hxxp://csfloat[.]com

Analysis

max time kernel
1050s
max time network
1050s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
07-01-2025 20:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://csfloat.com

Score

8^/10

steam defense_evasion discovery persistence phishing

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 34 IoCs

pid	Process
1428	SteamSetup (1).exe
1852	steamservice.exe
4688	steam.exe
11520	steam.exe
11572	steamwebhelper.exe
11612	steamwebhelper.exe
12224	steamwebhelper.exe
13288	steamwebhelper.exe
13564	gldriverquery64.exe
13708	steamwebhelper.exe
16200	steamwebhelper.exe
16452	gldriverquery.exe
16516	vulkandriverquery64.exe
16592	vulkandriverquery.exe
5492	steamwebhelper.exe
21456	steamwebhelper.exe
4536	steamwebhelper.exe
13660	steamwebhelper.exe
22412	steamwebhelper.exe
7928	steamwebhelper.exe
7912	steamwebhelper.exe
9632	steamwebhelper.exe
9620	steamwebhelper.exe
12984	steamwebhelper.exe
15304	PlantsVsZombies.exe
15344	popcapgame1.exe
15544	GameOverlayUI.exe
15776	GameOverlayUI.exe
17180	GameOverlayUI.exe
17448	GameOverlayUI.exe
17764	GameOverlayUI.exe
18272	GameOverlayUI.exe
5248	GameOverlayUI.exe
18464	GameOverlayUI.exe

Loads dropped DLL 64 IoCs

pid	Process
1428	SteamSetup (1).exe
1428	SteamSetup (1).exe
1428	SteamSetup (1).exe
1428	SteamSetup (1).exe
1428	SteamSetup (1).exe
1428	SteamSetup (1).exe
1428	SteamSetup (1).exe
1428	SteamSetup (1).exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11612	steamwebhelper.exe
11612	steamwebhelper.exe
11612	steamwebhelper.exe
11520	steam.exe
12224	steamwebhelper.exe
12224	steamwebhelper.exe
12224	steamwebhelper.exe
11520	steam.exe
12224	steamwebhelper.exe
12224	steamwebhelper.exe
12224	steamwebhelper.exe
12224	steamwebhelper.exe
12224	steamwebhelper.exe
12224	steamwebhelper.exe
13288	steamwebhelper.exe
13288	steamwebhelper.exe
13288	steamwebhelper.exe
11520	steam.exe
13708	steamwebhelper.exe
13708	steamwebhelper.exe
13708	steamwebhelper.exe
16200	steamwebhelper.exe
16200	steamwebhelper.exe
16200	steamwebhelper.exe
16200	steamwebhelper.exe
5492	steamwebhelper.exe
5492	steamwebhelper.exe
5492	steamwebhelper.exe
21456	steamwebhelper.exe
21456	steamwebhelper.exe
21456	steamwebhelper.exe
21456	steamwebhelper.exe
21456	steamwebhelper.exe
21456	steamwebhelper.exe
11520	steam.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup (1).exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Detected potential entity reuse from brand STEAM.
phishing steam

Suspicious use of SetThreadContext 3 IoCs

description	pid	Process	procid_target
PID 11520 set thread context of 15304	11520	steam.exe	153
PID 15304 set thread context of 15344	15304	PlantsVsZombies.exe	154
PID 15304 set thread context of 15344	15304	PlantsVsZombies.exe	154

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_dpad_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_050_menu_0040.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox360_button_select_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\2394010_icon.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steampops_greek-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_040_act_0326.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\tabSquareBottomRight.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_dpad_up_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_status_mobile_ingame.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\hp_l4_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_ltrackpad_ring.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_rb.svg_	steam.exe
File opened for modification	C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\drm\common\images\btn_finish.gif	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_r2_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\html_lock_ev.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\voice_dialing.wav_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\inbox_offlinemessage.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_l2_half_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\32440_logo.png	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_norwegian-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_rt_click_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\CreditCardPreorderReceipt.html_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_brazilian-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_button_minus_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\cmnd_action_set.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_l_left.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\userdata\996293921\config\librarycache\2371090.json	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_touchpad_swipe_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\layout\deletecustomimagedialog.layout_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_040_act_0314.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_play.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\radUnselFocus.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_l_swipe_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_button_x_sm-1.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\chunk~1a96cdf59.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\layout\pagination_panel.layout_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\clienttexture8.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_dpad_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_button_minus.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\440_icon.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\317670_header.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0324.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_rstick_up_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_r2_soft_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_100_target_0100.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\nonverified_3.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\broadcast\icon_mic_on.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_servers.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steamclean_japanese.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\steamui_postlogon_tchinese.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_dpad_down.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_050_menu_0307.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\OverlayBatteryNotification.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\layout\gamespage_details_turnnotifications_item.layout_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_button_select_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_l1_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\clienttexture2.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0030.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_gyro_roll.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_lstick_down_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_button_start_md.png_	steam.exe

Drops file in Windows directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping11572_664382208\_platform_specific\win_x64\widevinecdm.dll.sig	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping11572_664382208\_platform_specific\win_x64\widevinecdm.dll	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping11572_664382208\LICENSE	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping11572_664382208\manifest.json	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping11572_664382208\_metadata\verified_contents.json	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping11572_664382208\manifest.fingerprint	steamwebhelper.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\SteamSetup (1).exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 16 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PlantsVsZombies.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GameOverlayUI.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GameOverlayUI.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GameOverlayUI.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GameOverlayUI.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GameOverlayUI.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	popcapgame1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GameOverlayUI.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GameOverlayUI.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GameOverlayUI.exe

Checks processor information in registry 2 TTPs 15 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	popcapgame1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	GameOverlayUI.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	popcapgame1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	PlantsVsZombies.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	GameOverlayUI.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	PlantsVsZombies.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steam\Shell\Open	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steam\DefaultIcon	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steamlink\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steam	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steamlink	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steamlink\URL Protocol	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steamlink\Shell\Open	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steam\ = "URL:steam protocol"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steam\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steamlink\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steam\Shell\Open\Command	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steamlink\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steam\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steamlink\DefaultIcon	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steam\URL Protocol	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\steam\ = "URL:steam protocol"	steamservice.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	steam.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 694247.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\SteamSetup (1).exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 583131.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4840	msedge.exe
4840	msedge.exe
3056	msedge.exe
3056	msedge.exe
1496	msedge.exe
1496	msedge.exe
3796	identity_helper.exe
3796	identity_helper.exe
2824	msedge.exe
2824	msedge.exe
1428	SteamSetup (1).exe
1428	SteamSetup (1).exe
1428	SteamSetup (1).exe
1428	SteamSetup (1).exe
1428	SteamSetup (1).exe
1428	SteamSetup (1).exe
1428	SteamSetup (1).exe
1428	SteamSetup (1).exe
1428	SteamSetup (1).exe
1428	SteamSetup (1).exe
1428	SteamSetup (1).exe
1428	SteamSetup (1).exe
1428	SteamSetup (1).exe
1428	SteamSetup (1).exe
1428	SteamSetup (1).exe
1428	SteamSetup (1).exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
11520	steam.exe
15344	popcapgame1.exe
15304	PlantsVsZombies.exe
15544	GameOverlayUI.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	1852	steamservice.exe
Token: SeSecurityPrivilege	1852	steamservice.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe
Token: SeShutdownPrivilege	11572	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	11572	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11520	steam.exe
11520	steam.exe
11520	steam.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe
11572	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1428	SteamSetup (1).exe
1852	steamservice.exe
11520	steam.exe
15596	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 3748	3056	msedge.exe	79
PID 3056 wrote to memory of 3748	3056	msedge.exe	79
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 584	3056	msedge.exe	80
PID 3056 wrote to memory of 4840	3056	msedge.exe	81
PID 3056 wrote to memory of 4840	3056	msedge.exe	81
PID 3056 wrote to memory of 588	3056	msedge.exe	82
PID 3056 wrote to memory of 588	3056	msedge.exe	82
PID 3056 wrote to memory of 588	3056	msedge.exe	82
PID 3056 wrote to memory of 588	3056	msedge.exe	82
PID 3056 wrote to memory of 588	3056	msedge.exe	82
PID 3056 wrote to memory of 588	3056	msedge.exe	82
PID 3056 wrote to memory of 588	3056	msedge.exe	82
PID 3056 wrote to memory of 588	3056	msedge.exe	82
PID 3056 wrote to memory of 588	3056	msedge.exe	82
PID 3056 wrote to memory of 588	3056	msedge.exe	82
PID 3056 wrote to memory of 588	3056	msedge.exe	82
PID 3056 wrote to memory of 588	3056	msedge.exe	82
PID 3056 wrote to memory of 588	3056	msedge.exe	82
PID 3056 wrote to memory of 588	3056	msedge.exe	82
PID 3056 wrote to memory of 588	3056	msedge.exe	82
PID 3056 wrote to memory of 588	3056	msedge.exe	82
PID 3056 wrote to memory of 588	3056	msedge.exe	82
PID 3056 wrote to memory of 588	3056	msedge.exe	82
PID 3056 wrote to memory of 588	3056	msedge.exe	82
PID 3056 wrote to memory of 588	3056	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://csfloat.com
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc19bb3cb8,0x7ffc19bb3cc8,0x7ffc19bb3cd8
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,6719251767371251201,15143522672110566035,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,6719251767371251201,15143522672110566035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,6719251767371251201,15143522672110566035,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6719251767371251201,15143522672110566035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6719251767371251201,15143522672110566035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6719251767371251201,15143522672110566035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6719251767371251201,15143522672110566035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,6719251767371251201,15143522672110566035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6719251767371251201,15143522672110566035,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6719251767371251201,15143522672110566035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6719251767371251201,15143522672110566035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6719251767371251201,15143522672110566035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6719251767371251201,15143522672110566035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6719251767371251201,15143522672110566035,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,6719251767371251201,15143522672110566035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6719251767371251201,15143522672110566035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6719251767371251201,15143522672110566035,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6719251767371251201,15143522672110566035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6719251767371251201,15143522672110566035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6719251767371251201,15143522672110566035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6719251767371251201,15143522672110566035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6719251767371251201,15143522672110566035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6719251767371251201,15143522672110566035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6719251767371251201,15143522672110566035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6719251767371251201,15143522672110566035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1888,6719251767371251201,15143522672110566035,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6568 /prefetch:8
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6719251767371251201,15143522672110566035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6719251767371251201,15143522672110566035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1888,6719251767371251201,15143522672110566035,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7072 /prefetch:8
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,6719251767371251201,15143522672110566035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2788

