77895f93c6ebf03c225358ebe3e2993d961d0b85d107d0bde43f55679a37a8de

Analysis

max time kernel
1500s
max time network
1503s
platform
windows11-21h2_x64
resource
win11-20241007-es
resource tags

arch:x64arch:x86image:win11-20241007-eslocale:es-esos:windows11-21h2-x64systemwindows
submitted
06-01-2025 23:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1966720.zip
Size

61KB
MD5

413620c004ade9e29a8e70aac608f9c6
SHA1

eebfcf551dec64d498c81959708c316fc9b772f9
SHA256

77895f93c6ebf03c225358ebe3e2993d961d0b85d107d0bde43f55679a37a8de
SHA512

1f877228d91067ad2f9afe600137b1f01ab2517e1133cc57d6e46f202683bb38d14c0ec8e064ec88d6668bf8c7b500c9abc01f88787ced674d75050f5fef2f71
SSDEEP

1536:fQprpxGxA1mzT5YIdzSa19SBomSuWt6gdhC5bkAzPW:Yprvoa+T5YRYUBomS6gdhCVkAzPW

Score

8^/10

steam defense_evasion discovery persistence phishing

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 64 IoCs

pid	Process
4948	SteamtoolsSetup.exe
2964	SteamSetup.exe
4844	steamservice.exe
1608	steam.exe
12980	steam.exe
12908	steamwebhelper.exe
12872	steamwebhelper.exe
12704	steamwebhelper.exe
12264	steamwebhelper.exe
11752	gldriverquery64.exe
11668	steamwebhelper.exe
11580	steamwebhelper.exe
11288	gldriverquery.exe
6932	vulkandriverquery64.exe
11228	vulkandriverquery.exe
10036	steamwebhelper.exe
8440	steamwebhelper.exe
8116	steamwebhelper.exe
6160	steamwebhelper.exe
14908	SteamtoolsSetup.exe
12480	Steamtools.exe
5188	luapacka.exe
5648	Steam.exe
2624	steam.exe
5832	steamwebhelper.exe
18740	steamwebhelper.exe
18836	steamwebhelper.exe
18444	steamwebhelper.exe
18296	gldriverquery64.exe
9948	steamwebhelper.exe
18684	steamwebhelper.exe
18352	gldriverquery.exe
18196	vulkandriverquery64.exe
18056	vulkandriverquery.exe
17148	steamwebhelper.exe
17120	steamwebhelper.exe
15904	steamwebhelper.exe
6848	steamwebhelper.exe
6868	steamwebhelper.exe
14092	luapacka.exe
13968	steam.exe
13576	steamwebhelper.exe
13536	steamwebhelper.exe
13420	steamwebhelper.exe
13332	steamwebhelper.exe
6572	gldriverquery64.exe
6480	steamwebhelper.exe
13192	gldriverquery.exe
13120	steamwebhelper.exe
13004	vulkandriverquery64.exe
2252	vulkandriverquery.exe
11368	steamwebhelper.exe
11284	steamwebhelper.exe
10888	steamwebhelper.exe
9328	steamwebhelper.exe
7968	steamwebhelper.exe
7408	steamwebhelper.exe
7420	steamwebhelper.exe
6504	luapacka.exe
12896	steam.exe
5404	steamwebhelper.exe
5996	steamwebhelper.exe
5876	steamwebhelper.exe
1672	steamwebhelper.exe

Loads dropped DLL 64 IoCs

pid	Process
2964	SteamSetup.exe
2964	SteamSetup.exe
2964	SteamSetup.exe
2964	SteamSetup.exe
2964	SteamSetup.exe
2964	SteamSetup.exe
2964	SteamSetup.exe
2964	SteamSetup.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12872	steamwebhelper.exe
12872	steamwebhelper.exe
12872	steamwebhelper.exe
12980	steam.exe
12704	steamwebhelper.exe
12704	steamwebhelper.exe
12704	steamwebhelper.exe
12704	steamwebhelper.exe
12704	steamwebhelper.exe
12704	steamwebhelper.exe
12980	steam.exe
12704	steamwebhelper.exe
12704	steamwebhelper.exe
12704	steamwebhelper.exe
12264	steamwebhelper.exe
12264	steamwebhelper.exe
12264	steamwebhelper.exe
12980	steam.exe
11668	steamwebhelper.exe
11668	steamwebhelper.exe
11668	steamwebhelper.exe
11580	steamwebhelper.exe
11580	steamwebhelper.exe
11580	steamwebhelper.exe
11580	steamwebhelper.exe
10036	steamwebhelper.exe
10036	steamwebhelper.exe
10036	steamwebhelper.exe
12980	steam.exe
8440	steamwebhelper.exe
8440	steamwebhelper.exe
8440	steamwebhelper.exe
8440	steamwebhelper.exe
8116	steamwebhelper.exe
8116	steamwebhelper.exe
8116	steamwebhelper.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0336.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\friend_online.wav_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\btnStdLeft.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_emoticon.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_color_button_x_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_p2_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_ltrackpad_ring.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_dpad_right_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\2180100_icon.jpg	steam.exe
File created	C:\program files (x86)\steam\userdata\1855506404\config\localconfig.vdf~RFe66f6da.TMP	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_030_inv_0314.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\inbox_comment.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steambootstrapper_greek.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_button_mute_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_p2_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\soundsystemselect.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\bins_codecs_win32.zip.vz.a7f87baba9068542650f4733de1eec6325d55791_5615796	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\deck_boot_transition.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\loop_3.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_down_default.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\joyconpair_left_sr_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_r_up.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_l_click_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_button_a_lg-1.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_button_b_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\templates\controller_mobile_touch_absolute_mouse.vdf_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\1245040_icon.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_romanian-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steampops_italian-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_status_mobile_ingame.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\vgui_brazilian.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_r2_soft_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_dpad_swipe_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_gyro_yaw_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\templates\controller_switch_joycon_left_gamepad_joystick.vdf_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0416.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_030_inv_0304.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\game_details_header_red.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\dualshock_4_hungarian.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\xbox_360_turkish.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_down_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_button_b_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_r_right_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steampops_brazilian-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\0_star.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_dpad_right_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\joyconpair_left_sl_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_click_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox_button_logo_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox_rb.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\ChatRoomDlgFriend.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_reload_over.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\dualshock_4_greek.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_button_triangle_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_dpad_left.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_rstick_left.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\msvcp140.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_030_inv_0325.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\RobotoMono-VariableFont_wght.ttf_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0331.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\xbox_one_vietnamese.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\platform_dutch.txt_	steam.exe
File opened for modification	C:\program files (x86)\steam\logs\transport_client.txt	steam.exe

Drops file in Windows directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12908_767497746\manifest.fingerprint	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe
File opened for modification	C:\Windows\INF\msmouse.PNF	steam.exe
File opened for modification	C:\Windows\INF\keyboard.PNF	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12908_767497746\_platform_specific\win_x64\widevinecdm.dll	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12908_767497746\manifest.json	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12908_767497746\_metadata\verified_contents.json	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12908_767497746\_platform_specific\win_x64\widevinecdm.dll.sig	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12908_767497746\LICENSE	steamwebhelper.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\SteamtoolsSetup.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamtoolsSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamtoolsSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 22 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
6688	taskkill.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steamlink\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steamlink\Shell	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steam\URL Protocol	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steamlink	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steamlink\DefaultIcon	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steam	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steamlink\Shell\Open\Command	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steamlink\Shell\Open\Command	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steamlink\URL Protocol	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\program files (x86)\\steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\program files (x86)\\steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\program files (x86)\\steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\program files (x86)\\steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steam\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steam\DefaultIcon	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steam\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steam\URL Protocol	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steam\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\program files (x86)\\steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steam\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steam\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steamlink\URL Protocol	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\program files (x86)\\steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steam\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steamlink\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\program files (x86)\\steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steam\ = "URL:steam protocol"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steam	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steamlink\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steam.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Sin confirmar 784379.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Sin confirmar 968677.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\SteamtoolsSetup.exe:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
12480	Steamtools.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4056	msedge.exe
4056	msedge.exe
4268	msedge.exe
4268	msedge.exe
864	msedge.exe
864	msedge.exe
1716	identity_helper.exe
1716	identity_helper.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4264	msedge.exe
4264	msedge.exe
4332	msedge.exe
4332	msedge.exe
2964	SteamSetup.exe
2964	SteamSetup.exe
2964	SteamSetup.exe
2964	SteamSetup.exe
2964	SteamSetup.exe
2964	SteamSetup.exe
2964	SteamSetup.exe
2964	SteamSetup.exe
2964	SteamSetup.exe
2964	SteamSetup.exe
2964	SteamSetup.exe
2964	SteamSetup.exe
2964	SteamSetup.exe
2964	SteamSetup.exe
2964	SteamSetup.exe
2964	SteamSetup.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe

Suspicious behavior: GetForegroundWindowSpam 6 IoCs

pid	Process
12980	steam.exe
4344	7zFM.exe
12480	Steamtools.exe
2624	steam.exe
13968	steam.exe
12896	steam.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	4344	7zFM.exe
Token: 35	4344	7zFM.exe
Token: SeSecurityPrivilege	4844	steamservice.exe
Token: SeSecurityPrivilege	4844	steamservice.exe
Token: SeShutdownPrivilege	12908	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12908	steamwebhelper.exe
Token: SeShutdownPrivilege	12908	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12908	steamwebhelper.exe
Token: SeShutdownPrivilege	12908	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12908	steamwebhelper.exe
Token: SeShutdownPrivilege	12908	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12908	steamwebhelper.exe
Token: SeShutdownPrivilege	12908	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12908	steamwebhelper.exe
Token: SeShutdownPrivilege	12908	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12908	steamwebhelper.exe
Token: SeShutdownPrivilege	12908	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12908	steamwebhelper.exe
Token: SeShutdownPrivilege	12908	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12908	steamwebhelper.exe
Token: SeShutdownPrivilege	12908	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12908	steamwebhelper.exe
Token: SeShutdownPrivilege	12908	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12908	steamwebhelper.exe
Token: SeShutdownPrivilege	12908	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12908	steamwebhelper.exe
Token: SeShutdownPrivilege	12908	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12908	steamwebhelper.exe
Token: SeShutdownPrivilege	12908	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12908	steamwebhelper.exe
Token: SeShutdownPrivilege	12908	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12908	steamwebhelper.exe
Token: SeShutdownPrivilege	12908	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12908	steamwebhelper.exe
Token: SeShutdownPrivilege	12908	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12908	steamwebhelper.exe
Token: SeShutdownPrivilege	12908	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12908	steamwebhelper.exe
Token: SeShutdownPrivilege	12908	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12908	steamwebhelper.exe
Token: SeShutdownPrivilege	12908	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12908	steamwebhelper.exe
Token: SeShutdownPrivilege	12908	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12908	steamwebhelper.exe
Token: SeShutdownPrivilege	12908	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12908	steamwebhelper.exe
Token: SeShutdownPrivilege	12908	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12908	steamwebhelper.exe
Token: SeShutdownPrivilege	12908	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12908	steamwebhelper.exe
Token: SeShutdownPrivilege	12908	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12908	steamwebhelper.exe
Token: SeShutdownPrivilege	12908	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12908	steamwebhelper.exe
Token: SeShutdownPrivilege	12908	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12908	steamwebhelper.exe
Token: SeShutdownPrivilege	12908	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12908	steamwebhelper.exe
Token: SeShutdownPrivilege	12908	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12908	steamwebhelper.exe
Token: SeShutdownPrivilege	12908	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12908	steamwebhelper.exe
Token: SeShutdownPrivilege	12908	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12908	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4344	7zFM.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12980	steam.exe
12980	steam.exe
12980	steam.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe
12908	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
2964	SteamSetup.exe
4844	steamservice.exe
12980	steam.exe
12480	Steamtools.exe
12480	Steamtools.exe
12480	Steamtools.exe
12480	Steamtools.exe
2624	steam.exe
13968	steam.exe
12896	steam.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4268 wrote to memory of 4144	4268	msedge.exe	80
PID 4268 wrote to memory of 4144	4268	msedge.exe	80
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4656	4268	msedge.exe	81
PID 4268 wrote to memory of 4056	4268	msedge.exe	82
PID 4268 wrote to memory of 4056	4268	msedge.exe	82
PID 4268 wrote to memory of 4308	4268	msedge.exe	83
PID 4268 wrote to memory of 4308	4268	msedge.exe	83
PID 4268 wrote to memory of 4308	4268	msedge.exe	83
PID 4268 wrote to memory of 4308	4268	msedge.exe	83
PID 4268 wrote to memory of 4308	4268	msedge.exe	83
PID 4268 wrote to memory of 4308	4268	msedge.exe	83
PID 4268 wrote to memory of 4308	4268	msedge.exe	83
PID 4268 wrote to memory of 4308	4268	msedge.exe	83
PID 4268 wrote to memory of 4308	4268	msedge.exe	83
PID 4268 wrote to memory of 4308	4268	msedge.exe	83
PID 4268 wrote to memory of 4308	4268	msedge.exe	83
PID 4268 wrote to memory of 4308	4268	msedge.exe	83
PID 4268 wrote to memory of 4308	4268	msedge.exe	83
PID 4268 wrote to memory of 4308	4268	msedge.exe	83
PID 4268 wrote to memory of 4308	4268	msedge.exe	83
PID 4268 wrote to memory of 4308	4268	msedge.exe	83
PID 4268 wrote to memory of 4308	4268	msedge.exe	83
PID 4268 wrote to memory of 4308	4268	msedge.exe	83
PID 4268 wrote to memory of 4308	4268	msedge.exe	83
PID 4268 wrote to memory of 4308	4268	msedge.exe	83

