c9f2e2abb046ff2535537182edf9a9b748aa10a22e98a1d8c948d874f4ffb304

Resubmissions

23-12-2024 14:32

241223-rwlzmssldk 8

23-12-2024 13:20

241223-qk92nazrcv 3

Analysis

max time kernel
407s
max time network
407s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-12-2024 14:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SteamtoolsSetup.exe
Size

978KB
MD5

bbf15e65d4e3c3580fc54adf1be95201
SHA1

79091be8f7f7a6e66669b6a38e494cf7a62b5117
SHA256

c9f2e2abb046ff2535537182edf9a9b748aa10a22e98a1d8c948d874f4ffb304
SHA512

9bb261b4ed84af846e07ffb6352960687e59428fd497faa0a37d70b57a1a7430d48ac350fbb0c3f0f11e4231a98ebca4d6923deba0949fdd7a247a3c02737355
SSDEEP

24576:4Fa9OUi2VoN2gZ1M8UQag3BXrYZt+GgGTfG74T+TRcL:Z9OUiTN2gZ1MExEZkkf+4TARg

Score

8^/10

steam discovery persistence phishing

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	SteamtoolsSetup.exe

Executes dropped EXE 18 IoCs

pid	Process
992	SteamSetup.exe
4856	steamservice.exe
2028	steam.exe
5140	steam.exe
5124	steamwebhelper.exe
5260	steamwebhelper.exe
3052	steamwebhelper.exe
1428	steamwebhelper.exe
4036	gldriverquery64.exe
5528	steamwebhelper.exe
5500	steamwebhelper.exe
180	gldriverquery.exe
1640	vulkandriverquery64.exe
6016	vulkandriverquery.exe
4472	steamwebhelper.exe
5524	steamwebhelper.exe
2248	SteamtoolsSetup.exe
5880	Steamtools.exe

Loads dropped DLL 61 IoCs

pid	Process
992	SteamSetup.exe
992	SteamSetup.exe
992	SteamSetup.exe
992	SteamSetup.exe
992	SteamSetup.exe
992	SteamSetup.exe
992	SteamSetup.exe
992	SteamSetup.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
5260	steamwebhelper.exe
5260	steamwebhelper.exe
5260	steamwebhelper.exe
5140	steam.exe
5140	steam.exe
3052	steamwebhelper.exe
3052	steamwebhelper.exe
3052	steamwebhelper.exe
3052	steamwebhelper.exe
3052	steamwebhelper.exe
3052	steamwebhelper.exe
3052	steamwebhelper.exe
3052	steamwebhelper.exe
3052	steamwebhelper.exe
1428	steamwebhelper.exe
1428	steamwebhelper.exe
1428	steamwebhelper.exe
5140	steam.exe
5528	steamwebhelper.exe
5528	steamwebhelper.exe
5528	steamwebhelper.exe
5500	steamwebhelper.exe
5500	steamwebhelper.exe
5500	steamwebhelper.exe
5500	steamwebhelper.exe
4472	steamwebhelper.exe
4472	steamwebhelper.exe
4472	steamwebhelper.exe
5524	steamwebhelper.exe
5524	steamwebhelper.exe
5524	steamwebhelper.exe
5524	steamwebhelper.exe
5524	steamwebhelper.exe
5524	steamwebhelper.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\steam_controller_english.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_color_button_circle_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\mss32.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_gyro_pitch.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_030_inv_0321.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_rb.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_dpad_swipe_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\hp_m1.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\joyconpair_right_sr.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_mouse_5_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_r_click_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\filesystem_stdio.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0220.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\creditcard_back_amex.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\icon_folder.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\bump_paper_n.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0344.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\friendsui_vietnamese-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\platform_korean.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\strings_all.zip.vz.c904f95b8996c66336305408448b8bede03956d6_2006928	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0303.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_050_menu_0030.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_button_circle_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_l_up_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_r2_soft_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_r_touch_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\trackerui_romanian.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_touchpad_right_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_button_view.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\GuestPassAcceptOK.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0308.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\flag_inactive_top_hover.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\vrwarning_dialog.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\layout\gamespage_details_subheader.layout_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\xbox_360_koreana.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_sr.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\tabStdTopLeft.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_l2_half_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_ltrackpad_down.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_gyro_yaw_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_r_up_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0301.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_hungarian-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\btnSelBottom.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\sounds\camera1.wav_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_r_up_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_100_target_0010.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\dualshock_4_finnish.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_button_circle_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_p1_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_r_touch.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_outlined_button_b_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\sounds\deck_ui_slider_up.wav_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\fossilize-replay.exe_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0423.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_button_r_arrow_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_touch_tap_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\xbox_360_brazilian.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steambootstrapper_romanian.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\chord_xboxone.vdf_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_touchpad_click_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_l_left_sm.png_	steam.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
3416	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133794379904129251"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\steamlink	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steamservice.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\steam\ = "URL:steam protocol"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\steamlink\DefaultIcon	steamservice.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steamservice.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steamservice.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\steam	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open	steamservice.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	steam.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5880	Steamtools.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
208	chrome.exe
208	chrome.exe
208	chrome.exe
992	SteamSetup.exe
992	SteamSetup.exe
992	SteamSetup.exe
992	SteamSetup.exe
992	SteamSetup.exe
992	SteamSetup.exe
992	SteamSetup.exe
992	SteamSetup.exe
992	SteamSetup.exe
992	SteamSetup.exe
992	SteamSetup.exe
992	SteamSetup.exe
992	SteamSetup.exe
992	SteamSetup.exe
992	SteamSetup.exe
992	SteamSetup.exe
992	SteamSetup.exe
992	SteamSetup.exe
992	SteamSetup.exe
992	SteamSetup.exe
992	chrome.exe
992	chrome.exe
992	chrome.exe
992	chrome.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe
5140	steam.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
5140	steam.exe
5880	Steamtools.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe

Suspicious use of SendNotifyMessage 55 IoCs

pid	Process
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
5124	steamwebhelper.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
5880	Steamtools.exe
5880	Steamtools.exe
5880	Steamtools.exe
5880	Steamtools.exe
5880	Steamtools.exe
5880	Steamtools.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
5140	steam.exe
848	chrome.exe
5556	chrome.exe
3888	chrome.exe
5880	Steamtools.exe
5880	Steamtools.exe
5880	Steamtools.exe
5880	Steamtools.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 208 wrote to memory of 3320	208	chrome.exe	89
PID 208 wrote to memory of 3320	208	chrome.exe	89
PID 208 wrote to memory of 4540	208	chrome.exe	91
PID 208 wrote to memory of 4540	208	chrome.exe	91
PID 208 wrote to memory of 4540	208	chrome.exe	91
PID 208 wrote to memory of 4540	208	chrome.exe	91
PID 208 wrote to memory of 4540	208	chrome.exe	91
PID 208 wrote to memory of 4540	208	chrome.exe	91
PID 208 wrote to memory of 4540	208	chrome.exe	91
PID 208 wrote to memory of 4540	208	chrome.exe	91
PID 208 wrote to memory of 4540	208	chrome.exe	91
PID 208 wrote to memory of 4540	208	chrome.exe	91
PID 208 wrote to memory of 4540	208	chrome.exe	91
PID 208 wrote to memory of 4540	208	chrome.exe	91
PID 208 wrote to memory of 4540	208	chrome.exe	91
PID 208 wrote to memory of 4540	208	chrome.exe	91
PID 208 wrote to memory of 4540	208	chrome.exe	91
PID 208 wrote to memory of 4540	208	chrome.exe	91
PID 208 wrote to memory of 4540	208	chrome.exe	91
PID 208 wrote to memory of 4540	208	chrome.exe	91
PID 208 wrote to memory of 4540	208	chrome.exe	91
PID 208 wrote to memory of 4540	208	chrome.exe	91
PID 208 wrote to memory of 4540	208	chrome.exe	91
PID 208 wrote to memory of 4540	208	chrome.exe	91
PID 208 wrote to memory of 4540	208	chrome.exe	91
PID 208 wrote to memory of 4540	208	chrome.exe	91
PID 208 wrote to memory of 4540	208	chrome.exe	91
PID 208 wrote to memory of 4540	208	chrome.exe	91
PID 208 wrote to memory of 4540	208	chrome.exe	91
PID 208 wrote to memory of 4540	208	chrome.exe	91
PID 208 wrote to memory of 4540	208	chrome.exe	91
PID 208 wrote to memory of 4540	208	chrome.exe	91
PID 208 wrote to memory of 4516	208	chrome.exe	92
PID 208 wrote to memory of 4516	208	chrome.exe	92
PID 208 wrote to memory of 828	208	chrome.exe	93
PID 208 wrote to memory of 828	208	chrome.exe	93
PID 208 wrote to memory of 828	208	chrome.exe	93
PID 208 wrote to memory of 828	208	chrome.exe	93
PID 208 wrote to memory of 828	208	chrome.exe	93
PID 208 wrote to memory of 828	208	chrome.exe	93
PID 208 wrote to memory of 828	208	chrome.exe	93
PID 208 wrote to memory of 828	208	chrome.exe	93
PID 208 wrote to memory of 828	208	chrome.exe	93
PID 208 wrote to memory of 828	208	chrome.exe	93
PID 208 wrote to memory of 828	208	chrome.exe	93
PID 208 wrote to memory of 828	208	chrome.exe	93
PID 208 wrote to memory of 828	208	chrome.exe	93
PID 208 wrote to memory of 828	208	chrome.exe	93
PID 208 wrote to memory of 828	208	chrome.exe	93
PID 208 wrote to memory of 828	208	chrome.exe	93
PID 208 wrote to memory of 828	208	chrome.exe	93
PID 208 wrote to memory of 828	208	chrome.exe	93
PID 208 wrote to memory of 828	208	chrome.exe	93
PID 208 wrote to memory of 828	208	chrome.exe	93
PID 208 wrote to memory of 828	208	chrome.exe	93
PID 208 wrote to memory of 828	208	chrome.exe	93
PID 208 wrote to memory of 828	208	chrome.exe	93
PID 208 wrote to memory of 828	208	chrome.exe	93
PID 208 wrote to memory of 828	208	chrome.exe	93
PID 208 wrote to memory of 828	208	chrome.exe	93
PID 208 wrote to memory of 828	208	chrome.exe	93
PID 208 wrote to memory of 828	208	chrome.exe	93
PID 208 wrote to memory of 828	208	chrome.exe	93
PID 208 wrote to memory of 828	208	chrome.exe	93

