7af03f9f3e8d96c931d69b1ecd531ee976c6e504d678bbf44f553ffea8943291

Analysis

max time kernel
566s
max time network
566s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2024 12:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SteamtoolsSetup.exe
Size

837KB
MD5

93ef55f275e12608889ba7c2e908e6d8
SHA1

969a31955b49a8bd82567fa582b3f29528ceb6f1
SHA256

7af03f9f3e8d96c931d69b1ecd531ee976c6e504d678bbf44f553ffea8943291
SHA512

fa3dfb36608777a5942cc3ffdb5d1599efd0420dbd436def11d860312b6dff64af6d9c3022964c78eaf34c3173a8907a3b58e88fda8f83a4e8e4063287ba7c53
SSDEEP

12288:GkNPWVmcf59WoYuEfR9hdAPS/OaoKDXE65hBWeSjpb1Bs7+5oQEEeTX:GGhu27maoKD0jeIpfs7xQAT

Score

6^/10

steam discovery persistence phishing

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Downloads MZ/PE file

Checks computer location settings 2 TTPs 10 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	SteamtoolsSetup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe

Detected potential entity reuse from brand STEAM.
phishing steam
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\program files (x86)\steam\userdata\1848792202\config\localconfig.vdf~RFe60204e.TMP	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0210.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\btnOvrOnRight.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\c4.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_lstick_up_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\friendsui_portuguese-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_color_outlined_button_x_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_dpad_down_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\layout\subpaneloptionscloud.layout_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_rtrackpad_swipe.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_sl_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_lstick_click_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_lstick_right_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0327.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\cloud_icon_up.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\steam_controller_danish.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_r_swipe_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_mouse_l_click_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_r_swipe_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_r_up_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_forward.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_button_x_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_dpad.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_ring_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_l2_soft.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_lstick_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_060_vehicle_9999.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0335.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steampops_dutch-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\sp.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_rtrackpad.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_mouse_scroll_down.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_button_circle_md.png_	steam.exe
File opened for modification	C:\program files (x86)\steam\userdata\1848792202\config\localconfig.vdf	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_030_inv_0327.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_vr_happy_down.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_r_up_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_dpad_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_color_outlined_button_x_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_touchpad_click.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_mouse_mid_click_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_up_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_090_media_0160.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\flag_right_hover.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\rampUp_3.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\logo.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_r_touch_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_lt_soft_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_r_ring_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_l1_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox_lt_soft_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0335.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\chunk~2dcc5aaf7.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_ltrackpad_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_lstick_right.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\config\config.vdf~RFe5ae689.TMP	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_dpad_down_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\hr.pak_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_lb_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_button_aux_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_button_share_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_l_ring_md.png_	steam.exe

Executes dropped EXE 41 IoCs

pid	Process
5956	SteamSetup.exe
3884	SteamSetup.exe
6096	SteamSetup.exe
5088	steamservice.exe
2012	steam.exe
5928	SteamtoolsSetup.exe
6024	SteamtoolsSetup.exe
4900	steam.exe
5200	steamwebhelper.exe
3116	steamwebhelper.exe
2104	steamwebhelper.exe
4632	steamwebhelper.exe
1844	gldriverquery64.exe
6000	steamwebhelper.exe
5524	steamwebhelper.exe
2480	gldriverquery.exe
1328	vulkandriverquery64.exe
5368	vulkandriverquery.exe
2796	steamwebhelper.exe
4768	steamwebhelper.exe
6008	steamwebhelper.exe
3480	steamwebhelper.exe
4868	steamwebhelper.exe
4456	SteamtoolsSetup.exe
3712	Steamtools.exe
3604	luapacka.exe
5016	steam.exe
4216	steamwebhelper.exe
5508	steamwebhelper.exe
5884	steamwebhelper.exe
4684	steamwebhelper.exe
672	gldriverquery64.exe
4188	steamwebhelper.exe
5596	steamwebhelper.exe
5700	gldriverquery.exe
2892	vulkandriverquery64.exe
2796	vulkandriverquery.exe
5492	steamwebhelper.exe
420	steamwebhelper.exe
5580	steamwebhelper.exe
5136	steamwebhelper.exe

Loads dropped DLL 64 IoCs

pid	Process
5956	SteamSetup.exe
5956	SteamSetup.exe
5956	SteamSetup.exe
3884	SteamSetup.exe
6096	SteamSetup.exe
5956	SteamSetup.exe
5956	SteamSetup.exe
5956	SteamSetup.exe
5956	SteamSetup.exe
5956	SteamSetup.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
3116	steamwebhelper.exe
3116	steamwebhelper.exe
3116	steamwebhelper.exe
4900	steam.exe
2104	steamwebhelper.exe
2104	steamwebhelper.exe
2104	steamwebhelper.exe
2104	steamwebhelper.exe
2104	steamwebhelper.exe
2104	steamwebhelper.exe
2104	steamwebhelper.exe
2104	steamwebhelper.exe
2104	steamwebhelper.exe
4900	steam.exe
4632	steamwebhelper.exe
4632	steamwebhelper.exe
4632	steamwebhelper.exe
4900	steam.exe
6000	steamwebhelper.exe
6000	steamwebhelper.exe
6000	steamwebhelper.exe
5524	steamwebhelper.exe
5524	steamwebhelper.exe
5524	steamwebhelper.exe
5524	steamwebhelper.exe
2796	steamwebhelper.exe
2796	steamwebhelper.exe
2796	steamwebhelper.exe
4768	steamwebhelper.exe
4768	steamwebhelper.exe
4768	steamwebhelper.exe
4768	steamwebhelper.exe
4768	steamwebhelper.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 17 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamtoolsSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamtoolsSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamtoolsSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamtoolsSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
4460	taskkill.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\program files (x86)\\steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam\URL Protocol	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink\URL Protocol	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam\DefaultIcon	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\program files (x86)\\steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink\Shell\Open\Command	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam\Shell	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink\DefaultIcon	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam\ = "URL:steam protocol"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\program files (x86)\\steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam\Shell\Open\Command	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam\ = "URL:steam protocol"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam\URL Protocol	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 739890.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 556332.crdownload:SmartScreen	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3712	Steamtools.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4276	msedge.exe
4276	msedge.exe
2320	msedge.exe
2320	msedge.exe
1480	identity_helper.exe
1480	identity_helper.exe
5428	msedge.exe
5428	msedge.exe
5860	msedge.exe
5860	msedge.exe
5956	SteamSetup.exe
5956	SteamSetup.exe
5956	SteamSetup.exe
5956	SteamSetup.exe
5956	SteamSetup.exe
5956	SteamSetup.exe
5956	SteamSetup.exe
5956	SteamSetup.exe
5956	SteamSetup.exe
5956	SteamSetup.exe
5956	SteamSetup.exe
5956	SteamSetup.exe
5956	SteamSetup.exe
5956	SteamSetup.exe
5956	SteamSetup.exe
5956	SteamSetup.exe
5956	SteamSetup.exe
5956	SteamSetup.exe
5956	SteamSetup.exe
5956	SteamSetup.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
4900	steam.exe
3712	Steamtools.exe
5016	steam.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

pid	Process
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	5088	steamservice.exe
Token: SeSecurityPrivilege	5088	steamservice.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe
Token: SeShutdownPrivilege	5200	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5200	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
4900	steam.exe
4900	steam.exe
4900	steam.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe
5200	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4900	steam.exe
3712	Steamtools.exe
3712	Steamtools.exe
3712	Steamtools.exe
3712	Steamtools.exe
5016	steam.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 4928	2320	msedge.exe	93
PID 2320 wrote to memory of 4928	2320	msedge.exe	93
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4344	2320	msedge.exe	94
PID 2320 wrote to memory of 4276	2320	msedge.exe	95
PID 2320 wrote to memory of 4276	2320	msedge.exe	95
PID 2320 wrote to memory of 2772	2320	msedge.exe	96
PID 2320 wrote to memory of 2772	2320	msedge.exe	96
PID 2320 wrote to memory of 2772	2320	msedge.exe	96
PID 2320 wrote to memory of 2772	2320	msedge.exe	96
PID 2320 wrote to memory of 2772	2320	msedge.exe	96
PID 2320 wrote to memory of 2772	2320	msedge.exe	96
PID 2320 wrote to memory of 2772	2320	msedge.exe	96
PID 2320 wrote to memory of 2772	2320	msedge.exe	96
PID 2320 wrote to memory of 2772	2320	msedge.exe	96
PID 2320 wrote to memory of 2772	2320	msedge.exe	96
PID 2320 wrote to memory of 2772	2320	msedge.exe	96
PID 2320 wrote to memory of 2772	2320	msedge.exe	96
PID 2320 wrote to memory of 2772	2320	msedge.exe	96
PID 2320 wrote to memory of 2772	2320	msedge.exe	96
PID 2320 wrote to memory of 2772	2320	msedge.exe	96
PID 2320 wrote to memory of 2772	2320	msedge.exe	96
PID 2320 wrote to memory of 2772	2320	msedge.exe	96
PID 2320 wrote to memory of 2772	2320	msedge.exe	96
PID 2320 wrote to memory of 2772	2320	msedge.exe	96
PID 2320 wrote to memory of 2772	2320	msedge.exe	96