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\1966720.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd938f3cb8,0x7ffd938f3cc8,0x7ffd938f3cd8
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:1
  2⤵
  PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4416 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5896 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7356 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=7248 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4264
- C:\Users\Admin\Downloads\SteamtoolsSetup.exe
  "C:\Users\Admin\Downloads\SteamtoolsSetup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2924 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6768 /prefetch:8
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1876,18166937617130540770,4650433094878543005,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2520 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4332
- C:\Users\Admin\Downloads\SteamSetup.exe
  "C:\Users\Admin\Downloads\SteamSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2964
- - C:\Program Files (x86)\Steam\bin\steamservice.exe
    "C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:4844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2824

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:1608
- C:\Program Files (x86)\Steam\steam.exe
  "C:\Program Files (x86)\Steam\steam.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:12980
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=es_ES" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=12980" "-buildid=1733265492" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:12908
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1733265492 --initial-client-data=0x298,0x29c,0x2a0,0x294,0x2a4,0x7ffd7fdfaf00,0x7ffd7fdfaf0c,0x7ffd7fdfaf18
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:12872
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=es-ES --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1580,i,17432102886085806905,10586239306754848164,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1584 --mojo-platform-channel-handle=1572 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:12704
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=es-ES --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2152,i,17432102886085806905,10586239306754848164,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2156 --mojo-platform-channel-handle=2148 /prefetch:11
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:12264
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=es --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=es-ES --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2752,i,17432102886085806905,10586239306754848164,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2756 --mojo-platform-channel-handle=2748 /prefetch:13
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:11668
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,17432102886085806905,10586239306754848164,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3160 --mojo-platform-channel-handle=3152 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:11580
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=es --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=es-ES --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=3720,i,17432102886085806905,10586239306754848164,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3716 --mojo-platform-channel-handle=3708 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:10036
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3884,i,17432102886085806905,10586239306754848164,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3872 --mojo-platform-channel-handle=3896 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:8440
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4292,i,17432102886085806905,10586239306754848164,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3816 --mojo-platform-channel-handle=4140 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:8116
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-agent-product="Valve Steam Client" --lang=es-ES --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4404,i,17432102886085806905,10586239306754848164,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4396 --mojo-platform-channel-handle=3128 /prefetch:10
      4⤵
      Executes dropped EXE
      PID:6160
- - C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:11752
- - C:\Program Files (x86)\Steam\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:11288
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:6932
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:11228

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004CC
1⤵
PID:11884

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:16136

C:\Users\Admin\Downloads\SteamtoolsSetup.exe
"C:\Users\Admin\Downloads\SteamtoolsSetup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:14908
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /IM Steamtools.exe /F >nul 2>&1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6700
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /IM Steamtools.exe /F
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:6688
- C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe
  "C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:12480
- - C:\program files (x86)\steam\config\stplug-in\luapacka.exe
    "C:\program files (x86)\steam\config\stplug-in\luapacka.exe" C:/Users/Admin/AppData/Local/Temp/7zE8F0BA525/1966720.lua "C:\program files (x86)\steam\config\stplug-in\1966720.st"
    3⤵
    - Executes dropped EXE
    PID:5188
- - C:\program files (x86)\steam\steam.exe
    "C:\program files (x86)\steam\steam.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:2624
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=es_ES" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=2624" "-buildid=1733265492" "-steamid=0" "-logdir=C:\program files (x86)\steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\program files (x86)\steam\clientui" "-steampath=C:\program files (x86)\steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      Checks processor information in registry
      PID:5832
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\program files (x86)\steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1733265492 --initial-client-data=0x288,0x28c,0x290,0x284,0x294,0x7ffd930aaf00,0x7ffd930aaf0c,0x7ffd930aaf18
        5⤵
        Executes dropped EXE
        
        PID:18740
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=es-ES --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1568,i,6064219499198926584,13157688227393783427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1572 --mojo-platform-channel-handle=1560 /prefetch:2
        5⤵
        Executes dropped EXE
        
        PID:18836
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=es-ES --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2284,i,6064219499198926584,13157688227393783427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2288 --mojo-platform-channel-handle=2280 /prefetch:11
        5⤵
        Executes dropped EXE
        
        PID:18444
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=es --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=es-ES --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2864,i,6064219499198926584,13157688227393783427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2868 --mojo-platform-channel-handle=2708 /prefetch:13
        5⤵
        Executes dropped EXE
        
        PID:9948
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,6064219499198926584,13157688227393783427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3140 --mojo-platform-channel-handle=3124 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:18684
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3512,i,6064219499198926584,13157688227393783427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3776 --mojo-platform-channel-handle=3756 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:17148
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3960,i,6064219499198926584,13157688227393783427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3992 --mojo-platform-channel-handle=3968 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:17120
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3944,i,6064219499198926584,13157688227393783427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4016 --mojo-platform-channel-handle=4424 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:15904
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3736,i,6064219499198926584,13157688227393783427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3968 --mojo-platform-channel-handle=4372 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:6868
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4580,i,6064219499198926584,13157688227393783427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4584 --mojo-platform-channel-handle=4284 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:6848
  - - C:\program files (x86)\steam\bin\gldriverquery64.exe
      .\bin\gldriverquery64.exe
      4⤵
      Executes dropped EXE
      PID:18296
  - - C:\program files (x86)\steam\bin\gldriverquery.exe
      .\bin\gldriverquery.exe
      4⤵
      Executes dropped EXE
      PID:18352
  - - C:\program files (x86)\steam\bin\vulkandriverquery64.exe
      .\bin\vulkandriverquery64.exe
      4⤵
      Executes dropped EXE
      PID:18196
  - - C:\program files (x86)\steam\bin\vulkandriverquery.exe
      .\bin\vulkandriverquery.exe
      4⤵
      Executes dropped EXE
      PID:18056
- - C:\program files (x86)\steam\config\stplug-in\luapacka.exe
    "C:\program files (x86)\steam\config\stplug-in\luapacka.exe" C:/Users/Admin/AppData/Local/Temp/7zE8F0B95D7/1966720.lua "C:\program files (x86)\steam\config\stplug-in\1966720.st"
    3⤵
    - Executes dropped EXE
    PID:14092
- - C:\program files (x86)\steam\steam.exe
    "C:\program files (x86)\steam\steam.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:13968
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=es_ES" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=13968" "-buildid=1733265492" "-steamid=0" "-logdir=C:\program files (x86)\steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\program files (x86)\steam\clientui" "-steampath=C:\program files (x86)\steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      Checks processor information in registry
      PID:13576
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\program files (x86)\steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1733265492 --initial-client-data=0x288,0x28c,0x290,0x284,0x294,0x7ffd930aaf00,0x7ffd930aaf0c,0x7ffd930aaf18
        5⤵
        Executes dropped EXE
        
        PID:13536
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=es-ES --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1556,i,5269623275837227815,1444459297436093323,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1536 --mojo-platform-channel-handle=1548 /prefetch:2
        5⤵
        Executes dropped EXE
        
        PID:13420
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=es-ES --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2168,i,5269623275837227815,1444459297436093323,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2172 --mojo-platform-channel-handle=2164 /prefetch:11
        5⤵
        Executes dropped EXE
        
        PID:13332
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=es --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=es-ES --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2648,i,5269623275837227815,1444459297436093323,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2688 --mojo-platform-channel-handle=2668 /prefetch:13
        5⤵
        Executes dropped EXE
        
        PID:6480
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,5269623275837227815,1444459297436093323,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3128 --mojo-platform-channel-handle=3120 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:13120
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3784,i,5269623275837227815,1444459297436093323,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3788 --mojo-platform-channel-handle=3780 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:11368
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3976,i,5269623275837227815,1444459297436093323,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3980 --mojo-platform-channel-handle=3972 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:11284
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3900,i,5269623275837227815,1444459297436093323,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4312 --mojo-platform-channel-handle=4372 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:10888
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=es --service-sandbox-type=audio --user-agent-product="Valve Steam Client" --lang=es-ES --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=4028,i,5269623275837227815,1444459297436093323,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4036 --mojo-platform-channel-handle=4100 /prefetch:12
        5⤵
        Executes dropped EXE
        
        PID:9328
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-agent-product="Valve Steam Client" --lang=es-ES --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4056,i,5269623275837227815,1444459297436093323,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1100 --mojo-platform-channel-handle=1196 /prefetch:10
        5⤵
        Executes dropped EXE
        
        PID:7968
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3596,i,5269623275837227815,1444459297436093323,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3544 --mojo-platform-channel-handle=3720 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:7420
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4704,i,5269623275837227815,1444459297436093323,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4708 --mojo-platform-channel-handle=4700 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:7408
  - - C:\program files (x86)\steam\bin\gldriverquery64.exe
      .\bin\gldriverquery64.exe
      4⤵
      Executes dropped EXE
      PID:6572
  - - C:\program files (x86)\steam\bin\gldriverquery.exe
      .\bin\gldriverquery.exe
      4⤵
      Executes dropped EXE
      PID:13192
  - - C:\program files (x86)\steam\bin\vulkandriverquery64.exe
      .\bin\vulkandriverquery64.exe
      4⤵
      Executes dropped EXE
      PID:13004
  - - C:\program files (x86)\steam\bin\vulkandriverquery.exe
      .\bin\vulkandriverquery.exe
      4⤵
      Executes dropped EXE
      PID:2252
- - C:\program files (x86)\steam\config\stplug-in\luapacka.exe
    "C:\program files (x86)\steam\config\stplug-in\luapacka.exe" C:/Users/Admin/AppData/Local/Temp/7zE8F0AB17B/1966720.lua "C:\program files (x86)\steam\config\stplug-in\1966720.st"
    3⤵
    - Executes dropped EXE
    PID:6504
- - C:\program files (x86)\steam\steam.exe
    "C:\program files (x86)\steam\steam.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:12896
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=es_ES" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=12896" "-buildid=1733265492" "-steamid=0" "-logdir=C:\program files (x86)\steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\program files (x86)\steam\clientui" "-steampath=C:\program files (x86)\steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      Checks processor information in registry
      PID:5404
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\program files (x86)\steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1733265492 --initial-client-data=0x294,0x298,0x29c,0x290,0x2a0,0x7ffd930aaf00,0x7ffd930aaf0c,0x7ffd930aaf18
        5⤵
        Executes dropped EXE
        
        PID:5996
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=es-ES --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1560,i,562872307387988460,13087551482304682755,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1564 --mojo-platform-channel-handle=1552 /prefetch:2
        5⤵
        Executes dropped EXE
        
        PID:5876
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=es-ES --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2276,i,562872307387988460,13087551482304682755,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2280 --mojo-platform-channel-handle=2272 /prefetch:11
        5⤵
        Executes dropped EXE
        
        PID:1672
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=es --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=es-ES --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2736,i,562872307387988460,13087551482304682755,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2740 --mojo-platform-channel-handle=2732 /prefetch:13
        5⤵
        
        PID:5088
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,562872307387988460,13087551482304682755,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3180 --mojo-platform-channel-handle=3172 /prefetch:1
        5⤵
        