C:\Users\Admin\AppData\Local\Temp\SteamtoolsSetup.exe
"C:\Users\Admin\AppData\Local\Temp\SteamtoolsSetup.exe"
1⤵
PID:3124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa19c6cc40,0x7ffa19c6cc4c,0x7ffa19c6cc58
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1796 /prefetch:2
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2052,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2080 /prefetch:3
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2488 /prefetch:8
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=2304,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4840,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4844,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5140,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5100,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5124,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5280,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5500,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5528 /prefetch:2
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5776,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4920,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5580,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3108,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3264 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4868,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5336,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  PID:4256
- C:\Users\Admin\Downloads\SteamSetup.exe
  "C:\Users\Admin\Downloads\SteamSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:992
- - C:\Program Files (x86)\Steam\bin\steamservice.exe
    "C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4784,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5156,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4508,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5520,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4548,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5388,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5296,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=1252,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5012,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5792,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5104,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  PID:5244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6148,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6180 /prefetch:8
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5700,i,8536276501969966603,15767884176431090616,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6160 /prefetch:8
  2⤵
  PID:3140
- C:\Users\Admin\Downloads\SteamtoolsSetup.exe
  "C:\Users\Admin\Downloads\SteamtoolsSetup.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:2248
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /IM Steamtools.exe /F >nul 2>&1
    3⤵
    PID:3932
  - - C:\Windows\system32\taskkill.exe
      taskkill /IM Steamtools.exe /F
      4⤵
      Kills process with taskkill
      PID:3416
- - C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe
    "C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:5880

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1572

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4524

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies system certificate store
PID:2028
- C:\Program Files (x86)\Steam\steam.exe
  "C:\Program Files (x86)\Steam\steam.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5140
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=5140" "-buildid=1733265492" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:5124
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1733265492 --initial-client-data=0x280,0x284,0x288,0x27c,0x28c,0x7ffa1a83af00,0x7ffa1a83af0c,0x7ffa1a83af18
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5260
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1604,i,14653169265608644456,5036508576973430978,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1608 --mojo-platform-channel-handle=1596 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3052
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2240,i,14653169265608644456,5036508576973430978,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2244 --mojo-platform-channel-handle=2236 /prefetch:3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1428
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2796,i,14653169265608644456,5036508576973430978,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2804 --mojo-platform-channel-handle=2792 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5528
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,14653169265608644456,5036508576973430978,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3148 --mojo-platform-channel-handle=3140 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:5500
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2052,i,14653169265608644456,5036508576973430978,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2044 --mojo-platform-channel-handle=2180 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4472
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3668,i,14653169265608644456,5036508576973430978,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3776 --mojo-platform-channel-handle=3824 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5524
- - C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:4036
- - C:\Program Files (x86)\Steam\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:180
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:1640
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:6016

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3728

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x470 0x504
1⤵
PID:232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\bin\SteamService.exe

Filesize
2.5MB

MD5
ba0ea9249da4ab8f62432617489ae5a6

SHA1
d8873c5dcb6e128c39cf0c423b502821343659a7

SHA256
ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d

SHA512
52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
15KB

MD5
d7b0becd35530eb2f723d7d6ff20ea2e

SHA1
2561229a0c4014da719626b1ba87594a080b999c

SHA256
c847d0e3d0ea49e1ed3460e5e897c4a16a70550a7bb01415c56c9e3e134720c7

SHA512
ac84e71a6756ab0b74efc78991106ca265d8f0cd96355ebe7a3a881dfae91360a1e8c1c7275d6b8b860c3438c14f8d36ed7e1b8260254547dc9f080fc5453ca9

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
23KB

MD5
8a2ad1179f92bb583d1ebe718b82d8c2

SHA1
744c175c0fb27b6dd2a9534d529329e4c7374b1c

SHA256
2396d5538a1937249265a1670a6c5b1f45fa0efd0107d1aae7bceefb819d2b71

SHA512
4f874ff927c8f39960fa7dcf8b4d8499b9d4a8077a4448e4ac68c39b8b28bb98ab183bacba3eab71b53587c751128709ea50f7f179dfdb1bde0e03ab0fea47d3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
23KB

MD5
90a4d0fb61fb36266abfbf53e0530489

SHA1
44e85d4d8417824296667cda3083096bcfc7387f

SHA256
66c32f40b73195bc2978a3504ae4360b2a8f705efff1503e117743fded1f1ac0

SHA512
9e0a45371468fccab5c03e3c78c1ba341241f37a5dd98c2b809cb58c101f7a49fcbc1f0be85dae2875d0bb8736acce43ba215f470f35efade121bd63451c230c

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
27KB

MD5
3ca5516c152f5b29191a4ae5b4ec8523

SHA1
6e756e0d25e2a4fa693824f76270da47e7ae8ffc

SHA256
ba9df7f0588d6d82b5da6135517044228d5ca921c3dc6b291f757124fc8bc87c

SHA512
97c6901161a29f746f1dadfe83db15c4da2215653602b80fdb10dd716a4f568f91cda6a4857e9a683d6efdd533f18612b78570622ba4fcf6b7f3adbab4c3f41a

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf~RFe5a090a.TMP

Filesize
184B

MD5
3cdebc58a05cdd75f14e64fb0d971370

SHA1
edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe

SHA256
661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7

SHA512
289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

Download Submit
C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe

Filesize
16.3MB

MD5
1a475aa5000d3958df447de17e0dc14b

SHA1
8a45a8a2b38a524633a99abc7994aa0ac46c03ce

SHA256
1208c4d240918ab0b4767bc6a5c0cbe83ee7f21408fb0c5ea68769ebea759b3e

SHA512
e86be352a5732d18db772f3fc80a70ebb223d68148057663ed18aab5c2221fe6d1cb48d4f4e22940419e9144aeacdc03ea05739352f86aed7ce967afd7e80911

