hxxps://cdn[.]discordapp[.]com/attachments/1308501381044502638/1309172618955591784/SteamtoolsSetup[.]exe?ex=6770bc43&is=676f6ac3&hm=f9d79858c7d54be6d1dfb2852980373c6e51ea6ab364eec6a1a6f678ad6c30c5&

Analysis

max time kernel
899s
max time network
844s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
28-12-2024 14:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1308501381044502638/1309172618955591784/SteamtoolsSetup.exe?ex=6770bc43&is=676f6ac3&hm=f9d79858c7d54be6d1dfb2852980373c6e51ea6ab364eec6a1a6f678ad6c30c5&

Score

8^/10

steam defense_evasion discovery persistence phishing

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 19 IoCs

pid	Process
4756	SteamtoolsSetup.exe
4252	SteamSetup.exe
2828	steamservice.exe
4068	steam.exe
16060	steam.exe
5148	steamwebhelper.exe
7544	steamwebhelper.exe
7848	steamwebhelper.exe
9880	steamwebhelper.exe
9752	gldriverquery64.exe
9604	steamwebhelper.exe
9516	steamwebhelper.exe
2976	gldriverquery.exe
580	vulkandriverquery64.exe
9136	vulkandriverquery.exe
7124	steamwebhelper.exe
6696	steamwebhelper.exe
5424	steamerrorreporter.exe
13424	steamwebhelper.exe

Loads dropped DLL 64 IoCs

pid	Process
4252	SteamSetup.exe
4252	SteamSetup.exe
4252	SteamSetup.exe
4252	SteamSetup.exe
4252	SteamSetup.exe
4252	SteamSetup.exe
4252	SteamSetup.exe
4252	SteamSetup.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
5148	steamwebhelper.exe
5148	steamwebhelper.exe
5148	steamwebhelper.exe
5148	steamwebhelper.exe
7544	steamwebhelper.exe
7544	steamwebhelper.exe
7544	steamwebhelper.exe
7848	steamwebhelper.exe
7848	steamwebhelper.exe
7848	steamwebhelper.exe
16060	steam.exe
7848	steamwebhelper.exe
7848	steamwebhelper.exe
7848	steamwebhelper.exe
7848	steamwebhelper.exe
7848	steamwebhelper.exe
7848	steamwebhelper.exe
16060	steam.exe
9880	steamwebhelper.exe
9880	steamwebhelper.exe
9880	steamwebhelper.exe
16060	steam.exe
9604	steamwebhelper.exe
9604	steamwebhelper.exe
9604	steamwebhelper.exe
9516	steamwebhelper.exe
9516	steamwebhelper.exe
9516	steamwebhelper.exe
9516	steamwebhelper.exe
7124	steamwebhelper.exe
7124	steamwebhelper.exe
7124	steamwebhelper.exe
6696	steamwebhelper.exe
6696	steamwebhelper.exe
6696	steamwebhelper.exe
6696	steamwebhelper.exe
6696	steamwebhelper.exe
6696	steamwebhelper.exe
5424	steamerrorreporter.exe
5424	steamerrorreporter.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\inbox_notification_inactive_disabled.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_rt_click_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_r_up_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_button_minus_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_l_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\chrome_100_percent.pak_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_button_minus_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_r2_soft_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_l_touch_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_l_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_lstick_right_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_p2.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_l2_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\sp.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\trackerui_english.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_r_swipe_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_button_r_arrow_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_rtrackpad_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_r2_soft.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_r_up.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\layout\gamespage_details_welcome.layout_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\offline_vietnamese.html_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_070_setting_0302.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\notfamilyview.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\chatroom_unlocked.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\hp_m2_sm-1.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_rstick_down_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_detail.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_l_right_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_ltrackpad_click_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_dpad_right_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_dpad_right.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_r2.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox360_button_select_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\broadcastapp.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\loop_2.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steambootstrapper_bulgarian.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_dpad_down_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\flag_left_hover.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\inbox_invite.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steambootstrapper_dutch.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_r_up.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_020_ammo_0050.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\controller_config_controller_switch_joycon_left.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_040_act_0312.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\btnOvrOffTop.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_rtrackpad_swipe_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_l4_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\libGLESv2.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0120.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_dpad_up.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_lstick_right.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\templates\controller_generic_gamepad_joystick.vdf_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\filter_profanity_italian.txt.gz_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\movies\deck_startup.webm_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0333.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_rtrackpad_left_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_r2.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_button_options_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\filter_profanity_romanian.txt.gz_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0520.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0321.png_	steam.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5148_984449673\LICENSE	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5148_984449673\manifest.json	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5148_984449673\_metadata\verified_contents.json	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5148_984449673\manifest.fingerprint	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5148_984449673\_platform_specific\win_x64\widevinecdm.dll.sig	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5148_984449673\_platform_specific\win_x64\widevinecdm.dll	steamwebhelper.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\SteamtoolsSetup.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamerrorreporter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133798703655229325"	chrome.exe

Modifies registry class 41 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\Shell\Open	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\DefaultIcon	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steam\Shell	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\steamlink\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell	steamservice.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	steam.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\SteamtoolsSetup.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2308	chrome.exe
2308	chrome.exe
4252	SteamSetup.exe
4252	SteamSetup.exe
4252	SteamSetup.exe
4252	SteamSetup.exe
4252	SteamSetup.exe
4252	SteamSetup.exe
4252	SteamSetup.exe
4252	SteamSetup.exe
4252	SteamSetup.exe
4252	SteamSetup.exe
4252	SteamSetup.exe
4252	SteamSetup.exe
4252	SteamSetup.exe
4252	SteamSetup.exe
4252	SteamSetup.exe
4252	SteamSetup.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe
16060	steam.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
16060	steam.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
13476	msedge.exe
13476	msedge.exe
13476	msedge.exe
13476	msedge.exe
13476	msedge.exe
13476	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
5148	steamwebhelper.exe
5148	steamwebhelper.exe
5148	steamwebhelper.exe
5148	steamwebhelper.exe
5148	steamwebhelper.exe
5148	steamwebhelper.exe
5148	steamwebhelper.exe
5148	steamwebhelper.exe
5148	steamwebhelper.exe
5148	steamwebhelper.exe
5148	steamwebhelper.exe
5148	steamwebhelper.exe
5148	steamwebhelper.exe
5148	steamwebhelper.exe
5148	steamwebhelper.exe
5148	steamwebhelper.exe
13476	msedge.exe
13476	msedge.exe
13476	msedge.exe
13476	msedge.exe
13476	msedge.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
5148	steamwebhelper.exe
5148	steamwebhelper.exe
5148	steamwebhelper.exe
13476	msedge.exe
13476	msedge.exe
13476	msedge.exe
13476	msedge.exe
13476	msedge.exe
13476	msedge.exe
13476	msedge.exe
13476	msedge.exe
13476	msedge.exe
13476	msedge.exe
13476	msedge.exe
13476	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4252	SteamSetup.exe
2828	steamservice.exe
16060	steam.exe
12100	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2308 wrote to memory of 1444	2308	chrome.exe	77
PID 2308 wrote to memory of 1444	2308	chrome.exe	77
PID 2308 wrote to memory of 1928	2308	chrome.exe	78
PID 2308 wrote to memory of 1928	2308	chrome.exe	78
PID 2308 wrote to memory of 1928	2308	chrome.exe	78
PID 2308 wrote to memory of 1928	2308	chrome.exe	78
PID 2308 wrote to memory of 1928	2308	chrome.exe	78
PID 2308 wrote to memory of 1928	2308	chrome.exe	78
PID 2308 wrote to memory of 1928	2308	chrome.exe	78
PID 2308 wrote to memory of 1928	2308	chrome.exe	78
PID 2308 wrote to memory of 1928	2308	chrome.exe	78
PID 2308 wrote to memory of 1928	2308	chrome.exe	78
PID 2308 wrote to memory of 1928	2308	chrome.exe	78
PID 2308 wrote to memory of 1928	2308	chrome.exe	78
PID 2308 wrote to memory of 1928	2308	chrome.exe	78
PID 2308 wrote to memory of 1928	2308	chrome.exe	78
PID 2308 wrote to memory of 1928	2308	chrome.exe	78
PID 2308 wrote to memory of 1928	2308	chrome.exe	78
PID 2308 wrote to memory of 1928	2308	chrome.exe	78
PID 2308 wrote to memory of 1928	2308	chrome.exe	78
PID 2308 wrote to memory of 1928	2308	chrome.exe	78
PID 2308 wrote to memory of 1928	2308	chrome.exe	78
PID 2308 wrote to memory of 1928	2308	chrome.exe	78
PID 2308 wrote to memory of 1928	2308	chrome.exe	78
PID 2308 wrote to memory of 1928	2308	chrome.exe	78
PID 2308 wrote to memory of 1928	2308	chrome.exe	78
PID 2308 wrote to memory of 1928	2308	chrome.exe	78
PID 2308 wrote to memory of 1928	2308	chrome.exe	78
PID 2308 wrote to memory of 1928	2308	chrome.exe	78
PID 2308 wrote to memory of 1928	2308	chrome.exe	78
PID 2308 wrote to memory of 1928	2308	chrome.exe	78
PID 2308 wrote to memory of 1928	2308	chrome.exe	78
PID 2308 wrote to memory of 2896	2308	chrome.exe	79
PID 2308 wrote to memory of 2896	2308	chrome.exe	79
PID 2308 wrote to memory of 4572	2308	chrome.exe	80
PID 2308 wrote to memory of 4572	2308	chrome.exe	80
PID 2308 wrote to memory of 4572	2308	chrome.exe	80
PID 2308 wrote to memory of 4572	2308	chrome.exe	80
PID 2308 wrote to memory of 4572	2308	chrome.exe	80
PID 2308 wrote to memory of 4572	2308	chrome.exe	80
PID 2308 wrote to memory of 4572	2308	chrome.exe	80
PID 2308 wrote to memory of 4572	2308	chrome.exe	80
PID 2308 wrote to memory of 4572	2308	chrome.exe	80
PID 2308 wrote to memory of 4572	2308	chrome.exe	80
PID 2308 wrote to memory of 4572	2308	chrome.exe	80
PID 2308 wrote to memory of 4572	2308	chrome.exe	80
PID 2308 wrote to memory of 4572	2308	chrome.exe	80
PID 2308 wrote to memory of 4572	2308	chrome.exe	80
PID 2308 wrote to memory of 4572	2308	chrome.exe	80
PID 2308 wrote to memory of 4572	2308	chrome.exe	80
PID 2308 wrote to memory of 4572	2308	chrome.exe	80
PID 2308 wrote to memory of 4572	2308	chrome.exe	80
PID 2308 wrote to memory of 4572	2308	chrome.exe	80
PID 2308 wrote to memory of 4572	2308	chrome.exe	80
PID 2308 wrote to memory of 4572	2308	chrome.exe	80
PID 2308 wrote to memory of 4572	2308	chrome.exe	80
PID 2308 wrote to memory of 4572	2308	chrome.exe	80
PID 2308 wrote to memory of 4572	2308	chrome.exe	80
PID 2308 wrote to memory of 4572	2308	chrome.exe	80
PID 2308 wrote to memory of 4572	2308	chrome.exe	80
PID 2308 wrote to memory of 4572	2308	chrome.exe	80
PID 2308 wrote to memory of 4572	2308	chrome.exe	80
PID 2308 wrote to memory of 4572	2308	chrome.exe	80
PID 2308 wrote to memory of 4572	2308	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1308501381044502638/1309172618955591784/SteamtoolsSetup.exe?ex=6770bc43&is=676f6ac3&hm=f9d79858c7d54be6d1dfb2852980373c6e51ea6ab364eec6a1a6f678ad6c30c5&
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3bcfcc40,0x7ffc3bcfcc4c,0x7ffc3bcfcc58
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,625413113050185640,3310946964582971330,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1816 /prefetch:2
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2076,i,625413113050185640,3310946964582971330,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,625413113050185640,3310946964582971330,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2356 /prefetch:8
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,625413113050185640,3310946964582971330,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,625413113050185640,3310946964582971330,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4792,i,625413113050185640,3310946964582971330,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4812,i,625413113050185640,3310946964582971330,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5180,i,625413113050185640,3310946964582971330,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4304,i,625413113050185640,3310946964582971330,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:1552
- C:\Users\Admin\Downloads\SteamtoolsSetup.exe
  "C:\Users\Admin\Downloads\SteamtoolsSetup.exe"
  2⤵
  - Executes dropped EXE
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5456,i,625413113050185640,3310946964582971330,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5664,i,625413113050185640,3310946964582971330,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4916,i,625413113050185640,3310946964582971330,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4564,i,625413113050185640,3310946964582971330,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5496,i,625413113050185640,3310946964582971330,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5516,i,625413113050185640,3310946964582971330,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5100,i,625413113050185640,3310946964582971330,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:8
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5900,i,625413113050185640,3310946964582971330,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:3540
- C:\Users\Admin\Downloads\SteamSetup.exe
  "C:\Users\Admin\Downloads\SteamSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4252
- - C:\Program Files (x86)\Steam\bin\steamservice.exe
    "C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6088,i,625413113050185640,3310946964582971330,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3124 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:664