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2824

C:\Users\Admin\Downloads\SteamSetup (1).exe
"C:\Users\Admin\Downloads\SteamSetup (1).exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1428
- C:\Program Files (x86)\Steam\bin\steamservice.exe
  "C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:1852

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:4688
- C:\Program Files (x86)\Steam\steam.exe
  "C:\Program Files (x86)\Steam\steam.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies registry class
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:11520
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=11520" "-buildid=1733265492" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:11572
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1733265492 --initial-client-data=0x298,0x29c,0x2a0,0x294,0x2a4,0x7ffc149caf00,0x7ffc149caf0c,0x7ffc149caf18
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:11612
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1560,i,3494504990182069682,3493746382294026390,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1564 --mojo-platform-channel-handle=1552 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:12224
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2156,i,3494504990182069682,3493746382294026390,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2160 --mojo-platform-channel-handle=2152 /prefetch:11
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:13288
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2744,i,3494504990182069682,3493746382294026390,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2748 --mojo-platform-channel-handle=2740 /prefetch:13
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:13708
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,3494504990182069682,3493746382294026390,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3108 --mojo-platform-channel-handle=3100 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:16200
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=1976,i,3494504990182069682,3493746382294026390,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3672 --mojo-platform-channel-handle=1980 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5492
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3636,i,3494504990182069682,3493746382294026390,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3656 --mojo-platform-channel-handle=3652 /prefetch:10
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:21456
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3784,i,3494504990182069682,3493746382294026390,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3780 --mojo-platform-channel-handle=3796 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:4536
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4044,i,3494504990182069682,3493746382294026390,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4048 --mojo-platform-channel-handle=4040 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:13660
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4372,i,3494504990182069682,3493746382294026390,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4440 --mojo-platform-channel-handle=4140 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:22412
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4040,i,3494504990182069682,3493746382294026390,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3588 --mojo-platform-channel-handle=4036 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:7912
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4020,i,3494504990182069682,3493746382294026390,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4108 --mojo-platform-channel-handle=4076 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:7928
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4484,i,3494504990182069682,3493746382294026390,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4468 --mojo-platform-channel-handle=4480 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:9620
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4316,i,3494504990182069682,3493746382294026390,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4596 --mojo-platform-channel-handle=4376 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:9632
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=4616,i,3494504990182069682,3493746382294026390,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4588 --mojo-platform-channel-handle=3848 /prefetch:12
      4⤵
      Executes dropped EXE
      PID:12984
- - C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:13564
- - C:\Program Files (x86)\Steam\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:16452
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:16516
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:16592
- - C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe
    "C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Suspicious behavior: GetForegroundWindowSpam
    PID:15304
  - - C:\ProgramData\PopCap Games\PlantsVsZombies\popcapgame1.exe
      "C:\ProgramData\PopCap Games\PlantsVsZombies\popcapgame1.exe" -changedir="C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Checks processor information in registry
      Suspicious behavior: GetForegroundWindowSpam
      PID:15344
- - C:\Program Files (x86)\Steam\GameOverlayUI.exe
    "C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 15344 -steampid 11520 -manuallyclearframes 0 -gameid 3590
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Suspicious behavior: GetForegroundWindowSpam
    PID:15544
- - C:\Program Files (x86)\Steam\GameOverlayUI.exe
    "C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 15344 -steampid 11520 -manuallyclearframes 0 -gameid 3590
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:15776
- - C:\Program Files (x86)\Steam\GameOverlayUI.exe
    "C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 15344 -steampid 11520 -manuallyclearframes 0 -gameid 3590
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:17180
- - C:\Program Files (x86)\Steam\GameOverlayUI.exe
    "C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 15344 -steampid 11520 -manuallyclearframes 0 -gameid 3590
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:17448
- - C:\Program Files (x86)\Steam\GameOverlayUI.exe
    "C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 15344 -steampid 11520 -manuallyclearframes 0 -gameid 3590
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:17764
- - C:\Program Files (x86)\Steam\GameOverlayUI.exe
    "C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 15344 -steampid 11520 -manuallyclearframes 0 -gameid 3590
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:18272
- - C:\Program Files (x86)\Steam\GameOverlayUI.exe
    "C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 15344 -steampid 11520 -manuallyclearframes 0 -gameid 3590
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5248
- - C:\Program Files (x86)\Steam\GameOverlayUI.exe
    "C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 15344 -steampid 11520 -manuallyclearframes 0 -gameid 3590
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:18464

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004C8
1⤵
PID:13500

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:15596

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
PID:15836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\appcache\librarycache\1161040_icon.jpg

Filesize
638B

MD5
7ecdaf8a54ec52b20640a88527512903

SHA1
3133a4d748ad3be61fe9db759339cd5de73339b5

SHA256
7bd8b75aec0a4d4a377f3ca3a023fd8b7c5fc7dc6a2a66d17f8cdfe5b731ab0c

SHA512
60ae2031eed0c38264f0d8db22a9b6efeb3f80c791e916e15a1730853162d56e0da014dbd93a5479bae4f3bdd5705ca89be70c90574a524abd1c276ed5c55a2d

Download Submit
C:\Program Files (x86)\Steam\appcache\librarycache\420_icon.jpg

Filesize
1KB

MD5
bc8e0853c9d9fe19fab799d6e066237a

SHA1
795e85364189511f4990861b578084deef086cb1

SHA256
42cbbbaaf4d0d3cc0cfb151a9e8098a573cf98456a96c7bc9de29a8af68e4a55

SHA512
302b8cd3df3be85b128b85c5196a85751fdd2bda3bcbacf7e0002ce97302ae98296e0a6ff32cde1dcd998a3a9bc9fecd62a2c7d61bedf8c60dbc14ff9c52768e

Download Submit
C:\Program Files (x86)\Steam\bin\SteamService.exe

Filesize
2.5MB

MD5
ba0ea9249da4ab8f62432617489ae5a6

SHA1
d8873c5dcb6e128c39cf0c423b502821343659a7

SHA256
ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d

SHA512
52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
19KB

MD5
ed6bfb6eb3fe5981f08d930170a40031

SHA1
bb7ac74358d466945393a7c0342a1929811759fd

SHA256
bd28b154baa54ab856f3ff8b3d52aed4c262c0c1ca17c1a4c162d30fa241570f

SHA512
b1308b5d97002e75bde8586b14b65eab5bfa711d193cc91a717dddc60397952abb6663a0f5272e58dc48bf9122f5ed6d1fb059651f3c22cc3406b1f9b364daff

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
18KB

MD5
d14fdbe4c8b771b807502b98e796c61f

SHA1
8891957257c63563d2b6e11cb2e532e3c1c4d1f9

SHA256
fa60c19563d10dbe01e5734567df09d3c8e8345b86ee3f8ea6fb6ebec9180b40

SHA512
c1b6e6bb5aca977f672eb7196218748cc84ca3f016adc39400cd12c7b8e8831f858bca9647059ff1009f74c4dac8c4c36362c13b84fc343f7deb23eeefa3e9f9

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
22KB

MD5
db0099da06046f1eee43883c993285fb

SHA1
a1627e5202c18791d26d929df215bf33a0fc3b40

SHA256
75c884a1b114f1ccd89b125a17d3ac66609c5621df2261ec9ea2e9d903a954a4

SHA512
2c2930aed98af999322d1ea770418d63b116fe12b870be4fdd3c9fd5a870700989fbbd520bd54b5420b49c86a4fa779d6617a5553bcb3ad9005b9741f8efebb6

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
23KB

MD5
a3ce256989a0a8edf3c9221fb5ee1c2f

SHA1
4f3196d1698e7b2887cd8011ae147782665d66b6

SHA256
d206335a9772d2edfc844509ea7e79e9f23693efb77e880383bebf749aa26b5a

SHA512
d7be9a21bfff0263466b20001bcec1a11f66139fc7dbaaf680603ed17b18e3d6eb53593a4211a30c14fb5b5585394e67cb55f90a61929ac5593042e7ec5e96d3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf.async11520.tmp

Filesize
11KB

MD5
ad7afc49d62baffeec4c6ef301bf6339

SHA1
0d5acfa4d869ad43be358843519b98b2c1c2c5a5

SHA256
f57e55e660f74fd9436a10ced75c879cc4e80450bd9811ca08ed403eb859927a

SHA512
7e7be78e9684450c4e39a01081f392415770179f65e191839d817b86653622763dc0653266e0c9fc29046c15639e8832c66097fa27c2079a9bd939f03a3085e2