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

Filesize
4KB

MD5
0340d1a0bbdb8f3017d2326f4e351e0a

SHA1
90d078e9f732794db5b0ffeb781a1f2ed2966139

SHA256
0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544

SHA512
9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

Filesize
6KB

MD5
4c81277a127e3d65fb5065f518ffe9c2

SHA1
253264b9b56e5bac0714d5be6cade09ae74c2a3a

SHA256
76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9

SHA512
be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

Filesize
4KB

MD5
2158881817b9163bf0fd4724d549aed4

SHA1
c500f2e8f47a11129114ee4f19524aee8fecc502

SHA256
650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7

SHA512
f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

Filesize
4KB

MD5
03b664bd98485425c21cdf83bc358703

SHA1
0a31dcfeb1957e0b00b87c2305400d004a9a5bdb

SHA256
fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115

SHA512
4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

Filesize
4KB

MD5
31a29061e51e245f74bb26d103c666ad

SHA1
271e26240db3ba0dcffc10866ccfcfa1c33cf1cc

SHA256
56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192

SHA512
f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

Filesize
4KB

MD5
da6cd2483ad8a21e8356e63d036df55b

SHA1
0e808a400facec559e6fbab960a7bdfaab4c6b04

SHA256
ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6

SHA512
06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

Filesize
4KB

MD5
9e62fc923c65bfc3f40aaf6ec4fd1010

SHA1
8f76faff18bd64696683c2a7a04d16aac1ef7e61

SHA256
8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7

SHA512
c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

Filesize
4KB

MD5
10c429eb58b4274af6b6ef08f376d46c

SHA1
af1e049ddb9f875c609b0f9a38651fc1867b50d3

SHA256
a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13

SHA512
d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

Filesize
4KB

MD5
5c026fd6072a7c5cf31c75818cddedec

SHA1
341aa1df1d034e6f0a7dff88d37c9f11a716cae6

SHA256
0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382

SHA512
f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

Filesize
6KB

MD5
189ba063d1481528cbd6e0c4afc3abaa

SHA1
40bdd169fcc59928c69eea74fd7e057096b33092

SHA256
c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695

SHA512
ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

Filesize
4KB

MD5
18aaaf5ffcdd21b1b34291e812d83063

SHA1
aa9c7ae8d51e947582db493f0fd1d9941880429f

SHA256
1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5

SHA512
4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

Filesize
4KB

MD5
1514d082b672b372cdfb8dd85c3437f1

SHA1
336a01192edb76ae6501d6974b3b6f0c05ea223a

SHA256
3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4

SHA512
4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

Filesize
4KB

MD5
8958371646901eac40807eeb2f346382

SHA1
55fb07b48a3e354f7556d7edb75144635a850903

SHA256
b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585

SHA512
14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

Filesize
5KB

MD5
7e1d15fc9ba66a868c5c6cb1c2822f83

SHA1
bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7

SHA256
fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265

SHA512
0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

Filesize
4KB

MD5
202b825d0ef72096b82db255c4e747fa

SHA1
3a3265e5bbaa1d1b774195a3858f29cea75c9e75

SHA256
3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314

SHA512
e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

Filesize
4KB

MD5
7913f3f33839e3af9e10455df69866c2

SHA1
15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25

SHA256
05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c

SHA512
534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

Filesize
4KB

MD5
58e0fcbee3cca4ef61b97928cfe89535

SHA1
1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b

SHA256
c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425

SHA512
99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

Filesize
4KB

MD5
9b0b0e82f753cc115d87c7199885ad1b

SHA1
5743a4ab58684c1f154f84895d87f000b4e98021

SHA256
0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32

SHA512
b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt

Filesize
4KB

MD5
eb8926608c5933f05a3f0090e551b15d

SHA1
a1012904d440c0e74dad336eac8793ac110f78f8

SHA256
2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04

SHA512
9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt

Filesize
4KB

MD5
6367f43ea3780c4ee166454f5936b1a8

SHA1
027a2c24c8320458c49cd78053f586cb4d94ee6f

SHA256
f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998

SHA512
31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt

Filesize
6KB

MD5
e04ad6c236b6c61fc53e2cb57ced87e8

SHA1
e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4

SHA256
08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e

SHA512
0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt

Filesize
4KB

MD5
56dcf7b68f70826262a6ffaffe6b1c49

SHA1
12e4272ba0e4eabc610670cdc6941f942da1eb6a

SHA256
948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f

SHA512
c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt

Filesize
4KB

MD5
66456d2b1085446a9f2dbd9e4632754b

SHA1
8da6248b57e5c2970d853b8d21373772a34b1c28

SHA256
c4f821a4903c4e7faea2931c7fb1cf261eba06a9840c78fdca689f5c784c06c4

SHA512
196c2282ba13715709ece706c9219fe70c05dd295840082e7d901b9e5592e74b1bb556782181cdbe35bd1ab0d6197fef67258b09491fabc6f27606dbed667d49

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt

Filesize
4KB

MD5
b2248784049e1af0c690be2af13a4ef3

SHA1
aec7461fa46b7f6d00ff308aa9d19c39b934c595

SHA256
4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690

SHA512
f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt

Filesize
4KB

MD5
194a73f900a3283da4caa6c09fefcb08

SHA1
a7a8005ca77b9f5d9791cb66fcdf6579763b2abb

SHA256
5e4f2de5ee98d5d76f5d76fb925417d6668fba08e89f7240f923f3378e3e66f6

SHA512
25842535c165d48f4cf4fa7fd06818ec5585cc3719eff933f5776a842713d7adb5667c3b9b1a122a1152450e797535fc7a8e97ebdd31c14b4d4900a33ede01f3

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt

Filesize
7KB

MD5
53f7e8ac1affb04bf132c2ca818eb01e

SHA1
bffc3e111761e4dc514c6398a07ffce8555697f6

SHA256
488294b7faff720dc3ab5a72e0607761484c678b96d6bcd6aad9ee2388356a83

SHA512
c2e79c2505a6fd075df113ffce92ad42c146424ca39087601daa4ed15a2b5528d478a093921d9d8a738c7b6b963275a0693ebe526b6e2135d14ced03639d0e70

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_turkish.txt

Filesize
4KB

MD5
29f9a5ab4adfae371bf980b82de2cb57

SHA1
6f7ef52a09b99868dd7230f513630ffe473eddf8

SHA256
711675edb20b3cb70acf6cf75f2eea8e0d87c8ace3e11c8df362b4517427a34f

SHA512
543fe63f791250e05e8fda24fd2ceadebb4c8925e8927de49ae490895c87eed3e61a9ad50237532649f99fe3165836261de215ee3f66ffbfc6d677ddeea7732a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_ukrainian.txt

Filesize
6KB

MD5
cadd7a2f359b22580bdd6281ea23744d

SHA1
e82e790a7561d0908aee8e3b1af97823e147f88b

SHA256
3dd0edfbe68236e668fb308f92fe7c6493dbb05bfca85a48de93588f479ccc99

SHA512
53672dd13e6ccbe96f6d4a61297c595b6d6cba8de92caa51ccf8ab1d8a82eea5a425eab348f295b9ec27de0026ef849d9230f751a46e040be8863923f91b8519

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_vietnamese.txt

Filesize
4KB

MD5
f350c8747d77777f456037184af9212c

SHA1
753d8c260b852a299df76c4f215b0d2215f6a723

SHA256
15b6a564e05857a3d2fd6eec85a5a30c491a7553d15ffc025156b3665b919185

SHA512
efb86809a0b357b4fcd3ba2770c97d225d0f4d9fb7430c515e847c3dd77ee109def4bef11b650b9773c17050e618008fc03377638c1db3393ac780b5b0bc31b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
1fd2bcf7be677e004a5421b78e261340

SHA1
4e5abd04329ee1ffaebe9c04b67deef17f89ff84

SHA256
f539c848f584add20b43d5daefd614526b67adbf22b0c89eaa7802a8a653cd31

SHA512
929499946e38281bd808b37b362c4a86f3b6382eb1ecd5fc094410d3688906d14a114ca930a2cf38b6241ab734bc5959e6fe541270d47ca9538e82a68c99cc77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3cc5f25787055ebd4e519a93380ce8b3

SHA1
125797da2be25b441a10485993cb12242422df4d

SHA256
34f716f43f63f1ca3095b121c8009dcd7287ea53aa9d9f052d715db4057e3221

SHA512
9d12c9a4502455b8cac0aa9d80315db1bd4b76d6c3ab76921c1d26348b1b3ba6f058b5555c71cf07bf276c53d1534f3b23a0ba44d69c1cb9bf9aef48957ae85f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
19KB

MD5
8f661b8c2dc08d06a2992b1006fbf95d

SHA1
51f7614ee218ca027670a3bb0d7cfe1f23869602

SHA256
8bb39a6f700638d352b26ee0cb86fe5fd1127397dbc18d50a5bf37eb9ef6519a

SHA512
80789cf71769f1c03910535c610c942aa4be684433bcdff360ba309a6c15b3878920a49d1d1303c322de64f200b8e5d316b428b66668d51f9ddffaac0aa5f80f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
24KB

MD5
b201e8da90ef456598b8b3bb0e31bf53

SHA1
8bb524c8e9b17920c83d9a06c0b305e41cfca560

SHA256
2c8b630d1edafb8cc8c8cd73fff10c8ab6d06232929a4d458ec34628920f1665

SHA512
50126ac5b7800f5a848ef49ebc8e71d78cb5ee9c1602486b30e697ce57af32c868e46795ac2c157cdfd7fe65c03133c7a752813d520a9106adc3e50620b473f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
40KB

MD5
0c9f37673dd9c878a4b5bb419ee24b5d

SHA1
d973a8e073c1f76068f0947d495998f7f823d76e

SHA256
c1e12f630e7f356d154ffe4a7a3873e7e136e41c1c37e6c0fa4d2c52f1d269dd

SHA512
b361afedb4a910b12f7dd7b5b33d2914be39528bf4d1486661d0107c24135cff3a5393df1af85cd7d1551f0e601ea9d2ad4b147e56f469691e2b11906fd1514c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
17KB

MD5
a421438ebae11fcb4808982f78536c8e

SHA1
cb3287d6dc2557343cc2e4723f6bb5e5534ab075

SHA256
8d40f05f3d7b0c08cc959534185a4ec52963c06322e7c31dbf90266d9a0c6bfc

SHA512
5f6e88895377f671f867464313290d9cea0ccf4377ed74153c3fa745456ac35f9686fcf0a2e9643316c60f5bb677dfabe1ff408a56318c48e0f7853954abfe1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
216KB

MD5
60f3ab1dc0a84cf62f6d7c533345ff78

SHA1
68bd632dc672aec73c776b3c49322ac902e97516

SHA256
fe3fb6603c5f71392831a1b000179497379624f33a652b74a2ae7afa545cd942

SHA512
fcf4d20a55afebf404d04d2fef682865ddb85c26752786722e2193a37670022791f87426f3d9264e6a012ee72585cca1a3433e0c65ff75f4ba6c07ab4c288ee9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
205KB

MD5
c9c9e7a0321c20a8faea53cb744f62a5

SHA1
a4f7964d6df916c63bc019879e15dfd8a010c9e8

SHA256
9dc45a4308a94cc765a3fe2409e6998871eadf786e01bd0fdcbc5e354ced331d

SHA512
12bfb41ca0dffe67448d2ca50e44432d60f150b588e168efcebe37ce4f030da3161936d443735587b9833eaf506d6448bce92985c16456caa6b2b94b48b7896e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
22KB