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4928

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2476

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies system certificate store
PID:4068
- C:\Program Files (x86)\Steam\steam.exe
  "C:\Program Files (x86)\Steam\steam.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:16060
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=16060" "-buildid=1733265492" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - Checks processor information in registry
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:5148
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1733265492 --initial-client-data=0x294,0x298,0x29c,0x290,0x2a0,0x7ffc3b6eaf00,0x7ffc3b6eaf0c,0x7ffc3b6eaf18
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:7544
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1544,i,8824637370261726153,1983671333517566673,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1548 --mojo-platform-channel-handle=1536 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:7848
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2200,i,8824637370261726153,1983671333517566673,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2208 --mojo-platform-channel-handle=2204 /prefetch:11
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:9880
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2784,i,8824637370261726153,1983671333517566673,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2788 --mojo-platform-channel-handle=2780 /prefetch:13
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:9604
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,8824637370261726153,1983671333517566673,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3156 --mojo-platform-channel-handle=3136 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:9516
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=3780,i,8824637370261726153,1983671333517566673,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3732 --mojo-platform-channel-handle=3796 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:7124
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3852,i,8824637370261726153,1983671333517566673,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3708 --mojo-platform-channel-handle=3856 /prefetch:10
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6696
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3576,i,8824637370261726153,1983671333517566673,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=652 --mojo-platform-channel-handle=3572 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:13424
- - C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:9752
- - C:\Program Files (x86)\Steam\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2976
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:580
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:9136
- - C:\Program Files (x86)\Steam\steamerrorreporter.exe
    C:\Program Files (x86)\Steam\steam
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:5424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/mobile
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:13476
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc27773cb8,0x7ffc27773cc8,0x7ffc27773cd8
      4⤵
      PID:13484
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,9420667672749525542,4137985232590764897,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
      4⤵
      PID:13748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,9420667672749525542,4137985232590764897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
      4⤵
      PID:13768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,9420667672749525542,4137985232590764897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
      4⤵
      PID:13796
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9420667672749525542,4137985232590764897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
      4⤵
      PID:13900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9420667672749525542,4137985232590764897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
      4⤵
      PID:13908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,9420667672749525542,4137985232590764897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
      4⤵
      PID:15764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9420667672749525542,4137985232590764897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1972 /prefetch:1
      4⤵
      PID:16648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9420667672749525542,4137985232590764897,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
      4⤵
      PID:16656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9420667672749525542,4137985232590764897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
      4⤵
      PID:16828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9420667672749525542,4137985232590764897,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
      4⤵
      PID:16836
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,9420667672749525542,4137985232590764897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
      4⤵
      PID:23840

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004D0
1⤵
PID:10976

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:12100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:15024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:15124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\bin\SteamService.exe

Filesize
2.5MB

MD5
ba0ea9249da4ab8f62432617489ae5a6

SHA1
d8873c5dcb6e128c39cf0c423b502821343659a7

SHA256
ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d

SHA512
52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
15KB

MD5
3ef18b851807f9c402f1e914274757e7

SHA1
216cca6bf0a1a563136e0be0200927b110eb1652

SHA256
39e5097779171eba8036b5f6cdbc3312d5681ada31dccbd49827a1e74527f8d9

SHA512
ed1d716b2872548d5592c58377b27c35cd5eb33f8f70f2ec9e80e7f77c452f103f38ab158151f5d279c732d23ec8d62a1088234ec1b55885595af8ff41759295

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
23KB

MD5
778d2a606338562cbb6c9dc9659ed66a

SHA1
2a2325db2658557060d5fd25abd7e693e2469e36

SHA256
5d05388833a3bbdd4979941293cfead72347f5dc3e1bd6a418145b0e8c76ef02

SHA512
1405c6776758133c937ba63c75bc8a4c8697a34f9633e015fbc074f585cd9e2bd21b64cae86e93b8517d574d12b4a0dedf93003b91f4342f654fe20eddd45a28

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
19KB

MD5
f2aa75873d752c97eef5b62e8d578ca9

SHA1
1310eef227e3698d59e75dcd8c48f8bd08afc020

SHA256
ac24b4e5be51642f50ae2a07716011b3518ae2149641ce7e420ef85d6545d7ea

SHA512
c1441496854b98445466792c72aa4ec080a85a214efc55125dd9b0b0536a570be5212deb3e8ba17a856deb9c07d193820cbb13b068bb32a3892bccebd218fc65

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
22KB

MD5
d8770d38c3d30825638743aca800449c

SHA1
68de0472d0cffec20d2e569414a7500c61f13ea7

SHA256
043fa489b9736327a86d8e71a1d34e7e0cd879fd9e08240811965c6fbb04dde7

SHA512
18d7c51f4af7e2cd49b51fecebc00b8003456f1fef0e01c78e13f8b0084b31a35e5504ea20fb530cf0e5fd2c17c4d614761125506afb6965fa1108a1e0bce05e

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
19KB

MD5
4e63546abb3401f8b82b935f126e52a5

SHA1
2c7234a7bd0aeafb33aad2cac419c8ae35b6d7f5

SHA256
db591d6220c3f026aef639fb5e6d9d740af16d486e8fb9418c155933d1dcd1f5

SHA512
871e92b035eac3b0b34dc56d0d5ae3cc379310bb2d1806c2eccd6cce2e35a9911896d8241e79efe9120374df18bfa2cfc6b0994a5c8eb617bdde749fd111db15