C:\Users\Admin\AppData\Local\Temp\SteamtoolsSetup.exe
"C:\Users\Admin\AppData\Local\Temp\SteamtoolsSetup.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8c10e46f8,0x7ff8c10e4708,0x7ff8c10e4718
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 /prefetch:8
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4332 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6884 /prefetch:8
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6932 /prefetch:8
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6956 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5860
- C:\Users\Admin\Downloads\SteamSetup.exe
  "C:\Users\Admin\Downloads\SteamSetup.exe"
  2⤵
  - Adds Run key to start application
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:5956
- - C:\Program Files (x86)\Steam\bin\steamservice.exe
    "C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    PID:5088
- C:\Users\Admin\Downloads\SteamSetup.exe
  "C:\Users\Admin\Downloads\SteamSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3884
- C:\Users\Admin\Downloads\SteamSetup.exe
  "C:\Users\Admin\Downloads\SteamSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:6096
- C:\Users\Admin\Downloads\SteamtoolsSetup.exe
  "C:\Users\Admin\Downloads\SteamtoolsSetup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5928
- C:\Users\Admin\Downloads\SteamtoolsSetup.exe
  "C:\Users\Admin\Downloads\SteamtoolsSetup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6820 /prefetch:2
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
  2⤵
  PID:4208
- C:\Users\Admin\Downloads\SteamtoolsSetup.exe
  "C:\Users\Admin\Downloads\SteamtoolsSetup.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4456
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /IM Steamtools.exe /F >nul 2>&1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2956
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /IM Steamtools.exe /F
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:4460
- - C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe
    "C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:3712
  - - C:\program files (x86)\steam\config\stplug-in\luapacka.exe
      "C:\program files (x86)\steam\config\stplug-in\luapacka.exe" C:/Users/Admin/Desktop/1057090.lua "C:\program files (x86)\steam\config\stplug-in\1057090.st"
      4⤵
      Executes dropped EXE
      PID:3604
  - - C:\program files (x86)\steam\steam.exe
      "C:\program files (x86)\steam\steam.exe"
      4⤵
      Drops file in Program Files directory
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Checks processor information in registry
      Modifies registry class
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SetWindowsHookEx
      PID:5016
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=5016" "-buildid=1733265492" "-steamid=0" "-logdir=C:\program files (x86)\steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\program files (x86)\steam\clientui" "-steampath=C:\program files (x86)\steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Checks processor information in registry
        
        PID:4216
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\program files (x86)\steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1733265492 --initial-client-data=0x29c,0x2a0,0x2a4,0x298,0x2a8,0x7ff8c9acaf00,0x7ff8c9acaf0c,0x7ff8c9acaf18
        6⤵
        Executes dropped EXE
        
        PID:5508
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1600,i,849210460369411118,9528433518148133788,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1608 --mojo-platform-channel-handle=1588 /prefetch:2
        6⤵
        Executes dropped EXE
        
        PID:5884
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2288,i,849210460369411118,9528433518148133788,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2292 --mojo-platform-channel-handle=2284 /prefetch:3
        6⤵
        Executes dropped EXE
        
        PID:4684
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2768,i,849210460369411118,9528433518148133788,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2812 --mojo-platform-channel-handle=2732 /prefetch:8
        6⤵
        Executes dropped EXE
        
        PID:4188
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3208,i,849210460369411118,9528433518148133788,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3212 --mojo-platform-channel-handle=3204 /prefetch:1
        6⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:5596
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3920,i,849210460369411118,9528433518148133788,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3924 --mojo-platform-channel-handle=3916 /prefetch:1
        6⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:5492
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4352,i,849210460369411118,9528433518148133788,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4268 --mojo-platform-channel-handle=4344 /prefetch:1
        6⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:420
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3940,i,849210460369411118,9528433518148133788,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3928 --mojo-platform-channel-handle=4476 /prefetch:1
        6⤵
        Executes dropped EXE
        
        PID:5136
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4028,i,849210460369411118,9528433518148133788,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4016 --mojo-platform-channel-handle=4040 /prefetch:1
        6⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:5580
    - - C:\program files (x86)\steam\bin\gldriverquery64.exe
        
        .\bin\gldriverquery64.exe
        5⤵
        Executes dropped EXE
        
        PID:672
    - - C:\program files (x86)\steam\bin\gldriverquery.exe
        
        .\bin\gldriverquery.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:5700
    - - C:\program files (x86)\steam\bin\vulkandriverquery64.exe
        
        .\bin\vulkandriverquery64.exe
        5⤵
        Executes dropped EXE
        
        PID:2892
    - - C:\program files (x86)\steam\bin\vulkandriverquery.exe
        
        .\bin\vulkandriverquery.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1288 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2828 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,17628643000092715474,17947680343322291244,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6504 /prefetch:8
  2⤵
  PID:5612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3176

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Drops file in Program Files directory
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:2012
- C:\Program Files (x86)\Steam\steam.exe
  "C:\Program Files (x86)\Steam\steam.exe"
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4900
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=4900" "-buildid=1733265492" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:5200
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1733265492 --initial-client-data=0x280,0x284,0x288,0x27c,0x28c,0x7ff8c9acaf00,0x7ff8c9acaf0c,0x7ff8c9acaf18
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3116
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1584,i,15788749801227888918,1134212532939840653,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1588 --mojo-platform-channel-handle=1384 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2104
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2196,i,15788749801227888918,1134212532939840653,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2200 --mojo-platform-channel-handle=2192 /prefetch:3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4632
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2788,i,15788749801227888918,1134212532939840653,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2792 --mojo-platform-channel-handle=2784 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6000
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,15788749801227888918,1134212532939840653,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3196 --mojo-platform-channel-handle=3188 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:5524
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=3832,i,15788749801227888918,1134212532939840653,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3836 --mojo-platform-channel-handle=3828 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2796
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3860,i,15788749801227888918,1134212532939840653,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3848 --mojo-platform-channel-handle=3852 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4768
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=3608,i,15788749801227888918,1134212532939840653,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3604 --mojo-platform-channel-handle=1276 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:6008
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4052,i,15788749801227888918,1134212532939840653,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4056 --mojo-platform-channel-handle=3540 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:3480
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4312,i,15788749801227888918,1134212532939840653,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4532 --mojo-platform-channel-handle=4296 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:4868
- - C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:1844
- - C:\Program Files (x86)\Steam\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2480
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:1328
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5368

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x4f4
1⤵
PID:2144

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:5176

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2224

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
PID:5372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\appcache\appinfo.vdf

Filesize
408KB

MD5
9f29100531938b2d81886b80080e6324

SHA1
a45db922f3acc1104ba48a4b657857c5a8d28b84

SHA256
a071c22a75d1a0ec886804ed1117f4bbc4353841d401513cacf16c8a81ec4f8b

SHA512
727d88e02fb277dc6f19cd31e55e4c82119470956cb78dc78e89d0c3646dc28bd3dd52496a6bcca9e431726b96f133a29bfd4f9a7419f99d67c449ea2d3e203a