MD5
9d53309ac2415ed6efe77b43a5a2b2b6

SHA1
31d26e32f551242c037116da7fe1f039bd1c4b41

SHA256
31e667f7d809056c4199b4204f46dbc6cd118a97530308229bbb9d450c42f89f

SHA512
25510c4cd3ac3388a1c91b5011e12a34c409f272d8f7fbec1a89cbff45f2553f7061c1f63d1a2c06f8773b885bcabd9c96501434b8905778132fffef80989476

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
66KB

MD5
100655c23b1e2cbdadf8919bf6f14f50

SHA1
1b535aa013148bcf8dbae70f31064ed03380f97b

SHA256
9de4c1063286a2bcfe2c2b232e45bd8947e70d941f4685a50fd9d99cc6b74fe9

SHA512
9904ae2ea00d092f4d2cad4969d26e08b1840373e6869b358f11686d109b09eebe25fbb6a45671a918e1be53130a4ca20cb5e217348a855811cc4fdc32808f67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000078

Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000085

Filesize
962KB

MD5
98eaf699f517ff88bb2f595bddb2c5d8

SHA1
eae1d3e4c6e6a8f9636c0efb0a04ecbabe8b63ca

SHA256
7aa34824dbe8dbfd8011576a365dcd057127406d61702634d69f0240325cc582

SHA512
7d9623ca066012a200a01bf48e0617fcfb35cad0efff091bc3b7931e98b72b95df66205cfa904ae9b84d92c9fcea421b366d9ef3023c023488cdabf91b5ef8c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000089

Filesize
16KB

MD5
35b2dae38942246d8383451b51150b87

SHA1
c492dc0853fe715d2bb812ee67ce74ccd48d1c58

SHA256
6443c875a7846a2eaa01e2aaf53f1ab0d128e8c3798169dd7cce6150f851b288

SHA512
6a49c48a8587f4b77c95047b272636ee3871cd55604bc229c313adebfa460849fe32724f78d97f00ee6a26645248b5c2a78d695563fca9eee455492362eb6517

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000095

Filesize
978KB

MD5
bbf15e65d4e3c3580fc54adf1be95201

SHA1
79091be8f7f7a6e66669b6a38e494cf7a62b5117

SHA256
c9f2e2abb046ff2535537182edf9a9b748aa10a22e98a1d8c948d874f4ffb304

SHA512
9bb261b4ed84af846e07ffb6352960687e59428fd497faa0a37d70b57a1a7430d48ac350fbb0c3f0f11e4231a98ebca4d6923deba0949fdd7a247a3c02737355

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
b5b62aec16586b352279a25ab5705a0c

SHA1
32620de2a074dc479caef9fc9fa22e16d0044a53

SHA256
99f8f383675f71abcebb327be41272d48bc857f0c7f4d8419580a11b8c1a65ad

SHA512
d69f02d4045515cb33236d5a1d54880cc84a2ec618d6212b5fa1ddf8f0e42a9d334a9094b040c9faf3a5b7f13306e87bf5ac5863449aa981db95d9249334a7f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e5f19ec0fa6b16094774e35256a58780

SHA1
a1aa4625aa131007757c0ead126ca1b6eb948106

SHA256
60e163490367cabce6068aa9c8dd8466b26eed085ad8bb9a9515ade1c5665685

SHA512
dd5e96fabe3c49bef4af37504c48201960a99eadcba58b3866f63435259bbcc284cd3327684451b09511e385544312178cea26ece743ccaeae578a61ddde55ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ab056ede9d09f62dafe47fc48ce666a2

SHA1
16f39bdaf380077e109d10bd3b402ceb6b3e3c8c

SHA256
a0cd029cbf098b54a8731d81a95861f61f39bcd2c3f24f98fae95172c84e6c02

SHA512
0a6aa9d587b8849467423aa25859061123f9c39e9f8e885c13dcb56ba84818e421b68f3b41d82aa0b98ef0c79121a0d8acd8fd48aec0c2af80a92bb2fc293734

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f16ddfa5d36396ebeb02ec7948ac9328

SHA1
eef75d9ede1c9c10507589ffe28fa771067a8dc3

SHA256
f64d3844cf859ad9b4856e679d0e0407b997ff26475b85ecaeead83e89d11fcf

SHA512
d2ffb1dc7c7ea36ece04f136f71ecc9c187024287dac042a87ad6be5497fd30972e462b8d543009d6eef39ae838ee50ba24f326561b579b25dd738b45bed1e64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e6b08fb1edf745bdb0de0e6b9978ddeb

SHA1
225384e302778661e5b2727f1f231c7afab59aa5

SHA256
2cb4846b720bf090dac53eea4553f66254ab1258dade81c8219accb68c629437

SHA512
be2aeea34fbe28e7e9afa9271dc9e1c4cd8dfb84720820fb80b5c64492c36637da0cedccad11127de98f24d6684460abe2e54a6164f0a570c6619fe87efdbda6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
3eb7a42fb758b1b56b576e87e3f2304d

SHA1
798d379641632707af859b5d7158a485d8c5c157

SHA256
c4bf0fb29d7b79253d46add9e10bf662df30ca39b220f6ccf49ac18d7ee91a34

SHA512
d8c5b9fe068c9558712456c3fd2de61d82d3b5726e5d4bf3309d7f580e8febb8b15bb535a0c09c78a5acd0f7da7900ddfca33e2556fb021b5dcc19e167a9650a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
762fe11fd271998a4a153b6ae6570001

SHA1
fb7c26195c3f9464010798e55ed0a4b501bd3a79

SHA256
ec077cc1badab9b4f4f75ccf75829e139eba78b3fc676e0b855dc74cdddddb79

SHA512
5869ee9711e5bfded0c446b9bb458c5fc4cf082e4eaf56c90e7b5168134ad675478ff34314cc2ee5873982828965d9bc3290ee6c558fd3f681241a86c4f1f2c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4736a20472ac65e808f84b746dcca4de

SHA1
b33450f298c5ab54f459715f9679f709d8aa7cd7

SHA256
1325509d8b00f23d95692565f5bd8a8576783c0e275de50510faad87fa3376ad

SHA512
19ee1ef95a0d96daa9319531d34a60b98d15a9bea4855c9020b330d5e72c5b2d2a50400d1f4cd3d4065865772649d400e5c7ada822d32d8f1e97c7c8387fd509

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
49f4cd4323ea071f9be3aedf418fb08d

SHA1
fd97cc9dc1db9d5e6d1facea00c34441a20fd391

SHA256
b3f5b1260874612efcf2d45829104b3011f4bf7cfca43b1b550042daf5aba2b6

SHA512
eaad193ca81ef3030e94ff2799af7870ca6cc4aa4d3146315c97a887dc85ad36295fe7920721db9442a49b5b6d990d1c241181c9dfb6c180d816728440ca035d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e0c8c13171d83cfcbe027e02009bc2d2

SHA1
d1af60b2465ab2a50b6b1fc6d68d3626c0ae05fe

SHA256
f6375cdebc069416ea2f7809818693638a8874d8dcbc02de266619db766060e5

SHA512
465bf9b4e20b4b551dd4af5380ba0f74d73ba65915f9333bb7684fd9781f7dbb8fea973dc9cfdae58e7f9ce8a4cee5a3e5053973cd1159a369b6ffd78b162ca9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
695b9a9b937299d982c0126b8aa2cca0

SHA1
378006baf32a79c4dff30a90d68d0b8344319bc1

SHA256
11f69ce99e60e0ee4fdc22627d7ad19618c5c044e79e645e99b9de14bf250553

SHA512
ba8251bae37422cd7d74d249a6a7e61e6569dd6910ad2dc2ae39263906b2938ce6e515569ec6f191cabc732aa76c4f53911c3e8a0e1afdd0326bf83461bbce79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
793b40822e306dffe04ddf5ea3d89e00

SHA1
265812e8e3001b2539c843ab0c3ba75e77cfd0a4

SHA256
446da3dc50c30652cb586cf5413ceb6f01571c9380d0dc79441de9fd58485810

SHA512
edaf9d714fe6ddaff499d2e99e43f8a4c958d80c05ecd98a345b1e5a2a48934b390c6f2506287dd6a79818dc2db9565fefccecbd2acaf4bb06c6ae1906540215

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
cb8352e2ccd4bd88d55545b80105b0d9

SHA1
41f2806a3b90460a19a60496fe816003834bbc33

SHA256
87892f90b1e657d2025e4769a7929c74c1deadf7a7db6ba4ae7efd0a9352fbd1

SHA512
545558d505469921896edb0bdb40b5bac73151e4e6dd9aa788198485824688e0d839d61f26546a8c8065fda1d573d21a6ca825aded41278fc4f6c81a4608a137

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
ceec64676d4f672994d29180cd474ca9

SHA1
da20a0c3e20e2770bb6a64ca545030d754e04060

SHA256
33041a0bc951e72737206835fe050330843ca8a1e2e8143ea5e7f0b51e99a16f

SHA512
b1194ef2331c9fc935c30e279eb2823cd6f9171fc96bf24dc654a96d9f6768fe3a9798cf511d93999aae93e00b902a0e68e3a256e7a605e6b13284cb85d2baad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cd03d61d5cb7d6e3140fcd66a5529301