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf~RFe5a8f41.TMP

Filesize
184B

MD5
3cdebc58a05cdd75f14e64fb0d971370

SHA1
edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe

SHA256
661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7

SHA512
289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

Filesize
4KB

MD5
0340d1a0bbdb8f3017d2326f4e351e0a

SHA1
90d078e9f732794db5b0ffeb781a1f2ed2966139

SHA256
0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544

SHA512
9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

Filesize
6KB

MD5
4c81277a127e3d65fb5065f518ffe9c2

SHA1
253264b9b56e5bac0714d5be6cade09ae74c2a3a

SHA256
76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9

SHA512
be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

Filesize
4KB

MD5
2158881817b9163bf0fd4724d549aed4

SHA1
c500f2e8f47a11129114ee4f19524aee8fecc502

SHA256
650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7

SHA512
f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

Filesize
4KB

MD5
03b664bd98485425c21cdf83bc358703

SHA1
0a31dcfeb1957e0b00b87c2305400d004a9a5bdb

SHA256
fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115

SHA512
4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

Filesize
4KB

MD5
31a29061e51e245f74bb26d103c666ad

SHA1
271e26240db3ba0dcffc10866ccfcfa1c33cf1cc

SHA256
56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192

SHA512
f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

Filesize
4KB

MD5
da6cd2483ad8a21e8356e63d036df55b

SHA1
0e808a400facec559e6fbab960a7bdfaab4c6b04

SHA256
ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6

SHA512
06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

Filesize
4KB

MD5
9e62fc923c65bfc3f40aaf6ec4fd1010

SHA1
8f76faff18bd64696683c2a7a04d16aac1ef7e61

SHA256
8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7

SHA512
c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

Filesize
4KB

MD5
10c429eb58b4274af6b6ef08f376d46c

SHA1
af1e049ddb9f875c609b0f9a38651fc1867b50d3

SHA256
a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13

SHA512
d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

Filesize
4KB

MD5
5c026fd6072a7c5cf31c75818cddedec

SHA1
341aa1df1d034e6f0a7dff88d37c9f11a716cae6

SHA256
0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382

SHA512
f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

Filesize
6KB

MD5
189ba063d1481528cbd6e0c4afc3abaa

SHA1
40bdd169fcc59928c69eea74fd7e057096b33092

SHA256
c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695

SHA512
ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

Filesize
4KB

MD5
18aaaf5ffcdd21b1b34291e812d83063

SHA1
aa9c7ae8d51e947582db493f0fd1d9941880429f

SHA256
1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5

SHA512
4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

Filesize
4KB

MD5
1514d082b672b372cdfb8dd85c3437f1

SHA1
336a01192edb76ae6501d6974b3b6f0c05ea223a

SHA256
3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4

SHA512
4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

Filesize
4KB

MD5
8958371646901eac40807eeb2f346382

SHA1
55fb07b48a3e354f7556d7edb75144635a850903

SHA256
b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585

SHA512
14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

Filesize
5KB

MD5
7e1d15fc9ba66a868c5c6cb1c2822f83

SHA1
bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7

SHA256
fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265

SHA512
0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

Filesize
4KB

MD5
202b825d0ef72096b82db255c4e747fa

SHA1
3a3265e5bbaa1d1b774195a3858f29cea75c9e75

SHA256
3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314

SHA512
e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

Filesize
4KB

MD5
7913f3f33839e3af9e10455df69866c2

SHA1
15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25

SHA256
05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c

SHA512
534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

Filesize
4KB

MD5
58e0fcbee3cca4ef61b97928cfe89535

SHA1
1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b

SHA256
c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425

SHA512
99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

Filesize
4KB

MD5
9b0b0e82f753cc115d87c7199885ad1b

SHA1
5743a4ab58684c1f154f84895d87f000b4e98021

SHA256
0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32

SHA512
b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt

Filesize
4KB

MD5
eb8926608c5933f05a3f0090e551b15d

SHA1
a1012904d440c0e74dad336eac8793ac110f78f8

SHA256
2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04

SHA512
9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt

Filesize
4KB

MD5
6367f43ea3780c4ee166454f5936b1a8

SHA1
027a2c24c8320458c49cd78053f586cb4d94ee6f

SHA256
f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998

SHA512
31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt

Filesize
6KB

MD5
e04ad6c236b6c61fc53e2cb57ced87e8

SHA1
e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4

SHA256
08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e

SHA512
0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

Download Submit
C:\Program Files (x86)\Steam\resource\filter_banned_english_cached.txt

Filesize
1KB

MD5
b5c7155c5a5e1cad4fb05150bcd83603

SHA1
24b26d237532e42a01d2a4011752ad73d3f981fe

SHA256
288136aabf56ea489ddea87b6c57c6a381bf3691bfd116f2d1c784e151c58ecd

SHA512
e8e501d95f9a93a0a482309ee20799c18b9f8231fbc75c50333fdce9e36d51855bc438b95e1c4cde319e1f09961a04aebf545c69cc719b5637e624332f7658e9

Download Submit
C:\Program Files (x86)\Steam\resource\filter_banned_english_cached_timestamp.txt

Filesize
29B

MD5
8fba30400c0bcd5f3e4cd14589e3e966

SHA1
a07e7c6e108785d59a2e3c9347ea44423f24fa7c

SHA256
f4afe0e5b03d4b73250eb76c67b7d00785f60ed787f5deb4fa6e3ac5e49cf341

SHA512
e32f1d43387b898f61121bd103f8e39b08ab97d5e1f4ba3954f4b9a79b636b88d844d56fcab6d4488aa68eb61d9b84c5b9b4fbfaf0b7f494f8a3552f2d98f633

Download Submit
C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached.txt

Filesize
2KB

MD5
eaaedcdd5dac941acb3a040fccd8c088

SHA1
89fb57e51a89424894973fa7654d88dfbddf1aba

SHA256
33bebab0b6f01f08fd007d22ee3b934f1570d2c8b00926abef166e8a03a40618

SHA512
e431eda71e9bffb0bc2962d9c0d8b4d8c4f8ae9129b838a98b6808dfa3f61820e15207ac0478e87c7992a6b833ad89453b8f36b9be04ccf0b9e3439a51abe889

Download Submit
C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached_timestamp.txt

Filesize
29B

MD5
759db5693fff85bfe4fcca652c56a5b2

SHA1
a9cd03cff9a2c3e542d70221f7026960754e7377

SHA256
650be6afdecb5343a13d7ac1d6582edfb583550ff59030f335a462378c0625e8

SHA512
8ff8348bca1003ebde1bdb316ac26a3ea7a1bf0122b69686a978b850798ab1e7a9ba9544dbe62397e70ec298c05eea92bca63a4045f7e4befb4f5770129c8797

Download Submit
C:\Program Files (x86)\Steam\steamapps\appmanifest_3590.acf

Filesize
680B

MD5
854a83c8c567e8ff8ac2076ceb9c72da

SHA1
aca92841326c78f513518b31be49ec49f9b816aa

SHA256
53426f3632c8afda047adb9be14dd80da34ff59f5171712af17af0fcf924be74

SHA512
acc0a500ed21f4a5daa4492db8187b47cd6deea26a359ac1e151039ca3c5958703271f41c686f5cc7e06182e4dc1efa23d5a7be31338bd33556504d9bf3981e5

Download Submit
C:\Program Files (x86)\Steam\steamapps\appmanifest_3590.acf

Filesize
820B

MD5
51106e2a8f49bceffb48f41e0e7cf04a

SHA1
b1584535f7bbd80d844e9671644a9aa4e4a4d5da

SHA256
7e8291e550124156b2751ec1a40c42d845eeb444bed8b6abb327926fa4d5c880

SHA512
f320a8cf94ba546a032f4fb4bf38ccee37f9ad17972954543a2449d629195f3d4d7308bcdf333c2a0b38a0d3f3ac1e5dd328a9fa2b1d3d09af976109fa7a4f0f

Download Submit
C:\Program Files (x86)\Steam\steamapps\appmanifest_3590.acf

Filesize
811B

MD5
193fd7f95c689772510b9a2921ad2f74

SHA1
2733f9136e147d28770c7f56eeb55a5d572ad32d

SHA256
e18b7511e8c8f8c1a09a06e6e78fd879260c96a54524240f16159e930f82f8c9

SHA512
f1e7b6a4dd8fd2a4b040134e2a5e7bc7576b732280631275ca73e60c35de548a9dccfc815e87549206c898700ab82fe172f630f2b25b3a6f18f8d7aac3f504b5

Download Submit
C:\Program Files (x86)\Steam\steamapps\appmanifest_3590.acf~RFe5e5bf9.TMP

Filesize
659B

MD5
c604e73d9df41f5974255dd41280898b

SHA1
4bea8d9d103e730f153c94da4a8548b11d420d26

SHA256
c1c1d4150e206f9fdc2c59f18de77fde1ec3f5e6fc433f02287b28c2f38d3438

SHA512
51436b082cb2b122983d88dd5f675a8ad10fb6f70eac5497208f9c09a11a0de39a1f484e3476f1bafc215fae03a1fa9e8085111902f2be0c7f078c6d7a639415

Download Submit
C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe

Filesize
5.1MB

MD5
c79e7580fcff978afab35caeacbf3ba6

SHA1
2316559c129882a74eb5fcd66de56588d8c45e1e

SHA256
868f8e2bab0d6a7ef8afc4c5960c608eccef82bd086bd6e0c0e2670199a5ca45

SHA512
21daf1f05bdb18d6a52fd9fba4d6d8a21b37bddacb9dfc0fd9de539e9ea71031a22252501da5f969c97fbd5727aaadd9fdcd804cc693a8856fdc313894f5be75

Download Submit
C:\Program Files (x86)\Steam\steamapps\downloading\3590\drm\custom\images\bullet1.jpg

Filesize
4KB

MD5
26e188cc0cb9c995e2c73ada142cdfde

SHA1
089024b112d3fcbc147abc2df25e92ff1630cc70

SHA256
6aaafd277264cd1f395e1212c458159cfa1ae8cdd27ea786f4bf194e11dbd4e5

SHA512
4bf9cdca5677a4446378935a4778cffc34484db72c7e676047023b47e0d149f6b9667ba19202158904b45d55fa5163c33fd89ed1720ee53c31a058c5084165af

Download Submit
C:\Program Files (x86)\Steam\steamapps\libraryfolders.vdf

Filesize
231B

MD5
33d3fe0801ea6bc8d5c92d5bc12a8105

SHA1
deab4ead0532849c1b552cfe2e4fc724daf13c78

SHA256
6a97d17443e8546dd1c8902505f4a511c228f4a0d2b738d356d980ba5d1b7917

SHA512
0658c73c4dcc1a091cfee05233a49ab23d557132865fc73edbac61c98ca7d25f91c3715e89baa263c98629214680fc0355ec815390a966389b6f97b6b3411b69