Download Submit
C:\Program Files (x86)\Steam\appcache\librarycache\1113280_icon.jpg

Filesize
638B

MD5
7ecdaf8a54ec52b20640a88527512903

SHA1
3133a4d748ad3be61fe9db759339cd5de73339b5

SHA256
7bd8b75aec0a4d4a377f3ca3a023fd8b7c5fc7dc6a2a66d17f8cdfe5b731ab0c

SHA512
60ae2031eed0c38264f0d8db22a9b6efeb3f80c791e916e15a1730853162d56e0da014dbd93a5479bae4f3bdd5705ca89be70c90574a524abd1c276ed5c55a2d

Download Submit
C:\Program Files (x86)\Steam\bin\SteamService.exe

Filesize
2.5MB

MD5
ba0ea9249da4ab8f62432617489ae5a6

SHA1
d8873c5dcb6e128c39cf0c423b502821343659a7

SHA256
ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d

SHA512
52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

Download Submit
C:\Program Files (x86)\Steam\bin\diversion.dll

Filesize
19.0MB

MD5
e56d82d03ece0ebb69014d8ffa1b7cba

SHA1
989d7514f85e32a35667b92e5afc4a115c4e871a

SHA256
ac07790d0bd74b0580ca4cbca6817b90175d537bcbd1d395426d7bbf68ce70ea

SHA512
15f99bf471ac86cb06d1d576cc16afa473508400c1d436a567a51200c2281d9f5d4e948adafd23f38af9bfa1d99235599452536a86cbdc5fa440ecdec4cc4be1

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
14KB

MD5
89e77688599c7496f840f7cdff82f49c

SHA1
af6bb9195a204f927004a2bda80c312adedc25ea

SHA256
9964d1918f19b10ef1e56001b43051d4470b7fdbf50611f1394bebd52614d6fe

SHA512
d1e68354cc998f9d1d2cb96c27be548f2bf4421758b2db6d05ceb5c6078c37b818c68b677c8e476e44ea866ea523b9967828af7fbe882a9ac71150ddce77487f

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
16KB

MD5
4f51ee8d292adbf12f33d9b1d13bae96

SHA1
67812088092a7a50589e00ae3e779377f2e318c9

SHA256
69bff7d8d73cd9de2e0dbfea386b4e5e0baa4a36351571561e84d692c7b8e54e

SHA512
63b583f93e6cd67adb57a01d9cf381d3eb7cd9f24f387d831ecfd695eabf105b78a0100398a7fdbef12c434b835d2d54e9f001d97fac956229083124c8597204

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
21KB

MD5
d38e1814ee3904381190ce422d9cd410

SHA1
5344580a3feaa4880ba083336f5aaaff607c00d8

SHA256
13a6ac5e5181ef3f5109dadedfec0de22f4b8d9351952cde13d7598072e056c0

SHA512
e98eeb32d717ea81fa8f2821a02204ed275a7c20c798b0e2c3e9d36a91b5c03214ae24eb04bfed8aa7af5f411dfaa4f9ac217441550229aaf5172091eea20521

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
17KB

MD5
9ba536e3cb573ca6787137e98791e1bc

SHA1
c1075a683b9d4ede30bcee504c5108f9b21c99f7

SHA256
f04afeca77bc08638699569956e9ee89d2efa529e8548055381717f17685ae81

SHA512
de98eed0e6cee505d265d0beacd3f90a107ef48fbc7a057b64e1baa9bf126df337c3687a67f9fbfabb324f4e0b4c068c27ebb582be967dacc2b0296e6197e6ae

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf.async4900.tmp

Filesize
19KB

MD5
67ecee53d2877bbd819d39eb439b3623

SHA1
2553624e9c21e7ba59b9098780f19ae240ec3b63

SHA256
ab2447fed9e150e44f68b046b1dd037d3a39d133961ec537cd3b70389f0df291

SHA512
a42898b3dee19b7989db3278c5b840f44fd42680e39c677c53217a5a8873c39be6e49d4549d803a934473704787f11788a95da17ca0436f32d12187d6f0ef999

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf~RFe59adda.TMP

Filesize
184B

MD5
3cdebc58a05cdd75f14e64fb0d971370

SHA1
edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe

SHA256
661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7

SHA512
289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

Download Submit
C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe

Filesize
16.3MB

MD5
1a475aa5000d3958df447de17e0dc14b

SHA1
8a45a8a2b38a524633a99abc7994aa0ac46c03ce

SHA256
1208c4d240918ab0b4767bc6a5c0cbe83ee7f21408fb0c5ea68769ebea759b3e

SHA512
e86be352a5732d18db772f3fc80a70ebb223d68148057663ed18aab5c2221fe6d1cb48d4f4e22940419e9144aeacdc03ea05739352f86aed7ce967afd7e80911

Download Submit
C:\Program Files (x86)\Steam\logs\cef_log.txt

Filesize
49KB

MD5
8d0e6ab6e96a57e766d2ca67ed20b326

SHA1
2f6b78151e4fe5bf0df5daf77527b2c13bed08b5

SHA256
11861c10cd01dccc87b932f9707f6258fd07ae7eec148a199fc96a102d2486a1

SHA512
9e9bf12d6cfc842e046b618cf29735171b19c7eab4f147ddbfc616444e27d63e98027a87dd638f54e127e2ce49a10c27de3d39adac35351f75da4c74630f70be

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
ed5a80646f2db86576c13465290b043f

SHA1
e3f60f73605e16b0c6c97b93fb1fd4a67e00112a

SHA256
569c9a310105c4e87e070b84ff23830252a50a6c55656c5b4607692838c90b62

SHA512
6168e28a1bc89a2b0e759e75a184900c2b188cfd8343b505b51277d52175013be60fafa5be5a249c3a7b2badc51ebad1c45845e806696b97e23928cbc94a0531

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

Filesize
4KB

MD5
0340d1a0bbdb8f3017d2326f4e351e0a

SHA1
90d078e9f732794db5b0ffeb781a1f2ed2966139

SHA256
0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544

SHA512
9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

Filesize
6KB

MD5
4c81277a127e3d65fb5065f518ffe9c2

SHA1
253264b9b56e5bac0714d5be6cade09ae74c2a3a

SHA256
76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9

SHA512
be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

Filesize
4KB

MD5
2158881817b9163bf0fd4724d549aed4

SHA1
c500f2e8f47a11129114ee4f19524aee8fecc502

SHA256
650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7

SHA512
f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

Filesize
4KB

MD5
03b664bd98485425c21cdf83bc358703

SHA1
0a31dcfeb1957e0b00b87c2305400d004a9a5bdb

SHA256
fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115

SHA512
4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

Filesize
4KB

MD5
31a29061e51e245f74bb26d103c666ad

SHA1
271e26240db3ba0dcffc10866ccfcfa1c33cf1cc

SHA256
56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192

SHA512
f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

Filesize
4KB

MD5
da6cd2483ad8a21e8356e63d036df55b

SHA1
0e808a400facec559e6fbab960a7bdfaab4c6b04

SHA256
ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6

SHA512
06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

Filesize
4KB

MD5
9e62fc923c65bfc3f40aaf6ec4fd1010

SHA1
8f76faff18bd64696683c2a7a04d16aac1ef7e61

SHA256
8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7

SHA512
c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

Filesize
4KB

MD5
10c429eb58b4274af6b6ef08f376d46c

SHA1
af1e049ddb9f875c609b0f9a38651fc1867b50d3

SHA256
a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13

SHA512
d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

Filesize
4KB

MD5
5c026fd6072a7c5cf31c75818cddedec

SHA1
341aa1df1d034e6f0a7dff88d37c9f11a716cae6

SHA256
0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382

SHA512
f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

Filesize
6KB

MD5
189ba063d1481528cbd6e0c4afc3abaa

SHA1
40bdd169fcc59928c69eea74fd7e057096b33092

SHA256
c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695

SHA512
ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

Filesize
4KB

MD5
18aaaf5ffcdd21b1b34291e812d83063

SHA1
aa9c7ae8d51e947582db493f0fd1d9941880429f

SHA256
1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5

SHA512
4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

Filesize
4KB

MD5
1514d082b672b372cdfb8dd85c3437f1

SHA1
336a01192edb76ae6501d6974b3b6f0c05ea223a

SHA256
3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4

SHA512
4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

Filesize
4KB

MD5
8958371646901eac40807eeb2f346382

SHA1
55fb07b48a3e354f7556d7edb75144635a850903

SHA256
b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585

SHA512
14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

Filesize
5KB

MD5
7e1d15fc9ba66a868c5c6cb1c2822f83

SHA1
bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7

SHA256
fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265

SHA512
0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_korean.txt

Filesize
4KB

MD5
202b825d0ef72096b82db255c4e747fa

SHA1
3a3265e5bbaa1d1b774195a3858f29cea75c9e75

SHA256
3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314

SHA512
e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

Download Submit
C:\Program Files (x86)\Steam\resource\filter_banned_english_cached.txt