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
22KB

MD5
a6fa1e2f87dbcf0982151b50c2c217c1

SHA1
62e833fcfb82157d612b25496549082abe296a6e

SHA256
bb6cbc95b6df323c5b308895427b339b5ed88e222db43357961695652fb9206d

SHA512
2ac88ca522e4f86f7575ef47a69ad60bfee44380e601455673a60b834b9bfde77a0aad3d9a93f9f6aeed94ad7a4d7d7bc4a9e2e22196f334980a04825ad3973e

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
19KB

MD5
3bdbf2779dc1706d2f25faf23bf50ea3

SHA1
48c48870e12c020525eb85d133c0899ff1edbf7f

SHA256
b00bd3a43ddb2d6eaa490b008a820f4a5d3b8b83ecccfc7a34ef71a23e5faef7

SHA512
04c71cfb9733e9731a1c132473481b9f6466536234d0774127d83e94a60bbcdaa97b3024b63ef0402bb85b61a0618037bf503b61e203f7fa0b395946ad430976

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf~RFe60c22b.TMP

Filesize
184B

MD5
3cdebc58a05cdd75f14e64fb0d971370

SHA1
edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe

SHA256
661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7

SHA512
289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

Filesize
4KB

MD5
0340d1a0bbdb8f3017d2326f4e351e0a

SHA1
90d078e9f732794db5b0ffeb781a1f2ed2966139

SHA256
0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544

SHA512
9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

Filesize
6KB

MD5
4c81277a127e3d65fb5065f518ffe9c2

SHA1
253264b9b56e5bac0714d5be6cade09ae74c2a3a

SHA256
76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9

SHA512
be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

Filesize
4KB

MD5
2158881817b9163bf0fd4724d549aed4

SHA1
c500f2e8f47a11129114ee4f19524aee8fecc502

SHA256
650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7

SHA512
f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

Filesize
4KB

MD5
03b664bd98485425c21cdf83bc358703

SHA1
0a31dcfeb1957e0b00b87c2305400d004a9a5bdb

SHA256
fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115

SHA512
4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

Filesize
4KB

MD5
31a29061e51e245f74bb26d103c666ad

SHA1
271e26240db3ba0dcffc10866ccfcfa1c33cf1cc

SHA256
56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192

SHA512
f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

Filesize
4KB

MD5
da6cd2483ad8a21e8356e63d036df55b

SHA1
0e808a400facec559e6fbab960a7bdfaab4c6b04

SHA256
ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6

SHA512
06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

Filesize
4KB

MD5
9e62fc923c65bfc3f40aaf6ec4fd1010

SHA1
8f76faff18bd64696683c2a7a04d16aac1ef7e61

SHA256
8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7

SHA512
c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

Filesize
4KB

MD5
10c429eb58b4274af6b6ef08f376d46c

SHA1
af1e049ddb9f875c609b0f9a38651fc1867b50d3

SHA256
a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13

SHA512
d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

Filesize
4KB

MD5
5c026fd6072a7c5cf31c75818cddedec

SHA1
341aa1df1d034e6f0a7dff88d37c9f11a716cae6

SHA256
0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382

SHA512
f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

Filesize
6KB

MD5
189ba063d1481528cbd6e0c4afc3abaa

SHA1
40bdd169fcc59928c69eea74fd7e057096b33092

SHA256
c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695

SHA512
ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

Filesize
4KB

MD5
18aaaf5ffcdd21b1b34291e812d83063

SHA1
aa9c7ae8d51e947582db493f0fd1d9941880429f

SHA256
1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5

SHA512
4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

Filesize
4KB

MD5
1514d082b672b372cdfb8dd85c3437f1

SHA1
336a01192edb76ae6501d6974b3b6f0c05ea223a

SHA256
3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4

SHA512
4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

Filesize
4KB

MD5
8958371646901eac40807eeb2f346382

SHA1
55fb07b48a3e354f7556d7edb75144635a850903

SHA256
b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585

SHA512
14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

Filesize
5KB

MD5
7e1d15fc9ba66a868c5c6cb1c2822f83

SHA1
bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7

SHA256
fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265

SHA512
0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

Filesize
4KB

MD5
202b825d0ef72096b82db255c4e747fa

SHA1
3a3265e5bbaa1d1b774195a3858f29cea75c9e75

SHA256
3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314

SHA512
e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

Filesize
4KB

MD5
7913f3f33839e3af9e10455df69866c2

SHA1
15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25

SHA256
05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c

SHA512
534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

Filesize
4KB

MD5
58e0fcbee3cca4ef61b97928cfe89535

SHA1
1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b

SHA256
c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425

SHA512
99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

Filesize
4KB

MD5
9b0b0e82f753cc115d87c7199885ad1b

SHA1
5743a4ab58684c1f154f84895d87f000b4e98021

SHA256
0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32

SHA512
b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt

Filesize
4KB

MD5
eb8926608c5933f05a3f0090e551b15d

SHA1
a1012904d440c0e74dad336eac8793ac110f78f8

SHA256
2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04

SHA512
9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt

Filesize
4KB

MD5
6367f43ea3780c4ee166454f5936b1a8

SHA1
027a2c24c8320458c49cd78053f586cb4d94ee6f

SHA256
f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998

SHA512
31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt

Filesize
6KB

MD5
e04ad6c236b6c61fc53e2cb57ced87e8

SHA1
e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4

SHA256
08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e

SHA512
0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt

Filesize
4KB

MD5
56dcf7b68f70826262a6ffaffe6b1c49

SHA1
12e4272ba0e4eabc610670cdc6941f942da1eb6a

SHA256
948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f

SHA512
c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt

Filesize
4KB

MD5
66456d2b1085446a9f2dbd9e4632754b

SHA1
8da6248b57e5c2970d853b8d21373772a34b1c28

SHA256
c4f821a4903c4e7faea2931c7fb1cf261eba06a9840c78fdca689f5c784c06c4

SHA512
196c2282ba13715709ece706c9219fe70c05dd295840082e7d901b9e5592e74b1bb556782181cdbe35bd1ab0d6197fef67258b09491fabc6f27606dbed667d49

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt

Filesize
4KB

MD5
b2248784049e1af0c690be2af13a4ef3

SHA1
aec7461fa46b7f6d00ff308aa9d19c39b934c595

SHA256
4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690

SHA512
f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt

Filesize
4KB

MD5
194a73f900a3283da4caa6c09fefcb08

SHA1
a7a8005ca77b9f5d9791cb66fcdf6579763b2abb

SHA256
5e4f2de5ee98d5d76f5d76fb925417d6668fba08e89f7240f923f3378e3e66f6

SHA512
25842535c165d48f4cf4fa7fd06818ec5585cc3719eff933f5776a842713d7adb5667c3b9b1a122a1152450e797535fc7a8e97ebdd31c14b4d4900a33ede01f3

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt

Filesize
7KB

MD5
53f7e8ac1affb04bf132c2ca818eb01e

SHA1
bffc3e111761e4dc514c6398a07ffce8555697f6

SHA256
488294b7faff720dc3ab5a72e0607761484c678b96d6bcd6aad9ee2388356a83

SHA512
c2e79c2505a6fd075df113ffce92ad42c146424ca39087601daa4ed15a2b5528d478a093921d9d8a738c7b6b963275a0693ebe526b6e2135d14ced03639d0e70

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_turkish.txt

Filesize
4KB

MD5
29f9a5ab4adfae371bf980b82de2cb57

SHA1
6f7ef52a09b99868dd7230f513630ffe473eddf8

SHA256
711675edb20b3cb70acf6cf75f2eea8e0d87c8ace3e11c8df362b4517427a34f

SHA512
543fe63f791250e05e8fda24fd2ceadebb4c8925e8927de49ae490895c87eed3e61a9ad50237532649f99fe3165836261de215ee3f66ffbfc6d677ddeea7732a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_ukrainian.txt

Filesize
6KB

MD5
cadd7a2f359b22580bdd6281ea23744d

SHA1
e82e790a7561d0908aee8e3b1af97823e147f88b

SHA256
3dd0edfbe68236e668fb308f92fe7c6493dbb05bfca85a48de93588f479ccc99

SHA512
53672dd13e6ccbe96f6d4a61297c595b6d6cba8de92caa51ccf8ab1d8a82eea5a425eab348f295b9ec27de0026ef849d9230f751a46e040be8863923f91b8519

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_vietnamese.txt

Filesize
4KB

MD5
f350c8747d77777f456037184af9212c

SHA1
753d8c260b852a299df76c4f215b0d2215f6a723

SHA256
15b6a564e05857a3d2fd6eec85a5a30c491a7553d15ffc025156b3665b919185

SHA512
efb86809a0b357b4fcd3ba2770c97d225d0f4d9fb7430c515e847c3dd77ee109def4bef11b650b9773c17050e618008fc03377638c1db3393ac780b5b0bc31b2

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\37a51968-8eae-4035-9c35-92dbe589229c.tmp

Filesize
10KB

MD5
e84eb0ed434d761ce9fa9d6fa1ddf301

SHA1
674e14843093b609e6e9aebe1ab75ae259e79223

SHA256
a5c559b99986a0f2f12158ebc8891f3e4a69864f75a58d597bece4d6225115a2

SHA512
8da723dc006b82b06343c2092edeeafece2c667265b9c3822e4686689173224a8c8dc55f827fc14deae6e68b887f751bd93c7bf26b6872525add51af078bff62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
971f908bfd829dfcef3fada4ad63f801