Download Submit
C:\Program Files (x86)\Steam\steamapps\libraryfolders.vdf

Filesize
262B

MD5
c855edf5279c4b99833f1fa3eb272bcd

SHA1
0c705ebedb01458a1de3cf93631c3459b3188d0c

SHA256
2034b92facc65f03ee2129cbabc8174acb55e1ea2467d5ae43365e04bff092f8

SHA512
f49df0189ff6448f8c1198a3a8615023c34440a4b66ecd471cd8ff353881ecaefc6bbae392ace66ef5218ea97290799e1c11bd658279d8f34ad43c217820f4e6

Download Submit
C:\Program Files (x86)\Steam\userdata\996293921\7\remote\serverbrowser_hist.vdf

Filesize
3KB

MD5
32d90963b4d7b8a6135d71fa4d416ee7

SHA1
39237a2cee316073256444c174370ae64e4ed87a

SHA256
db6eb35b775078f261c2061fbe2dc60e6289672fe4aa8ee4c3521c6fbe4a79c7

SHA512
78262e8b0ba6b9bd2bd6c1485047790cc401c3bc3efb83a6d945f141b5e965326b9013965e0cbf3566a71504edd7b0c6e8685cc1725e3f8fb45e9e247e80419a

Download Submit
C:\Program Files (x86)\Steam\userdata\996293921\7\remote\sharedconfig.vdf

Filesize
164B

MD5
b0f83f7fa83be9f13006982393a0bd83

SHA1
eb2b942b2ecb38e5f99372cb2bd67ee7fe32ed47

SHA256
e8b94ff22034c3f2730029a49e953a58b69d7ee4ec9f2b3cfe2cbf1f3bc29ae3

SHA512
1d93cb6b548106b9fedffaadfb95bc7e7fa39c4a7ee17422d326b6adf82fc1aa9ec569c0e26a99407f8876672634ddf57ff0fcef9de5b2ba0361f4a8363a7869

Download Submit
C:\Program Files (x86)\Steam\userdata\996293921\7\remote\sharedconfig.vdf

Filesize
230B

MD5
ecdd70e5f411c6a9da4c302f3cd476ed

SHA1
b2b85a8a953924c7f85be1ae48157e6719028e01

SHA256
0308e98823c3a209f1b7c6103d2812ed886664d3425b37d4bb752a369625b3a4

SHA512
6271d63600428f75492b38f00feebb93f0038b46195c4e652545d6c891dc75b6d62b9d4a370355e5aec5edf5d45343a5b5358aa817ccee343aefab88390dd065

Download Submit
C:\Program Files (x86)\Steam\userdata\996293921\config\librarycache\2371090.json

Filesize
126B

MD5
5216ef382c2d09e344ae46f2c073acab

SHA1
91040770b2b51d00e6b7c32a37315eef249a55bd

SHA256
2200afe5bd5dccc0cfe9d34b29eedc49014dd673e5b9b2d1797e3f52a14b5617

SHA512
0a5bc2a98fec77d33e0aca0934d547746883d5ce2b6cfe23e36dc9afe5fbd51dfe12d955213cd0123b4ca004e225182bea6722d0870ea65ba5a808756e893f7a

Download Submit
C:\Program Files (x86)\Steam\userdata\996293921\config\librarycache\3590.json

Filesize
4KB

MD5
0a81f0b0fdfeaa7d181e2c3709cb5922

SHA1
4aa1cf6e9ee3e60afb0b6aad90ce3e3b5bda9d72

SHA256
3b53755d546f19c1b84c2dc44d7759b392c254b3ff8f3de3388a3d6d6bec5428

SHA512
615618c03d3e63b24f10888df40a3ee0eeb9f89aaf67a678c071929b4a758e3518c08a224859a90c0454244d8203e56f01679c56758e9382e5e37796e2ffe9f3

Download Submit
C:\Program Files (x86)\Steam\userdata\996293921\config\licensecache

Filesize
2KB

MD5
1e8f10c6eb5f365ac9b1a2bd1979b6fd

SHA1
a8c9e0014d33d712295227e5098fae4bc8dd6cda

SHA256
cc52d9659df300fba9a01517df9df5b1cfb7348169385c0900d599375d7f6bd5

SHA512
f3df457bfaaee88563f7647efb05963865c0cdf67a1a0f9c33f6c2ad5da5526ce8d23674cb36838c730ef6d5bbe3111ddd3c2df14154a2469ec158ef80f2b1a7

Download Submit
C:\Program Files (x86)\Steam\userdata\996293921\config\licensecache~RFe5d8fbf.TMP

Filesize
4KB

MD5
3bf9bb5f8958306d9bd5fb743b5388c6

SHA1
f493d92a9077a725cdc11fc120d82ed55e8fde1b

SHA256
3f42d9a7d3afc435fd7c37b25ddd11ede7bb8c6676d48d451196c3542ffbb465

SHA512
7b489a6f9aff2921d9591de5f768af2149ecb47df6802e3a2974e66593164d519008dd7825c8c6ecab9b6f8b03de798ba05d8be52c18574e9f1962bfba0979c4

Download Submit
C:\Program Files (x86)\Steam\userdata\996293921\config\localconfig.vdf

Filesize
3KB

MD5
3febc7ec862981a6e0739957d1677c27

SHA1
0dafe179c4e56a0fb12e04331c38e654aa5acf65

SHA256
9b6c19ca91920e1e80d9a982e0a6bfb66b0e26304d9b34bb8b52ec5341298ee8

SHA512
6ed99b3c3f09f1a1770ec7591be466f161c8a7d8d9db44cd5f1d5735c5400738244ed452277cd32fa6a0608fe9762b6685e3062d8a689528af8cb7adef46b936

Download Submit
C:\Program Files (x86)\Steam\userdata\996293921\config\localconfig.vdf

Filesize
4KB

MD5
850b4645d74bf9317a125007f6746b51

SHA1
eb4b030227572e43fb6379a90c094c2ede87e705

SHA256
3edfbfb03265f6995fe3f75488a25316b139ade226d59d3a7899824ee0d37d19

SHA512
278c3aa941512a650572afe498758c100f33943b94339a703ebe0c0d70cb7d3dbc60c88a08644dee8b74761775a4d895d328a9182903bcfc4224fa4bfacbbc90

Download Submit
C:\Program Files (x86)\Steam\userdata\996293921\config\localconfig.vdf

Filesize
30KB

MD5
fb67c8337bc1118a20d8ba5c123dbbcd

SHA1
d37d4ca36385125707c90c542e60dc3bc7af497e

SHA256
3795d0598704ef2d5ec03c0e92e0520a2744c2e4af18f753f57218b0e085a986

SHA512
4f8962a0482d8b8ac207f22363f1af20240a684c3c0d547d3ed3bc28688232d8c518520cfc8f87f84961646dd1cee9f1a0c6b90a9aba1d7cb18b885da3cb7b1c

Download Submit
C:\Program Files (x86)\Steam\userdata\996293921\config\localconfig.vdf

Filesize
3KB

MD5
7fced2c885d4ffa721cda2913d97fbac

SHA1
896d1b7b328715705b109ef3b0c3a5776bb30ba6

SHA256
ab966c0dc7c5224a1592bdf3d1319b87983581f2dab6463d6c15b256cc56ad47

SHA512
46e488bfd273d456d540a013b79d035d3355cec1468ebd2d657d1839a091c62e0e863109d280d13cd430b560f0211d5cae6d2b56a51e6e82e813f13768775a4a

Download Submit
C:\Program Files (x86)\Steam\userdata\996293921\config\localconfig.vdf~RFe5d91b3.TMP

Filesize
1KB

MD5
b465aee6fd5ff06195e4b85321c5193d

SHA1
1db72cf5ee24c11ac8a37dce729b771e7217096b

SHA256
0942eeffa84316335a000ced8cb2f89d951b31c3362bd0cbbf9b70f50bcc43bd

SHA512
fef588eca57a869526b6a22f16861c3681f2fa67a6cc402c6ae264118f389e11995467b31034293494d37475a1aca36ea3dfeab6c5bbc0c9993fe19682527297

Download Submit
C:\ProgramData\Steam\PlantsVsZombies\userdata\game1_0.dat

Filesize
95KB

MD5
0f2803db96b9490b8b73fbe29aafebe1

SHA1
563edf51bfdf291447cf58cc970e084e9113aded

SHA256
d7607e2a80f4016c57fb7940aca6e2aa66f8c27c0d0bb48575e0eef5f421b545

SHA512
548cd553430e91beb98088271857c60d80daf5200bf0497a0dab7cd59cec7e633bdfaea7b1a9ba0b421a02f58dfe4a9e2fbb7c741aa141be52c6825aadb0e4d8

Download Submit
C:\ProgramData\Steam\PlantsVsZombies\userdata\user1.dat

Filesize
888B

MD5
f854f825bfe4120a4cb7d88cad5fb172

SHA1
7c44a6dee7eac47b948c2023538fe0a0b5fb4f9f

SHA256
482a391925a396265d78b62065827a29f2d561a2e6bfccf5b6910d0ae5cee05f

SHA512
dddb1d9c9821d4fdc7b39ccaa6a211f8b3622a1d8486326f4eab3ecc03e888f100c5813bd71db776f616cc8180e01e014619d7adc21e15463b3273054838b7db

Download Submit
C:\ProgramData\Steam\PlantsVsZombies\userdata\user2.dat

Filesize
960B

MD5
dff9b3efce07f4bd7bbffad498ade49e

SHA1
867e62642aa7cdc3400046ab6526cf0e96d193b1

SHA256
58f50a6f9b75df952620d884ed5f74af1be28ac540014d820bd9e61e8ba3e8b8

SHA512
b9d6ce29428fdce6b1fc23b1b654e8dce82979075e9fa5b051707f374b889f119c7ad21b9024d41543b53eaf83bfa36e1e13f8bf62e248094d5c732e93f09125