Filesize
1KB

MD5
b5c7155c5a5e1cad4fb05150bcd83603

SHA1
24b26d237532e42a01d2a4011752ad73d3f981fe

SHA256
288136aabf56ea489ddea87b6c57c6a381bf3691bfd116f2d1c784e151c58ecd

SHA512
e8e501d95f9a93a0a482309ee20799c18b9f8231fbc75c50333fdce9e36d51855bc438b95e1c4cde319e1f09961a04aebf545c69cc719b5637e624332f7658e9

Download Submit
C:\Program Files (x86)\Steam\resource\filter_banned_english_cached_timestamp.txt

Filesize
29B

MD5
c19ef0675117613122d0f2e7369654ce

SHA1
b2f4c8e656bb928bb7cec61ce38c8b058a8ca14b

SHA256
e5a8f7745030101aa2741df792793a8e92ada80db33b82c636ffaee7617b0f4d

SHA512
9551fe0e862b7fb855ab2cb63d5270e78656e131483b14a327c5fea47b5e263a1cf1970cacb16b9c21910ec7e087421e8fb4a46d83668b0e049629089bd745e6

Download Submit
C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached.txt

Filesize
2KB

MD5
eaaedcdd5dac941acb3a040fccd8c088

SHA1
89fb57e51a89424894973fa7654d88dfbddf1aba

SHA256
33bebab0b6f01f08fd007d22ee3b934f1570d2c8b00926abef166e8a03a40618

SHA512
e431eda71e9bffb0bc2962d9c0d8b4d8c4f8ae9129b838a98b6808dfa3f61820e15207ac0478e87c7992a6b833ad89453b8f36b9be04ccf0b9e3439a51abe889

Download Submit
C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached_timestamp.txt

Filesize
29B

MD5
dfa246046bc4fc1b852eafdbc4483195

SHA1
4905cdad5f02c56e2ad3c6adebcc978bf8d5fc13

SHA256
c0346287a96338544309de6a95a5892067a1079970c155858815e203f9503fe4

SHA512
94c800abd12a8a731aebcd9910159c87e9690443c973c32c1d1ddc2248ff2f496aede72b5af914f36c3db082fa82a5c7e576bd5ada3ced27e64e6af0f0fefce2

Download Submit
C:\Program Files (x86)\Steam\steamapps\libraryfolders.vdf

Filesize
231B

MD5
a0adbf2d5581ebc968ae026514e2708f

SHA1
6800a1ee43fae01237f48bf8945835a91c069c41

SHA256
60c64e4f4f908077d5875b96a46e774e42879c5528256e8857b32c145d8983a8

SHA512
9cd56bf228b71e25237b055cfb6b5b9f762a3db573e52748cee0aef80446fc062165cf686c8bf6e29d396ce9c919376256a7011261e47ce03b9de7050a878530

Download Submit
C:\Program Files (x86)\Steam\userdata\1848792202\7\remote\sharedconfig.vdf

Filesize
164B

MD5
1c9b058976b329f5e21c717ce5a29c30

SHA1
3088362568940c2b3368fd836c82df72f2288ec6

SHA256
6af91532628934b6fc028973dbee21d294261fbb73fb763d44235dcb63b38985

SHA512
3f04c7c8d95a68e0c0e1cab43609778d88ba1286445dd0f1b35e8f368a8941f1fb1699b359ad245ad2a21550cf2d739f0ed5a5da76b2d5e7fc0f567d6c5635e1

Download Submit
C:\Program Files (x86)\Steam\userdata\1848792202\config\licensecache.async5016.tmp

Filesize
67B

MD5
16f29db68225558b735d50d56fbf4194

SHA1
aea7e55836723c8a02958af5bf0a39c151de8fbd

SHA256
8891f5f6f260e2615d6727293c7c18dc040d982feddfdb13e9b08e8a10ccd0e3

SHA512
1467dffe512f31bb9324f3a7ee9971d67d526a823badb1e1b89738c2e01662dc3e403e9d40d2eb070d1f7e7b6e39b6cd1ec5e6b1a04e1bbb8e43d19189da73df

Download Submit
C:\Program Files (x86)\Steam\userdata\1848792202\config\localconfig.vdf

Filesize
3KB

MD5
34c708a4e53a9c5118775f35ac7f5cfd

SHA1
55df9121c4c52d3a3d447d230ba1c2fa5bb26d29

SHA256
05d7f7d2e050f912e3f4a8f6eb880cac2414c1282d8cea47b97f0663e5de4581

SHA512
b6e6993ee2eb7c30cd784488551c748c94e8d1f28569f91a01ed8c7500af92e39dc7c095c0f24cb32d4430302bfa6773252f7d6085ac8826ae543a679d5ab611

Download Submit
C:\Program Files (x86)\Steam\userdata\1848792202\config\localconfig.vdf

Filesize
33KB

MD5
557be916848f473e863dc72e9f118874

SHA1
b32d47abebc4a5d429969b49f305bb462614cb17

SHA256
675a5e9c26ded7d05c09da40241c0291e8db0a2248262034356dadc1108710f5

SHA512
adffee8b185f5efb1a1014fb8a2f218cc6d4050229c0c6d840483e0f12279fa71b77f80b1a15daccecd28fcda84decbe9d94bded149415ed2dc65c0c7bf58b31

Download Submit
C:\Program Files (x86)\Steam\userdata\1848792202\config\localconfig.vdf

Filesize
3KB

MD5
ec543682ddaf7ec8827d3c530f07009d

SHA1
c106857712d487da90b2e6901a6d2f5ec7aabab3

SHA256
2c7f31805e77fb2136d1b44033fa172d3b8686207e3780855c60047ebde15be0

SHA512
a8e20adb191a9de916a0d367df1abfdf42eab40df1c44727afa7784e1a68f3cd852f7621aab2451d3bff54244ea6a8083c54098ef99c130bd33d84a4a350d554

Download Submit
C:\Program Files (x86)\Steam\userdata\1848792202\config\localconfig.vdf

Filesize
3KB

MD5
a4d191c0b80b69418a82cc837e4a7cdc

SHA1
b7876a6978796a88844111b89e2a430a5378a388

SHA256
c401144baa7fc1275469bc6c760a9d7934efa2b479f5557278ad5f499e3ca6cd

SHA512
c9b6cf1b6836130f70d3f3d0a7f7509473c4562371b4db1e86d9046e5a39ffda582a18bd3e1a7c141ffec501e863e676529caedc435b6010d2d052ab3743d196

Download Submit
C:\Program Files (x86)\Steam\userdata\1848792202\config\localconfig.vdf

Filesize
28KB

MD5
73d70ccbc0f2ddb90e197d88a90471cb

SHA1
25bf1907d0215e7c12e89557c07957107ad9166c

SHA256
cf0e147ce8336bae455e74f696e57cad94699f5f773215f68e10c484c050d953

SHA512
0ddefef053ae49e464e57d5a000df6a7cd14c6c1225b5a53c31bd9ad7bab0b0498d971f87b057ac3faa7c6903fefd6e6047839aecc05eb6342fc3bf99243502e

Download Submit
C:\Program Files (x86)\Steam\userdata\1848792202\config\localconfig.vdf