        PID:4624
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3716,i,562872307387988460,13087551482304682755,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3764 --mojo-platform-channel-handle=3720 /prefetch:1
        5⤵
        
        PID:18940
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3964,i,562872307387988460,13087551482304682755,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3968 --mojo-platform-channel-handle=3948 /prefetch:1
        5⤵
        
        PID:17832
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4284,i,562872307387988460,13087551482304682755,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4128 --mojo-platform-channel-handle=4336 /prefetch:1
        5⤵
        
        PID:2948
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4000,i,562872307387988460,13087551482304682755,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4008 --mojo-platform-channel-handle=3932 /prefetch:1
        5⤵
        
        PID:14776
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4528,i,562872307387988460,13087551482304682755,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3808 --mojo-platform-channel-handle=4520 /prefetch:1
        5⤵
        
        PID:14768
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-agent-product="Valve Steam Client" --lang=es-ES --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1188,i,562872307387988460,13087551482304682755,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2096 --mojo-platform-channel-handle=4032 /prefetch:10
        5⤵
        
        PID:5784
  - - C:\program files (x86)\steam\bin\gldriverquery64.exe
      .\bin\gldriverquery64.exe
      4⤵
      PID:4864
  - - C:\program files (x86)\steam\bin\gldriverquery.exe
      .\bin\gldriverquery.exe
      4⤵
      PID:220
  - - C:\program files (x86)\steam\bin\vulkandriverquery64.exe
      .\bin\vulkandriverquery64.exe
      4⤵
      PID:2932
  - - C:\program files (x86)\steam\bin\vulkandriverquery.exe
      .\bin\vulkandriverquery.exe
      4⤵
      PID:18952

C:\Program Files (x86)\Steam\Steam.exe
"C:\Program Files (x86)\Steam\Steam.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5648

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004CC
1⤵
PID:9268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\appcache\appinfo.vdf

Filesize
402KB

MD5
6bb05510956399ab05add310ef4433f1

SHA1
500cc2cd9878151f43aec0f0f7647c61c262ea0e

SHA256
d815123061594d7cf92f17f87550d6e0d20ad1c94c3cb99b76a18fec3835f4c1

SHA512
4e2d58d66522865a1373c111f06703667826915acc72fcd5ff177be3c6c96c063847eb5fd371fddac662063b021c6159f85b7420e9e9cdbe10b5305fc2640720

Download Submit
C:\Program Files (x86)\Steam\appcache\librarycache\1161040_icon.jpg

Filesize
638B

MD5
7ecdaf8a54ec52b20640a88527512903

SHA1
3133a4d748ad3be61fe9db759339cd5de73339b5

SHA256
7bd8b75aec0a4d4a377f3ca3a023fd8b7c5fc7dc6a2a66d17f8cdfe5b731ab0c

SHA512
60ae2031eed0c38264f0d8db22a9b6efeb3f80c791e916e15a1730853162d56e0da014dbd93a5479bae4f3bdd5705ca89be70c90574a524abd1c276ed5c55a2d

Download Submit
C:\Program Files (x86)\Steam\appcache\librarycache\assets.vdf.async13968.tmp

Filesize
11KB

MD5
f7ca0c91d83f7eba30ea83cd95262b30

SHA1
929674cbfc4c67b6a182255f5823a12d00af63d0

SHA256
29ab5d725029f2a39cd8ddcc7535612fb7258ee11148be364a0910e7fb632f5d

SHA512
831ce9eed3b3904b7ac5c3acaa9b6bc9918dbdc61bb12874cb3cf42200f1d12dd71836e4a6b9a5ed450ea392d5dfee59948cad44b4af4b0ba0e2816a002b607e

Download Submit
C:\Program Files (x86)\Steam\bin\SteamService.exe

Filesize
2.5MB

MD5
ba0ea9249da4ab8f62432617489ae5a6

SHA1
d8873c5dcb6e128c39cf0c423b502821343659a7

SHA256
ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d

SHA512
52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

Download Submit
C:\Program Files (x86)\Steam\bin\diversion.dll

Filesize
19.0MB

MD5
e56d82d03ece0ebb69014d8ffa1b7cba

SHA1
989d7514f85e32a35667b92e5afc4a115c4e871a

SHA256
ac07790d0bd74b0580ca4cbca6817b90175d537bcbd1d395426d7bbf68ce70ea

SHA512
15f99bf471ac86cb06d1d576cc16afa473508400c1d436a567a51200c2281d9f5d4e948adafd23f38af9bfa1d99235599452536a86cbdc5fa440ecdec4cc4be1

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
15KB

MD5
cdcebd181defc8efa128a206df83f234

SHA1
37c2540d30f94330901f91defa5bd7c7e4939ba0

SHA256
c53fccc8756e14c8392e7295a986635ea078c7ec928517b30eea9e0e24dc64ea

SHA512
a3e7b5ad1ce21c3130997179802c05b62199650cfa7f4eb218dc1f0f64ccfe7ed410110a01d56f8264385f39bc83f0b5adcedd6a2e5af498b1133d5a1807f2c3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
16KB

MD5
5d58f269b2a196ebb3ccb4e70a8bf80c

SHA1
61a38e0a8febf19052bdef753e9589dde54b6004

SHA256
0b04d5f80769d9258b563999e5540664b7371afb2e821bc52417d1903f8a5829

SHA512
c0d9dd5ec46e8266febb76bc543a6ec2b7cd30ac2b922f60d3f8ad157df7595d76e20c94fc7465ba549683d112f87e832403ff56d90e90c5c736d0dcd2eac6ad

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
20KB

MD5
3332f7a6736d31a66aa8dc7f105d51b1

SHA1
ca6b38a253faf69d187acc4abf5a5e9e4fa47b28

SHA256
d63f1b561e7c7b6b4917626d45d1fb6c079ceb761600ea5bfd30f34a74a35e25

SHA512
35af6aa8bc6fc47f96129abfdb81191ca11f3393828ec91d608a49843a42bd7f5c54fc1251521e423e93fbdd0308ff2ca85b4a4980218af37376c08f6ca74b0e

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
17KB

MD5
d6911101a87fcab736cc9db1eee73dde

SHA1
793b10f8f76cfe124a4daf93cbb414668131b129

SHA256
6ae0b5b539e82bcedc09d196a7a9d007eeeeb701eb37ffc8644f6b8862ce225d

SHA512
ecfbe1714ffbdd3863f85e364340bf8a207386fceb8542454ee71ac268f6020d97f50a6e5e5d9c0a7116dfc2d69f4df7803d25363076bd64ec15c4898e810d08

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
16KB

MD5
9bff8e9c08fcdd172f34806be8ed94d3

SHA1
976cf971b30e6a5a45f4897c1353c16dc25e83ca

SHA256
06adb789157440126c123dd6581ef4e9c948ad985f222b738c5599ef177f5efb

SHA512
ce9cefa5d4c0b6b4f01ee8dddd98c13738b8f23df7b1a97f5c84e8cb621a9e1a9d0e631b6758f47b9db7bc555f7b3e76258f673e3f28558d5656705e3651fc51

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf~RFe611954.TMP

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Program Files (x86)\Steam\config\depotcache\1966721_1436342303485508317.manifest

Filesize
86KB

MD5
ad40122bfa2f64d6c7492837c989dab2

SHA1
e47504503661e3e55564b351df642c195f124afd

SHA256
c352ffe9f6760f05b34f8403e0b44c5116f08b26dcb4a1f783a67618993cf6e1

SHA512
444cf6689baba18866bcbb4865be383c0a71a1975258c31480c0e1ee066ea0a4878ccaa522a62ebc690a8058e87d57bcd4bfe837dac96d72c4307c74ca8080b5

Download Submit
C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe

Filesize
16.3MB

MD5
1a475aa5000d3958df447de17e0dc14b

SHA1
8a45a8a2b38a524633a99abc7994aa0ac46c03ce

SHA256
1208c4d240918ab0b4767bc6a5c0cbe83ee7f21408fb0c5ea68769ebea759b3e

SHA512
e86be352a5732d18db772f3fc80a70ebb223d68148057663ed18aab5c2221fe6d1cb48d4f4e22940419e9144aeacdc03ea05739352f86aed7ce967afd7e80911

Download Submit
C:\Program Files (x86)\Steam\dumps\settings.dat

Filesize
56B

MD5
5a634bdcc57dba6a57f06c13b629d6c8

SHA1
bfe57e1fe40ef426a1328cf77c889732c66c4cbd

SHA256
370ffb6a9b842046e46b1933afe8587d35560a5239b325058a2970c4518950e4

SHA512
f227f4a339df3051a82db9a515ce67e93f5ba51e56143b074bfa869dbf3eabd77b6b305a2a01c89f67b7bca143480d2571f6679cbe1cf295e4be2ddfcb08f2eb

Download Submit
C:\Program Files (x86)\Steam\logs\cef_log.txt

Filesize
47KB

MD5
3f3244b830140e79cb76e03994fee976

SHA1
32f7640df1b4ee700e2bb190f5584ae8b2c1235e

SHA256
8dc39c1eba322123c80f822ca5b3a5b71bb9e8686f0f5ef7fcb7ba36dbf74728

SHA512
1583f48117b505bcde87886cf9d0175f8baadb4c52ab1173ab45e9e4c517bc92a740c2ddfd87e564b3e17875c589bb0fb3b530caf4aeb6c9586e2979348acddc

Download Submit
C:\Program Files (x86)\Steam\logs\cef_log.txt

Filesize
6KB

MD5
b6871748d4024e8de8f2b2d84ef5741d

SHA1
38328dcc28521c1b037e187fbab9fb110e7028ea

SHA256
0acd3cce90c189d65f0c7d8da6f4002f4afd3085c405b3912e6f8c013eb38af7

SHA512
bbce96c39e4139106fcb6858a9292ccd7d397ad8d6ee3797afcc3c2ad241bde72a70ed4937b085b42839367078356401cd6d546e9102ae8ea0c9b519764960aa

Download Submit
C:\Program Files (x86)\Steam\logs\cef_log.txt

Filesize
47KB

MD5
dbf33e6e13657ef44900b7ab712ccc66

SHA1
ba5b341e9df4e12a09b15fb3f1f1c160f11f2d39

SHA256
b21afc67750d4e3810dd558fb711692eaf5968e7481e3b53b8c31e549fd89f2f

SHA512
109e9ac5a5a4382fbeab1d425b9fb43fc95916d00d606487b8ef7abf16a668b40f3d5bf866c257db931dd9bfbb2f3f9b75e13495759f3c9a1b9aaecaa1a50e93

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

Filesize
4KB

MD5
0340d1a0bbdb8f3017d2326f4e351e0a

SHA1
90d078e9f732794db5b0ffeb781a1f2ed2966139

SHA256
0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544

SHA512
9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

Filesize
6KB

MD5
4c81277a127e3d65fb5065f518ffe9c2

SHA1
253264b9b56e5bac0714d5be6cade09ae74c2a3a

SHA256
76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9

SHA512
be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

Filesize
4KB

MD5
2158881817b9163bf0fd4724d549aed4

SHA1
c500f2e8f47a11129114ee4f19524aee8fecc502

SHA256
650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7

SHA512
f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

Filesize
4KB

MD5
03b664bd98485425c21cdf83bc358703

SHA1
0a31dcfeb1957e0b00b87c2305400d004a9a5bdb

SHA256
fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115

SHA512
4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

Filesize
4KB

MD5
31a29061e51e245f74bb26d103c666ad

SHA1
271e26240db3ba0dcffc10866ccfcfa1c33cf1cc

SHA256
56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192

SHA512
f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

Filesize
4KB

MD5
da6cd2483ad8a21e8356e63d036df55b

SHA1
0e808a400facec559e6fbab960a7bdfaab4c6b04

SHA256
ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6

SHA512
06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

Filesize
4KB

MD5
9e62fc923c65bfc3f40aaf6ec4fd1010

SHA1
8f76faff18bd64696683c2a7a04d16aac1ef7e61

SHA256
8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7

SHA512
c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

Filesize
4KB

MD5
10c429eb58b4274af6b6ef08f376d46c

SHA1
af1e049ddb9f875c609b0f9a38651fc1867b50d3

SHA256
a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13

SHA512
d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

Filesize
4KB

MD5
5c026fd6072a7c5cf31c75818cddedec

SHA1
341aa1df1d034e6f0a7dff88d37c9f11a716cae6

SHA256
0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382

SHA512
f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

Filesize
6KB

MD5
189ba063d1481528cbd6e0c4afc3abaa

SHA1
40bdd169fcc59928c69eea74fd7e057096b33092

SHA256
c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695

SHA512
ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

Filesize
4KB

MD5
18aaaf5ffcdd21b1b34291e812d83063

SHA1
aa9c7ae8d51e947582db493f0fd1d9941880429f

SHA256
1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5

SHA512
4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

Filesize
4KB

MD5
1514d082b672b372cdfb8dd85c3437f1

SHA1
336a01192edb76ae6501d6974b3b6f0c05ea223a

SHA256
3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4

SHA512
4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

Filesize
4KB

MD5
8958371646901eac40807eeb2f346382

SHA1
55fb07b48a3e354f7556d7edb75144635a850903

SHA256
b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585

SHA512
14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

Filesize
5KB

MD5
7e1d15fc9ba66a868c5c6cb1c2822f83

SHA1
bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7

SHA256
fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265

SHA512
0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

Download Submit
C:\Program Files (x86)\Steam\resource\filter_banned_english_cached.txt