Download Submit
C:\ProgramData\Steam\PlantsVsZombies\userdata\users.dat

Filesize
36B

MD5
db08598aacdc539ccd351de43db5b90f

SHA1
7207f1a1aa0f03a1bc6c58458c4f65bb79b82b65

SHA256
d4c24ffe8fde6b8fe7bb85ec03c036816f12857e47146cf6b37910d94864ceb4

SHA512
1ead383dc251658758dfd0386515ed83041e473d828db4364d4e78ffa33d6a03a3a4dbe1e2c598c55a11ff5cf43c1d37507fdd8762a2b57d78d591213965bf53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdee96b970080ef7f5bfa5964075575e

SHA1
2c821998dc2674d291bfa83a4df46814f0c29ab4

SHA256
a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

SHA512
20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46e6ad711a84b5dc7b30b75297d64875

SHA1
8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

SHA256
77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

SHA512
8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5b3b6ed98d6c2b427de99c38e0fda776

SHA1
9aea43f07dbb1292b79b0cca790e16472ff029bf

SHA256
ad419521bda4bcebf22065467f7b7d22a978b60246b6e178a20bd6013142fc9e

SHA512
85720dcad80f227403231a6e25cb8b9897f4fab01b6d88b9c47111a5bbc0e82e348c51938d869e0a00771b9a7a630083abad838e6234ff80e37f638e44298284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
37c4cc3f5d1f254d6f7a13f37a29abf2

SHA1
c7138950e7257dffbbc06560c003a2a523e71e4f

SHA256
7786353780c4e6af4a3384a8ecb82fa1dbcaa9a2ab4acbbf40045aeee1c1994f

SHA512
e0b125fb2d6ace19251532db34231ab76731e03c883953e6de404392a46a838b16cff50a7be837dbc83aa4cd327a754d4a1a3d3fed0addd08626041fb8be09bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
41ed9a3c311b76cc23be5fa5c0159e0a

SHA1
bdf1ec9eb64d24ee15f77ecd239b7e5598056feb

SHA256
d31680e2061ab470b4e446b66f894e43db5631289e4b13ece17d17eefd7e11b2

SHA512
4c43c2f8aa7f4c0dfa95d74714d229dc652cac4eea32a8b551aeb51f8ad60a249113cf3001e861e035bf3a58d122f2ae1f8ba4715bd4e71d579acf8171f02d1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9b774a17904c610d2b4e1f935cbb1a9f

SHA1
7832170608131be6a2b3b6b302c76905ddda25ee

SHA256
73721924a67670a72103c3bf7d0410149aac7471ec05498bcea2c110ebd5b23c

SHA512
e9f1e65253e9150687f4bafc383840fcc781ec043d7d4c117dec7cfe442773de72f470f62816f4dc193fdad5a61a51048cb334d2ecc0a9fb0babb17dbf6d86ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
004fb12782262021e11790c98f34014f

SHA1
42b7f34d99e1efe2d27b5eaf70dacb8a660e6463

SHA256
b778b03397b7a17242c3b07e699a4b00d2c8d68686d0aac4fcde7defd3e1bcf9

SHA512
48eed359005ecc4915762a3fbcef6e2f088e11633f36b428dd3ccdd5d812e14c8a541f08b1bc0eaa0824cb63722897597feec3f92f0840e2b819b8d7ee4f91f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f070a2a72989e60e4e5717fdc311d575

SHA1
f710fa1fa48b0f4ce9d0999668cb7305d42a43f4

SHA256
b045ba8da2e7b2739b459341299dd14865a2a40e27388bb3d047cd5538e5ffe0

SHA512
21b30d2eed5308d8542fdb10f69cabd924be5a6962ff643f13ff36ef67348efc0632e9bddecd19bf4b7f4c5fdd9fdb0988de4f00b2831976158809d10257f518

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
991d3681d4f3c955c66b38532dd0258c

SHA1
ed4116c88424747ecb4cdf8fb9abc3a139e29ebe

SHA256
ed3c2b6d8f5990e10eccbd093c0674ce72b8c81ed84b586a2d1229fe17d1353c

SHA512
b552f0b10b55567e412450157304be7d3b0a88750ba147486dd84594cf2a71a198a47f83cdc88bc4b0139f6deb8f4effcf28425b0ce015f3ac9901d9ac372b61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
602db1b79f3e9e94c49bd1812b61ee18

SHA1
8fa057f49a7cf7da214676e4a04b256d114c0398

SHA256
2873f79b660ea211f7b83431b29fa58bcd01908daaea17543ff9b200d1a21f1f

SHA512
5f15fcf928adc9481b542dd81ab5b827b78782fc95b13cb536d0b7efe0b64d1cb2eef3e2b835a6b0dd8366232ad0e227492509c1a1b21b87d8bdddfe1b2bf1f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ece5bda06e36803ef01c12c684cfcf1e

SHA1
c7a00bc2bd1920fdf34518e4d1519e57e93c4726

SHA256
c0c2301065b50fa8fc2c35f6083588e0d4c6d43478d22aab26589a72f8bc4318

SHA512
d4f1791fe55270aaccdf31efa9b2229a1ebdcab1ab9fbe3d369ce525db388e4794ce3a88e890cd4734099243e8384ec14bd94405fae6fdcce5fbac7acaa603b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\85ba260ff6192e0392ee5b204fe16fa6bcba0758\e58777dd-d986-4b21-a0b2-5c3d52bd95b5\index-dir\the-real-index

Filesize
600B

MD5
5058aa0b3f8d5b695e89262eb5127392

SHA1
a79486b9b56538039b10307624e06c1a9abac402

SHA256
58f74a5d10db8dfcbcbae931c8bc1241e80d657a849003e11d7b5dc5f3635cee

SHA512
41e60e565cef91bbed30fa2165a56d453129d97d9dda95ff1bec7038e66194baf2d689f84e725bd36c32274e63f175440fe717aefab81c0764dc23b69d55d70f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\85ba260ff6192e0392ee5b204fe16fa6bcba0758\e58777dd-d986-4b21-a0b2-5c3d52bd95b5\index-dir\the-real-index~RFe57e5fb.TMP

Filesize
48B

MD5
0dcc8f5743d4923a09bdf27084eb6e62

SHA1
6277ad569d21c3e8022098796b3751d667e265dc

SHA256
01f77adcc6153004904fd6d1dd03ae140e60d00c1274b02aa76936607192d049

SHA512
ccf357761dd81cf5e1f58e9b3ea4f7551d8a628b037c4e2b59cc30d73aa0ea61d13ab11bd90eb3d265b6bb43f8ef69df6d9ed8479d30cee66fc4bce31e6ba467

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\85ba260ff6192e0392ee5b204fe16fa6bcba0758\e7d3bf82-7472-46cb-9d33-5aa4fa3fb6f2\fd5f4a6ef4151e16_0

Filesize
48KB

MD5
990985708ef00a97792b219862fb3c42

SHA1
b24375683c4fa806e050a3dcd9607603fe6a09fe

SHA256
7ad93e009b8f074b810250bf69612ce0ea1cf11e73dd93897110ca6d89d70f1b

SHA512
854bf375dad8c40918e7c06f638a742047b6388ff0e3abaddc94d697be337ae6e829d12f161d40b770e5873888371e0bf90c3e11f50658b7bad3771c9f7fb83e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\85ba260ff6192e0392ee5b204fe16fa6bcba0758\e7d3bf82-7472-46cb-9d33-5aa4fa3fb6f2\index-dir\the-real-index

Filesize
120B

MD5
3e38e4bbb700ce3eefde64fdfa379526

SHA1
167cdac803ac0d06f1abe2e9c4f94827359080c0

SHA256
d4d6d9e10b18b250a2d5b8083684ae507b3e5e96ed0818360bdabb75865c0aee

SHA512
7f71fadfb6b55bbb99a2acc72ea1238ba199a2899f110a15f507ab6f17d6a19fa7e71d6f7cd7b66362eb5488e788c3a6c3a0b1807719e4f6c0009e0993ae61e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\85ba260ff6192e0392ee5b204fe16fa6bcba0758\e7d3bf82-7472-46cb-9d33-5aa4fa3fb6f2\index-dir\the-real-index~RFe57ded7.TMP

Filesize
48B

MD5
96e20b82e5e45991aff8e03d9f80b76b

SHA1
9ddc1746109bfb3f637998ca040bcca7724f8929

SHA256
fda39df0380ca51a285af97177c57ccef612889364c3b9addd3db222fed76d60

SHA512
b5696241e4c3c5dc463dd4d0c033f8402846ab1f34394bb6a2fcd7d7e2f2d48831ca2dbea68623b1d17866eb7ba460933bb482c902d39eb1fe405010ff84c458

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\85ba260ff6192e0392ee5b204fe16fa6bcba0758\efdc7a7e-8ca5-4ea4-98ce-3b6ddef2f3d9\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\85ba260ff6192e0392ee5b204fe16fa6bcba0758\efdc7a7e-8ca5-4ea4-98ce-3b6ddef2f3d9\index-dir\the-real-index

Filesize
72B

MD5
20f50b517be9e766b12db8eb1d58f5a9

SHA1
a01081c21b88a298c7f4585ce050c1569dd374ec

SHA256
b9863b8d808a004edd7cbe7e7c306e91196c9f5a6efea63f5b0962ae186994bc

SHA512
278fe3778098f56115dd3bb3dd1a8e992ee13ba4e1f85defcff0f03a6a6a70c78756b29e2f8ac8777f91994c57fb3e345404977adc53419ce96d1f4a4c382d71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\85ba260ff6192e0392ee5b204fe16fa6bcba0758\efdc7a7e-8ca5-4ea4-98ce-3b6ddef2f3d9\index-dir\the-real-index~RFe57cb2f.TMP