SHA1
9454567691ccc912b35032b69c0f07ed12b9fd42

SHA256
6be3e5ec2baa73fb519dd6310a94444282572e0e7a0828a70f1212c1f5983a18

SHA512
ba0754060cbda46c26283925923243d774c2dcf1446a30ce45867779c2b9f4a72488c6f0f8886e8df256e76337163d25e1b84c343386ed7abcb2c6c490a74e7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
52c5cb3f016d4d18d1ccbb0c6847c99b

SHA1
0803568b166c71387f84a2565d5d4e52ff071b08

SHA256
0758b72989506f291f197597fa4103e580fc46bbb8d7d9669fedb7e5d988c886

SHA512
3be32b66bbc492c4be0151dbda747b1f95cbe57aac08c9e26902398f4f8515b31f24ae44d444efc2fc49ca93e4a547e809d230489a7ad7f7c9a0c2608b754670

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
bc104720f37163e502febc1e3842d3b8

SHA1
41ea1bdc6ac04b5161e9921a56b7ac3e606c5a4a

SHA256
24be5c20386b861b0030d22f0c6f1ef46206d0faa728852560606c1c5a07cf8e

SHA512
16e8551cd43037a60225b4cbbb829ae62e1e63b7e202bc8386a733cf4f62a70f5b2854705d8f2ab79925e05c3e2f662ad0340a043d9cd18fd1b69eb72506fbab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9cb6ff4b77e2a223cdc69e45e913892d

SHA1
bfebf35073f2a6cca60693367972e04b604de101

SHA256
5ffea784cab46c56f17ddbbd970e25a37f525f275a480bb6ed906f2dca5bc395

SHA512
5de9c8a91e30398d84e3b42709a33675f6dabb23f77bd5efe704894259bf4efeb238960d1dc209a7e484b99e9df487595147da8804685e12b3e11ffe4bd0a1df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
33315faafd4f891059582ba93c988e97

SHA1
b9d2fb71bbbb0b6a3b5a1f7cd0dcd6962b200eca

SHA256
91e99f49063da26ca824bbe2a3960ee013dfd7d468dc21be8923ae57575c01e4

SHA512
326ca08012838ad9cc5913bb6420ba2e4ea82621a865de1b377d4df78cc167a3260fa1e7d4c5b913322c53bea408080b677d97b7c8d9efaa232fc8b62a8ba336

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
34cc28fbf602c6564e5a570d0747530a

SHA1
c10d216f66f76b9d3507135fc5df0cf3ca1e8374

SHA256
dd9a2178cad6191a4e6db36e9b1cde98c4704414c4ea19d24ef8f1c9a6f192f2

SHA512
e028beeef53cefc449a14c47e5909c1b7625f8a550d512b751b326870936ee107d6860fe9e8fd027e3a945952b06477e348ad3d923f1d31265501ebaf0bac325

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
76d673f69942a2694a7798970a6b31b5

SHA1
d080851788b52ecee2798a87295debdaf6d8036a

SHA256
6204798fdca4050f8de08c6a475a145d47786c85cf737e96decf96a97814909a

SHA512
8843c959593e49ced762197b28ab6723b89a4d226603c027afcc236cb8fc08f024cd7c97df378373ab2f1564202c416b3e54a02513963eca88bb8d64b5a8a6a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
151833209ced8ca8553fb5fe06b46371

SHA1
4ee8d88cec97c41d79dd94110eaafa37ca451ad7

SHA256
158609fe6b2792f188e15a7dc40406f1d57e4f603b53aeb12ac58da50cbab869

SHA512
429b0e2eff32172519023aecd505a036529c26fcfa045992ff808725b8bc0e0f53a17a5c0583e0f8a6427d32bcb5527b54ee0cfbbd794e106d855b20381f49d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5277889cece29c99ce891bd19d876336

SHA1
62b7c13a74556943dc16f954f16e48c72d9657dd

SHA256
6eff3201a89b2442e1a1f11f5d7b94aa4dcebdcea4785f5025a050e54a4c7544

SHA512
e632f2f42332f80ec455917774e30da77768298f1bf8ed2a62a2fe5107c6cd00f95fa06b8467412fcc563fae794765d332567ebdee5bb3e64079a3cd9543fee8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dda9c1a8bb1837fe0f7c39eb03f608f3

SHA1
29e90af73da7221b6b38e1b5b8a1033629caaba5

SHA256
c3661fa738d12a6e10de5e38e2660225089aad4af5431b69ec27237068901d82

SHA512
89d7c819974b89c71c1a713761c9b0afc430dae2af82b4fc0b317fba2570374ecd5050550fab9bdb5fe2d8eb802a473d0aee9511489b6f55c136f768762cbe5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ca5a1bf824f23e76d30be9ef649aea60

SHA1
07e3f3430618c6d398f8142fc8f4f3050b3cff83

SHA256
0fb4cc0f1f31d2a12f301463e4fef293c22fe4531d04a7de425c65f42177d3dc

SHA512
b9e0f84f21ff130c28556f19968d3eb626cf580fac2edfb926b817eeb655457cb0b9b76101b7c4dac613fa0102dce5df7eff27b1eeb208c7aeb69dab6f95bfb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d9d4f756947c5159e86c3497fe2de13d

SHA1
ec6797dc6443626e8bbedcc02049339feaab09af

SHA256
812d642802a57424cefcecba41f659abf3e2b6eb5c9bdb43e093d112246d9ca6

SHA512
1b5cb36b5db91d777a47bca6022434289a22cdbb190d42559245f7ac78c39319159d325df66cc8e85f5392396b010918ce3d7a8254834c3aa34a55795e0dbf6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
21aaa468fb281b258c4ecf122f5b22bc

SHA1
e9b4e6abe113a7f050a1ae8ce1390bbd3abddf5a

SHA256
d9201e0e7dc0e0cf9ea6db529ed90a389e17fb574d43f0316bb4eea9af92a573

SHA512
b4e918ba5afd3ce44c623e56aac6f814b09a21db4ded161c36b0871028c875b2e43ca84968da79e23aa681aab80b3db590641d59793d71ac436425c7dbb860dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
270762bb49f40b0f8994d8dfe3aff260

SHA1
5207e1d9531d40b4e7eb5e8aae52a07dad2d9172

SHA256
702e33a875432116b7d706f775f98eba6d504b51081ae8f6f594e7eb2e1baf3e

SHA512
70c7378142fd6b33a29a7e534e81445dffdd23ff841531b1787716606ec87359201bc57604aac8bc1525158aae869b713b5e8bf81ad07dd4b62a93adad2b8ba3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
03e31f229126ab102faaea4297bfe8a7

SHA1
421f6ca2a4e79a0e1521dcb9c21107c079b15211

SHA256
b016ba9f81a10b301ab8e9e5f7af67c2924b5e673bcf32fc605e9360b443f089

SHA512
2b05eec2e9c5d51a40d4bfbf65aad671f34039450054c3c329c9f720669dd3c18f297a2e3f14bdcb1efe4829ac41a207cb33459c42c3ec74070e3e3f005dbfbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
51bdfdf38a98ccfe6ed00bbb001da391

SHA1
d1c69fd283a804754da7c16a2af3b8f8627e0036

SHA256
3eb4bcda8e9444315a60bbafc1158f5198edac18aa7596328272bb4ed2f0c959

SHA512
287e3d5a206dd5a5b1acd8050de5507da7604fff80718fff52fc9b79c1635661fdddc28a8c197186301f8f0aaaf11d4f3984391d3d04d7b0652cc21a7dbeebba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
34e04c6f6cf0a533c8df7856ecbba124

SHA1
43ca8354daf3a90d659bbf35af582a4ef811639f

SHA256
b1bc694282c80a3e125468350dd3a990be191d638b4625926291d0a905b0a8bd

SHA512
f5a7418bbf219bab7e7edaacb65583fca79148e5cd1024f6a6c38000863c90716d996c636947172bd524e235aef919e2ea62dfc51f4034ebbeba4a9ef46ea46f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
72d440f9f9de1d0569133d4d94927757

SHA1
4090238715b7965441d38af601cba4dc548c8ef4

SHA256
612dad54f0d747c431de13d48301bd54e3bd10d40c692329c687e591273c3d83

SHA512
cc351f83e050f1988fb624c94cc620578807bcaa10734c9bce0aa099c3a662a7e968effbc902dd183771912021f9b274b948baa731776fdf5ff6884a32cf5f4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9825c324b8f54e9b125eef39b07c3958

SHA1
05714d702b6a54d1e3d7bb896e0a703f7d4cebfd

SHA256
edda697b9212a062c0a4ebc31f78424dc6e5947c5f6213f057665769f1220bba

SHA512
9d2cea3e2fc803b702b049bba0982153c81cad7c20d03d98f1d916294494fcdb3dfd2d33f67635bfbf5ef1b0990ccd4451fc1258b0e26c3e73d656d0d67c5204

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4a205de7bc4ce623cd7e033fcd4a2919

SHA1
62109594b9079cfbb926360698dc1e9313984883

SHA256
3328ee07bf906e8216700cca29454730542931e3bb2b37a8c60aef5508177ba0

SHA512
6ce3be14d01be07d7b6622c013dd9fda21c40f586844f7603ef01485ab8d811bec16ef47e32252cdfe63947be6549cff6e7614cfa34d87e14a8891916340b976

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
78157e6a56751f0798572093296e02fb