Filesize
31KB

MD5
8541778a7d858f7907f448d68cd366a5

SHA1
ee999fc5d4e7acace1ddb657e1875ccb252a64f0

SHA256
d57642041279fe94c45253283d0b65502ed9c9fc036c964aff22f06fbbab64a5

SHA512
2409de00eafbcb8671bd38dc8e721fde9b72bce938680f21f08cebc722df40c2ecbe1c866584dd12dc05bc3104a53c8f52103760a86d7fabecd2226d72ef072e

Download Submit
C:\Program Files (x86)\Steam\userdata\1848792202\config\localconfig.vdf

Filesize
4KB

MD5
870639285dbe53682791e09a9db630b6

SHA1
47ddeab4727b005da96425074bcbad702deeaa34

SHA256
a3c602143bf70c9db041e693c2b2c31aeddbe56d9b0853d40a61d23ac376f509

SHA512
5e0bbda9133d2d6feec17873f53eb7e362580b78d1781af2a49c4f97c27d3668afaeb959be27eb3a0348099bc8c71f096da9cac95df391ce9eeb5611e14c54a0

Download Submit
C:\Program Files (x86)\Steam\userdata\1848792202\config\localconfig.vdf

Filesize
31KB

MD5
dd5537046d062aa81dfb741e1479d9ed

SHA1
a0f276556db7db74419854cd0bcb2aef0f8a247f

SHA256
288fa4aa0a0f1f22fd19a6e0717f1f54e6065e259cda5eafddad126a397a753c

SHA512
e9867d39ae41c0a4a74f994ee9f82e7fa09f0536406549b8c6d1785cd70cc437f7d40aca4b3192ed567b7e1a2921371581f65960f265d018bfd72bce77b20b3d

Download Submit
C:\Program Files (x86)\Steam\userdata\1848792202\config\localconfig.vdf~RFe5cf5a2.TMP

Filesize
241B

MD5
7dcc9afbc388a6fddee0528b6182458d

SHA1
f01135ce6ad71d89e9a84c5da1d8a64f8cbcb8fc

SHA256
254396c98d7df66b7d111d981cc921eefd66fd6685031692757e564d2bf587b7

SHA512
ffd6728ed2d1dffe31660c453f4c1c2089ef28f82e62d77d54b0da79c4919980fcd167a052f6df69ddee5bdabf1516b45d8575e19db2586c2323f32ba510bccf

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1503505409\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5200_1503505409\manifest.json

Filesize
1001B

MD5
2ff237adbc218a4934a8b361bcd3428e

SHA1
efad279269d9372dcf9c65b8527792e2e9e6ca7d

SHA256
25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827

SHA512
bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
40bebf64ceabe9e2f15a8efd793f1ad9

SHA1
81f830b9a2daa8fb5d9b0f887792a64ec4983ea3

SHA256
62df0a51e12603343f0ab8f6b450e5fb57f060603601ee883f2c2232f485c877

SHA512
c5de8f01762df13afa445e6c56701b20a5b78d797badc56d265061586e06320ce01e297eca6bcdd8641133b06b40f9567c7f15afe358e6972e3f9af4c4e0623d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f3da511f4b79e9c2a266cd5c58f38dc6

SHA1
28a5596de2a732f4000c05cd05f7ae923729bf12

SHA256
a7bed555c97692f23626ce11210a788aaffbfd9c9fcdb12c773f876d3db7bd3b

SHA512
5b5f0bc91bb1b6db4a54ff3b45fb4e3d50bb493a3d065957280297b07097a8285290a9242e1da9e87f258b32f6e09207e94310659268306a1910457624257838

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
375660a3babbb54e095a3d7b4da63b34

SHA1
503ea05c1447c9cfc8db986b6c3f75bb68e42178

SHA256
978a0efb791a80f9865a847319251d9f2fde48c9615455605d5bbadca5bfec4e

SHA512
117dc08d5a30480221c2ce21abd4686ebbf07dd78f523148047d9065e455a266e9dad65ad92b034132f4dd921d6141c462e115e289ae35349d06b63feea7730f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
edf25923a6f88a4e04a29208039643ec

SHA1
c9e40265097999ae7aa5d8b3e0498a70d8f33582

SHA256
aea70fbc85bea5a51ec3de7488e36c82fe80de1b876df89fc0b296a8c05e10b2

SHA512
d804bf47b26386fedec68d4e028af3ea6006ac4658fe0aad62c74fd1e158ecf52509d51dbb3c47cc32d696647db4a787aa32af2b2f05dfd4ae8bd7c3ffbcea8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
defc966fa4108e725812df308e75bd4a

SHA1
a894689ee892595e2eb2d9bd334618227239a980

SHA256
8c9c990546151fb9db387f3dfaaa7d83dd4f10bee61155462ff9bb703beebe52

SHA512
9d7965c617c416bf2e30a961df1bc068c26befe58e209f4ee429fe957b0f1a7b45a1be1563784abaf269c209d57f0555630371c43a8e220e3c9dc2e8aff1546d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a9b714df2f9e0ea34bbffdca7b787f0e

SHA1
17c791ef1259d6473843259f09b629024aa6acec

SHA256
97734c67d432ff8adce28fdacf44bda176696a91e0c4e687519968c6ab24ddcb

SHA512
0a7b608f71f80f5cb0099838ad9e43c71ad83f9b22548dc2d03b3805a7ea90fea28a1870559d2ce5beddb03120dad559575cfae10628641f14de733fee4d887e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c2fd86833592251662d760dba52ee891

SHA1
a9b965bf461c0a42d930c0571e6172140bf930db

SHA256
0582d60ddc8a82943bcbedb92e7a6e6d7bb331f648fa0b969fe4c7b117343d88

SHA512
47e0b57c1ed8bedbb8ad0dd3a8f0f18f1ae4e48312b34579a19d9d0cd52a6ff2a458bef0541b44bcb88a33008937bbf90a4dcbe6b4ad5a0ed634d60fc1f2a7ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bd8174e1cc2fe0622bf05cc15860a03a

SHA1
bd2308a499145cb365493c2c7267f03f96453527

SHA256
c7994d25b83d11b29a4298ffd65499c78a37a76bcd20ed6f3f9b0dc04481edfb

SHA512
00daa26cd8568399db023bc0f15968a9f62222f80812798bd9179eaaaa9a42fd9426e033058c1054a47ddfc41bfa024779caabbb7b685782fb6147eeaade07b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e32dc19e937b18162713b3a254927adb

SHA1
b3f02498169a9ab4ab06730913e8745ddebb5394

SHA256
71461d9cba85818aa31a63cd081272879e8d9fe5fe88cd15e97ea583ec4747ad

SHA512
3f6729173d683095f3fe12562be0265469a14b76dc58be5171bac67fabce51afa71dc2368698f1a7cc570a09a267bafba86d023116a390941eff2672c045722b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
89e2025e20346a11c1a30c74bd437806

SHA1
5ee9622a2da676e5b3b55e7eab66ea853d55df6b

SHA256
90476b313703d3bbb2f95395c1b64c2c766f0020ffb8ad0fe8a12d23673345b4

SHA512
6cee4560d1ff3226653cc85a12783d3c0f4d61f1f5b615a358cd0e443ee9c97c82a9397f7d316e90f3f263fc35cdb93cf01a3a36eb191c9b9b9d938cd91df749

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
764bf4c33bffb73c350d1d112056876f

SHA1
591d4d5cb4fc56cb8b73ea9f545c8cd1bd516f7e

SHA256
3fbe79a03594477436596f7505758e3b2a642b5b327bd7d17ebcbbe2f99a5779

SHA512
8f668314c3343b822cafaae4114291efe9dd7a9927ad9b81e92a3e88d1261707d27a4af35e7d7baf7b985d78c640ff996a1e0bda1bafbd4535495774dded79ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
097bca4aceee8562d2a52bae00769214