Filesize
48B

MD5
b15f08a8fe9c19075bac6757295583d8

SHA1
8d1c1f8fdd6233fbff0b1a93a5203cc97cd11109

SHA256
da025d76f6c60cf18fa2c094d333cf3c1be5c2dd56dcb561a4b0b4cd1164f6b2

SHA512
a3db2e88d8e4bd10a2115a421cfc5c6815d56f1a1d63369beac6b9ad86a4d7931103258535805ab0f7ff26e41b1297cdb0ba5a3f618875250a763f3654be1858

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\85ba260ff6192e0392ee5b204fe16fa6bcba0758\index.txt

Filesize
208B

MD5
905ed5ec9f4ef5adf51dce3f4e996d0a

SHA1
885d610c7c95963139c11cc2161eb9eaca007dd7

SHA256
88ec320757297ac0ad6d83389716134c61300179fb1a0b9d812b9f847ea34b66

SHA512
9a51e62226f74f5a6ff8f18a1bc39e2eae8432cc4c98c9cd62ddc059dd509868f7fdeb224d66ae5be45b67f9e7249618ff2e16e3fcaa52b6de3270649861533f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\85ba260ff6192e0392ee5b204fe16fa6bcba0758\index.txt

Filesize
322B

MD5
3496ed5e929b010d90427b72f1564667

SHA1
3b65617436e89738a2b7365e26be2598bcfefea3

SHA256
45c22a2dd6e020a664460352482dc4e4cb94db06950dae7656a6370bded47ad2

SHA512
f10e573958cb612b251c9d77161f9fad8d1f37849ddf9a8aba4b46630a43338be741cbdc0e5cb32ed80ab8468f139d0233a279b11d64cb98db3c8f452087621d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\85ba260ff6192e0392ee5b204fe16fa6bcba0758\index.txt

Filesize
437B

MD5
7085e990963f6104eb3b869df24b0639

SHA1
927bc0594de86e135508463b570a0d58cfa878dd

SHA256
31edaf7113dd00ad66afb913264a1d85eb67206b60f03dad10923dcfa79c6054

SHA512
c6184c51451a0b5077939b559c044ba1d2c71e1151c1d2e4ff367ec81285376a8216ef34753b4eb5354d2f7a0f5e4ec19f8a005b78c619b0a76c3a42f45e82b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\85ba260ff6192e0392ee5b204fe16fa6bcba0758\index.txt

Filesize
554B

MD5
92433eb151b4220f87fd7db48e02c8be

SHA1
59a237062e957f74ef920c898e54800974f61bda

SHA256
5a43b1ee45033faa9567a9c1244c6458231f86a10317facad39d33065de93f7d

SHA512
8ebb9fad3c90d6767a2f9ab899b2fbd3eedea16e8b6233d9c1f269db1efee730e195cc9cd9d96d09dd9077fc4e1213ade9fcb112f64aa588d2864bada9c1f060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\85ba260ff6192e0392ee5b204fe16fa6bcba0758\index.txt

Filesize
551B

MD5
1f69d5ad6c8206d17cfac1fd88b2fdfe

SHA1
b445cbd816db05d8bd788ba3740c3ef724ad2b1a

SHA256
1886f5730f7fdac09125f00de073989a8f2a3564ddd7d83718ef0cb61bd43741

SHA512
016631f06ee5f7641cf2be9f3156c7dd0da1dc2f6a1ea018940ff631a327d95fc028f58d6554994df6a76745a4e02e59c6cc55a15e7ea74575e49ec7d52ef4fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\85ba260ff6192e0392ee5b204fe16fa6bcba0758\index.txt

Filesize
94B

MD5
abbf870cdad28044717bcf32337e2240

SHA1
431449bf09db710ed37dc02f1b34ff20066ecd0a

SHA256
2d4e00b2e7bb4c1ae7b4f69f90a1dedf63df6e72bf1dc20ac96c0692fe217a0b

SHA512
e66f7b9dcb044d697b70d1d29c5f1f39090e57e5d03aadfbf3515c64e0588be219d8dc9eabd90419c808e2ad2836e4dccd0c47644f36f3012f0a3117808643c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
d1adddb19bd8ce23de6c300733a0807b

SHA1
a8853b4a5b0d2e8b522e8630b5ace59c42933dad

SHA256
7c386cf5cf27cc5fe47bfcd66f8d767e928f99f54ac73055f21465fa502229e7

SHA512
40d4bffbc86d60a740f5f24a87c7cc5be604b5e0f6cdba399b8aa95c7df4a706e50b5c5575f45a1425ccde5198d359c2d34fc0c1857a95e705ace7223a25b554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c5d0.TMP

Filesize
48B

MD5
57d58663a969805b29a812746fefcfea

SHA1
8a348c9d31f4bfe0bac74025a63676574461e159

SHA256
37a8562d8da1375f1bad527fa74285e8dcb5ac9fea47dcf8aa860132b80d5c53

SHA512
73332e75b514082994575ae246468e2058accb3acb1b1e035bfa4ba8c55b05df2a7f5a92ad8d30700b44562f901f56b5dff1c0231a2c2ecc42b3ff26d8f7a059

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
15166de0f4bd884c4025d80efda4ebca

SHA1
86dfdfc1135bec6e5406c08c6d9c1ba932e104fd

SHA256
85df5c2d4a7b9d607d38365a95892b2dfc5efb825255692a8795e73b962bd517

SHA512
024024c263b95601f79b0db5e58ec67c6e86cc804616b2d1c9dd904a6b8d6ca4efe62f364cd20ab1f0b3dbf274b62cd72a3c41cbdb7f8d2205c85e944c6abc18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
016a6debabeae33df8cfdd02c539da51

SHA1
70c444d2ea98f121d02790abb387c8e3fb66572f

SHA256
a6bf378814eb81601fc39cb58687354f81a7a54a5f737c87978da24c3b05f40c

SHA512
266c973855708ba41a6bb07f543bf3e682ef9ac10a6ec2ea3b63d071fd235f12e086ee1fb95e04ef9e2c0379fe89bfd21ebd96f93f74386a13f3cfbbf17d97cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580a4c.TMP

Filesize
871B

MD5
6f8535ebacd7f05b62fee814ccbfe973

SHA1
3fc3f0da48ce855b8eb63f80dedd4f4033f2cbc9

SHA256
d76d3a6276a2bb169eb56a0ad810e5ab5537eef39bc4c81ee748960038a72183

SHA512
0407baee1b8310e064122e40b33acb11c66b18e367e6089a3c1d73cdc5b926d351878c00bb80d37d3700b3c0be2b7b44121a9dd691e89fa057f3b0e730d9de75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000009

Filesize
26KB

MD5
ad2134ff16b8955dbcf63336d3e33d58

SHA1
1d818cc140127deca1fb5bbc4ff88fa3ff52d6df

SHA256
b0ac89e9f894fe05628c1bdead63741499df44688ccd44351d58feab09712246

SHA512
d540504b8e393cbe5438849dff802fad000227e114a4b2e155d39fe082683413c3b14b493ac0bd0e6bccf40b9a15a86b508aa76ca58a24a1a2e426b67030f09e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
84a16141e2da25638c1c1e12610e370c

SHA1
cc8ca2852b1bfc9e9aa9384d3315589c5340ba63

SHA256
5ab4e01813ae93d091efef70729d5d759f8e6824cc6233144c8a6889c0512ca7

SHA512
6e7684c65a8c1d0980780d34fc1363ddb2488966eee97d6ed0b57b972db9d712f6e131cfdb6bf47824db0ebe63760c7ec179ba3ccdacc52835ba5039c84cd04c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
336a9fd68e88ff026950ac2cc4b65a41

SHA1
252cdb1d62400b9c1b89f104aaa7e19c8be92471

SHA256
19938ce909105f625e3ce69d2ce521dbcee80f753ca86f5a429178f1b4b56436

SHA512
61eda59206727f9744bdd92d077dbb086c76d002cf7e501d91043257d50966fda19cd3899c88112e93e3977f6f922ecc209f0645c045b965e9fce8cb235e044b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
be64503aea0b6c4f5e8b94b2d36e7e46

SHA1
15a51a698bb4d0c12a97d7b955553e06f58a7ba6

SHA256
206686b95aa474ea701084fd792d1d88df9e505a6c9ec304b7bf4ed4f831964a

SHA512
78c50bdecb7aeccc462eede9ffb1d67afb23c23d72196f8612421e228ca41850f3df4f83a85628e51dae4aadd9bdbc1788404785293882b66af2bb3d778e9207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
011cab22a49c364af68fe4cf1107f41e

SHA1
a6eabacb8951c7852941f86fa8e43e0c87fc6250

SHA256
54a79573607df92675f92c92c56d15b691e208a3a1feafe8f402b351ae7a5feb

SHA512
30f60f8d4a9f84ec8f87f3acb9b936360bf63ef2c1de93de6c0f92810e3858a9ff7d164d9815489150b1f20e449d9d3014b25ed6d84c0f53f25e6d655078208c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
51054ca008c23a96df8176586d28dc17

SHA1
6f9a486336fd3557b0d6061b572970572221ae87

SHA256
9262390428412c9b0537990fbd9f7ecc95e25c8c3b846b5499cf23df1974ac46

SHA512
6dabbeedd7cb1f4d5175a3b9636d728382500620221618364fdd1d60c277a7a2def93e4d23d0e7afb8e103f1f59600ca122ba53a7037129c94f4489f99e21ff8

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000003

Filesize
24KB

MD5
b201e8da90ef456598b8b3bb0e31bf53

SHA1
8bb524c8e9b17920c83d9a06c0b305e41cfca560

SHA256
2c8b630d1edafb8cc8c8cd73fff10c8ab6d06232929a4d458ec34628920f1665

SHA512
50126ac5b7800f5a848ef49ebc8e71d78cb5ee9c1602486b30e697ce57af32c868e46795ac2c157cdfd7fe65c03133c7a752813d520a9106adc3e50620b473f3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000004