SHA1
f1edf4902c9429caaaf9524388dd92881b43e6c4

SHA256
e581bfa93f5bf5fa4dfb86d6a254f15d30fc48fa9c5244e527104b387f450883

SHA512
1d8bbeb9bda6c013f71269bfa490ddef9ff141e4af9eef3c3c7cc6ee6f58660bb7d24ca42482929ad7fc6ccb6583385917613599a86fee5e49a74c1333b000df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2cb4dbd4d8f06dbd3cd2c76538ffc609

SHA1
be8a3fb8dc19f9c9dd6fe12545260db281b70bda

SHA256
8214b36feef3b7afd8384794f9eb3c7839c117362c7965bb4e456618716c4f6c

SHA512
6e9ca3b86d8baa63f82f437736ebd945b8413188a9e68643f5061cc77985eb1451e77a9b6cd14a82c79c800c308d89748aa36826fc46b0e1066054fcbc55233c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cb7b671c2be9d3bfaeeb3b8c3ad97807

SHA1
9df0392ce6ab18ee0bdc2600e5ef0c2f7706d9ab

SHA256
834354404ee174e1788193dfb7ad572a9761f7dd847e0ff2b6e4c1f3baf78735

SHA512
44757614dda68df69475fa86635fcb968a7abc09e2301d561b21cddbbacf95f6b23fa685c77f94517b85190016cd2cc54e6fa775fd1fe103c8a1038d282194f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
adb1d67dc42901221166c871bd2a99cd

SHA1
050ee6e6efe2f798ca0a4a0fa1c54e7f031ff65f

SHA256
785386c3a86bdeb98ac0034621dccc85492ec1b873d912a533b7d3f9758d4e20

SHA512
a454b89314ba4f49e07aeac473c7be3a537d5992f6b6155e1b28a669d15645f8a5b4ab61479173cfa74992fa0fb647ca9687267039bcaadc2049d6d7188dc25e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2099f3e1443d308bb3b42ea99926a4d9

SHA1
df55882ab43d84ce4fd1e2b0edd9bd9407d700f2

SHA256
fb7c0e434584292e3a3734031c8a2d2b7b96cd32d6ccd8777107c2f2130fb771

SHA512
4ef532364b6c0149c136a56a91b0b869f9b7f9015d956557fda1cfb4281ae471826ac1b18e81af42d6db6400a2a795ef6ffc1730c461f79c8cac34a6a53b71ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
50fea40b7a986026ab0e1e608636dc57

SHA1
f8fe938b4eed47ba5e94e04b69dd45c6e7e2feca

SHA256
bd7148da2288fd1df33f9ec5231944d664725a9af1adaa0732750f952d9bf2e1

SHA512
13ca16e96b364b4ce1b9dff4052ba1a9d64fe42b6d5db7b5b9f6e21e6d3108e9e853d0415885ef5e300bacbc4854166ecb9b6ad0d5b1140b491013e1dc4cd733

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
739beb6c7b4a8adf26efb04a2d1d23de

SHA1
6e0a93c6597209365a0ed5f98be9e984b02d7531

SHA256
c2bacbb7dea704c49ef5ba510fc2541157203e5c5a14cdabc5240d064a109674

SHA512
c91c9d28e0f5c5dd06dda928c1878628a9208e88b74fc8372a43ceec3556ba67c96dd64f4560b4d298e231432a3dd3fd7e022e0159608120e7e96772b9f21a55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fc4da9aa946c1e9ae685c748c9830f31

SHA1
73be63ccf773c66f52ee74716afa38e148411772

SHA256
4e92b2a04f0847d8a5c03bac4782a38f55657c9657ab38358923e3eea7848403

SHA512
4a796354864f0c501c71fe5b6cee4dce094f8d902a689e36de84b07bf8d46ffe5f8cbca837a69029149deabedfb069762486b39354423634ee83829b9c93e73b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cd0d0668d6b00d7e73579c61c6f6c11f

SHA1
0ebc4ae3923b75b256ad8c62f48b1c98d3f4ffe8

SHA256
0d3a96e394e07a1ab3df133e0ed12df9022f62b1e57fd14af3034b8019e6ce40

SHA512
8fea1c3fd3d2c923d7a70617aea8a0f032d5e59ef55323fd4a8cf6ead0115701ea51a83444f063623d20210b12995ae150455557fe0440ac832ee5954fec99ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fb7a93612dfa971ecff372206082d86f

SHA1
99dbaf9ecb8c758bc4bbf614d587235c89f12a62

SHA256
0f74dcef1ab16c60c797b7cf2d64bb3d1abc0740f7abbcdb26a1978ecf82ca4e

SHA512
7e15beef0073701c73949b46afd66ac30a1b1febc4f089ec478ae06292ea0a6b38b9184b3ed5be80e9e036e9b8614141494cdea308abe8bcd5d0fe2ed0bac6dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
51a7f554c1b6ead1a5aa096b03add527

SHA1
0cd24469374856cb8ccbc70b4ca722d8e146a77b

SHA256
e34a3a407b39ad46ab3ed91df9c3adbad51055c8e78fb5e141dd57fa5ca1e953

SHA512
0c335dec3221fe3080bb3f4ee2fb3545dd1be9c0399e668b0f082928912ad0e39a9a47b1c1ad20d0433c0d9aac1428c4f9fc1dda2bc527c08b7c7d67bddd545e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
116d1c1d02a21e68b1cbfc325120488f

SHA1
ebbf99c944f5acbb1dcc2462c260b970c1793c09

SHA256
814172c4bcbcbd0d720ef51ffab35c77b6ad151a5e35840fd2c36d9a4fb8db9b

SHA512
65c760ec000c828aae25d6d3897c433a0e290994792d415750a485b050b2ee38b323dcc88a21eb3189e2e9403dfe42b8a2cf2539a327e69b5a60b7274ffa23d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8bbd645846af9fd530b496d193cc1d09

SHA1
970988e1d8c588a1a323bebf10d900506be57da5

SHA256
28f6def1c62b36f05769833d75bac45e3594912f1e97b846605fd439746be38d

SHA512
0247352fff18e4ac5763f16b566f5e5fc4deb3225a1c949e48a72f8f4a2dc094cad86605d601f485e4d5f0902cf3aff21cf55973b6f87d6c8d5467e1459cf8f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6b1cac263e025b3114f9027267abd840

SHA1
17511e676c11a1a0041ffa378fb85a41e197124c

SHA256
e72299e55fce2c616b0224c55372839ac85d69607fa5c1de329dd98f82705e04

SHA512
95d41a3852507e04e5339b3650e537b8c1700e462e2023c866eb808ff9d0908b14f1f5d460bf60fb32d8f2498080b431b4524d1eb614d67387b1e3e720966b0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7200ba2c0e3b39ed7f020f146e91f773

SHA1
e06b198c29ad6c4ec8b55e654253d2ed4cbf89a0

SHA256
ce9cc50c38b05c1d2ae880891cd95ce1281b37b0ec51eea829218c56f3eb84e0

SHA512
966bf1a5f8d595401dbfd28b45364209d56d56095b8684121a18bf38a709eed60fe9b828ba4035cff9ee101223772d15bf2aa4955a28811b273b43c2ae0174f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
27892075d2226addb5ffc8aa43e1a997

SHA1
907f79f0bcb148b5635d81fda55d8ca7f81c1d09

SHA256
7a4a5ac961fb472a55533828010e358fb06b0f3b370a8e9e16c3557ca36dfa34

SHA512
b247dbdbd4d1e45bbc6202033dde12cee20d267e8011a16a8cac7e9a52a51fe623cb0f18396c44fbf77a45823b49c765f790c7d5199c4907712ad7d3468dd012

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
86852fe102ba28d77b77d8e330f20c46

SHA1
2efb0ceb1f776e7949a4906786cd21e45d1d75b0

SHA256
748b9c5c5a2dce241ab0c7041ca05f04cbd6da126d9d865c20f6d1c8fc500949

SHA512
a3e0010df69811255c7c16262d74d624c9e354fbccaa61e371f2a5fd4bc284eb34726a75288b3745c5996192e4fa1b070d68153908d15b155f5613cfabcf525b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b00e84c4a4cd66d7f61f253f1dad4f21

SHA1
3230044d8ef07376e9983c4a1dd7c35d9bddd5d2

SHA256
673bd9baaa1fea212a7691b15e65f1cf740c705f39b8be5855191c79ea3e7599

SHA512
dfefa1047aba060ba3755ad70b3bfe766958a586cca2b4d07fef29879ae292affa07b3b6ad6abc6273989346e44e6a97d322a6b832a6756043b866edd9af32ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f41155a26130f04cf17c01c0082e751c

SHA1
ba52725fba9057e0f477aa305d0d5b222d1a568b

SHA256
e9ee0d02a95f2bac3004dcce3cfc3db726a5e824638eb13ce2b1a038fbe58611

SHA512
e4c878d85498daf2a77c0fa9a46aabe22ecb6afbd2e39e1b7c67dfb1444363e753d743cc19299496e2fbc546c302bbccb12f9f7d2dc47f64684fe7352b8e1bfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
07298683d6cfb1a816ca7be509365cc4

SHA1
b5f9aab3cc2ccb49815d140e7d7e1671bd5b71f7

SHA256
661838d63f9360c3cbdc1390058150fb3082e16838906950c5d1833133d0eab7

SHA512
b40d27db5a82f3b3a5280e41a36057a519f626aa8a97603e8d598f4eae20afaa1aeeefd22c382c487fe4a0002ffad002a478b4b3bc6800a2ee87354c492893c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5bb5da591de18de11cbf91b277bc4863