Filesize
1KB

MD5
b5c7155c5a5e1cad4fb05150bcd83603

SHA1
24b26d237532e42a01d2a4011752ad73d3f981fe

SHA256
288136aabf56ea489ddea87b6c57c6a381bf3691bfd116f2d1c784e151c58ecd

SHA512
e8e501d95f9a93a0a482309ee20799c18b9f8231fbc75c50333fdce9e36d51855bc438b95e1c4cde319e1f09961a04aebf545c69cc719b5637e624332f7658e9

Download Submit
C:\Program Files (x86)\Steam\resource\filter_banned_english_cached_timestamp.txt

Filesize
29B

MD5
8fba30400c0bcd5f3e4cd14589e3e966

SHA1
a07e7c6e108785d59a2e3c9347ea44423f24fa7c

SHA256
f4afe0e5b03d4b73250eb76c67b7d00785f60ed787f5deb4fa6e3ac5e49cf341

SHA512
e32f1d43387b898f61121bd103f8e39b08ab97d5e1f4ba3954f4b9a79b636b88d844d56fcab6d4488aa68eb61d9b84c5b9b4fbfaf0b7f494f8a3552f2d98f633

Download Submit
C:\Program Files (x86)\Steam\resource\filter_banned_spanish_cached.txt

Filesize
867B

MD5
656714b74c99d9031ce08658dcd6c0f3

SHA1
eb7d574a59656237584f966f12d6e3c28690408b

SHA256
218d82b1f1af25e6004e868ffadc91bd0637d39b1583fbfe5e9720ed4de661cf

SHA512
87351667f0adb5ae4e6ced17f3727ccdad7e3c86daa5996178e4dd008059a44ad492f68c08db492fbb36dcc4c153c8a1d23bed94f41ed2ad43d5e1dca72e1332

Download Submit
C:\Program Files (x86)\Steam\resource\filter_banned_spanish_cached_timestamp.txt

Filesize
29B

MD5
e4f366a92375fe11f3aee104f1a162a3

SHA1
37661855189d5fabc3cdcb84a58430b12a35a7ca

SHA256
da12423475bd9ab768d4f7f4372586dd2eb2fd34d1ae2ee450ebac4ee4d8dfcc

SHA512
3fe32b5d524e6dbe9072fb0e7ba9be63e0b48f3d4a8072737343729c3401bdaef782cada592f2252f8098872f3f4353e978fb3dc81e7786d50f1c8be036b08c3

Download Submit
C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached.txt

Filesize
2KB

MD5
eaaedcdd5dac941acb3a040fccd8c088

SHA1
89fb57e51a89424894973fa7654d88dfbddf1aba

SHA256
33bebab0b6f01f08fd007d22ee3b934f1570d2c8b00926abef166e8a03a40618

SHA512
e431eda71e9bffb0bc2962d9c0d8b4d8c4f8ae9129b838a98b6808dfa3f61820e15207ac0478e87c7992a6b833ad89453b8f36b9be04ccf0b9e3439a51abe889

Download Submit
C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached_timestamp.txt

Filesize
29B

MD5
759db5693fff85bfe4fcca652c56a5b2

SHA1
a9cd03cff9a2c3e542d70221f7026960754e7377

SHA256
650be6afdecb5343a13d7ac1d6582edfb583550ff59030f335a462378c0625e8

SHA512
8ff8348bca1003ebde1bdb316ac26a3ea7a1bf0122b69686a978b850798ab1e7a9ba9544dbe62397e70ec298c05eea92bca63a4045f7e4befb4f5770129c8797

Download Submit
C:\Program Files (x86)\Steam\resource\filter_profanity_spanish_cached.txt

Filesize
4KB

MD5
d12d6388c9c968abd85626068b2aa1c5

SHA1
a2fa196d1bbca71e8af40c766900f5ad93fc7cc1

SHA256
b5fa67d63e903987547ccb83cfdad5419f7557285b6b2652888105f937600444

SHA512
a463ca2b39c46ce5419d0bbfc0726d5d4e6a42aefcafcc8b4062852f7d2d6e84198308984d4d37c583154d258bab404053a7acf511d5fc5b12f576eb3daf9060

Download Submit
C:\Program Files (x86)\Steam\resource\filter_profanity_spanish_cached_timestamp.txt

Filesize
29B

MD5
fac64dda1fe11fd46b89b07714533c32

SHA1
6cf1f282e7809b7333b86c050233332cf42e9770

SHA256
bc96a4a14894ebf956ab74c0eb8b64ddaa3b2502646742f0271364f1f9a96524

SHA512
b52de3af64c9e5926e97e1e1bc653e951680c8d6da65767a67b0be751f9570a42f1be079a32bed6b87a39aa6603e421eb67c236be1e548558924bae8a5b8a00b

Download Submit
C:\Program Files (x86)\Steam\steamapps\libraryfolders.vdf

Filesize
231B

MD5
b53c3016c889b4dad465deabadfc8564

SHA1
7ac0475b3fd0f18150ed851e84da9e13f1153d61

SHA256
cb67e2c4c3ffc22bfae5012c52ba1ddaaa8d5fc0bab441571c9f830892f041b1

SHA512
be9fef694e9db8b207519a94ca107cf84701828be592c6a97a7c4ab45f4262b814d6fe3ae58c02af5eadcc7c67e7873f6998bd60058ef26ba2dc687457ce3575

Download Submit
C:\Program Files (x86)\Steam\userdata\1855506404\7\remote\sharedconfig.vdf

Filesize
165B

MD5
4db8d6ae051ca3e2376858b10507f8e6

SHA1
6543eabfa167d353e49cf02ccbc2063d13a8f377

SHA256
8126b1a0ad52926166cccd5b33e8eebd04b611fbac52e32371a5668da41eb8fc

SHA512
b88d69ead09dc636cbd147136a80bfc3c473b75c79ff3c1725112c731e61056bfd3e179b100069695b500c9aad36da279627ac7bd658c0cae4c774810e2f5b3d

Download Submit
C:\Program Files (x86)\Steam\userdata\1855506404\7\remote\sharedconfig.vdf

Filesize
165B

MD5
0486b8814b875f41dbf7666424fb2631

SHA1
6e08746b468ed8e98b769e12ed2958308933e07e

SHA256
c6284dd5a200cb4c046bc86f0d12771542e67f9e3f882e48f482a981e0f3af10

SHA512
4f8f289d3fd187733ac2b9cec75ffb10ba2c3d9ef324f3583a24bbf9a5baa15dc54a3e9c34322b8877cf865ff3253aa820f279e92f6bafc77c7e981cf72eb5b2

Download Submit
C:\Program Files (x86)\Steam\userdata\1855506404\7\remotecache.vdf

Filesize
300B

MD5
73f5ac078e48f94ccccef86c9cd08559

SHA1
59d60d96a22fa9d6fb88211454b0c182e3ec78c3

SHA256
466ac87538c7f9bce92f52942f86762be212e395f5eafdd1d2d0446ddb38c596

SHA512
e804431c0246a32e0f3bcb853b316a3db29fad577010ba2c5df171dd06e7b80f41c3a303bec744c0595e24c2a4f093cb93eb33321f946d52cb1515cd287329e7

Download Submit
C:\Program Files (x86)\Steam\userdata\1855506404\config\licensecache.async2624.tmp

Filesize
67B

MD5
36c8b41112046af4137124b9bbaa757b

SHA1
a6f095e3c82f606bb40309648b34d4ede0924aa4

SHA256
0160a4d81a5705a8dd42e28b7c07eee17f33b5777c7f2cc61fa0b50be05039bd

SHA512
d7ef79742a5b0c8add011750a43b5c89f5f6d846bd89f3ffeb2e73f975a44740a9c9c48aa0de040ee3487d2f6e5ad4abd17b34541e3e2edcf320261e7323264f

Download Submit
C:\Program Files (x86)\Steam\userdata\1855506404\config\localconfig.vdf

Filesize
3KB

MD5
545d954a6160cf28dd8741b1f4ceaa74

SHA1
5379a4c480e0b45ba162b7506917296cbf7dd3b8

SHA256
d10878a5e1393c6caa0e449c8b7776ca8cf01c5418ab34465a05a333a7c78247

SHA512
ec96723e185bfb3cda41aa773b2d9256baf00f66b74f91ca52c9bad3a61d69e347d40ff1ee70b9db0f2b2e84e154b509ee258481a48601d0707695138305f7ef

Download Submit
C:\Program Files (x86)\Steam\userdata\1855506404\config\localconfig.vdf

Filesize
3KB

MD5
d42b1befaf707b98c0f9d8ce5d68f894

SHA1
b84e2daf171b7ab528bfafd58afaeca36edb9f34

SHA256
7f001978797fbec3ed2a37fa2ec1e3d333e9cf80c26af2623ee61d2e01b863c4

SHA512
a0571b4051c71a912ca44bcae2b45430d8b42a5ee757e2a92b30defaaec0ad77c8f672354e2fff088b4745ce028897de8ffbc48b2a8d346a3876635f85b95999

Download Submit
C:\Program Files (x86)\Steam\userdata\1855506404\config\localconfig.vdf

Filesize
4KB

MD5
db6557f6f45e0749824bba90103449b0

SHA1
0e95c6c6959bb51c9f8126672d3ea79cd5d7b4fd

SHA256
eec982734ed7b35c81634517ccaee81b6971ba80c6575ca0afbd82c2550a0b75

SHA512
b127a0f54139ed38ce4e1cc22c738734137eb9f37db6c4d681d13e9c6cd61968f031e1dd62feeaad93262c1c78ea6c0c7303eaf8105e01cb14288bba9125bd61

Download Submit
C:\Program Files (x86)\Steam\userdata\1855506404\config\localconfig.vdf

Filesize
57KB

MD5
480163334d8a04d0e6af04ac80bfba10

SHA1
dc27ad8db439d59a335af7492c3d1ad26587d723

SHA256
a6dfdc55bd4ba87de9648c7588e8443df7d167b2304e82a9ce654605b01503cb

SHA512
39ca331743bfa3d791e36a37b00c1b1e10fc391b90a1797f1792bee17a7b3fa20afdd21e13a3b739187985ef905e63f00ce0f84639ee0f3ae17de76849a56dd5

Download Submit
C:\Program Files (x86)\Steam\userdata\1855506404\config\localconfig.vdf

Filesize
57KB

MD5
f3105fe5866183b7f0160eb8de6d0d84

SHA1
512f279295c66341c034d4424beb765cf2e90759

SHA256
8c3306236b7d11f4bdc5b05dda91bf15fb17d446e6d3c07b69cdfc8bc884da6d

SHA512
37ba56490fb3e80d438828954d75cd68bbff8f5f4529755c7c549f1aa0d9f7215732ede1d3b37e6dd0e21788c50bf79a5465c36abaefea38be14676419a50e0a

Download Submit
C:\Program Files (x86)\Steam\userdata\1855506404\config\localconfig.vdf

Filesize
60KB

MD5
1765a58d894392b6cdf8305e1c75af8e

SHA1
5de0f090950b866c336de1a8843d118bd463be48

SHA256
55f2c6cb293c6ad38342c449a3c100555a7fe50fb008948a81bad54058dbc4fd

SHA512
d51e1df01aad56a36d4ffef884b1eed74684addd50f5f08d419b7d39b99c11fc07cc215fc9b554e636b4938781f921e0a361428dab87df74a40537a945870baa