Filesize
32KB

MD5
31b05e57c066452d73ab005bb42865f7

SHA1
2a8efd5d7753dd756c539ad66831b01f603fb13c

SHA256
84d0be622ddeef6d0793df5d274965d6d13a756979b4b484185dc7a051eb4071

SHA512
f793863cec23493b58311d37720fe7d48e21c92da5cbc9c5d4562e47a046e33be4584d58a1c031513298c55a9c33f5e591fd5ce831c9c33af9c2594bb071c277

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000005

Filesize
40KB

MD5
46f57737d50e34053f1f7633d74d600a

SHA1
ebb8c24e34d2f6f7e25de8ff516cb46ee8dafa36

SHA256
b49341286ebd650e4486d60e7bed27076f7d583f825f7440faa15d16ba3714b2

SHA512
c72f440d2a1a3fd6be82cc8c2b10a15f045f0c3485d734ede9fcbe436ba1a9f291830830005d386458092a1a6df1431b58cc6ac95fe2ea745e74ba70b050f2cc

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000006

Filesize
36KB

MD5
9d69a62bc96e67bf779bae3744a8f693

SHA1
bd8a95a103317e66551c2129fe392998dc45c7ad

SHA256
39ee252af15a86d1d4d54a5c3fb9ed2678ef2ecae9ad9d711290acce7a7a611e

SHA512
e1fe5393201c37a9c34196fb986e818d5a94545009c6536b3c6b1a1bf71d528d458039ef1f30eb1c064e233b7238b72f7cd69d204827ba8cdf3f783aa012ca10

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000008

Filesize
19KB

MD5
48ffef4fc267c7350a37339001bd1a02

SHA1
9379041d4d542c116b420d014c7ebb68137a008a

SHA256
254467e453cf3cae3c70085b41462cd71b233c247b5e212f444347537b4c4873

SHA512
34b459dde39b3056e2f0a4c593b342d32829c9eebb2b01f146aefa0d54f0b52ecf4954873cf76b424abb25f84370d0b5ac06fdac734b397a7444b4b64b4d52f6

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000009

Filesize
19KB

MD5
280188959917fc5a7ce9cbca5ba6fc05

SHA1
f651c19d05fb115f031342f12b36337d866c0034

SHA256
430750b0cb0ab5213be051d447bd370fa4afb2c0ca0275cd4f1beb8e0bec8f15

SHA512
fd0c1159142cfe42617bdfff51613aa6f72119e35d21bd1ef01a76697cbb8ecfff6059e52e8218be0e2fa37389a7e5582f5d6e9e0d80c2b00602337be5125eab

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000a

Filesize
150KB

MD5
52344bfd16b4f6d1dc61922468458ce0

SHA1
142e9ec2e44f56e7e97f243624655decd4ee75ca

SHA256
d4636d2d08503bfd82c4e2a614efaac77ed9aaa38793703e16cf8f73b445aefa

SHA512
4bdf08a37c220abdb1ff30a30b10573082960ea9ad4118d3a9abe3e0334aefbcbe07eb60cf17d9f8f4539c5f719a67c803a452a4e79ab64e71e7c7b83c0de172

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000b

Filesize
268KB

MD5
ce9e80278b5b20747c77a8f0c567927c

SHA1
cac77f2c26d5dbccbaa03b0d1f11634e9930ae79

SHA256
0074e4197f2236f04097cdddde026209fa8370515b0223b09238b6d75e8ad64d

SHA512
5f989df94bc006fffb384afe397f95a00b3eb717e0a9dbbd304e45c1862276e17db4da7e58938e70231f7f58c7686e9b862f99561bbbdfe8e9bc04f4be8b321d

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d8ef1c506cc299b34e4b2889baa4cfd1

SHA1
0278d84f252ee206dbd9ec4275a065121f161c07

SHA256
628efe103a3352b54abd675ca9a578a1cd4a0be97eb0beeb726c8cc7a5f1a7ee

SHA512
dfa6f852ee700989a91f6eec7e264855440470cf9ccbd6e28ed4c8b1aad2af5a6ecb47838f7680fcfd36237be0070ea46be2061e115472f46d8e06e070e24f08

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
8e2c1c9723e5fe80c48c0f2cff7e7a63

SHA1
5efd4bc07c7ebd1b9c4dfa9b05c7ed63e3600996

SHA256
1d4dc73ce0d98e600ccb0f6d61f7387a66102fada337ac2893233e5d3cac3562

SHA512
5cd81f6ccc22ffd97c0c82e2aa72a87891887f7312d88305c781c21153a8cfa26873253451d3bceeab7f77ff340b627c34cc84ef4933c5f825e31a5f987b8302

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Dictionaries\en-US-10-1.bdic

Filesize
441KB

MD5
4604e676a0a7d18770853919e24ec465

SHA1
415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f

SHA256
a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100

SHA512
3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
710B

MD5
a10a63dbf03f9eadef100c02a065d280

SHA1
b92db607eacfa6d4e23770211e49d22aa99dbdaf

SHA256
bc4d3f067ebe45e7d50fc4feab8aa608b0bc0559f88a2bc8fd6182b6f3972900

SHA512
850c53a4f7e9ff647971bf03cc50c1360cb37b6cb347afbdab78473bf5c14436f0b51d57a58bfe37fdd3ab721cacb7365cfcee37e6460df008f886ad50688cf8

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
822B

MD5
f08a90ee82bdf8d5db98777edc7ab3f9

SHA1
053ca7c05448e1513c5c4dabd48be2f2c3115a5a

SHA256
750064a539f67d5158e6bfe2d5c0facdcbd50f2d1fa3429e166a5474f7d35918

SHA512
d50404e2de8588c76b4ea03f018621df192b994a9010a95931a9ec8185a91ee49d1f9886d0ed26e5adf04cec1c2602f1fe231cf2680eeeb6cc5618f1e2cb128e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5b9d94.TMP

Filesize
529B

MD5
1cbfdfb43a47404f10ded762f332d289

SHA1
00d03bfff54f0fcb5154cb2522d62e731d1b93ee

SHA256
24b0d8a31ccecd004eba968cef8d685c445a0cf7364ee84de40414477c8788e9

SHA512
2c83d42e30e84a1e9d534d5557e1da9de1f10cff89a830ce754f32cbf09aa8ebcddb8a2bd19eeead5674b6253eb7fc9e050a847ed4e2ea32b1667d321e5ab06c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
f87c5152e9fdc7ff0b327a64a8f1b2f5

SHA1
8f0a7ba12788a4f89a65ec31c352fecbb6b9350a

SHA256
127be7e9284cb66ea03d13e2d918bd0559d44cb94c9dd0f65280150f0243cd51

SHA512
5beb95cdb027197e7168ae22749c0193d347ed9a456eb58df84324a54f6e8a7ab59f2813a51eb24fb7574e07ae1e17c0773b955a60503ebdc80b4ca016742b75

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
b87afb3e76245e6525384496e283a547

SHA1
dd74c4cc3723b31956bb5e5d0e8a6fbe11175923

SHA256
5ed9fbac694b5dff79a3cb61988cd94ee70a3bb2c7a7935c5121645899d2da79

SHA512
036cd6c45689679e86580d8d19b4c856d4798b17fd283c874d44215534f68bf92d83b17726704b878c9b8b8fc3d7d33003ce45cf1fbc54c21269c7911c2e554d

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
686B

MD5
32cf634706a2d3c75f5e3a70af2bcc50

SHA1
6a4e08635a10f764fa08b1025e3a825413aff5d6

SHA256
1a2112fc4726aa1a4181b69c93099d2801ef0ddebf7238c75ac75e0a93decadc

SHA512
c9819ed0b0cf667f072f5233988f12d78d75c1364fc2dbd9bd8f3c3c40890d9d5614eb11ac457dad553d7dcbe823800c67afe402b35e9c24df291ba1971ea746

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5bb0fd.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
518B

MD5
1c56a13345d8097aa25870904016c036

SHA1
0f5d20fbc14a8ea626693143363d480e04e840d5

SHA256
8fa788c911b886496a36fb7a0b2ec67903e3846621f2d813ad54087c771b7535

SHA512
98b23b8725353c634ee7a0e18c65022f490a54f0fe972c29a46e11b930d656a8b329b58f22c8b6d7abc05d6c741f0a1eb06d685d178b6b220b144504c5018cc6

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
518B

MD5
55ae9721758c364d0f686d78859ad9ac

SHA1
c3e069794f032d5f18c62b7e2c848fd377fca572

SHA256
595960852cd9e5ca77b9737f5ed42c46da9bcea750bd821cf1e6ec63c6373ab2

SHA512
b646facba3a268eacf98eb9534d9e77cca64b817465a8c53ac07e311e2bf8072aaf3f7a93b045e5fca9e3327ab18e0038af6d1223dbc7be4b22ff35c57893998

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
522B

MD5
260dde671bc53f3a1e002616c6d38daa

SHA1
20a565463436729897d8dfb0e7a3f4a602894910

SHA256
3bf9df33500d600179e9032115ae2a49a49b4d2814c20d8480713597ec18d2c4

SHA512
5d27af89a53fe017b1603e6672c3da56adfa3aadd2faf7f65f2dec8fc32b7e7f9a0dc7819f00a947bcc9c02fca8dc21d3a1e7112aad4a51dec452e822048d94a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe5dca96.TMP

Filesize
188B

MD5
440e790b6b9cfce4e6f5131dc673c562

SHA1
b152692b4dbbc5e32822476acf591d3b95f6da57

SHA256
469637d0118505ae7b969488f07a66b15a38dc9c53708805019beaa4170df471

SHA512
b62abf39854d8e710fb26597acef9fc045d6bdabfefb0291a79646ff7d3d2daabf72bc9b4da3721b95633c154788f43756a99b453b76016b652e7ba7bce1e9a4

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\ShaderCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Shared Dictionary\cache\index-dir\temp-index