SHA1
69104a386bedb1ef18b4465196f0492344fb7522

SHA256
72de5cc48d442e082949ce4cb9af70e8306a3635e18b37e0e8c76b5b59212d98

SHA512
3fef9db7e50589eca13a7d2f5b323e767f728f8ba0c95d66945a2b1ee0b53a611c3176a7dcd544f4e0669f8c6774e8f19c7ac0cf7fb8338023c407cc1745be50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2c761f03c66d6853fef64bd67dfbb120

SHA1
5939d57a9278ee189fcadd8a9a99f897b6b046cd

SHA256
11427ad22a76399b80d91a2258652c31597af4f414a5f29ff7fd3f3aecbcbe37

SHA512
dac535bb4ad00935da22018c3858d6aab22cdbcbb1b1116fe798cceef41a050cae2815d329a10f665e6e1b990fbddb3d1270afec81809cbf65b983a2735bcec2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
02be4f2791c5b46988a017c471b9d069

SHA1
ac406b80b01d676a2c363b276132837b6192dc40

SHA256
c197da1a743ef24dae8fe472751e5a605d70b5412d17a23a0467edf48492ba3b

SHA512
dbd5e9353148d427cc4684d0afb0f480d5afa67e9cd1243ab17b7e2f318569963dd2bfff9a12bbbd4b7526e5591a3a59f158fed5986196995e572e55873041d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c7c487e24e1b04c8837040b6afb82269

SHA1
5c23f300bdbce34676726f90b0e0422e9df668df

SHA256
8000a2b08c4650537bb34e32af7cdb020ce29fac5163870bcc214c57153c91cd

SHA512
60b38f8856cf5073ba7cd5aebb96ef0d4793c3286168b11af9572959d4dfa518e3a5b1ddf0192b806b9950385bd995224ae7065eb4c108be356b3b811a2a2b95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0bd7ef1dca30f3dd5b4c3999fc32632a

SHA1
a16a18903d8853b3bbed61f25ed28d7ec47d3c93

SHA256
2c09e5a2457beed968cb318989e55d0f41bdf7a22cd834f2d77411c009358a71

SHA512
7c01a87fae37a4478a8b7f5f151cd22534c2bdd1bb08ee25f676b604e2c9659f3165e5aa87dea362fb5d84943663b9a06beb4c42178cf58d487ec1b48d07d1bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
14ca53a6041b7e147dde1cf493b93a4a

SHA1
8df16386debfa4fb5a8b90891621ee0b76a9cb4c

SHA256
4735906c998993a40dc98edeb9c4f23099ef968738f95c0ead820c5dd63d2073

SHA512
0431b6c75dc8bcf0d7f4c720c05d6057158b6fe15f0da5ca31cb52678ed6d834094c9d980f9bf6bd0f66905dea290956afdc8f0a5fd551343996343fa1cc0cae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
314195892a0cce9ec8d253a327a764d5

SHA1
31aecdda1d246f1f28730c324ae9da3f6cefde17

SHA256
faa38f15143eec11245adc3ad5f5f2470a1efccf1c3f5b1eff266c52e976f947

SHA512
cb3d71d6216a7daad54d64c58618b50244223e02340adac54f3afd768ed68a9a526e05255b265b1a8473182ac4e3165e8f816900be651db4814be279cb4a6a96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3161b2f92f1dc908232a2b667172716e

SHA1
bc74cfc6fdbf443e65b676ce19396c57dc7011e4

SHA256
db3881529a829287bd9425bb2e820792e1e9ce65b50bcd293f5fe318b6c7f142

SHA512
43c38400ca85387fbdf9b7349a5865005207bf7f9a025abf175063645f274f46c7a169ae1e8d5be076e1cd68b6feb34ebc96e9b7947d95dd04f1969154ca22eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5eeccafcfe42582b8b25ab7ab38e6ced

SHA1
c5a72f9df973157f84282e6c5bd797cab3f5d963

SHA256
7644b9a8944de5907e9229ac60e086237709faaf1647004a2544a51b1a809e6a

SHA512
e16b7d7f661d4f267a9f557b0109c305e8caa23da16a1ed81c4e3ce42230f49f67b9f51038f73dfc0393b5eee274c6f28891853c4993c9350d62cc3e12cb44fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0c29913e1008a9da48cb21445110308e

SHA1
ec599b04774bcbceb839c7986d399ffbf991d666

SHA256
fc903929e1a62d48132f92103a509a56652334c19457c35020cb962572dc8877

SHA512
8882fa263caaaeb62c5ba344ea940cf564d8df532d586c918659245af2b0ab230dd6274924f51a9410b2205684df083c2cbb9e917ae20901ae016f4dca61036d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4ca4d918eb006d9bc1767c2cd3478ec0

SHA1
66c95d4d6478afe1fb38b9369252281c2d4d7fd3

SHA256
35d0889e7f09bfa7218022b7d5c6a3e351a0a5cd36cfbb98332aacc1298790a9

SHA512
fdf88c8c7e238089954a7d4de098218557517f9d4d01a4f6839afe98dd2691b1b4b7c36b6c26c8da756eb454719f13e24174e1cc1045a4fc5a98f65654accf00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
96e2eca55727cc7603e29a27dcaa031b

SHA1
e0b9aa90f9daf54a03e3adb2612e0d0aec23197e

SHA256
1a8eed11b33dd6bed32cb00d86a26a398bb829d88ed9aa631be54ace14e6f4c8

SHA512
f3235d082b03863ecff81651999b3c736bf2e828a396d9a4100615cae6196482c0c2da9125b6d9bd9b4ba91b90bc3d087b3b03335704f9a0a2a277906faba2e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ae91bfc50e5505ac6c25a29585a6d964

SHA1
ca2a6d745080885102478ee679b671b1c12b800a

SHA256
414d4554497de2fb08630095e10c2c153a7c2385ba622c2cad27ed54a7148df7

SHA512
d0ae074175e403aecd0fe25e8088ca56cf1a75fe8f377e1a9ebfe3c3009de3b0c7291730a11a082bef73ca616ca3de0a11698d2e93776a8c05d3c7208dbef687

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4ba66bd5748fec776eb22b13d4d75428

SHA1
c2b7ac51dd9bfa19946971989be1ee44f8571590

SHA256
df06c4eae5b6761f3554c9a67f30a490f2ff4580384653b8c77bfa1bb5bbfd82

SHA512
ab09a7f0baaba5f0f23b8f51d9f6c3e7340006915f74e9db18e4fc7bcb7fdeaedf3a12ef763acf594512e6c21b520b9028712777786d443d26d40b0ff0f1716b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0884213bc40231806fdd4b935b209bde

SHA1
54cc2fa1ebb98000003f3fffee20df3d878979d9

SHA256
8b06a865c26c30380221e91a45332559cedd67fff553d747bb510fb10b8cca88

SHA512
a15948f117b4ad494bd478104aaa9735e846252aa62f4295db82fc6fb549131f3ebf6e44e7c31a2c0d17cb6fd0d6bb69779bcf587cfe63e912f4d67eb07155bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7421dd3b03d76443dd1fe59460ae8398

SHA1
0d4157db61345c9e0518d9e9c75ccabf18350e67

SHA256
1e18b754f97c8bbb3f1393eba831f5b683aa8dab39d02e833c2c8f6d2556a476

SHA512
0697c945474367999547e714af45ff3678514453b0b0d5275a361859683519fa6e6b910608fea63d2b07ed2735d844e3531c1c3bc82fce12def86d111e9e5c97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
affc57eaf07eb420dedd9a5d0eec6dd7

SHA1
34615808c7c95924b744b80543add52675c5bfdf

SHA256
495c8f95356e9cd6ef7675f4e5c90024838e9c4494274fd8af3c0da1c4f03fc1

SHA512
503d66fdd931119200e932480bd240ff1af962df2eed835f3f5c5cbae0e19a6158aee11f774f0e639121e8d6dde5d9f9f7ea5bef9430aa14f5377e7e51b2adc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
07c38d231a24906926ca9b99c3ca7a7c

SHA1
3f02f84d63c6e0564ce993312ef8cb9a95d65ea4

SHA256
44b30d4c4874fb61ec808e8f8cd0a9951e82654bd3bb5b36cb77bc2165eb0062

SHA512
450ba9157a4e6b9bc9ed23a784e9d8f6839911e1f881033a651a68786b4ee63c1fa1084f168a3175604b0f367d830f8c7bf994ffb17d08b3a1b5061e2a18515d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9225322ac7516943db9bfe901f0981c5

SHA1
aa70b13d6ae44cee447f31200391876d77fa704f

SHA256
9a90dda7a2c8a6ed57c21e5168c3a319b091099081bb8bda292a15d140f19e1f

SHA512
2d44a88016b5937492074b34769aa1a1c8854f3e553c09ea8796957e295b1458bfc941b9b677250a1e055b0894ddae44e57f7f6113675913d0f4155f26eea148

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9875b22a8e4d58b1a601d49017f0ddd6

SHA1
4b67d3fc2cecc4119b9c07c375fe506f8e333b5f

SHA256
df04baed1e6ec8ecb2a834f926565c27773aa8be33caf30e489a6f1e3c3316cf

SHA512
89437cf3cb7187cc696768e745617c786ce227dbbe5ab77963d02c82ba79f18d821daa3786a572b9f3acf1ced2e89c478f2265f568113b301beb02a0362d4780