Download Submit
C:\Program Files (x86)\Steam\userdata\1855506404\config\localconfig.vdf

Filesize
60KB

MD5
9e2f1d8f0827a845ab5fb24ab5735740

SHA1
f50fdea5be8330cbef72e974ef563879c5c664dd

SHA256
3dcbb651b65984594757a185c483b3b4857e242a33728b2b64e45b559123a559

SHA512
194e8cf9b667c2687e74881d2e9168a0798b138c1dba27e17a1aabe4ed77b598526c59e231bdceb8d1c4d5f5d4746f77bac633098af4437e11bd7d607c0b1c4c

Download Submit
C:\Program Files (x86)\Steam\userdata\1855506404\config\localconfig.vdf

Filesize
60KB

MD5
1f40be43d6433d043debcea61d32c516

SHA1
bbbf789a642533812d19a94fd93bac8bbf1de868

SHA256
bb4322e678da0ac5bba6e88b5311d4a9797ff2b418f4654a273caa0228353e47

SHA512
1657fc2ac3ed98acfe1925dcb919ed59a592eb70277dff50350b150fd97ae295fad7742f02caeabfd9eee6d0369688edd5afaf17a1b7e523dc030edb5cc84e9e

Download Submit
C:\Program Files (x86)\Steam\userdata\1855506404\config\localconfig.vdf

Filesize
57KB

MD5
6f25236e0f4c6e31fa78f52645cc0e6a

SHA1
bca5fec8526721f9823031b96c9450342c412f36

SHA256
511b7060f4e56fb292a9e239b7525dc589d065eb1fff50f6b87b56ed126d66e0

SHA512
305216ec16bb5fa1f2ea1d14d74f1c79bafbb435bb955fc20cc2f401aba688c7fbe2b72aa9d7ad368288d82b14d64927d19a0fd29ab3dff71be6c4c4d34fbfc9

Download Submit
C:\Program Files (x86)\Steam\userdata\1855506404\config\localconfig.vdf

Filesize
3KB

MD5
925044ae299c31cb4d7e3a553d1d86bf

SHA1
c09fa6f56c544a51704760b06ff412d4e4c3bac0

SHA256
a00f14ccb3b1c84d6fb5497c5fd1471d6af55adace0a75289c5a4c99c4d980bd

SHA512
e4265018900dfd254942016edc03ab292605ce81a0907803a36e6fed3516af8304193d78eb5ab898706d076729a1ab166949086a351b4473ac4d5ada05218266

Download Submit
C:\Program Files (x86)\Steam\userdata\1855506404\config\localconfig.vdf.async12896.tmp

Filesize
60KB

MD5
c38fccd8d6d785a73c1941ddea51fc59

SHA1
2f88382cc2d87129a244cb23ff5158d9c8097926

SHA256
04e70efcbd689f1262e5f13b3f667bf0d3884647be14ab1797fedc6b565de213

SHA512
1e1dcea8a7eacbe1278b2cde9aebebf3e20aa82f5b97bd78a566043c484262d3ae98b16961902756998153da0fcead27632fd6de84ca2ad93cdbf13766bbc01f

Download Submit
C:\Program Files (x86)\Steam\userdata\1855506404\config\localconfig.vdf~RFe629ae3.TMP

Filesize
245B

MD5
14e2bf35537d4c08a63e1a7e5395f69d

SHA1
9dafc246d72f2ffee5e62420cd93acbe5c467f5f

SHA256
2fb1ddb2c17a17a6feb01c1fe190050feec33fdfd3fcfbad2d0a0370b740a7af

SHA512
ddcf6702dd679a26740b3ed1feaf6c734faa79a00daddfd9b9b7067e404692fd2928f08720dea04ffaa6fe1907516cb84e1956709e1fe39c9b3e593aea447746

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c1a24fa898d2a98b540b20272c8e47b

SHA1
3218bff9ce95b52842fa1b8bd00be073177141ef

SHA256
bbcc378fcbf64580e7a48b4e7ca9be57fa0a1f2e747f488325685bdb18d73a95

SHA512
e61f196e7f1c9a5fe249abe9b11eea770fb2f4babc61f60b12c71f43e6fe9354cf14869daf46abc2c2655bce180252acd43c10562a2dcd31fa7d90d33253820e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f1d2c7fd2ca29bb77a5da2d1847fbb92

SHA1
840de2cf36c22ba10ac96f90890b6a12a56526c6

SHA256
58d0f80310f4a84f687c5ce0adaa982eb42fe4480510399fa2ae975d40bb8bc5

SHA512
ede1fafea2404f16948fe0b5ea5161ccee3ee6e40c55ff98c337eac981a6776b9c73dc030a5c59e4347aec91259f497539206e71949c33adcecbf2c846709e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000084

Filesize
20KB

MD5
077e3f0d3dddb018c1e71fd8e46d2244

SHA1
b50954ed5904b533372fe39b032e6a136ca75a7d

SHA256
12ea854aa2a6588219451d4af53fcd368e24b109085062deec4e5b891e059e82

SHA512
f9cb475d16d3e8dedc6ef2feaee4f9bad365a8bb992352163a0a9f4ff9e809bf895fc0ffd59375e60a44e5c5bd1f43217177fb44ffc0cc76cc85e45a612b9b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9ecfc98b7e00b54d6fdeafcad06bd67d

SHA1
619890699e2dd05af619e43dccf4516fa54e3cd1

SHA256
5dadb46e9a5d92fc4fab1b2b71bfedf3bf312219e6771bb2583c499a851d722a

SHA512
bdb8a7379165f0e14d26a22b86532dc64b4c9bc28220fd61d61d5d3248689e9e6d898a192a92ce34ebfb7ce56c29c95210c7d55ee567be030495eb94ade1ee72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c82204273efc451c9422154eb898be9f

SHA1
6680fb87728556f770ca692c4bb9387c8aad1f6e

SHA256
25466b477ca9ce85ac1c5ff893c6298785ef73470e030aebe9f096fd3f603b15

SHA512
bd43d5e9aef9451abd2e9b5e60c967b066fc11a8813fc20e2b0e01f32f9f77460111a0bffba640c40a4d82be735c59de5235570753fd8f736602b14ddde75289

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
04de20e93926c52031cc107a7f314c93

SHA1
7fc7804a2547451f5f070d32dce52bc587ea563f

SHA256
c229af78ae7f205a385d3312f48caf4fe8ff816cba9db9fe5b0824e3b09c4f02

SHA512
c96869e0e053e16891162d0ffd0f76bf5e15198634b927220c1aa3f0b40a4c84d6b9832fc085ffd757a2cf1ba7fd0fe33d9f5efc50b7727b3f8584a8db1497f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8f8b26d2405763efa85b927a883dbeb5

SHA1
dfcb61d65db2aada70cceb4943f61461f6643498

SHA256
f3c5ced56b48936e1a7ada94d9951e84c3ac3f227a1af629cfebf914a34417d8

SHA512
d486e0062aa7c7db37054eaff08be1a0ed1c403830c2429273e90e748382d23f9dffc3ab678fcad8edcc9e450a29b7821182ba8e70e75902048537fd5ee4c7ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2438c836fd47dfb6ca9f5c0cb70c681d

SHA1
a06d8f8d17d7d22cf944f7fc71ee665f58c706d1

SHA256
348fc5c1ccb9eea3759a6a17f14df6349fc096fc6908ec94ea14769e9e27402c

SHA512
7998e20a65e21cfabd0ef60493500cbfb94caae6b2881293297fbf3d97eda7763ac84d78bf5a60ffcaafb876f30bfce289039ebcda1b829ef0550ccc66ec40f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
738B

MD5
2240b0e471f87801234f36a3580e6db6

SHA1
ec8daaab0633190b9e96bff310d7d58579bd97e2

SHA256
f2cf6417b0720b0ddd90080d1c010819e8938b07984f217d64673bbf92959e43

SHA512
dbe23182ec11d44396de8ffc2519b83c658a6f235d9dedcf6de2cd17cca72ad6de9d3ff98bc8b63973e4b6ebc75ece9995225aa9a1e58fddddc0b02e1706ad96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8d03baf34910b7e911f4639dfcc671b0

SHA1
ee756b146bfbf53d6f9a30840726b8e7c490bf9b

SHA256
740fcfdbee640040c2dbc54488341aaa49463a3027a0e31315506589e44e892d

SHA512
67abeccf7cc84fb5bd17c151fe280ce54b4e6dd70c3c8d8cc8cdc28f644b60b28b5e2953fbf9bb541ea7bb495241c2ed1c2ad25f207c325dfb49e2f118da7b5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
27937da99a2b2cef4ab0eb690790d314

SHA1
40ce1acc4e74a2826bfe381b42aa2e98f19471e6

SHA256
43a64441962feb6c5e6f25da627675f635f47389399440c1435fe1e919ffc2a9

SHA512
918718687730fd9b48bc5081f746d37ed0c760dc4c6c17c7a978fee8e52b964e8e023e47e40dc39c0900fd0702b8dfd24c25e86d452dbb5042cf69a3069b5ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
356de810bd3e19128e6bc8a23ef48304

SHA1
582502c078b714cb3cd339f1b6b8934cb7340c29

SHA256
8bbb8b414755810290c2954f46be106d697f4de1aa9d4b3a3c8c1573baccde68

SHA512
009e5605e97ad73518b12e71371fc8f24f6cb5d51ec721549950e4275022d26cf3a030f48b79f2838973dc3c5532023c6c2ab17f6b5a222fa82934eb0e97ca9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0cc57785c74aa8b73bfa8cc61775b40d

SHA1
1ca750791619653c68cc5c42ff8a4e717b6c3c43

SHA256
f6524279848af4c0733915465d565c68641df6adddca0c5df2fc85a23fcd6fdf

SHA512
5c4a5d8f489830287dd099d3c30f9f73cda054ddfb3e9edb2e8fa64f9d341f21e8393f87b09567785271de2b78d9a132a236e50f055c2e061556fd15f419dd31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a66d2ca97a33a246a480088bfb9cdd49

SHA1
073c20c0b7971feaae6fb86f5f69a50beb12acea

SHA256
975622bbb1301a3dbb9285d86daae3c76a3983818bccaf3a923ff107739d97cf

SHA512
dac32d3078ae607522985fd4b0a0ce4ccca9a93eb7962a07fcee88fc195af0e8ea457aea0c532ceaf83db1c660b53be2fb18ec057dd4d1c4964bf626be3652ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
74eac1067b2fa4dfa91215954903ff99

SHA1
8e1749a516c297a2b363cef8e6f4b112048419b8

SHA256
949994aca7c00913e4d92583d39d519e212d5fa24f41f1f8a376debc70c2b29e

SHA512
cebad5eb0ca48d037d8beab66332ecf944ca9623a7d00f76cca679debbaf8efae83fa3926befe2df10a8c8836cdea219cd89ba86dfec7c431de6282909983150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
54414b035e2a5ab1ed33c3215203345e

SHA1
906cd83ab773594c21a5ef5ac9b48fe8e1809210

SHA256
c1a7694693675190dcca2f8ceb2ad4ac4f0e0effd3bbffee7bac7af2f9088812

SHA512
0fcebdec44a0e701caeade6f70f1a8959bf5c4ed97259c5fd854f22d7aefafa7190b067746ba664168f6470a5cf436ed842bc6bb24d6f40908d24c3f9d009cb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
24cfc3fa680438a4135a8f07652e629f

SHA1
56e944f51c66a95aa57e1d2f558b3d1244a5e9c3

SHA256
0be69331b0b0a811dbab90e564af06f707635c3e289e6dccc7f61b8d08864c76

SHA512
96a2a9af0f65ac35ea037de568e61eefe1a42755908d2da7e9d3fddf26229deb5b55ec347fd874420325e0e21968b3ce7cdd0e71200eb99b5be2dba68532c8c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7af795c197983d6b658a42125f6f0a24

SHA1
b48f319b363dbb6f2314d0d5b8e816c518d404cb

SHA256
28527a4e4eb073f0057b64ab475e4d774b18dd9083fe98d97e9c7f5369cc16f5

SHA512
cab1582db4f1139fed45dba66406085d32d83b11fe5bcc04a2a5d906ecf1cdfafaf9f6bb30ccc44294a8e9699b47e66eb29ccbfdcf01d2297667f50ee5731c33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
89ab27b292655483e2a28fc9aae21ee4