SHA1
708a1307dd76f6729b5d995cab65c6f5775c75f8

SHA256
03e2ae7198f3ab69d0e957e3b4c680afed2ee201cbd84e84a83fdb8252ee8c33

SHA512
462880321550a37985c86e32d33b181cd0a17b3d1868827a431568fdc241db2377dcdff44899d685aa84366fdb9fe0855024bac29e6fa3df22f841f4423d4cba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7f5c767fdb4df6f90a724ff47b21eab6

SHA1
f807dfc65bab0a5247d10333a36bd9d55f34f3b2

SHA256
16cbca093e8e7ff722814e0dadb65312184e97f7c71f580e899899188c08e29b

SHA512
aa4ec8c312f54569e03aff2562bb93978f0c9b98f1caec97e70e44077c9411411bc48ee40c04ff08d8f84e4c687eedf1f73b095a96f8b8e8d8a8f63af88f4e90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9543179e74859be60fcdf663ec6a9ea7

SHA1
90903bd34925bc6ea8b6eff0faccd605fe4a032c

SHA256
0f596b5110770be1449ad9b28bb2386414ca6d421f0eb3c5c728dd80017b55b8

SHA512
33ba9a9cc006767504d5e8d2860ad2526d66bb30daba2750fda6daea5f078bde44fea908171ec114c9bc0cb5e17262bf89d32ad829b1115dd6c8da85a9c557b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a7a6a075f498fffb7cc4e8fa5a0f7885

SHA1
2b0b54018466221794fae6f5cefe3c2418adcded

SHA256
0f52d47740d676e7de5f2fb3d1168591dcbcd3ef7ac08c37f4b19bb6164b1c81

SHA512
4ef377202940f510d5471632e53d017bc84c958026ff7666cd66fdddb385a06fd7ea030e372b0eed89692c1e419b725d8d5e407bb901c2eb3537bd062c0397ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
5e14f89041b808a74970a4f88e23e998

SHA1
0692778c77b145667f89c349402b7b85da256362

SHA256
8f4c6a3df089f05dfc7d1352b02b92d6b2cfd459fba35ed0b2546b347beb464d

SHA512
50cfe04b1f5ee988054377ce4d16324c98a51154991ceef4a99d9f315a4fe1a2699bcb40e93b2ff071275ddb33a7eca8811cc68393f6dcb3a74c402589fbbcc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8607308061b58fb60438411d6c25da2d

SHA1
b85e981e210d15783fd4cf8436a60cdd7f8c3ce4

SHA256
f787a43aaf3687e8843548ca83f544e208516b9f8fadc1413fd3cb5862f5ed76

SHA512
ce1815e919ae8340a2bb87229eb0e5833fbd3387ce0aa2b033e74f9683a5e3f1f0a4a9bcd9c4190c2c23ca51089b59aec83ce58235627b29d4bc9a7800f6df7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586349.TMP

Filesize
536B

MD5
78254f6dee98e56cc8db215d00291e78

SHA1
6110972737fbda59ee6af871d70e43d5ba7b385d

SHA256
6f4393f38b2e55c9d9beb7ea957a2b5e4ec64d04d99de8584c3446b0259ea2dc

SHA512
d2f9d53e7011f4a2a9c28f5e10ff798d76c0a304ca8e0e2bee7e39a6b84ec0f249fdf7f98f2e1f1a95fcee52b42cc5701c5b91471cd2d654d669205c3124b97a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d4f76b546143b6a7701900c3a875a892

SHA1
2ea45e926fb0e2dad308e1267f36f1604f5cf825

SHA256
95be0348653ec5abc4e1994a472bc2bc74ea964d85e8d189802c27736757fb3a

SHA512
933d4e36f279ef96a5c111e3363a3d17f74571c9b1ec25f12330cdf9607b06d4df8e444bcb8d4f2d881f665d43178e418c43792558e883140a488755f86aa66f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
17307c36a1331e4df694c1690e16fee7

SHA1
6972a36034ebc0f2e56c759540c737a25433a087

SHA256
4912d41181bbeb6c8ec7759f56101b3ee5e46c1df2c1caf6a4eec30b9faedee7

SHA512
4ceabcd6a19b974199537f57292876cb7979a0744c9e887310c7416cf0d0df47e435e89d8899f893949872e211290e6eb24c8ae670310a36215654e729aedf7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
47a6ee70edba3c1c460cd9cf25b04e2a

SHA1
893ac15c3e5cb6cca3ca2b9c54bf3e23dd779398

SHA256
ef603054baf120560c7688aa73da64c40cbdccefb528a67b4f9e8573aca5108d

SHA512
4e707903a5769c994beee8485a5ac131894bb0011e814e4d772f4d8012570188046e75910d96b12eaf4a260a2cde9e2952e42f740429b8c6428753fa44ee4b21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
322e5a6f9f40adbc1b7e1f27dee7430b

SHA1
71ed7b64e26b252bd1ebddda357cca757c8f86d4

SHA256
06f2b399b4b5aa4caaa4d6119f921be3fcb8655cd45487fe3c50d8da0038ee96

SHA512
b15cc8a0dc8c1b7c74812218f66fd0fda54f8731e58c22183b20013c80508148f7d24c308aa3d83e4a9ab9278455aeaa5e9000209005a6e3c3763402e4dbdeb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d73a6ded8cfdf3c68e329b077cac4fb5

SHA1
aaaf0fc3343b977265ed088e432ac17a3fbe9688

SHA256
8b7ddffbb52f4e5225144583861e65f3d1963e3beda9afc5730d1a669eb596f6

SHA512
603379247813a8e38973309aa789a4ecbebaa23e5f842e9d9fe5b733d3b67c87c81375254d77e4595cc2fbea367bce21ad3e2c611c2761c759b11e1bcf61b8a5

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000005

Filesize
24KB

MD5
b201e8da90ef456598b8b3bb0e31bf53

SHA1
8bb524c8e9b17920c83d9a06c0b305e41cfca560

SHA256
2c8b630d1edafb8cc8c8cd73fff10c8ab6d06232929a4d458ec34628920f1665

SHA512
50126ac5b7800f5a848ef49ebc8e71d78cb5ee9c1602486b30e697ce57af32c868e46795ac2c157cdfd7fe65c03133c7a752813d520a9106adc3e50620b473f3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000006

Filesize
40KB

MD5
0c9f37673dd9c878a4b5bb419ee24b5d

SHA1
d973a8e073c1f76068f0947d495998f7f823d76e

SHA256
c1e12f630e7f356d154ffe4a7a3873e7e136e41c1c37e6c0fa4d2c52f1d269dd

SHA512
b361afedb4a910b12f7dd7b5b33d2914be39528bf4d1486661d0107c24135cff3a5393df1af85cd7d1551f0e601ea9d2ad4b147e56f469691e2b11906fd1514c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000016

Filesize
861KB

MD5
c965be39dd2b48db956c6c9b097142e7

SHA1
aa60262794045a488de7b6b2f628c4322fa34a3e

SHA256
026996418fca294712229e41898dd26b761820965e30034c0358008ccc9002e7

SHA512
69d062c1e8d514fa41c9741ea36ceaf56b1415fc578ccefd4f00d0b424360d89c15694c0d3494ec5e3508d45cbf510cd20796dd4692b748960bb68a63ed5cba8

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
0b29a8e63a0d70bd025ca7dcb524b9d8

SHA1
f530abd2b028dad8108099abbb564b256dde47ad

SHA256
e201ede16d86ac5828705dc7ee827c3af807d341de88ee801822e7f1c0cb5b22

SHA512
68e2f8b0a575c236c3f6d5386debb06fd9d45d3333b1097e305285db8936532e94c2fd85fa25862ea3d9821f43c95c3d93f775dcc65b5e2e9a83a26779eb7721

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5b80a6db31001e9b2f1b260d97b390c3

SHA1
716f15cde72578e792b7cb2b2ebc23fbb5c47a8e

SHA256
0f83cf88c1296e9caa6c84cadcddbc8a04dbd7064eb17b43c5ae96947fda0b88

SHA512
3d65ff823b8595031b21debb017162eb19c347621ccdf3c3d9b003f08805d431f33eb49481d27f1ea09ce7ac833ede3de11fc94507ccec1b29f5a5e148951710

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d342de5c49e118521b3257004e608bf7

