dmp

Filesize
1.1MB

Download
memory/5012-13983-0x000001DBF34D0000-0x000001DBF3573000-memory.dmp

Filesize
652KB

Download
memory/5012-14065-0x000001DBF34D0000-0x000001DBF3573000-memory.dmp

Filesize
652KB

Download
memory/5012-13844-0x000001DBF34D0000-0x000001DBF3573000-memory.dmp

Filesize
652KB

Download
memory/5136-13826-0x00000249E5570000-0x00000249E568E000-memory.dmp

Filesize
1.1MB

Download
memory/5172-13937-0x000000006ED60000-0x00000000700A1000-memory.dmp

Filesize
19.3MB

Download
memory/5172-13876-0x000000006ED60000-0x00000000700A1000-memory.dmp

Filesize
19.3MB

Download
memory/5172-13974-0x000000006ED60000-0x00000000700A1000-memory.dmp

Filesize
19.3MB

Download
memory/5172-13824-0x000000006ED60000-0x00000000700A1000-memory.dmp

Filesize
19.3MB

Download
memory/5172-14004-0x000000006ED60000-0x00000000700A1000-memory.dmp

Filesize
19.3MB

Download
memory/5172-14043-0x000000006ED60000-0x00000000700A1000-memory.dmp

Filesize
19.3MB

Download
memory/5172-14051-0x000000006ED60000-0x00000000700A1000-memory.dmp

Filesize
19.3MB

Download
memory/5172-14173-0x000000006ED60000-0x00000000700A1000-memory.dmp

Filesize
19.3MB

Download
memory/5172-14105-0x000000006ED60000-0x00000000700A1000-memory.dmp

Filesize
19.3MB

Download
memory/5172-14149-0x000000006ED60000-0x00000000700A1000-memory.dmp

Filesize
19.3MB

Download
memory/6172-13545-0x00007FFC74590000-0x00007FFC74591000-memory.dmp

Filesize
4KB

Download
memory/6172-13546-0x00007FFC75F60000-0x00007FFC75F61000-memory.dmp

Filesize
4KB

Download
memory/6172-13843-0x0000012249730000-0x00000122497D3000-memory.dmp

Filesize
652KB

Download