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e60f66fe-4377-47a7-9531-b12caa6d6244.tmp

Filesize
10KB

MD5
39248de86e95fc6367beec8f4beab451

SHA1
7389b15983b974e82dab5d910e4c0218a18b9daf

SHA256
08b00bab4e4528cdd23e11a9ffe4372d0538a9dac3bff4a3643903c98c3aeaa6

SHA512
da069f3917763ee397776336e3db8f960ed2c55e6d99afea4ddbf17cda896d324a2bf2b8636ee7af0983f08ba27fc270be3bec2cfd8e3fdc8bfae20199e66709

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
f77fd32adeb6f7d7405404cc067345f9

SHA1
017b40934bfc1a2a7ece09a6be696d5d8fa2d892

SHA256
8d059dfc2105799f2432bdaad4bb6b9e8b1c281e34b1de557cdf59cd4d14e619

SHA512
272c3b1014c613d8dc2b544e1e4785e26245170dc8510b8d733c08769336714099e618f0aedb0840a891be72374228aa8db4430642f2ee56e2fc94f16213cbe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
df91e1dc7a2a5426090557be74ea9a89

SHA1
58dc071026bbef6c37daec59df98c95f1722ba82

SHA256
3b247b1f6db50fd09b5fbd1c88111596172aa8da8a26148a5aa15d3b73f6cbca

SHA512
b9fbd365ac69de2aa1fb1ddc802cc18a940b5a37c88c0df6639adfa8048c0c3acf3b464d83d62568ab53a6592c6d89bc740a3910d39a6530beba5f5a8e9c7b1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
a577a80f47a4ae555e14d1356902a01d

SHA1
308f6018af3651f3091619f3ab148e6d3b542fa7

SHA256
396fe3f4b274d4f8b1ad26c9ecfd491b02153bb167f1ad86989e80e73d5cb5b5

SHA512
04e7c773d658c08837e3e16eae0f12f7b7e20f2cf56ee1add1c7859c493cf4961200bb6ab9aa89819021c39c3596860ac99febfa1fa891a3639263e7397b8c7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
9b1e2d4c36c92a398bf029802656b510

SHA1
dbf5a7aa0d612d75c7e17b847261513a76c800b3

SHA256
6f4252cb6cec2c7e8884701fbc7705864b336122945e026dc8e09a6de863f786

SHA512
b6f3361abd65de00e4efb88a69b82f2fb9d63e3e8212a7ddb61714ec845ef4feca49269b7d43832bcfe260426a29ad779654c491813c977fc6e0b8833e1a3eb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c03d23a8155753f5a936bd7195e475bc

SHA1
cdf47f410a3ec000e84be83a3216b54331679d63

SHA256
6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca

SHA512
6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d68c7edc2a288ee58e6629398bb9f7c

SHA1
6c1909dea9321c55cae38b8f16bd9d67822e2e51

SHA256
dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b

SHA512
0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
19KB

MD5
8f661b8c2dc08d06a2992b1006fbf95d

SHA1
51f7614ee218ca027670a3bb0d7cfe1f23869602

SHA256
8bb39a6f700638d352b26ee0cb86fe5fd1127397dbc18d50a5bf37eb9ef6519a

SHA512
80789cf71769f1c03910535c610c942aa4be684433bcdff360ba309a6c15b3878920a49d1d1303c322de64f200b8e5d316b428b66668d51f9ddffaac0aa5f80f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
24KB

MD5
b201e8da90ef456598b8b3bb0e31bf53

SHA1
8bb524c8e9b17920c83d9a06c0b305e41cfca560

SHA256
2c8b630d1edafb8cc8c8cd73fff10c8ab6d06232929a4d458ec34628920f1665

SHA512
50126ac5b7800f5a848ef49ebc8e71d78cb5ee9c1602486b30e697ce57af32c868e46795ac2c157cdfd7fe65c03133c7a752813d520a9106adc3e50620b473f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
40KB

MD5
0c9f37673dd9c878a4b5bb419ee24b5d

SHA1
d973a8e073c1f76068f0947d495998f7f823d76e

SHA256
c1e12f630e7f356d154ffe4a7a3873e7e136e41c1c37e6c0fa4d2c52f1d269dd

SHA512
b361afedb4a910b12f7dd7b5b33d2914be39528bf4d1486661d0107c24135cff3a5393df1af85cd7d1551f0e601ea9d2ad4b147e56f469691e2b11906fd1514c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
17KB

MD5
a421438ebae11fcb4808982f78536c8e

SHA1
cb3287d6dc2557343cc2e4723f6bb5e5534ab075

SHA256
8d40f05f3d7b0c08cc959534185a4ec52963c06322e7c31dbf90266d9a0c6bfc

SHA512
5f6e88895377f671f867464313290d9cea0ccf4377ed74153c3fa745456ac35f9686fcf0a2e9643316c60f5bb677dfabe1ff408a56318c48e0f7853954abfe1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
66KB

MD5
100655c23b1e2cbdadf8919bf6f14f50

SHA1
1b535aa013148bcf8dbae70f31064ed03380f97b

SHA256
9de4c1063286a2bcfe2c2b232e45bd8947e70d941f4685a50fd9d99cc6b74fe9

SHA512
9904ae2ea00d092f4d2cad4969d26e08b1840373e6869b358f11686d109b09eebe25fbb6a45671a918e1be53130a4ca20cb5e217348a855811cc4fdc32808f67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
216KB

MD5
60f3ab1dc0a84cf62f6d7c533345ff78

SHA1
68bd632dc672aec73c776b3c49322ac902e97516

SHA256
fe3fb6603c5f71392831a1b000179497379624f33a652b74a2ae7afa545cd942

SHA512
fcf4d20a55afebf404d04d2fef682865ddb85c26752786722e2193a37670022791f87426f3d9264e6a012ee72585cca1a3433e0c65ff75f4ba6c07ab4c288ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
22KB

MD5
9d53309ac2415ed6efe77b43a5a2b2b6

SHA1
31d26e32f551242c037116da7fe1f039bd1c4b41

SHA256
31e667f7d809056c4199b4204f46dbc6cd118a97530308229bbb9d450c42f89f

SHA512
25510c4cd3ac3388a1c91b5011e12a34c409f272d8f7fbec1a89cbff45f2553f7061c1f63d1a2c06f8773b885bcabd9c96501434b8905778132fffef80989476

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
205KB

MD5
c9c9e7a0321c20a8faea53cb744f62a5

SHA1
a4f7964d6df916c63bc019879e15dfd8a010c9e8

SHA256
9dc45a4308a94cc765a3fe2409e6998871eadf786e01bd0fdcbc5e354ced331d

SHA512
12bfb41ca0dffe67448d2ca50e44432d60f150b588e168efcebe37ce4f030da3161936d443735587b9833eaf506d6448bce92985c16456caa6b2b94b48b7896e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
d2bacc6335e7b038674891c85415b455

SHA1
87c46bcea92ffab0400224e2ad8d7ef506543072

SHA256
9ccd184675799f928ad20bfff9201bc89fcc3354d1d1387780359e8f9f4e42c2

SHA512
46eb34936168d52ebd8f9096e1c4921f880e58194534bcc843979e0456587214f6cb62c4b4ca2ed55ad4f5c85bf9f9ac7da082092548a58e95e636e3c3f36fd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
196B

MD5
99e4c5f9939e49a53fb7dc19a6f95154

SHA1
1ccaa5af13431b01d924b216e6329878cdbd5a08

SHA256
51d31f383be2000475978e2242305075b3660149a7641f40c6d8b159b1d7f1e2

SHA512
41ab2ba763c8096cb14dfd1dbd3b2a77fe1ba3909294fda63167c94b06ab265191b947c8ae8a45b32766c7f0c77e016d6100d970cfc84b68ddff00d87dd40263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cfa91e57d85a22d70f67a329f080f3c1

SHA1
d72e4c26680a7e9d2096e1f48ce7ed673ca260c8

SHA256
def1659ef3fc28ab6fd517d4680a368e2933080791c4fba98844504c14158c07

SHA512
14d055e14f9e96db7bdadbd82f99c64db55e9b5e112a62f8b0103aea2fd98bdb158adc7b86aa361eef48eb93f1372a58aa5ab7af1ae814b4d604059f608d8e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
777f2faadaedda73076b5f90c4b08104

SHA1
f504f59e0ec9f065eeb54575c9a87abf5c0b93b0

SHA256
9cab5e4c5e4f6cb47ca7a7b4234dbdf72f0262e55e94baa9bfc06e5fb950f891

SHA512
562dce5cbf722e8de376f7dc46de67cde4b697785ee86bbbffa1451eca4629effc8ddd82c7c5e995f805c468b9ac6308606dc5b0a9f1226cd48221a105e48687

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
356914784988cdbe2f686ec2cf653f78

SHA1
95369544c9457b584a7b79ce6f05f12c62cd0f69

SHA256
85939c33a24a7dbac2b901cc2d249a3ceb3672d2c5e6a868a7c12691b2eea469

SHA512
1f0d2cc14cb4e32bb30de6705b4cc240aa2d9e09a8e240b69a69210a2e8eeeea4ad5065e1256f9532d176c6e5130ac8ab66ab773eb3b7664953cfd4d07930a2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
06ba8a26c423cf3e9fd076f4e6f61742