SHA1
5934982c5cef02bb7ac95a7e458ac1eb04f23fd8

SHA256
01d547640ae85b0b3ad4c23b0876e24f7e0fca6a7eb7c6a29195e8078285c0f2

SHA512
1a73c137a387485eadc5bd72661873f3c9a5a29fdc6a49d9a99fe1bdc4bd87d1cf972983dc674e6af8d3fb1f40e5fff2b7aa71fd3165876ab938b54b3aa5d850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e715d22e928384e09a492bd96431a4af

SHA1
afda8585a89781395ec7aaabbaf12fe59e8e739c

SHA256
c7f4753b011d9b779364ac44164517edf36e51aef830de246215de428083ad63

SHA512
ef25ebae02387a6148600921105cb39983a6c3d859f08eb5e2a37d420e568edef566e563d229907a174fb237dc95b43c45b28769ddf993f596a3dd411d93b6ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3d1b552042891ab132ad52cce71c0bdc

SHA1
4fef711b936fbd72cf98900ed80f3823d4ebc9f5

SHA256
2c268a214666f52e79effce1662efc0a727f21cf00deddec4f7637b3879591f4

SHA512
aafbc0bed62b988e5df4d7b14bb6d1f13d385e931fe4573b751485d4956e80b7ff2de250d3004e7d40bd6f61a73b423ea531c220df12542aeecb94d52eea4222

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
b6e7727bcbf9aadfc6bab8ef475f79fc

SHA1
ef2961abcf0663ed77679835fe5eab53fb1ba8a1

SHA256
263bf1e175397cdcb79a9cbbe3fbbce23dd5959dd6c2dcec5a3d3ad6dbc37552

SHA512
44e33168ef1495e9ccc48958c5ca15eb827b5ebb8d5de829d3f4d034de9e76d09b1a5ee91d74d122db65524d765aedf2b061f81c394df7944748dc84fcf2049f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587af7.TMP

Filesize
538B

MD5
6ae721428fdf6a388c42adc908102f94

SHA1
96915d5aab3a336ef51508878aebd01bb463eb59

SHA256
c1b160511eab31c7dde6c36120840b93d27d2bf7d6b0520b36a340519310093b

SHA512
810e901611c57fcef2cd8b1714234084d0d499cbcddcae530d7f52bffb7c1d4c303ad8cf92a9b4814de0587dcf36ac6fb5d17074a4efda34ec54e8d031d905df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e0e546217b23c0ef2d83918276ed9d5a

SHA1
8e86a8a750de3580011d6a65911e651fadb474cb

SHA256
62d6a20dc95d87cdfe524f0a672ff2c0ea7126ba7e5e0326182160fe5159de4b

SHA512
c6df564a38a0089528c3a7af49d4b66ce46c312f91844c9157a7db9745d2efa6addfe557712b11dfb6939ada798b9f08692cc3716a95cba8ec5b5918ea64d2be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b1070142b95f7192d4426262e12ac6aa

SHA1
7765bbc6d5330c1abff24182af9680eef361e8e4

SHA256
b91568a89a3dbe7a3616bc1139995b388bf02f96715b603e5b242cbfea0ca5a0

SHA512
502f39a33e295d17e98530e338a98b95ed59b011c2d6b29d0dc10251549905c2dab8741728223e07d1ab436bab20c79c9996ad460935834a2f310323ee1489d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8fe9c1429606869753545640f5ebcd4e

SHA1
adc0715d81989013c17902bdb770633d035b8695

SHA256
90db9a06b2384cb3d56b622e671c8f281a39fef8daed2d34f4a250de3457b622

SHA512
a7b323269b7e81524460c68b2aa7017980e241b0c239b39813bebde2609c3363578f498b7da1bc4baa636a3b3a90d6f5b55fe9c495a4a3bda2db2bd607632a30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3a09fb7c5ce0eb48fce1dd51a7df1ec9

SHA1
f046e40b64e8147ed4e42d1674a40ef4e9bad9fa

SHA256
680438c054b91b3bccf979ddecf61e20ef9f0b41f82424d07e46a61632d0b38b

SHA512
139035366e4715eee8998e64caa4fa5360be759ea05c8c077b4f3814d0ebc484dbffd7791dc631ee8975151848bb1719acab4e931f91229e810230c0f45f6dcd

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000005

Filesize
24KB

MD5
b201e8da90ef456598b8b3bb0e31bf53

SHA1
8bb524c8e9b17920c83d9a06c0b305e41cfca560

SHA256
2c8b630d1edafb8cc8c8cd73fff10c8ab6d06232929a4d458ec34628920f1665

SHA512
50126ac5b7800f5a848ef49ebc8e71d78cb5ee9c1602486b30e697ce57af32c868e46795ac2c157cdfd7fe65c03133c7a752813d520a9106adc3e50620b473f3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000007

Filesize
40KB

MD5
46f57737d50e34053f1f7633d74d600a

SHA1
ebb8c24e34d2f6f7e25de8ff516cb46ee8dafa36

SHA256
b49341286ebd650e4486d60e7bed27076f7d583f825f7440faa15d16ba3714b2

SHA512
c72f440d2a1a3fd6be82cc8c2b10a15f045f0c3485d734ede9fcbe436ba1a9f291830830005d386458092a1a6df1431b58cc6ac95fe2ea745e74ba70b050f2cc

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_0000dd

Filesize
52KB

MD5
8ef2c71c3d6e705dc8a256f4b524628c

SHA1
ad8ee98167b3f2e018dd688a43d03a6381c80aa2

SHA256
007897feaff70b1dfa505d5998cd5052b201426ac1c92ee3e2148e556c88f184

SHA512
0af2e0e21a2ec85aa349834972254274ee49729f23f55b5c26f06289294917b845129d6ef869568c5fb469f72a804575529f297b6ce220ba841bcd1370b8f86a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_0000df

Filesize
65KB

MD5
18af5d7c64dc067c67b7b2488e14457f

SHA1
2f83a9b3764c47ff755944b67796054bf855604a

SHA256
609f027d600a8ce03874e04c91fe25ee5c990b777af76b009c4dd7ca3a183b5f

SHA512
cdbba97a0f68ad4d4a80f49e25a0d88854bece710ae960c76c2afb9040b5b6da8b41307d50db933122d4578f462eef5a801fbc82c04546d7d9bf7986dbe973dd

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_0000e0

Filesize
44KB

MD5
15b1236c2ec8ef0d367a52171ce05c3b

SHA1
f9566775338bc02cb6c23ab3b82b817acefdedbb

SHA256
2c6c7621535a0d7a68af99b2c1573690dfdad8fc2c3d3b9e7908273bd391375c

SHA512
77f89a79087e1b30be22199e7e67ae9870262e8eeecef9b2c4d26ae10ef51357c30ff49d8598aa0052b918cd017bcd83020dde8e1ddb614dbc01a828e71a3e6d

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_0000e1

Filesize
72KB

MD5
b1c74824ad1d686051eaecc141d34682

SHA1
ebfac0c06164a83ff0c45813655d7b94c9cb89dc

SHA256
275f52c17719fa1c30bc1b1977dac644be0f18c01c88cdc2f91b17a2e0e3af1a

SHA512
188fca6d5f1c7590747e050dcc350f325faca73ea8b7d62666133930871ba2cb289f7ea4bde671259c1a181ec2be43018be0b24cf576b330018cf861baadd979

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\temp-index

Filesize
48B

MD5
21f60c1507db3a75a0772134a33f7788

SHA1
0f2a88186e2251fcedcd51893e81d26967341c81

SHA256
36426c0e1a79f8c6cfc4b9fccb47a8dd37b64c4d92065572df055180d0d18120

SHA512
8f6260fdfe4edfc231e049850b2f6ca0c5f94529f98ef317e43361ac8566b9a42c7fea9ef4bad7315a408571ac07a844e42a61c722ed14af492769d89f0ecbf4

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
2cd2720ee8b6d7a1ea0e388c01709dd8

SHA1
e5fed7d648b79ebc65cd220b46b97780cb3f3a3b

SHA256
546f755af8bcf8529ab10664117972eaf3b6d9c239e57488fa00f1010a2ba707

SHA512
da8147cc0f9fdcb4de4724164b56ebb83fc9adc783e22f2dea09734034bbf3ea7e6b8312ade04fe2adc0ffc915e4b35958f42b1239fdb39c809d1e02faab2bdb

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
d7d5048a28f247f0d101b069174d0396

SHA1
d2029d31dbf1be272b4d0d9421dcafa5b83e3755

SHA256
161bcbf7814f5f887ea6016cd1f1d358dfd26246986b985e4ebfb80b356fa519

SHA512
373c795b6e8b35537d075b8b22471a0caf31cfb4f2e336703955123d77ed776fb69068f988c28fe0690f55db4c6d62fbe9994f43dd813a118a032d05c208d385

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
62fe671c94c0839d34c470fc682822dc

SHA1
d948234e27e40f2feb6e40aa5e7b54733275d987

SHA256
998933ff8f5070fda3c0f3fdd3215e06e250279ea212bd4aa82f99491f0a7aed

SHA512
d13eed1f8d439a185a9161e665911f2c970f947b32f62784186c4c40618b597f8321f7e7b436434fb8affca9015bbcca77c343fb637d380464cbedc38fac9102

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
55345783ab6c4b17a30e927c0203b82e

SHA1
f67cdc9ac098ce2308286e3a3e29a89a5dda5eff

SHA256
49213643f7b5794dc1a3b7a564d1a193c92e6b0964a59ad3a2cab89f460a69ec

SHA512
be832502faf9fce4664bee85dbbb9d78ef3f1db666939f9bb9b3f7c97cffc54d72d29fcbbf81d8ef30e0d79231a889e5675287aa6ee038af5412542f515d64e0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0cafc4374ac3b95be53ec77975e3fb1b

SHA1
a1bc782a768049d704a8e236ee7d2caec58abe70

SHA256
1d3fc582661e401ba0db37da6f7c8d93412a87264edb5e57190f5ad077e3f733

SHA512
265b94ec00afdf7b6f105774a0b1c0a438357cb20c0f13d479771d66058c5e74ebf0f8ce757a84bc9a95c4f55ed340664a02fb2d32d1acc16f8ee1a6f9f820eb

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_0

Filesize
44KB

MD5
e1848ba25c05d208c85c54ee91d20a34

SHA1
00df1d5a4b45d5f525e294e938ef7d522377fe96

SHA256
30a1c802b62f881bec5333dc31a42853ecbca1d5f83f45d080eccd4ea0f862c8

SHA512
9a63fdfa9e56a87fbcc7fc10cf87f7d83bb3319d409510096a1366b843f54131bd00b975ad80d4fa9a9489695f8be2205b44fba408ffa64b874113242dd7161e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_1

Filesize
264KB

MD5
8b1cd3716a210e31c0a3392edcfe321f

SHA1
74b5d67843e108eba9422ed5f54cde59dea12af7

SHA256
904cdd61cb05649fde62c21c0623a0cb7fc3fe2f7d3e1522f3791498f88afc4d

SHA512
2748596de48943d5f84caf2aae18b2919210a70aa7a5d7ce058b04b5a9fe11bd86bd26e85765a1fec248284d868adc1cb8d0254384614e94a53be4447f06af21

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
710B

MD5
5ec2eb2dbf0718c18d7ec8d0a1578246

SHA1
c6b6eca5bfe0e193ee8ecd211cb5a05239dbdb57

SHA256
e092d32bc95b1cff03639f7b75f73f380b1e0084bfbc2a7efd49ffea4c6a7193

SHA512
3604ee3ece71c59e1dca39516c2f2daea0efbffc665e99045ffb3be243ad1a52f0c0edddeda94c14b6d6b6c0709c6f8de41aa19a69a6826c45add4eeca6311aa

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
822B

MD5
01aed372173ad981bf862718ebdc4ef7

SHA1
8b5bbf1daaecefc3d3053a5de3dee264320d1a2c

SHA256
3426c5fe2ea19b5b02b64d4a4b00dae65ac25a822766f0ec88b7bbfdc46248cc

SHA512
486ebd386e9c2ccec07a790af5d47697fbaa4525d23014e6ad7e3492993540e9abcd4c84e3113e85048efe0c4d1cf3a2dc4da918c2c16edbd40a49827fdbf22e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
822B