SHA1
2c31718d7393e15bdb79644780ad0a61649f771a

SHA256
9a5dfa69a203f2db7ab8ce38b6972dfa1a9f827d76ae10f7d9728cc324203005

SHA512
4ed7d6f21c51a880e19c88c4b2db15de9dc546e2928b263e70df0960f3aeb83bf7a6339813aa768ec0d008820b18c107d9175d7323c565eddc8822b0304011e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a41d87a3d7a83a6541703fcdde359d2f

SHA1
986f2b589a2fde95a9890a911f2b9676dddd7d81

SHA256
dc3bb7fe98cf830dbcd368d2f9907afa4734b967ecbe264616f652670a51299b

SHA512
8b8c8d4b96338be23e5fb2d05540b4cad0efcbd5663a0f55fc8851a2da770a19ceca4088d843e749bb237d002c6912790690b9442b99ed9d4ea213f57a32c41d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fa18b336296013ff46fbb1c0b0ca8a7e

SHA1
9bccaac55c28a17054f9f7ec0b2d16a03add23f1

SHA256
9698af3c94d9490fd7156a5e6f12906e3f90b2c108ef8cd5b715b022693947b3

SHA512
2512559414cd413d96d626bdbc2ac81d7016c65803e705d5f9a9dc9b3857a7645f04b40e7e1a000824e603a3c0475f79dbd7a960dfc17f023858263da407cd23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ec64060cae9da7e6635ae3214c194b63

SHA1
7cbb18bec1ac24fe34e950ef7521057655df30fa

SHA256
efc342a111465c5e140d52196491db4b7a859c23c7d70747c663a3e31c0bb89b

SHA512
3557f41d9d5520e60dc39e213973cab0177804cf3349ac55acec5efb6dfc44c79747ec0fdc9f1f22372d9c41ff9d4ab5c9068fd15ed01eaac6de043e6f341674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
aa87da77bc5db8e51df854aaaa7f00c8

SHA1
2e342052591ef7611613c7f7a5faee894f11be1b

SHA256
818de13abfd7628c40112215e6ec97a0ed69834396dbdb09a56907eb568060c9

SHA512
208168a7a5eeb5d9f62928a08fcdf590e6216625cbf2455e20901133c46f89546ddbee2d4c2d6f630be83d15eb70136c873a8be7feafb20c2a6ad686890690da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
509f672983a70532a8f6ce63b6142070

SHA1
aa1b4d9eea2615f011bf873f2cc64c526b074a6c

SHA256
dc39c70192c637b8974647d916bdd582203afc0e53dd96290c423e52a95b9c63

SHA512
81ef3cf96b471014a62f7970ad452f9b51dc42c71e5501692285db89edd3b5deb7ecedc05ec1f298a81750438eb37e288e382063ead6f33611dc19187e78250f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8e113e99df6f98df7e1cb542401643c7

SHA1
c5feb84b951bb5bba0ca793c7c462a27bbc4ee4b

SHA256
1e0ea21264a0e16f62272a92e3a2c0a1ae9d7ed86ec5d7917dfb730da94f84a3

SHA512
66f8b80ba7bee9c5fbb94d0279c58264b120cdc4f6dc256ffd3bcf52457ce49e0a6bbafcd226d7e9282cfb9f131e7e6356ac51a340365096e13ae42e075c53c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
7ef9ca821ea1fc8a51bcc6c498ae4eed

SHA1
29baf442b2961c4e0f6c17e3d67aa18faaba0ddc

SHA256
7b96f171c43643c6a03c5bc99ea4f3e15ba2346cc5d8b06b4ae0a7a97c90dee8

SHA512
3db7f86d39176e9a4a827a6e0d612663b8f29dc33feb57dd291458ee6aad6c06923c7ed640f187515b4426e8a9dad44a51dd88fb1b608d50fc98d6079704240e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
4fe499214e2c38affefc1ec39e0c05f1

SHA1
e5ba864b16dbb208affa09c6dfd4e9359d5815b9

SHA256
2b0e6e6b68e975d8df42a5950751167470c9a6fabbb03bb798014f89e55c315b

SHA512
39916e2e4f0a0b8dd02db96533f2ebedafe8933d88687fa9e35bde3d98e06e7db9a451cca61562b3bba299287331d247ccfe414acb146939f76f49dc24a3f091

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6c91c600c4d3f37c151ff367ccba1d8a

SHA1
f3a09e5c66afa7e66f6a5680ace3d4d8fb92cefc

SHA256
6844fe3bc40c549293199442c7961b006df199c16a90a2cb2260fdf68489f885

SHA512
d730b810b485efff5abeca595129ee24830e14ce4bf27199c2c5a0ec4bdb9bdaf59d59611292d76909d1ea3ed7c311ccc4f28910338e8bed75691d463997b2cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
78993429cca98f32f999f7e211aa4fe6

SHA1
03cfb90bff4f82337c608a3f9b655e056a0c0681

SHA256
a08e2d58dce11fd986f8acc60112dff14280015a21d6f01af5caa0e57e8dfc42

SHA512
cf6111cf228fb0460b9c069051ba566f635c387714d5bdff122cdb78ecc2c03e0ec329137c46ddb387f9d7f567d8d7592db0eef98c3720f5d66aef9a522df5fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
c5946ce41172cff2169344929c9acf6b

SHA1
e8d3b1c150463465e0d730d5ce485c760b9938c5

SHA256
cde8f4eda83b82ac37479b8fe9ecafddb0d4b637cb2e1620d441b2623517ac10

SHA512
f9d999c4f148fd723979e34f613620a9c47f3802ac2a154c5d8fc8fa755e6c6806a943973bab18db5e5bf38a4c41b17545d73f9359d674d64919ba47f53852bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e6cb40e7ccb94a466fa1d7dfab7c1c73

SHA1
f411595e9a1ab3f7289fd1f59fd2018e3895f1cb

SHA256
04b30cd6d0dae1a665c3c69e4bb38d5c1bc7b31af329798326f6f1ba42d75510

SHA512
033e4205fe42d7a18ca94aa3543f61b5c4e337fb9558eaba0cc2b6460f0ba61432aea6a618d5f3a69c77e4aaa80820fb21e45204e3ca9696ef7f81d9df58b4cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d2e5655341e36c5d31db51789244dc9e

SHA1
9366c1f7345a2e831ed6b3d8387b8b3453ac70b6

SHA256
ec2364fa6b08c73c83352b6bf2e118756c8eb0b59c1cc8946810b618d135b96e

SHA512
63480c632126962d9ef8f32859ef9431744413bfffdd680226123cfee6dbb828fe34f55427be32179810a5dc3f6be2cca39ac93331f84dda71ce4f503bfc84d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fbbe00f39630b4b0bcc14792b9127e24

SHA1
6c82d57666364ce9385997c9c9267678284f856e

SHA256
631544e513f5c6b198d4c17eda8f8f358c162cb1ed9a30b7fdf67b472af1817b

SHA512
b543de35f92130d7eeb3cc4235c0be0745611b977f190eaa038af0ccace9acfa4525216a37151274fd0784624630324195d1848b019d01159ccb432f84261dee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
efc9546431fcd0d2ad4fd0ee163f71aa

SHA1
69978a6c2c61e7c6c4739a6f1cc03df7937f43bc

SHA256
6e819f8075e113bc8037afcf244c5a213fb46b0ba4b7c61c43fc97a47b9c8fca

SHA512
5acb4b511a560b1059c13a19723cfe6f17dd969d11fdd29b0cbe04cd756924c7d58eba9270d7d2013cdeec8e58957d2a6c93c1a3d946505448a9e965c9cde113

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6a93c260f0d46a6e7653601d4ac0ed12

SHA1
8cdb537a241451e279e91232c8781a0e1673dfcd

SHA256
7f1ed53501927d9991e524081dc4eda6045e9633202223972a7a885ea4e41a96

SHA512
43c15e92e95e6bec127025f52318932feb825635075c4797cf03e3f9981a6c481c5325fed5c9f21d87254b20e69113b5ac2d91e0e2c296a055dcf512a5111a78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dad151d295e0b1fbd36f8de8c68f130e

SHA1
980f5d5a1a4280d6edf4dfa39958c271d796e0be

SHA256
a6248caccc427fb945b8ec0dbca120d9c5fc9f83f37e8073c1c7e7e676c9257f

SHA512
289449725f3ea1f0eb9fd7ba75c243e025394b62d23822f419f59817837c43eb97fb4e407d8044f159b34ade7ae01138badcbf02595fa9cb00aeb94a1732956a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
146ef37273f4baed8a99c90a761555b9

SHA1
bbcb6b89dbed13f1b5eb52e4676385138fb1e65f

SHA256
a28efb7cf6071cee8858ae819f3c1574eb8407ce994ed5fa74951cf22b90a63e

SHA512
da8bc4a7caba06e9659c4ab6ddc2389976f8573fc842b707eca3390bd40fdec898e013b1cc2ac90c89393592cd5d21425b3808d08331f229d9f5cbc0029eb0f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4e7cd77082ee78945dd71804413768b0