SHA1
fa4e52b2487c76987a077312a210eb642a27820c

SHA256
2c946c79b39770409872f3b8c5e966fd93246b84cee0e17709c6b3e9170fa49d

SHA512
9f83a5963219f8041f4d767ca76a19d72242ba98f06d603ca4aad1531abcc0756f78494a58260ac25855eb1744b1c1844459c7497fc73c7ba1c617917d35b4d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fef5a281e8558c87aaea884a49150017

SHA1
0a4a9b70a83d7059f95a7d395969933ca54ba716

SHA256
d455e06621d08aef478bb012f2166af076b72fd462f4f8c6e386b764a9de1c4c

SHA512
74bea1765b9a70224b85c7cc7b32264efc0d75e8a5f43e37d571eacb8f41383de0634dc2842d28d86bcb5c5302f0e799f92c30faa3bae1cba040d27e0fb9fbf7

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
657fddbf481ef6e0bb89b673d428de39

SHA1
845d1c345ca26e2a6c4cf1b0bf5e97810187728f

SHA256
d73bdaff51e2c3a8f09c3ecee768de134471a9002a6e29445e439be67e604bc2

SHA512
522a492a31bdf37663a6999e9cfbbbf6a9dfde616efeee7be472a0edca82e6e8a36e5a454abc3a1e0559d70f6aea8b4499a078c8b31b907136637815f40b945e

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
4b47da92956a458d0972cf0e179eb641

SHA1
63f76eb02e0270ba64e2e1910325bfefc82bc02f

SHA256
2e7797e60ffb120c61b988e015020df63e2f78d248277ea2b97761d7b2aa40f9

SHA512
8349d46f28c328d2facdd37d55f80ea97beb6d50ff3e237fef10c97c48a88c7548862c65a4e2828659f0f32043b715dff2f7eb09d44e5282172ea4751b31f6f0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
455fa10af2233d8d0e45b96461bd0067

SHA1
b665fc1800705fcbcae7d6e14c51f65c35e417b7

SHA256
b04598d81ea2dd0a406fbcaaffce5e27081a8b1fe46c7795b5e05e169feb17ce

SHA512
2833e35923990b85f1587e514f23ea4462ee89dcc456da9a7a81d9c7f1ba2d4ffb9ae9992bb6adb5e83ca48042fc04e9f0ee5a843a88c9bb60fd2158520bb899

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\wasm\index-dir\temp-index

Filesize
48B

MD5
e9a31ada210be14a32d18809f8b7e1d1

SHA1
6f5bdaf88f5f476a313d702bffca38f3a4208912

SHA256
8d8b97229824ef5c49bb9df06c1ce4e6f10ae2ee261335e714bc56b838b83ea5

SHA512
8d80f5fff99f97c471de6ee22c53b28f16f62b6058c5b6317c8dae55544ef66ae67de9aadb272eaaf5aabf0abc025b3086123c01b5c5a8836d08b86cdc0c9d80

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnGraphiteCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
822B

MD5
19ff664e5cdb864e63614d913325d763

SHA1
6439341fe9562b9de924cdbdfaf4ae2644090847

SHA256
6af3c5c46a1e5041129b93caf2d6f18613c487a118454ee51560f6249da3037a

SHA512
7d6fa41fc701c2065a5a5a91237f5fa0bcb39c7fbc06a2f4bcffaaf6c910c3d36027a43900ac1174856ef27cfbaf8ba9e3ccba2ae094d9444d5b0b93b9143829

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
710B

MD5
69414b1486e6f2591aab1708e2db617d

SHA1
be18ba32ed6e91490dcd8b51fe19977d3f7b94e2

SHA256
2f0a552e24125b8ef59942915f0a9612fa85f2afe2ec0525d3b8ac3a689af227

SHA512
686357f2b7df82ad6635f9e27fc06e18e798df24a95d7b5a62be35c39363580793c40de4ca89ccbe0b7e4f0bac3f889ca051e6f0482b2154e15b99db97b8449a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe61d06f.TMP

Filesize
529B

MD5
af1efb445e72a9e13f7e164d7500dc21

SHA1
c26c1b8a5cba075a682c41fb5789484c0f27af5f

SHA256
ae13db50a9a41646f1e838c81359799b106688deae142cddbbc9a0d73544c7bd

SHA512
eaab7337a6c69a081db8e9302bdfe9d12182f78c28a0c56f88a5c7a72bd19a66e6d8e40644e35dac1011297a464eb0f618d348f8045850f52a4141467cb04413

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
686B

MD5
44eacf22cfcaa0e8da0ac4b3281cb2e3

SHA1
2168fa1e10b6248ac6654a2ed8919fea7a33ea10

SHA256
ed44e35a1bd976f373158072fbbf29f8fce857176c5d0fa62e08b97ba9db8352

SHA512
ad21ae7053d8bb348ee1f82f997430f4baaa5324c7dc33dcd77a3fab9d6c3a1798eb4920eb0de3c57b9d0923920949211fc41b9343debd0f72e64765ca8f9bcf

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe61e3b8.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

Filesize
2KB

MD5
602c49f9246967bdcff45b4f43cf2fb0

SHA1
4c5796e0c724bbd7a9244cc8a0fc9e8f40181f2d

SHA256
a3ad9649c1038078038be1abd591cdba73b4b4f5cf30e11bb6cb7a432b746114

SHA512
2f273c0dd0127071f4c768cfe7277c6efff84c1ef4f4271c1326db3658c84261794b106af3198717f349fbaaaf276163700bbb50ae20fe52ed0a88a192d46f77

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe61158b.TMP

Filesize
2KB

MD5
68b20851ccb9834d21fb32615e42bd43

SHA1
88fab935f0b9484994097c08f785e9ecb7d68127

SHA256
a954b528dd65ad6c4c2091fa32f17abdb7a49454ce88e10bb6c377734c70c26f

SHA512
dcb0771120c8fe35213d60e9abf4b242af807324759e3c99e9b2569c00a941d885d53ef6fadfe69e6b740e0b52a6008602605d643801190a2d29175a7d065e15

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmCD9A.tmp\StdUtils.dll

Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmCD9A.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmCD9A.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmCD9A.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmCD9A.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmCD9A.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\Downloads\SteamtoolsSetup.exe

Filesize
978KB

MD5
bbf15e65d4e3c3580fc54adf1be95201

SHA1
79091be8f7f7a6e66669b6a38e494cf7a62b5117

SHA256
c9f2e2abb046ff2535537182edf9a9b748aa10a22e98a1d8c948d874f4ffb304

SHA512
9bb261b4ed84af846e07ffb6352960687e59428fd497faa0a37d70b57a1a7430d48ac350fbb0c3f0f11e4231a98ebca4d6923deba0949fdd7a247a3c02737355

Download Submit
C:\Users\Admin\Downloads\SteamtoolsSetup.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 269344.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5148_984449673\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5148_984449673\manifest.json

Filesize
1001B

MD5
2ff237adbc218a4934a8b361bcd3428e

SHA1
efad279269d9372dcf9c65b8527792e2e9e6ca7d

SHA256
25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827

SHA512
bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542

Download Submit
memory/4068-12920-0x00000000004C0000-0x0000000000972000-memory.dmp

Filesize
4.7MB

Download
memory/5148-13072-0x00000240D8190000-0x00000240D8199000-memory.dmp

Filesize
36KB

Download
memory/7124-13309-0x0000013A77950000-0x0000013A77AEA000-memory.dmp

Filesize
1.6MB

Download
memory/9516-13083-0x0000024DF6CD0000-0x0000024DF6DA6000-memory.dmp

Filesize
856KB

Download
memory/9516-13082-0x0000024DF6B30000-0x0000024DF6CCA000-memory.dmp

Filesize
1.6MB

Download
memory/9604-12971-0x00007FFC49BA0000-0x00007FFC49BA1000-memory.dmp

Filesize
4KB

Download
memory/9604-13081-0x00000137036C0000-0x0000013703796000-memory.dmp

Filesize
856KB

Download
memory/9604-13080-0x0000013703520000-0x00000137036BA000-memory.dmp

Filesize
1.6MB

Download
memory/9604-12970-0x00007FFC4A1B0000-0x00007FFC4A1B1000-memory.dmp

Filesize
4KB

Download
memory/9880-13079-0x000002E5D2860000-0x000002E5D2869000-memory.dmp

Filesize
36KB

Download
memory/16060-13098-0x000000006F0A0000-0x00000000703E1000-memory.dmp

Filesize
19.3MB

Download
memory/16060-13123-0x000000006F0A0000-0x00000000703E1000-memory.dmp

Filesize
19.3MB

Download
memory/16060-13071-0x000000006F0A0000-0x00000000703E1000-memory.dmp

Filesize
19.3MB

Download
memory/16060-13163-0x000000006F0A0000-0x00000000703E1000-memory.dmp

Filesize
19.3MB

Download
memory/16060-13206-0x000000006F0A0000-0x00000000703E1000-memory.dmp

Filesize
19.3MB

Download
memory/16060-13225-0x000000006F0A0000-0x00000000703E1000-memory.dmp

Filesize
19.3MB

Download
memory/16060-13242-0x000000006F0A0000-0x00000000703E1000-memory.dmp

Filesize
19.3MB

Download
memory/16060-13285-0x000000006F0A0000-0x00000000703E1000-memory.dmp

Filesize
19.3MB

Download