MD5
7da10063a44b5c6e1e848dc6c9194807

SHA1
af8c6f7f962c2647ead16e1857dba2098e3211e5

SHA256
c5128d6425acce8ff9fc9613249bc8f84098cf1ee3fcb8e46d3266ee9369677a

SHA512
6740dbae00b80be7c08995c9144d6859909677ba5dab308174be723979dc53a41b0d7544f1d2f6570f0c3c0b4f8a8f80edfbd2f0c3d119eebda76f47b459462a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
822B

MD5
4a662398287a19dad28a9e8f46523efb

SHA1
ee426ef9a220cd2bcd9c1fbbb3688d4fce24d608

SHA256
290fc088daa0e076b943a458065bfe17ab89ae58ec2c861bea5ccfebde223850

SHA512
b9f7c55188f7f34802a21381acf4cac1e8d35f798685344fa3ce29d36b698a9ef7e591a73a5e4ed9b26533542fe36b4573c14540182aa6e12ad2fc6dfcdf8941

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
822B

MD5
d18ce68f63bb18b28c8b7a6646e7cf68

SHA1
8f76fe9cb4076c7a446a3aa9c4f0744acb12dbe5

SHA256
ee507806d03359ce231438bcca5a152a6a40e11aadc44830b41d1a15d11f727c

SHA512
15834f962e85161406e731ccce69b2102b1d33db7546661f34e145d52bf9336af8d5489afcdfebce575ad7b9aff3277237705c33ab85364d032b9e9bb7318f04

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe621fa8.TMP

Filesize
529B

MD5
009643142f7a6cd81d638f4674e62446

SHA1
ec2283d0e16a7f2157ca59d01179239b3d636e2f

SHA256
90ff59b5ad6592e04cd136382eec387758dc89e522a7c310cb960f338e94fc5a

SHA512
4bddceb735d81d12d773e17cacd18c291ca35aecd03c724bedc64083b3402ff937488441cff07624c6b4690781943643626e4d9abd1ebb29ea84874737b5bddd

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\236bd41c-3c3d-482b-b25a-7166d7251915.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
865B

MD5
6d922077a200737c3442b4dc325c4bdb

SHA1
51d0160a1f01cf39127b94322afcbb2a481f4f3b

SHA256
c9eaa41f1eafba3fb6c700b1dcdb51276e0eedd95167e0741b6f28a0eabdf4b9

SHA512
4f8f9b86bf1ccf0c82f36c5d0149aa9c9b034c241264aa034f5bfb4588fec2f2f7f2e2a666626d7e1819bae80904361208183688448447d67eb063529c29e5fc

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
865B

MD5
d6f6d31c7a87dab497f2e0027b4318aa

SHA1
f2fde1644e3169547e33e844aae22ad785c78ec9

SHA256
49b114c5f9d21ef8c2d9b34d35feea6f2f177854565e91458ac36ea87d2ae4a5

SHA512
b3132ae98ed7efc862a147df1915d4aa23930b000f7bfb73fe53b282909dd572ce99fee9962936c41ce581b545e5bb446329e92a65f4bb8de775667631b5d31a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
865B

MD5
88836b4e5952a863e6416d268fd4fd27

SHA1
94f19e6aa74626994b9762b6d9da890897a6c5c3

SHA256
0bcb928a8ed49fb9991c1c60869322f9325ecb8408d82ffb0c5f3ad34be5877c

SHA512
ce3b31d06078fba248538655580deeaa01066d9384ab41c0393598e758bd2117611399046bea386ace89eaab0f34d5c53aa35a943cd4743df0b36e662a679611

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
589B

MD5
12df37e276e1f0c49d07e2cf7a79c66f

SHA1
520a15da590cff952249b23651cb04244a5ab1ea

SHA256
ff4b91270c152ccf492611d2c10ad188372c7d8f0ac2e4dd6e2bd37c34b25332

SHA512
192a80ec80303a2d3be511c2209aedabce58c848965687640411a2c844ebaaeb68c423382b15217212782b0d3ab41c3ec79fc6bdee4523786c601cd1b132e616

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
f631428ce88f23ed0ba59ba72bc8a793

SHA1
52a784d398c0e3b40a9dfe6e50baa3f0ff176ef3

SHA256
497110ba49c63a54c7b2bcb56b86ab87a38b76a2b9253a75221ba237287a07d9

SHA512
f01aec64d1aca54467e2481ffe6198b640fcc00e6889c53eed5f2320ceb5572d3eedd486b3aceeacf8825737abfe511ad5936a93e763d272260ecadb43958c50

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
dceb1ccd4a9179c7a6540890e1f24b11

SHA1
d64e02da8e01a633c03d16b89a0f9c92dafc7a22

SHA256
9577aaf1e38817560c4611dc8ac01df0f424c44035af1fffc91c93b5f4175653

SHA512
ffc19401b3f6e7535545134a865ffe87b305feb8a7e307c46b2f022e4e328dc9512c4a2d1e7665ed7551f1743b78e6099412e831ca754dd35868ce6332593540

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
3384a704aed73c6b22c265e90f1059a7

SHA1
c63d96a1ffa39fd40d6fdbaba596e3e0fed0ca02

SHA256
b41e0eba57125a01069f425a249aa6aa7d0aedb71b68fd41b872f8ae4a152dba

SHA512
bd2e9df016d460673c7f1edf8b0d951432256e6036f5ccf1c047e2985a27cf4d3635a38f4e784d39b9b984b1ed0f5490f45bd68e42486b274ebe288284d4819a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
e5ab5fa117d7c1f9d90cca81c66d8e97

SHA1
9dede7933dfb3ffe56f89fcdcc1ba827904b1309

SHA256
bbf9dfd4ae9457bda65b703db5663efbfc7685bd9999aa556d2a04ab345ae170

SHA512
709c1f20c0516b6a2c2262f5840a7c45162a30974d1f2c9de3f3c03ddc8025f54dfb908b65882d2259315e69f7c190c8ea4be69f0478549940a3a44b5fad9436

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe623301.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
385ce129487687f9b38ab3426cf697d9

SHA1
40166f08061e1b854ecd85493ea95b738bc635ae

SHA256
311043b7b9502b63b19885f0f8c2b5eb607f34fe95d939b3b838eee7a5337972

SHA512
5740bd38f711c25ce523e8d0c1d674fce8f55ffdfa602462197a911ec49536f3b1b55a73f67ce58e2e17fe0bbd7a3e9e569df2d72088ff7ba2b2e6ef3bc15cd5

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
522B

MD5
396c991ced92c3531b984fc54f776474

SHA1
0d0b2141c062665360856ca0752f283d9af20abb

SHA256
310bd17ccffc16135123688f621fbb08db9a32de7c820ddc53ba997c5e61674d

SHA512
32fd1dd6ba3f838c8ea0c267514029292f152a68af12b21ea174813b9bb8598b1a36e6b0ced8c221e08de2ec2b5439814d67f27c0f83fbf241870fc9d1c165c2

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
520B

MD5
63651f9ee18ec0585d709097c20ce6e9

SHA1
74b2232eaacc512b682a20fdfbbb388b4911948c

SHA256
002e65305f4f5a5a738db3008932e842623783a06ac913db7588d3c97471f9a5

SHA512
3c98d4868e16c0942462962450d69cde8d33b4f72c9e6a0d0c8ee6d1872d73e669330bc34b9ade57ed77f7ee764872b424c51bc7d61d4d4d42490c198a0b92d7

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
522B

MD5
fd7922ba847fce9a3d3e6262beed3db7

SHA1
9f437d35186bd08f40e920230f7f9ec556332248

SHA256
cdcbbcb049ac86730ef5846754d2cdc9e7ae3ef88ace8995d1cd918c38a7705a

SHA512
74a29028eb6016953ac05c29f8b370d477fe456535d50fd88b2719bf7dbb9876fd24f2233ad712379e888d5a8f75c3f03de157aff7751f745b01d5e857096730

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
ea2e37114f85841bfbaf4011d96a6283

SHA1
693f2bcd730ace218b590ec1ffb09c75b4f4a67c

SHA256
e69b5598d7166ff1066349ad32ef6c60d1a0b865f6dfaf0591bcd07b27ca99c7

SHA512
5cb3b8ba618255278dfc2de1151a22f1f111d73abb6b8b914404e0aa93e9b1f0861e6f921e1ca5f31cd0abcf11097d7db5857a2275ca202609331db8bf918d88

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
520B

MD5
b0632b570b479227b51a98f06c75c763

SHA1
c3cd808f6f03a9e1664c954dd77e5dbcb7914362

SHA256
498fdbf17e4490a211b73d225afb7650edd570896aca52c6b8de2270a40e0616

SHA512
54919123871066b5c2e1527eea2014d85864eababc8e5dc611a39ecd5c29f69f78afc0db1105b2d639b9fac912d5b572487596e54f9477121f847092a6414b57

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
b86198df8bf6bdc53446049e23590729

SHA1
495a3f0c211c680912caebb9d2d84a95a9922dd1

SHA256
68ee07e5d2f88ad625c17f4a0594a40211c5b2ecfc38757d5b6ff0957e21557a

SHA512
1ca263c88bbaf9ff4cb3aed612c915b9b9c722bbd8241b7f6cd3c53aada2b0519f7f9353dc01371bfbaa46f91a118e7ce9e447e18263523c0992d8374974bfe5

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
28c0c5c6759c1a96065f1f8bbc4a6508

SHA1
b4ad4a0eea2029171a3f2438db22a62ec8dc24b9

SHA256
6b526cbb8f5b30207c5791d4e01aec67b437465f729ea1c599f8172ca0f3e63e

SHA512
3abe44e712ebb1ca207199a5976545a7ae24cebac6ccccd231740cfeeb47013a3514d8101544daac80ebba53efe89b8e81401486f8b241e6cedd025b6eb27424

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
188B

MD5
f8f3dd7a3d0e1ac56991a681985469e0

SHA1
0ec3cedaa11a91fccad3208668a0d7ced3d8c535

SHA256
2d0643e60300706da23f90c54a881ef296ee4939b1e883264481b48f628e5e5e

SHA512
3fe6fb11d079ea562d9cc4d9d7f18e4a24a6a37f464f2ffebf8c69713bf083b6c15bec5c6adcb27029c91592c3f085ef2b9725e66e8cd05a1ad3d5d923ac9ef9

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
518B

MD5
17648be42f9af68cd396412c04e5a7c0

SHA1
5761348298d9d7045135072f67a571f2d3f9170e

SHA256
e6cfedbc51ef8c0d7d56d675c20c727f746f081f92478858c61520999563be33

SHA512
3c2577d03c8bd8d98270eda52bb04d75efcff796ae0ec10872cdc56bec5488554f9aaf1736999fdd8b5c17f6562ff9e01c6106078e8ac6704249b6913f07d0bd

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe61bfd5.TMP

Filesize
188B

MD5
19ff7f9247496e25763142151d9c4fef

SHA1
4d51ee64db40441c3b456d4e7f2a03b19cedfc93

SHA256
daafa729ddbbb8183ce8eaefcb8cb28392780abeaa3bcdd9c511fdf39d74aec0

SHA512
e78870f70350b5f068e9c0c2ab881339a3230f2e0fb8e81f76a425fb82b6f3e47cbf808e53f390df67ae7268acc81491916556887db911d32e2f615fd123dccc

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

Filesize
2KB

MD5
e931fa8f333d4d14a11b7c61fa6fe295

SHA1
c28886c36be8a866f77af9837310d1ad550472df

SHA256
b327ce5269f29dbb22568329ac86444ea7f01162110f19de139453fa105e4c25

SHA512
c52a3e55e436d230e3044428155b79faa534ee7d858f200d78834427295bc5d66b031555b51c5ee1b76c20f52a277eb796a03644d0f16015fddb029222017ad0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe61bf96.TMP

Filesize
2KB

MD5
68b20851ccb9834d21fb32615e42bd43

SHA1
88fab935f0b9484994097c08f785e9ecb7d68127

SHA256
a954b528dd65ad6c4c2091fa32f17abdb7a49454ce88e10bb6c377734c70c26f

SHA512
dcb0771120c8fe35213d60e9abf4b242af807324759e3c99e9b2569c00a941d885d53ef6fadfe69e6b740e0b52a6008602605d643801190a2d29175a7d065e15