SHA1
e30aea2a1ab2a07a887b2cbbe36be311d8664c3a

SHA256
bd9b68f68aa4b5842c03d1377e9cf3a0926e7a79b8ad3ca853e83089bb7a028b

SHA512
d1c6178153feed5772ee4fb665e5e3a90605f63340c073df43fba063a27e537dc0aaa4410570237ce4f4044f82266d5e2212e2376fb57d1bce6761575f4ae65d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9ed4696f9df7a5bd21791a0bad2b4c2c

SHA1
79bfc1bbcefd452ebf2ac613148ba6543eb62108

SHA256
6c295a71b57c8a10e09c3e1cf9fae8607737e0d83fbc05f68a6c2e2428e9c97c

SHA512
f40431bc28a1b6a809651e901e0cc5d0e2476bfbe1e70077abe46390afeb8d9ac9ea4d7a325c63bc170f599ac7b8729401166c02f2d2fd45d53fe708f14b3254

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8847639b4f52685e8daeadaf39792f7d

SHA1
c0764f848d1ea93671f867dd903c0d7e174fd6e4

SHA256
c27f2c66663b33474b9eadd4204249891b5f0cfb9df380b0745af1c0afa2de42

SHA512
5c4e64d3fa07b30217e064c7b4078e629542f89850fbf9f23fd772bee099d004189caafa3305709b4f87a749ca8db6d65ffde846904460bfc82047fc125cb7b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
264434c5e104323eede93015027ca795

SHA1
d2a0d23ddc5612d9eceb42d543540a9f156f00a9

SHA256
a2d4e3f8af7bf99871fe8a92daf4fb5f66fb9576915d3d370856f41bc2f530d0

SHA512
55e43fd463760b3ad17192cfa55ffd975de60e001e6cb91dc4a9e1081bc8b32638afe4ff6ac623551805180896da2b48daef50ebad6fffc3d834c819f4a08c51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f3cc994a834eff8d7acb8c2668ccf2b9

SHA1
3cf2ab95f3f195639da40f6c0161865d285c4748

SHA256
a8f02829fc8a2cb605bd929823378ec86aba4d68fd1967eac3b338a4067165cc

SHA512
87865e4e4dd197afd2936761c221bc35b32d65c4dd447cc5cdf21ed9302825da53243970d144d6e86fda2420b249d20aa1ae5dd01a59f38fd9fa920ed4638f7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c3dfa785d4e2bc6c2b86fade4fea2ff6

SHA1
b1b8648943fecc2a849f07c773ed072fbee8f7e5

SHA256
b9c78e918198b9f2b5454e835747ce11a1872d62413fcebdb1e9aee9450041cd

SHA512
92331dd71db12d8e4f992cd05ceaace4b0ebc83d405c76f2252092bbf92c7c8d3d7324852a24543522a710c5a9a60de96e580db62870dd4a5bbacf0c0d4eaa76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
ae44778f542a9a5a2d8c717c397ec1c3

SHA1
3fcb1d9245a4e1495109ebc7324145955930912c

SHA256
c20ce753ef3a34dd45fe2256fa7c08c9f23c414216bcba4bf9ae5f2acd50b7e1

SHA512
a9ec6e056aa3eb8b0b99deb8d968a61f3fff7b1d5224c6d37b2ffe034924f64ec76749bd6b88c8cc173d886e357f13e3b9062899044387ebeb14330956145109

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
04f43b8cacc28dead2d91b3193048eaa

SHA1
ffea636e58c91724c1b23644c78ea1907a0556c0

SHA256
8107960e36a861b2ed90c8974d6c1e0576ed779212b55b50b8b32fe8756b0836

SHA512
24103d8cd0c5a742fb148d223d5fd8eb9561785f8e628bf2ed3cf41e149b8abc6c799f2a6abb0afbe9300283f4247761ec429b37eebb32ee009938d30ba5228f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fbd60c5ed4e0c8b134384f6707271a30

SHA1
b1c007aa6a1df0047a70bb9ae143b644b7deba71

SHA256
59080748280b07d5e9ad2639a9742042abd51a57bd408e088db5314b77c634cb

SHA512
bdb7938d7dfe19d7a4c7b7119bd2cc658f7a077d6b3c52a6534d2f0085b26252afc831d51eb9d9657066ed083ce3bd0871201509f29159e08563c318f8cfeff1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d26c2827417cbe2d26e7f3b68b464aa9

SHA1
71502a42df765aa2cdfbd4d5eb03fa525bcf0802

SHA256
352d5dfed724db01ba0ae0226ae690be86ed25983119c5dca14bfe75136f40f2

SHA512
0879528d192b629d4782709a3be6f4f3b0c7fc24c4e342828b6a3f5d43e2ee8b910fdaf6b14894e3c1c190486d056c730bb02f888463fd7cff4ea1bff37103c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3c64e5a6c133d5d45684e44822d8b5c7

SHA1
f53b52668f2381ae7f8fae5f2847d950470cd5c1

SHA256
109b0a5355ac2e27aaed31394387e275b2cb0848f5fb51ffb7507806c898ab61

SHA512
a2d14c5e87eed1015dd7c8c9976966123baa98718e1b0f9f00addd499191525fc8f67eed084dec8069b5e63086117362beaaa5825b6e6eeffcca5a89a711507a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1674ca2f477537fc2aee7bc2d4ed506c

SHA1
56a9d540b0797d766aaab7f80bef8984a19754de

SHA256
d54c7a6b37efc9b4a53cd2c319ebd6e080d49d32774e4f7b3ec3762de943a23e

SHA512
b786132acd1394c668e8575b7afc5a54b7722fd73720da4866a42d29bf1370b9d247989ef2b74831f02ba5fecaa3f364a3897f04e60e85a68761dc6c8b40f9fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ce276d6295816fa14d8d3ff4ce2fd5a2aee64026\f5cfc4c6-81cf-495a-87ee-9b1d0f6ecf53\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ce276d6295816fa14d8d3ff4ce2fd5a2aee64026\f5cfc4c6-81cf-495a-87ee-9b1d0f6ecf53\index-dir\the-real-index

Filesize
1KB

MD5
8cd6a39c6c7b1d701a413301d97d70ba

SHA1
32ae4fc2aa522ff2bed1cd529773d30ba9c33687

SHA256
f9dd470298f17f3ebdb4abf88e987d8a65dd94f7760275977646ce109f07bc7e

SHA512
e8188f8b42092d0e9e74d45139dd27e9b35c519aa5d8bf1a4c8b026313ca9ea5a60a687501fa7b0809421f7d9dcf4b6beaa50bd39278af69b1f0dc0a01c7ee68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ce276d6295816fa14d8d3ff4ce2fd5a2aee64026\f5cfc4c6-81cf-495a-87ee-9b1d0f6ecf53\index-dir\the-real-index~RFe5cf767.TMP

Filesize
48B

MD5
3dd09fa0cac1ebdd103d6d068f97fad3

SHA1
ee13188f6e8925b71679aecf9df86a90da4fa141

SHA256
61ac801a90702a01b5711d75915652ef2673f3497d780631e4f9ca7127565bb9

SHA512
621dbb53699b6a2c245024c8306838444856ba8c88d9811b1ca63ebcecb91587d3c662f6bf86a7540b293ba147091939d1fc14b1c6d5f0209057d2c5e00fde13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ce276d6295816fa14d8d3ff4ce2fd5a2aee64026\index.txt

Filesize
126B

MD5
f740ec3c6bbb78f83e8c39e8d6b0da62

SHA1
06d74f4e5860609f552a6fdd9056becae2e3cade

SHA256
3c978008bb7c677d5aa4c52f83daef8464bc8a54dcfa357aa7930793e86676fa

SHA512
1d978bd214c325e632bb1fedaf603e2948b21a7b3453ed43a7aad4fd4a335fb6e6df6ea91d65a78f8016d333878ad0ef251ebb70e173fa74c44aeb0dcf484a41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ce276d6295816fa14d8d3ff4ce2fd5a2aee64026\index.txt~RFe5cf796.TMP

Filesize
131B

MD5
70813974a3f589b742e825fce3e7ac96

SHA1
b8cc72dd3d90975aee07403a732c8ce871a651bc

SHA256
887f79611733f31c941b94b98e254ef89329d3a58e80f37da7fc791152af6672

SHA512
294880906f701920e81249a2e9ef2032c07ef891cfb82009a7673f9eef50b052fd9376fddf8f0dea4ad15f334ba48386d35bc7c679a63c32141d084622015aba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e583e68dec0ceb1f55f2cc7db4f10409bc9a2bfa\a28eecb5-8e3f-46dc-9d8b-b2c430fe7b51\index-dir\the-real-index

Filesize
240B

MD5
9f9a4b7bec260513e4b94ca4e038f197

SHA1
e940781dd75c3bc782589b9610ba3ae2c7e56f70

SHA256
a418b448eadf1b3a84e0e842719bdf7d7acec920f6ead1eec2c53dd8534fd53e

SHA512
85c192540c44bdfb17411b55829aa63a280507ec6e412719b9006c18332ed06cffd1e25c953907da9c30f87e110a4194c80c62f00162012b8f6bc065b2a482a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e583e68dec0ceb1f55f2cc7db4f10409bc9a2bfa\a28eecb5-8e3f-46dc-9d8b-b2c430fe7b51\index-dir\the-real-index~RFe5acbbd.TMP