SHA1
f336dcbf3aadae333f60622718e0d2b2aa4f9bbc

SHA256
cbb61c5552ce2cde07e10629b18e787d9f0dc330db04af260a3f06df0090e0b7

SHA512
2aad6ef3b15e21d1f670b1ffb2e85f4f0378f50cf1a9e5b4b192f89a7a0ffcc45c007c36989202e348647a50e67d4d92276f9a7539dfdb64679151f16eac0cfa

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b0dfbeecb429d0896dbbeebfa4a99f82

SHA1
fbd2eeb7849948ecea845b5f6a94680cb47f07fe

SHA256
22821f24abc113bb895fdfafb837d839825c20af6420ca23114e5a8f00c5d902

SHA512
39dc4b07b4afb932e7b15cf415835a736ea937fcfad644f3d2c633ed472c1695fa43fc6b65efb09d0c1c701f1885aa87282c15591cba783f60cb233f32aac8e0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
710B

MD5
4b42f85f29255477ccac80f6e0717401

SHA1
36a4a7d009f2a952c8b390ba9bf9905c504b5679

SHA256
da2636c107b1da92ea96335d799148d6aa4acdafe984fba528521212b67162e2

SHA512
828dca4d9309064c68dc15832bf71a7e1366b1f772747097237b334032a3a160e64bd29205dcc31acd254a38b706b3a8d6d72769d91e5e64c57e54520ed64c68

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
822B

MD5
914394aac14682d6526de3db49288e70

SHA1
273708368e4b8a051da7d3fd43f0e438ae2b26b9

SHA256
95e786747bae32d3b949d797ce3a20a0f0d19192256bb3cefa08d852def5e5c8

SHA512
ef928992a8a7e9c7e0a60dfceb37804b487069e013131d3b6b02006cfca44f394a4338454431a5217fbd732bd9dd78741c5aedbb0b4a756ed139c0c986388c44

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5abb52.TMP

Filesize
529B

MD5
f0b4a63b63845b25b085d58ac8559886

SHA1
31b91b3a8823c57cd46cf2af05e4724ff0ba04ec

SHA256
b5039c01901150d3982ab329034cda2077ddfcaa0785932534436c285a6ef39e

SHA512
7cf2b07bf771868aa40f552ec14fe936d28e4f685a6c906bf6f142fd0b9b31e52853a518bdf8e0349fa81e10eb0ec4f80a8045c8fe0cf8ecbad9a356091a9344

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\1fa57937-c5b1-4f04-8ff3-ffc24979ada8.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
beb54a736f2d248fd4f817ad38e9028e

SHA1
e3464f5a87ed8f97f8a04319e171a54aeda77982

SHA256
9b69e5c671924d5e0c9811806c4b942707fa1b824fd61207933f5a65d7731aa6

SHA512
2e696c8b0015103691dda97f78feaded07c5703cfb589ad21122eadcbdd9222cd09325b6d99e59405c1ca250594a160a202acfb168515060a66869ab1bf843b7

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
687B

MD5
3949edf7b0929f824d101ef238b443d1

SHA1
9b4c952b44821472f9b21a20cf1bc8af893adb47

SHA256
ad1a113ec43d3a7b1d05b17168779c573092bc30cf0ae7c13176fdb64ddbedb4

SHA512
1fb7f208b9ce94570f44b1bdc33ca243eed3d4f52e0d7804dc79e96dc3d79aa40f2d3050713d38d0ea89a34fc749823e0fe6065dacd320f8bf5b944774ba897b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5aceda.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
692B

MD5
480c13c8c30b83476ac275004ce1c989

SHA1
74a9de26e932d49bdc54dfbaa92d0b2f5ec86e4b

SHA256
b2eedd44c5aec0477ccfe7fa3484c681340920f2270c5fd0a4c5acf29caea89b

SHA512
dcf461ace3e91a77cb2a8ee1d762bc091f5db9ba67e318c41521609bb6ee9f2e7417cd8fd4ac71d278b292d391c258f664fe30ba0a691be9181dc183aa90145a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
692B

MD5
e84cbeee4daaa7013c4efde40262227c

SHA1
3db31881ef0d88ba253feb0cb71ab36b2ecc806b

SHA256
3e1e37dfb429911f9a326f62280207fb4161cf88597a759d4e8874c85593c130

SHA512
cb7f7f64cb5c384b1508470553e68e5911883e5d8b31f1d6ba24dc54a5ff19981ce44f161501239694e71c232d4de92bad0180309c33e2cf7981392e9da12ecd

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
692B

MD5
08584b575e5a56c064f5ed761f454b00

SHA1
e6aedf0b9328b8c991a99258ddacc94d8a554d6f

SHA256
b4de85c40f8200d0b95ea521e3a7b5511b478f6eb4db0552bfd8143ff3bac89f

SHA512
7faa7acbbf1fe91778ac7decd0eadeebd7d498302a121bdd65fab1cb72876ae9f8531d10d05575f64115bdc3a2b5fcea01d881149b56af7d4c5097ecab785d54

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe5d2daa.TMP

Filesize
188B

MD5
ecedda7b9a9be67f3bab1a89f8f1b41a

SHA1
63aeadbd5cd42405bbb3cf93d7ee4b27c40000b6

SHA256
86cee57b881b44026216f899956c01dea9fb481119c4e61ecbca80a106ffc8ec

SHA512
39146a876d5c47c7b242fdc05350fef28a8d15856efe1e7aa99f632eff31414fdb8ca9fa04bc67644ababeb2006e15b339e76c274cd32ebae24c95c485699ca9

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

Filesize
2KB

MD5
602c49f9246967bdcff45b4f43cf2fb0

SHA1
4c5796e0c724bbd7a9244cc8a0fc9e8f40181f2d

SHA256
a3ad9649c1038078038be1abd591cdba73b4b4f5cf30e11bb6cb7a432b746114

SHA512
2f273c0dd0127071f4c768cfe7277c6efff84c1ef4f4271c1326db3658c84261794b106af3198717f349fbaaaf276163700bbb50ae20fe52ed0a88a192d46f77

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe5a0169.TMP

Filesize
2KB

MD5
68b20851ccb9834d21fb32615e42bd43

SHA1
88fab935f0b9484994097c08f785e9ecb7d68127

SHA256
a954b528dd65ad6c4c2091fa32f17abdb7a49454ce88e10bb6c377734c70c26f

SHA512
dcb0771120c8fe35213d60e9abf4b242af807324759e3c99e9b2569c00a941d885d53ef6fadfe69e6b740e0b52a6008602605d643801190a2d29175a7d065e15

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnB0CF.tmp\StdUtils.dll

Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnB0CF.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnB0CF.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnB0CF.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnB0CF.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnB0CF.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
eec068f81e526cf3c2082832eeeb537f

SHA1
067ce1f801292619c612916a930d8fcde4f83cf2

SHA256
c392bf8078224b2a5bda7759dab6c280676324d954548c8e8159ac57d0042671

SHA512
ef56f4f974d3a800080ba95435e8f0ffe261b730a90cb89d3f8469956b47609092e19615aad170b09b5bab6c7e493e008512bd36998d7f0e82a02668808951b9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
ae25aa3565c5ecab1612e1183a743c4f

SHA1
84d50c6baa5bd362be211fa41cbf6ee08fb2f706

SHA256
e82eff4f94ae2bb067bf1222646f7e47d82c0241fff85f1606c1d6953f385ae3

SHA512
d5db184e8132af737e20ebd10ced803ae21e040f594ed87d1b2544c059905b6b2a6c84d0b6f38fa1b1cee54e803c3b7630e437b2af8d1ee17363286018d36e42

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
b1e264bb0b45ee98e4504a4029dedac9

SHA1
8b5d5c795a6b47f556cb039aa8bbec50bba7e1f0

SHA256
28ce39f004b477e55521d4ad2b952a9712b576e5bdd5089a9dcc1741ed18be03

SHA512
299b5c24b0705eebc944be19e129c4ad2434081b4ae47274bb392487c7ca677e5751f3c346c1fbc8385a875a2307ceaf323f7d6534dbfc345968bab8149f49ad