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8F0B95D7\1966720.lua

Filesize
155B

MD5
cdf4142ddcf56da139d41d84f9a7558b

SHA1
c6e39ca666e237de90d864fd1ef3500c3224063f

SHA256
c6edf0178f7296662ef3267677b6ff700b87d4916e4308881fcea02f8959fb7e

SHA512
c74191ec614cca6aed5dad8af9deccb799f2b6963aa386b1e8de0c844b43fb82ea8551d54a5f6a7148da6becb6ecc65c5795ac7233a06fd8111dee2f1dc7ac0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst5359.tmp\StdUtils.dll

Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst5359.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst5359.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst5359.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst5359.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst5359.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
8c03f444ea6d8b61caf04693660cceca

SHA1
2768fcc63f02dbac4d02f094da792770e07d0b5a

SHA256
87e5d9f8302787fd2e6fbeabbe364c7fee543aa1ff151d275f35bc9bd2c92d59

SHA512
e85cab69460d899eb171dbc2e237572a6632e42e1bd70dec30eb495f5ce04e631b4690547d1b198ceb9e54b8816508260860feed371697b0ef27217b20d793ef

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
5fd0a2dba303bf5b753275f65716ed02

SHA1
66b95fafab4b5e3e86d0454cb7e9f33b6006fe46

SHA256
f939c2d7fa2add90e0467e21db706f38c8c550b5bee22fa803b3dd2e6e0e6252

SHA512
d379fdcb73c3c24659068abc5451094eb75cbc2bd8b952d19af8033bec961106105a02b8757ed752fe0e47840a2ba4aa3530d005fc6ddb3d8cbcd8ae53f1bff6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
af22f44702a6d4901f07c792ebaacaea

SHA1
99d5f4c5260fadab700dbddad9a2eeb029335f8e

SHA256
eddc41072058b2e37e6c617830bf9bb2325209895b04141a492df14022cf4119

SHA512
57ce5ad481b53205d0cfd6ffbd999aa5e720f4ecf6c31693fd25e9b8d3be596e8e0b18f9e3b66270618ba4a4619a632be0c0b7ba5faf2beb17acceb28e05b9b0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
483f8472856ccedad5de37f6922aed6d

SHA1
1bd9e437b57fee37d25313e42275cf77912f342a

SHA256
28382e37513a241d816443b0cb4c270baf1dcf5ab7086242bb6a41492836f46f

SHA512
8b25a6d94bee0bb4698485d3eb10116834d3f45bf7125edc76af0808e2eefbf1ea739a7de974967ee5e4467b14a5d178604fcdb4beecb577e5a11f4de51dcbb7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
21fe22be8a832aa8d2d600ea43eea9c3

SHA1
ee4ed6037ebaedf33334295fa4b78c96dc7aa4ac

SHA256
f42801397974a15aec71748eb73b8acee5959016f00580474ea8c2c3fd7de002

SHA512
59d40dece980cc2cec8d370dd3ea30d5f4d14ad4228b831367f1a4b0d7a92ff0332d617a99e91d2a3260327532611790e9dd65a9b22c3cfb636ea401db360743

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
37572ababa61531a93bc061662b3c4e8

SHA1
90ed3837b1a7dae2c715a2088cf0d9092ab8db43

SHA256
1442f1a26e4896f0166d83eccf40985cbccdc2104d14cb8f3150ea6e08b24ee1

SHA512
52abd8fc7814892d1909bfc809c19dfa1025e5ac519e02289dd831ca3c8b7576d87ff3f58290fc7641eb464ad44d58c6998043558c6f1a22de9ae922cafcfd85

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
c3dad5f50f78dc7c4f4a1ae6bbaa9cfb

SHA1
e3bc71190be9882fb5f9a637e493bec109382398

SHA256
5d70478843a23ec938bcab672250035627a39c26258824bb6e10154fbc8332c0

SHA512
8198b6fe0ba9dcfd70126f10fc47b45dc0b06f7ca9759b9fbaf4c57dc3b92a7dc08e3092531981bb43e9674d9862b049e75143f37ad83999bad0bfc069aa86f4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
e0c7d627b963f7ef67f9450626c8f8d1

SHA1
737b1497c46cb12db798c891eb9db538b0cb1ab7

SHA256
23a3673fdec086c04f1d8230ad8448f89235020b5516bbe50b5d16cadc79d95c

SHA512
7b4d9577a2a028c9328369aa0cb817a1a44aa8798d7231bebe6223fdd2ab6892cf1ea0d84084bfecee88157fd3c272935df8f8d17e7390003d3a237185fdce70

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
7053ac767f7ba51d984ddc4aae7f8e51

SHA1
25692f6eb6f7808d7a8a2a63e9c34c08ba5ffedb

SHA256
27b3862467be09a6212225e1adea3386bc648f8d8db005931a8c7a34c612c3cf

SHA512
9eafb3a0c8c6311272f60fb745670d73242e0d7d9f75244f5a5c232d02c966e10c3e930a49453a7444d73d63bd1b91c7159844926e0ce3d30a17c976084cbe0e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
ff576d672f63c3698fd724b7ba26f3df

SHA1
55b3e182d67361d0a76101ae25f13c089bc385c1

SHA256
0e1e54f8c7e0d400687b2a799bef25f6e137923bcdfbe9228d4a4727fc82ce17

SHA512
5f338709deb725ac1912039b3649a25e40872a2327eb355c5c6b2e0de4b20a9b21415a540edea7534e0f085d6d320115bc39df350575e1dce16d285944452e1b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
c42208bcfa551c64735c3863a7a8bc7f

SHA1
34388cf70e7d2f299d949cab40cd63fe0090e68a

SHA256
79f4dedb0ef3e0b77ced8f33b9324711262608426d5aadfa679e7d6496d6f4e6

SHA512
db594e2efad2e5b0f01f603f64b3f04bddd7c66221034784ea59eb4ab36a759c74f211ed48b866e379613d6dff17da1a3f555d7fb1580d76f3f90ce64a7afe1d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
2a5749d5c322c523dfebee8cb235f77c

SHA1
a68c5266cea2bbcf4e5e3c2b013ab9ddb56b7ae6

SHA256
cc34a373af840e234515c2ef8ca04c538df7102dfcf2f26a2dc410d3525696ef

SHA512
940c8517adf7156d37e1e3c9783e0a96de03bbe48286a8029a76b5ab8228398eb67c9f02ed5f0efd16f0506a7a1ff453fd7cd8a4ff5ea69229652cfc3968a024

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
5fef80392a030b4bf4df1184bf11b2ef

SHA1
e2eb0b6c96c330d1a5c1d0f8ce40582e51b30aed

SHA256
7ac1b2042e6dfff6272b641f1d283abf291fdfa9ac9836adbf50bbdc9d3982d9

SHA512
f9a0f3146e5adba50f981da5956525deba6e0361a65137083b7e3c2b29b507805af0e630c4cdd2eb10235f741e2a7ed4b75ae5bd297e3a15d64be120a2dc8a6f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
169e36e0c62838ab1a79e746f31878e1

SHA1
4fa790575f9238e5d4bbe31970a1c10b0ef4777b

SHA256
704e6c3b673f83e96ec36819372a3ec3b9023c105475abd0eea4a0c1a91740e9

SHA512
900055e04a4a3568c9b4f2e94839f8e374f1ce2d45d2472a8a7008cf20bdeabf9c2bdd66c3cea1766f40f19eea74008821b5b0c96c12180da1f9d0984c417f08

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
c6d31db51858ab30724731f75efa213c

SHA1
b3e254226b8a79a0ffabec0cc62a6bc8c6131dbd

SHA256
16a7f40c4ff8f50572a66a9013bca2c6944ea0bdbbd70d8610f62ab66f614a68

SHA512
720ab0b28f3c5cee54b3f455cc0d81401e72e68661c4db03529c67f0167d8ac9eb912750e59db63f4948daab00ffb50de4cca504f6b263673190812d3b3effe5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
6fb60239563615b067233e01d135262d

SHA1
61ea8f7d0f6b3d84207f5cc5a648048372afb0b6

SHA256
a48d0770a68149abbacdf30624c16a26320d8d6b37628d111e0158a6ea21226e

SHA512
b6f284f99c5cfc7017c25816756fe080ec3313fcf609408115d0a4a1f2915943abcde964aa5d2316baae085a1932a4abdd96922d403f41a6489dcc83283d58ba

Download Submit
C:\Users\Admin\Downloads\Sin confirmar 784379.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit
C:\Users\Admin\Downloads\Sin confirmar 968677.crdownload

Filesize
837KB

MD5
93ef55f275e12608889ba7c2e908e6d8

SHA1
969a31955b49a8bd82567fa582b3f29528ceb6f1

SHA256
7af03f9f3e8d96c931d69b1ecd531ee976c6e504d678bbf44f553ffea8943291

SHA512
fa3dfb36608777a5942cc3ffdb5d1599efd0420dbd436def11d860312b6dff64af6d9c3022964c78eaf34c3173a8907a3b58e88fda8f83a4e8e4063287ba7c53

Download Submit
C:\Users\Admin\Downloads\SteamtoolsSetup.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12908_767497746\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12908_767497746\manifest.json

Filesize
1001B

MD5
2ff237adbc218a4934a8b361bcd3428e

SHA1
efad279269d9372dcf9c65b8527792e2e9e6ca7d

SHA256
25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827

SHA512
bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542

Download Submit
memory/1608-13302-0x00000000000D0000-0x0000000000582000-memory.dmp

Filesize
4.7MB

Download
memory/6160-14219-0x000001B7F4740000-0x000001B7F4741000-memory.dmp

Filesize
4KB

Download
memory/6160-14217-0x000001B7F4740000-0x000001B7F4741000-memory.dmp

Filesize
4KB

Download
memory/6160-14224-0x000001B7F4740000-0x000001B7F4741000-memory.dmp

Filesize
4KB

Download
memory/6160-14223-0x000001B7F4740000-0x000001B7F4741000-memory.dmp

Filesize
4KB

Download
memory/6160-14218-0x000001B7F4740000-0x000001B7F4741000-memory.dmp

Filesize
4KB

Download
memory/8440-13968-0x00000211033D0000-0x0000021103401000-memory.dmp

Filesize
196KB

Download
memory/8440-13969-0x0000021103A30000-0x0000021103ADF000-memory.dmp

Filesize
700KB

Download
memory/10036-13562-0x000002082B920000-0x000002082B951000-memory.dmp

Filesize
196KB

Download
memory/11580-13464-0x000001CE594A0000-0x000001CE5954F000-memory.dmp

Filesize
700KB

Download
memory/11580-13463-0x000001CE59070000-0x000001CE590A1000-memory.dmp

Filesize
196KB

Download
memory/11668-13348-0x00007FFDA0C40000-0x00007FFDA0C41000-memory.dmp

Filesize
4KB

Download
memory/11668-13462-0x00000137DD840000-0x00000137DD871000-memory.dmp

Filesize
196KB

Download
memory/11668-13347-0x00007FFDA07E0000-0x00007FFDA07E1000-memory.dmp

Filesize
4KB

Download
memory/12980-13942-0x000000006ED10000-0x0000000070051000-memory.dmp

Filesize
19.3MB

Download
memory/12980-13467-0x000000006ED10000-0x0000000070051000-memory.dmp

Filesize
19.3MB

Download
memory/12980-13480-0x000000006ED10000-0x0000000070051000-memory.dmp

Filesize
19.3MB

Download
memory/12980-13487-0x000000006ED10000-0x0000000070051000-memory.dmp

Filesize
19.3MB

Download
memory/12980-13457-0x000000006ED10000-0x0000000070051000-memory.dmp

Filesize
19.3MB

Download
memory/12980-13601-0x000000006ED10000-0x0000000070051000-memory.dmp

Filesize
19.3MB

Download
memory/12980-14211-0x000000006ED10000-0x0000000070051000-memory.dmp

Filesize
19.3MB

Download
memory/12980-13582-0x000000006ED10000-0x0000000070051000-memory.dmp

Filesize
19.3MB

Download
memory/12980-13509-0x000000006ED10000-0x0000000070051000-memory.dmp

Filesize
19.3MB

Download
memory/12980-13513-0x000000006ED10000-0x0000000070051000-memory.dmp

Filesize
19.3MB

Download
memory/12980-13518-0x000000006ED10000-0x0000000070051000-memory.dmp

Filesize
19.3MB

Download
memory/12980-13540-0x000000006ED10000-0x0000000070051000-memory.dmp

Filesize
19.3MB

Download