Filesize
48B

MD5
13a606d1c847b0b15b35490657ae7fa7

SHA1
8dcd83e403648ba7bd786f276df2439259561658

SHA256
4b6cc51597d14e8f52d708c5dd51e31d3deb2a159d5946adc71687b7ebe8c77b

SHA512
236ca52966380032312d1e42939b17ac78d3246dce7669ce09ec42ae3a032ff012376a994ae7cdb4f4fb5487cb3c9968aeb0b0b453850a71d4ca22a47ff8564f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e583e68dec0ceb1f55f2cc7db4f10409bc9a2bfa\index.txt

Filesize
50B

MD5
dddb995483eb8052c087ac50517816e0

SHA1
060b92344c95e3053a0bbc65ffa27c690f9759ed

SHA256
f43b95e643c2b108329839fec383e200d99b4e2bcde6e87df6f6acf51cbe5cf9

SHA512
a556b60ee47f8983672aa601b5a7605f49e4a0766f40e0d370bb14b088eaff91110ac5d0edc1c3a4a516fb687342f9a3b23712430dd4e0e4231e65ea9cfcf4dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e583e68dec0ceb1f55f2cc7db4f10409bc9a2bfa\index.txt~RFe5a7dcc.TMP

Filesize
122B

MD5
e1ec66d0976419c6395254ceea4f0a31

SHA1
500cd705786811552825d8f4e583b87fe955b594

SHA256
c944c9cd88e460c24c21df4c5343ac0b7862ac00bdb2f48076e3a85416f0fc3d

SHA512
81db08209a488bc3e45b6fd6ddc541a8029a4503e2961907cfbb20b0e6e5d74d628485a47efa040ff84ec07a48570779789d9cb12eb30d44fc3f9962c6442db9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
ae4070ed7eaa0a94c81073d457ee0536

SHA1
b3a0d24646754579c87964c16a746d96d27af46a

SHA256
3b72fba57af816b82a534eec2dab4e278a2d83b5d3a1f513727c9478f78a4104

SHA512
f86a9a416ba10fc92c9d34f878f308c92912e55c1287bf502036863297070dec99fc5d52ed179efe98573a3fe7d5bdbf769d2baff817c864a6ef95652d1e5635

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
60922987ee1e1320f5fcb1fa6f736014

SHA1
60d2d3a8f4b5b6914a22c40437d3c1e15679c957

SHA256
a6303544f39c505e54127041d3696ebc577dfe17a7e15fcb3d0bdaa65aea54b2

SHA512
bcb4e9cf564df10f791e7e45ae2d68f012fe0c078b9dbc8ac561ffb19ddcda91a0723fbd1969808b8d0029f8d449c294d412d28fd2110a49ee09329abdc7978d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c5fdba1d72f51d1ef4f283db521fa603

SHA1
077ae009e7d07c0a6b3ff2bd227818e2f8a7c85a

SHA256
3f58b19cef05ee038f5d7596ba5bcd58f2947a468964fef26f1625bb22369ff8

SHA512
7a9d813b32828b44d8d8cbbdcbba311ce08b41e30d84d04c9678632be7d13837657abed397ed4f57b245ac137ca17b9511250840b0d23b09076bd8120ac4e803

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\ikpmlgdcejalmjnfbahhijemkcgljabf\Icons Maskable\512.png

Filesize
33KB

MD5
9b327201ce0edd34b80ad2189da3fe9a

SHA1
a9ad6e3a004bacda3549c452271fd4911481308a

SHA256
c0b9cf5c5e773f802f5296585853d21da8b1ffea52b833fb6a858d9a4d28f801

SHA512
449974ac01acacd272e7de8aa22ca607f206eb127cfff32a3f24bb023de12af9930cf18eaeec0f7edc2fbacc8eb7c18da883deb9bde0ed70614a0f83325e1693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\ikpmlgdcejalmjnfbahhijemkcgljabf\Icons\128.png

Filesize
17KB

MD5
7ebec28f80bf891035005eefb5b70166

SHA1
61fcbd8eeea35f7b59dc3fee4e12d09bb0d62ab5

SHA256
87251e75f0b1ada1868d0c95b1f807227ade1bc226cdaa39e90180e9e27686f5

SHA512
7f11094f8b21ad2ba775a76e1072346a95a1ef6a66bbda34a7c40cf35fa343e6bfcb25b441a97e5552018296c7ef53b3c9a7eb6541d910204049351814183f45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\ikpmlgdcejalmjnfbahhijemkcgljabf\Icons\256.png

Filesize
42KB

MD5
4cc382db504c065f9a00acf87dad793f

SHA1
b85a10fdab813880e1c191860a34021d4d25ba91

SHA256
1f7aa10b2b09eb2907f5e98e9a8058e157fc8ff7d2bca93214bf58be85a852b2

SHA512
f339daaa31cb395ecb0293d5600fa474c6c7e30017edaeb22ce5231278e0593c1b782d01ce4fe2d1a3af8b174c38002ac1a8714b2a0fab584ed28417fae8b18f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\ikpmlgdcejalmjnfbahhijemkcgljabf\Icons\32.png

Filesize
2KB

MD5
915f3c8e0b88f71a886df0dfb54a5759

SHA1
db36f2fe4911e4a4fce62004068f3f8e4514383f

SHA256
07298ac42ed023d3ff6aea21c59dbed741d3ad79392fbd990177d2f45b75fd5c

SHA512
61554010c6174d59e685e229569cb08b0db4852bff147f82ee3a70de03cbc87e7d29ee8547b0b59b40bc8596ca6a5da04effef4d2ebd4b45711f7f6cf274a325

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\ikpmlgdcejalmjnfbahhijemkcgljabf\Icons\48.png

Filesize
4KB

MD5
4e378585823354c9e5e2b50a970c71bf

SHA1
638a04f2cf2266ffceaa5a84297775ef02a1b6e1

SHA256
d32953fc13a6f6d41bb49819cec54d4341343dd1ee9abd81319826df2a2e1411

SHA512
c8b1164cbd8bdfccea8ab92f9e9a949147f623a48759608fdbbcbeaa90d4f35672bb8778c6d1bdcb0981f875b6b506aabd62e149d6af0f9bacf27c062f47a584

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\ikpmlgdcejalmjnfbahhijemkcgljabf\Icons\64.png

Filesize
6KB

MD5
f479df3de0bf7737b14f61eb1a082c44

SHA1
ba09bf1dd6d22c68225a114b7b702669ea9ae299

SHA256
e9157b1a7e9b34cd9171e6a492f86d1bef3c42b3eda2c8462fae63b8ea447235

SHA512
c5f45953bfc3f260086b2194be3e69701ec75bb519659f20ba98974c4f82282099bc115ab231e2cc6969932e7d1c6b9b586ee8e3987a4ebe304f2512a115a298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\ikpmlgdcejalmjnfbahhijemkcgljabf\Icons\96.png

Filesize
7KB

MD5
2994a28eefde6b7617227ed0125cf435

SHA1
cfdd729986189589f190efb96693f84a6207628b

SHA256
afecdbb3a247a151bde4aaa23d0d5344f15aec92a953583354059d8ce02a8ca5

SHA512
e6f6fdb0a3463ae213c9cc134f8b87bb42c6d65d83862584976643539946ef1f30f8752e5fc9d5549e28f1df065347434fb47ba88bd4a29b2064a298e00bb50e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_ikpmlgdcejalmjnfbahhijemkcgljabf\Snapdrop.lnk

Filesize
2KB

MD5
d078558a0bff4677e563777f483016e4

SHA1
20ed23f89631bc74bef700a664546a97957c7f9c

SHA256
45f6994c0567ebee489862ed1b8d60eab1d1a3c8bc28ca9569ff190da34945de

SHA512
d45d3119146958d9c9782a85c729b5a41e8c14ae30c7633d0ca34cf7af3f58debbb3fd2ad3e34b783e55663045d5307bcc30cc18ea6076f7e69ac40c872af4b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
a564f06c2a1099674e4a2cb71c8cf02f

SHA1
c05f2397f2bcba3046cdea0fa2aa478bd1c33217

SHA256
506b17a3c092f7ca1826bfdaae183f1fb8eed2f9ca024530a322963ed06a1466

SHA512
d9df46c3f9f8c0c9808b666acc495cee96eaaddf130f1d1594497af9d762c6a2e2da5a1d3ee0e60754d359c29693826e482f26c90f3a8257b471bdae72aa97d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
23269899e98f402b286a1ab3d426fe9e

SHA1
8308b6a6d7872b142583c1ae67a266177d71caab

SHA256
0e5d9dd1a9ffff954c9d6352c6f20ea86e81b9f572d48fa7ff34b6251bc0a223

SHA512
3690adc1baf7f5d5185be37dfa64f64cf96240451cc3c348835142d106782fb15e66d09a4cf193f61dacef350d5e9dcd6c91c4086c6fd8fd4bc80c1e1513ddaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
1fde3d58ff0b3fe795f1e3bb45251a50