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
526801395b67e55db72360665b5c81ee

SHA1
4f5d2127cd5411f52dd9bb3483125ffb3a53f995

SHA256
6d89fc895209c79c7881deb33d841aa8714ae0c688a53f84e57734ff3c48fdbe

SHA512
c1f67ddd4ea9f030f78b371183a3d20da77af5cbef519f7ee80d5c46f9ab9d626019c37fbdbc2c10e378a35834feef1e9f919061e7fa0e3375771fc54fd03167

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
00b9f91a8d871884b19e74e643675423

SHA1
ae807feb80b278031223327697c66b0b8ef70993

SHA256
a54ff515c71be539b0f2f593bf4fca305f6499421887af40838105b69f587f3f

SHA512
ea0a35bbc4550445dcc26df2ef696c0b7c58efe334f54d08c73c7a396e1d600df29e6ccfb029f2c1e35b9433f6e7f1a4fb74d5613e783d668a04b3283927d7fe

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
15aa2e5f347be5944bdef9d574b17f45

SHA1
00e8933a2e519f27cc2e77d7afa3abe1ff9587da

SHA256
dc79f2e5938e8f4d0079db697b98c711f8ec23bb9b230af3637faa3a66560022

SHA512
25da75d9b5b4a32b556f1eb8d68ba3010de018f0be676f289fc60e7d4294256e4186c45fdd913baa22d649170d7efd16a03e81c656c90e25f2c5e1553e0604c9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
6b4c2b7b4f324d1a65866192acbfdca1

SHA1
a75759c3baa8c1e97602eeebb1b084a6574ef3be

SHA256
a2ac0bc4bbb5c158187a36d7607aede7c5c5266322b95cb68c868b98cfbb051a

SHA512
4545537ea6e26e91bae9edfcfd70987472317e2eb757650c659b7c53fba0b94c4846c0a7f176b4675e45845d8c28af3547af0efab2dc3ce17bc54a66086f5307

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
58d424a353711d602bb5eed22c6ef7de

SHA1
2099d159f7d6136e0b48a019417d35bf2c921853

SHA256
f14af8b020047dc8ee8c7bf147362e37cc7ddeda27b4d226fe04b7aa6c811691

SHA512
c2bdf4ebcce57ff7536f210ba013491b430f864bab243f4e9633725b0dd79d7ddc7c369a7970e5f82578300448e73a3514fc2f88a39e582c89665e395762079a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
7f4f59f481af22f70ec119fc4f851197

SHA1
3dd724d0ddd2756b41b6df4a9e7e7719e97dada0

SHA256
5940e9f34ddd85b61e017f49ad3edac0534bf3fab415c98d3796412f4516eb83

SHA512
90912b45e977c121648f21611cddefcd8c61a3ff2ac2134841f2dc98f9ac565906251327623f1cf36ddd34361cedc790df3a7a0abd9a32383e1a2cfef5008a6d

Download Submit
C:\Users\Admin\Downloads\1057090.zip

Filesize
675KB

MD5
5309a4fbb3b5bef3654aad888ffea7e3

SHA1
d0504638b0c2f05fe78694e11b85320bcd42cd7a

SHA256
46f0fecc41f6e7f053851b8845409efacad942c6e470ee7d9b703bc436668746

SHA512
f3e530841b0243f7dfcc96f0536b4f16bc9aab8ab59323880c08b0fdb557db2a3a038c0bb8c22926cd6bef1dfcf795051094f6c99c6f101b82cd8b347c9559be

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 556332.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 739890.crdownload

Filesize
837KB

MD5
93ef55f275e12608889ba7c2e908e6d8

SHA1
969a31955b49a8bd82567fa582b3f29528ceb6f1

SHA256
7af03f9f3e8d96c931d69b1ecd531ee976c6e504d678bbf44f553ffea8943291

SHA512
fa3dfb36608777a5942cc3ffdb5d1599efd0420dbd436def11d860312b6dff64af6d9c3022964c78eaf34c3173a8907a3b58e88fda8f83a4e8e4063287ba7c53

Download Submit
memory/2012-13005-0x0000000000B90000-0x0000000001042000-memory.dmp

Filesize
4.7MB

Download
memory/2012-12999-0x0000000000B90000-0x0000000001042000-memory.dmp

Filesize
4.7MB

Download
memory/2796-13309-0x00000212D9140000-0x00000212D91EC000-memory.dmp

Filesize
688KB

Download
memory/4768-13355-0x000001BF0E4B0000-0x000001BF0E4B1000-memory.dmp

Filesize
4KB

Download
memory/4768-13360-0x000001BF0E4B0000-0x000001BF0E4B1000-memory.dmp

Filesize
4KB

Download
memory/4768-13349-0x000001BF0E4B0000-0x000001BF0E4B1000-memory.dmp

Filesize
4KB

Download
memory/4768-13361-0x000001BF0E4B0000-0x000001BF0E4B1000-memory.dmp

Filesize
4KB

Download
memory/4768-13350-0x000001BF0E4B0000-0x000001BF0E4B1000-memory.dmp

Filesize
4KB

Download
memory/4768-13351-0x000001BF0E4B0000-0x000001BF0E4B1000-memory.dmp

Filesize
4KB

Download
memory/4768-13356-0x000001BF0E4B0000-0x000001BF0E4B1000-memory.dmp

Filesize
4KB

Download
memory/4768-13357-0x000001BF0E4B0000-0x000001BF0E4B1000-memory.dmp

Filesize
4KB

Download
memory/4768-13358-0x000001BF0E4B0000-0x000001BF0E4B1000-memory.dmp

Filesize
4KB

Download
memory/4768-13359-0x000001BF0E4B0000-0x000001BF0E4B1000-memory.dmp

Filesize
4KB

Download
memory/4900-13371-0x000000006E480000-0x000000006F7C1000-memory.dmp

Filesize
19.3MB

Download
memory/4900-13342-0x000000006E480000-0x000000006F7C1000-memory.dmp

Filesize
19.3MB

Download
memory/4900-13199-0x000000006E480000-0x000000006F7C1000-memory.dmp

Filesize
19.3MB

Download
memory/4900-13348-0x000000006E480000-0x000000006F7C1000-memory.dmp

Filesize
19.3MB

Download
memory/4900-13398-0x000000006E480000-0x000000006F7C1000-memory.dmp

Filesize
19.3MB

Download
memory/4900-13229-0x000000006E480000-0x000000006F7C1000-memory.dmp

Filesize
19.3MB

Download
memory/4900-13374-0x000000006E480000-0x000000006F7C1000-memory.dmp

Filesize
19.3MB

Download
memory/4900-13246-0x000000006E480000-0x000000006F7C1000-memory.dmp

Filesize
19.3MB

Download
memory/4900-13330-0x000000006E480000-0x000000006F7C1000-memory.dmp

Filesize
19.3MB

Download
memory/4900-13345-0x000000006E480000-0x000000006F7C1000-memory.dmp

Filesize
19.3MB

Download
memory/4900-13183-0x000000006E480000-0x000000006F7C1000-memory.dmp

Filesize
19.3MB

Download
memory/4900-13243-0x000000006E480000-0x000000006F7C1000-memory.dmp

Filesize
19.3MB

Download
memory/4900-13274-0x000000006E480000-0x000000006F7C1000-memory.dmp

Filesize
19.3MB

Download
memory/4900-13253-0x000000006E480000-0x000000006F7C1000-memory.dmp

Filesize
19.3MB

Download
memory/4900-13249-0x000000006E480000-0x000000006F7C1000-memory.dmp

Filesize
19.3MB

Download
memory/5524-13191-0x00000216448E0000-0x000002164498C000-memory.dmp

Filesize
688KB

Download
memory/6000-13190-0x000001D3DA970000-0x000001D3DAA1C000-memory.dmp

Filesize
688KB

Download
memory/6000-13047-0x00007FF8DE280000-0x00007FF8DE281000-memory.dmp

Filesize
4KB

Download
memory/6000-13046-0x00007FF8DE1A0000-0x00007FF8DE1A1000-memory.dmp

Filesize
4KB

Download