SHA1
d94c44dc0b58341d4808eff12a2a6da3bec80255

SHA256
60aca97eb1c9604444907198686bc8f3f4bc539a43357c591bde5b8ec58b125b

SHA512
b87480fc1aa9e65764dd696483aa9d1c02b786c04a7b0343921c23135f6cec638b408dc983d2cdde618f0eb550345c6e508117a6ae53faf3a58824268997a3d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
3f44b0d5616095b5b1e81771e7816615

SHA1
f3dcf3556651d88b35b82d699a2175431ca85c89

SHA256
f8db2892584e12566a8ced2b175181a44754ab4fad9f51cb5d722a74aa81c7e2

SHA512
f13ef898e86b03fada3a54f8d8ac5cb2ff4ac5fa7a739e3263b7834ff810c604c0856ab805e63cd0b233dd7edbfb0a8437fdb72d1a0c82dafeecc0327fbd9ff8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
c444e45d5272adfd93d6ce9ede2ed193

SHA1
ffe45b1f5efa172095b0bd07c1e96b70403977cb

SHA256
9a9ccb3b91f235bd467aec8708bc6f265eb42e0267b14548746006683921b0b6

SHA512
3d42a977edcf226127315472989dd4c272c709a326f146ccffca6fc67298e37ae84ebe7cc3add5332d561908bb26a1dbe4e722e375fe58ba153b45c9b78e180d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
d3e9c2d13b7ec65d966b5cce902a9b1e

SHA1
94a4d66fdea52ea725d04e6f2413724e31958fd0

SHA256
03f64903673adf723b7732ebfa7db89aa3cd7f1e9a91bbc5ef75572e5373fa6b

SHA512
8d29d3838d5c7631818ee5b809cfd66d4fcb96e1a62c1642239f5c78981ef3985b1dbfd0eddccf38957b5feb9bfc31dd02e2228ffda5b65fe8802ff197578c9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db

Filesize
28KB

MD5
d94013ca742afdf3999abde478cd50d6

SHA1
767e1fae9770cbb2df8db551d5df02f416305f7d

SHA256
8d349bd6146b334357113a08479b99bb020282f8f745cc3586d92d7917178744

SHA512
abd8af5d600dbf976fcae83be7ba2676933b149f4eb95f51bcd7d2308ae43524a893e113cc2b577ca22c59ca97e04fb2ad6c218a9a536ea65b6b98a999bd3d7d

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
84920fd837c35eb4a41fbab076d9d47e

SHA1
89b46fa714e910856d4ff2e9dba323d87c4be1d9

SHA256
cde1fb963d76226b178499f3ed009ad535fc373440e192d7732559c98f1a0351

SHA512
2fc3fd3f690b5163d7d6a6ae9f45ef50e4b6625cd1d5516530e69700c08ba8f72905c9b28379f214f4f4f55eb4f2ec85559ba0df7f918085eb55b6f735818af7

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
f24410a6ba54c5f3c4c3874d3cd98e74

SHA1
56128e189b17bbd98a02eac5f7c730440d09104d

SHA256
70b48c7cc97b65f5fb8e9ad8a2c1f218b34d0b76a75b8e23191482435a9eff20

SHA512
8c6d3309395f2437b005fe72b4319a7af195775b0135bc251c20df61522e9006b055f7f487d997b94e6969997120008b61567da0d070265c9123d091acc0e420

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
822B

MD5
f488e102d4d49e856bdd0b95ddb6ff5c

SHA1
9111d5a5497eeab8c79425b1beb5d875119229a6

SHA256
5f7e84bb7eb438a2ac1d4fe4c021d4d7b93c55857163469cf5aacc75f6e89833

SHA512
03c6a30c75c1d752d2550b13cb726fd812c00c138a4c9f3f6fc29ccd2377138dc6198d67a8a57c38e53eccbdff2314f79aa6fc6ffe398460595162079555a697

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
710B

MD5
80b4b3b03137c9099353e3cb975321d1

SHA1
2e713c3ce052008d4c577c837d31e4b7096442da

SHA256
a46397e2792686f76839f3dc4327569f517e3163b2674e7a16eb76b83cf8828b

SHA512
9774087a532fd5f6e7bde82a913e3e8b559ce6e18c1584d1b650ff860f171fd04d95f72a304399ff867a268081cc7eff715e94a71be2f109324e77d8dde3be5b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5b174d.TMP

Filesize
529B

MD5
744439274eee8988726dcc3aca39508d

SHA1
70f134d8c82eb5ffe0dec1cc1e47bebeed5bb9d0

SHA256
6ce2f108b30fe74961f759c24b5942bd727c09e3cc14f91423a8bec83b1f0fd1

SHA512
9c7bd6f49d96526ea881685f6e906bba0d91f06d00907e5859e710f11b9ea6e54069a8e237aab4e282c90d87662488a5229a90680f82593f8b38352248210152

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
300B

MD5
ecde5971ce1914d6cfdb891157beccb4

SHA1
d6c974d341651c3bc61608d03dc85727c05db55b

SHA256
1821f5f70caed61194378823db3679fcd7921cd418209d4233b62f0a02574b52

SHA512
9d4002972c655e1ce3822849c877d4414f676ac5f319095c8f6327710529f09c056b2bbc0ab282792e20093946c806def30bc69ffafba37fb6b4acecbcd65f9e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5b2a87.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Temp\744e4849-eb11-4635-afbc-812adf564700.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvB841.tmp\StdUtils.dll

Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvB841.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvB841.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvB841.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvB841.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvB841.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir208_1418524553\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 960746.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit
memory/2028-13162-0x00000000006E0000-0x0000000000B92000-memory.dmp

Filesize
4.7MB

Download
memory/5124-13334-0x000002101C0B0000-0x000002101C159000-memory.dmp

Filesize
676KB

Download
memory/5140-13361-0x000000006E860000-0x000000006FBA1000-memory.dmp

Filesize
19.3MB

Download
memory/5140-13646-0x000000006E860000-0x000000006FBA1000-memory.dmp

Filesize
19.3MB

Download
memory/5140-13340-0x000000006E860000-0x000000006FBA1000-memory.dmp

Filesize
19.3MB

Download
memory/5140-13900-0x000000006E860000-0x000000006FBA1000-memory.dmp

Filesize
19.3MB

Download
memory/5140-13329-0x000000006E860000-0x000000006FBA1000-memory.dmp

Filesize
19.3MB

Download
memory/5140-13768-0x000000006E860000-0x000000006FBA1000-memory.dmp

Filesize
19.3MB

Download
memory/5140-13921-0x000000006E860000-0x000000006FBA1000-memory.dmp

Filesize
19.3MB

Download
memory/5140-13501-0x000000006E860000-0x000000006FBA1000-memory.dmp

Filesize
19.3MB

Download
memory/5140-13676-0x000000006E860000-0x000000006FBA1000-memory.dmp

Filesize
19.3MB

Download
memory/5140-13799-0x000000006E860000-0x000000006FBA1000-memory.dmp

Filesize
19.3MB

Download
memory/5140-13867-0x000000006E860000-0x000000006FBA1000-memory.dmp

Filesize
19.3MB

Download
memory/5140-13847-0x000000006E860000-0x000000006FBA1000-memory.dmp

Filesize
19.3MB

Download
memory/5140-13531-0x000000006E860000-0x000000006FBA1000-memory.dmp

Filesize
19.3MB

Download
memory/5140-13621-0x000000006E860000-0x000000006FBA1000-memory.dmp

Filesize
19.3MB

Download
memory/5140-13587-0x000000006E860000-0x000000006FBA1000-memory.dmp

Filesize
19.3MB

Download
memory/5140-13561-0x000000006E860000-0x000000006FBA1000-memory.dmp

Filesize
19.3MB

Download
memory/5500-13337-0x00000139C72F0000-0x00000139C7399000-memory.dmp

Filesize
676KB

Download
memory/5524-13814-0x000001D862800000-0x000001D862801000-memory.dmp

Filesize
4KB

Download
memory/5524-13807-0x000001D862800000-0x000001D862801000-memory.dmp

Filesize
4KB

Download
memory/5524-13813-0x000001D862800000-0x000001D862801000-memory.dmp

Filesize
4KB

Download
memory/5524-13815-0x000001D862800000-0x000001D862801000-memory.dmp

Filesize
4KB

Download
memory/5524-13816-0x000001D862800000-0x000001D862801000-memory.dmp

Filesize
4KB

Download
memory/5524-13817-0x000001D862800000-0x000001D862801000-memory.dmp

Filesize
4KB

Download
memory/5524-13818-0x000001D862800000-0x000001D862801000-memory.dmp

Filesize
4KB

Download
memory/5524-13819-0x000001D862800000-0x000001D862801000-memory.dmp

Filesize
4KB

Download
memory/5524-13808-0x000001D862800000-0x000001D862801000-memory.dmp

Filesize
4KB

Download
memory/5524-13809-0x000001D862800000-0x000001D862801000-memory.dmp

Filesize
4KB

Download
memory/5528-13204-0x00007FFA28B20000-0x00007FFA28B21000-memory.dmp

Filesize
4KB

Download
memory/5528-13203-0x00007FFA28B10000-0x00007FFA28B11000-memory.dmp

Filesize
4KB

Download