Filesize
48B

MD5
f1b84aa42cc59d77e15f6fa1ac78255d

SHA1
d2f48f29969fde07277b1ca6daec6f55a53ce1e3

SHA256
aae5639b4fbdb6e08a87152087dd0f69a40ef18846262ccdc2a9cbcbaadd1c30

SHA512
51730e9d7c90de0acc8d87f2b5d15b3ea4e0e3c255a75f2448a871c46cdf4ebf3bf2544968fdda690e5c76a5220a6809dd48aa92eff96ac65e40a1b2ee7d210f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

Filesize
2KB

MD5
602c49f9246967bdcff45b4f43cf2fb0

SHA1
4c5796e0c724bbd7a9244cc8a0fc9e8f40181f2d

SHA256
a3ad9649c1038078038be1abd591cdba73b4b4f5cf30e11bb6cb7a432b746114

SHA512
2f273c0dd0127071f4c768cfe7277c6efff84c1ef4f4271c1326db3658c84261794b106af3198717f349fbaaaf276163700bbb50ae20fe52ed0a88a192d46f77

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe5ada83.TMP

Filesize
2KB

MD5
68b20851ccb9834d21fb32615e42bd43

SHA1
88fab935f0b9484994097c08f785e9ecb7d68127

SHA256
a954b528dd65ad6c4c2091fa32f17abdb7a49454ce88e10bb6c377734c70c26f

SHA512
dcb0771120c8fe35213d60e9abf4b242af807324759e3c99e9b2569c00a941d885d53ef6fadfe69e6b740e0b52a6008602605d643801190a2d29175a7d065e15

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg83EE.tmp\StdUtils.dll

Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg83EE.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg83EE.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg83EE.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg83EE.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg83EE.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
ff74be76c3fae121559cdc4333ed570f

SHA1
90ad9963fda7bd4192d4e0a0caf605695b0d9768

SHA256
87e7d30e0f7b03b14995b2730e9eace0e49556f740ec337edbad2ff33a8b2579

SHA512
98e54916608737973ba8563a65736d564e8f6eb96b12c8a594415c670a1cf97c89c4cb612c0c78445b4b64633e61a64fe75283c9169f617f3a8e18da327e6de1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
4e09b04e227ea904097abc932c39843c

SHA1
40cbdc422f9bee64c6c38c91ae7c4e0fc1b9968f

SHA256
dbe5bd868b3a0ad24d16d64beba104f6f6f87bb7006bb64f4db662023bc8a735

SHA512
be1f7eb692c515e9de753889c4107da94a57e4d00eaf3e49ae4975c6cef34f2560625b452fad629164724c85faf81545c30f58b9aee6c2690816bfb3873bac44

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
81b09fa7663d7b5c1f2c9f5660436fe9

SHA1
6cb2edbb0f98e41353bb9129a333d29c6fdcb439

SHA256
b44cd24140e24736de8053f9af6ffa3832f34089bc8afdbe5d1934072363f162

SHA512
5fe5e0fae8c84d5e07cf15ab1b32eedecc4c19fde7e04a43c9179405c5ef229d25fcc3174e1cffdd556145c89d9cbd8234d66033fb29dc63dc0fecde3e128cd6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
12KB

MD5
62db9537c087b8b1cf7937cd908e55b1

SHA1
f1efdf46f823b23c8a92faa0ce74d1aaf83326cd

SHA256
ed4436a16f0e163639c7dadfc666d7258a8234e1a2d1df7d536c77fe7b36bb44

SHA512
9da2c18978b60ecd68740a9018913ec1864c9e98b9d236dd27565b6f7cb2dcfda23a4d91414de461d32f826e5e2550927dd5684ff67e72e90dc0a375cd0ebd2e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
12KB

MD5
e052fd8b24d560cbfa83c25a1b68cd5c

SHA1
566609d367edd28981595c04049dbd0b5a6e7281

SHA256
aa399ec98f04ac32f60da422c2c1c18e5a82107abcd78c2dc2d7337c8ca38003

SHA512
a05f50878eff90b0ba8079532e2f2230eff54315e59eb79875560ae28d83d1b376b739f8070da005ac46969aa95f27832c2f0bbee7492f2dfd7eb1990709d088

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
96bd4945333e56a2f3a5b3d3b0306e5e

SHA1
9a7e4bae33c06a8a54971b889378bf40ab0e2f43

SHA256
8e6135fe023e26993d0f5485c906eb5a20c5c9e611a7e50903f2501cd2c9c31f

SHA512
1bfc4781fa0df0257c2419e66af2d6cf68bc11c510646238a179aa13fd630f92d965132d2a0c9c9fd2807170d3d7730269555f2d21efa032803e242379998c92

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
162f9cbcce859709e048478c331f1f1c

SHA1
3cfe3dc1aae3a05374b461fdf40cd8aa83f092ae

SHA256
1232d56462e5362084a8ba8c7b6e65b1add4525713b9c638b2a1a4a58bf5895e

SHA512
5acb1f161ba546b85d6bc900cd57f88cffe9240e0914b099980e890cf6edcc1e472aa9049b512645a7c08e3126fad8ae50cedaa37033f7f68e48151740e2b4c9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
12KB

MD5
e2bdd2c2b8fb9c492e61f55b2af8d4d8

SHA1
3e4c523572db58a720203e818fc45c3f474af9a1

SHA256
1a00e667f8a392b48ba8c4d5c79af6015932cd59f9d0e72873bc6ac1cce4b350

SHA512
329ddec2d77f61d4f07e02fdd5def3e5f2b1fd61b7b3d3a61d1a8070639dba68fed8d857b7d5756e7c9c0e241527d837e42fb23ed3f0db5b5785dca7d7e6ad3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
0f946db6e8708b10780da5345ee083a1

SHA1
f389bfe73635d3f22a7a90bb9fc40e6ee7d8db0c

SHA256
b53b3e720c6bb9850dc57d2c383a844e8a5e70495c5fd7305a5548846e1509c7

SHA512
fe90bd64fa2730c43eae7f148b2cc8475ddaba80bbc2a831149a792318384b9225e0b27c004de93f09883cd1c7dd449f9aefaa0668c595c8f5c99493bea9f9ba

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
12KB

MD5
8bfddf4830fdabb2cd4af6ac46669585

SHA1
e3068c631d750c5e24d4f052bd3e1b8d56b09533

SHA256
9300509f354d7b202c2aaf4a8fe18cc56258a0683a7d3c3fac844355c6912deb

SHA512
62a12fb74e892a7b247517dd7dd1d16634c46d4c220eca67acc7fbae10c047cfb232f745b958455da71818c0f4f8ce4ab0e3164d44aa492c4e88d02f3820f16c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
b11fc449bcb12d615992fe0e09812df4

SHA1
6425a95fd3f6eab94a27156f6284b220b5404210

SHA256
fe9946b65114c6a21f12175fcbe0e3e426398c88e548ac38c490dacd46d11c89

SHA512
df5c50fdcd7e79c03e7876775c560846565315964b6ce64ae304afcdb1d488989151c27e885d49e1214dca24df8ebb3d97200f235173fd3278915166b33b78e4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
e93e2de6a400783939c664ac619041f3

SHA1
874b00e4147f55315ed02c474c26879631a3ddec

SHA256
4a7957c926e8e826c6eb29799fd0fe73df3a09bcf49e2252d14e486092cbe654

SHA512
5dec0d79088376b56acbdfc1988334c7a6bb8b29d81dd4c7919389abea508a3a5d3069af098a98fc5744aacd6b86ec22d3006c9f95ba84c20cf8e653172f2e00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
12KB

MD5
1d48c274a799b6722fdc8496440e331f

SHA1
33c679cbc5e4863695683bcef179966449f1b5fa

SHA256
f7e3f9ae76ab09f597c8243108338237d87419092149a787c7bad718fa8813d1

SHA512
63f4e407cbc96cfaeba136b115a035b9a893776a2bb8c4e44c115882a425c4da20d668dd79d80a71ca4599b3181cb7c7bcd1df4736a09fa0ba5e16c0dc9a4f66

Download Submit
C:\Users\Admin\Desktop\Plants vs. Zombies Game of the Year.url

Filesize
220B

MD5
198556e3ffef4796f784f22a56c22085

SHA1
9652ccc0d67839037cd041fb21aec03105be90ea

SHA256
5fb684fbc8d04ae409cd81c2bc0267fda53ec97f6256249f33b816857d690bea

SHA512
dc9d26fab77f2ea46dfc40442500bffd107dce713256ef531de1d344e4606572fc94b8410e317c8a4064e33bb4ac35e7e1295308cee41f35ebb3659cb90b5589

Download Submit
C:\Users\Admin\Downloads\SteamSetup (1).exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 583131.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping11572_664382208\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping11572_664382208\manifest.json

Filesize
1001B

MD5
2ff237adbc218a4934a8b361bcd3428e

SHA1
efad279269d9372dcf9c65b8527792e2e9e6ca7d

SHA256
25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827

SHA512
bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542

Download Submit
memory/4688-13190-0x0000000000CD0000-0x0000000001182000-memory.dmp

Filesize
4.7MB

Download
memory/5492-13454-0x0000028801150000-0x00000288014C8000-memory.dmp

Filesize
3.5MB

Download
memory/11520-13394-0x000000006F140000-0x0000000070481000-memory.dmp

Filesize
19.3MB

Download
memory/11520-13487-0x000000006F140000-0x0000000070481000-memory.dmp

Filesize
19.3MB

Download
memory/11520-13391-0x000000006F140000-0x0000000070481000-memory.dmp

Filesize
19.3MB

Download
memory/11520-13388-0x000000006F140000-0x0000000070481000-memory.dmp

Filesize
19.3MB

Download
memory/11520-13398-0x000000006F140000-0x0000000070481000-memory.dmp

Filesize
19.3MB

Download
memory/11520-13422-0x000000006F140000-0x0000000070481000-memory.dmp

Filesize
19.3MB

Download
memory/11520-13472-0x000000006F140000-0x0000000070481000-memory.dmp

Filesize
19.3MB

Download
memory/11520-13385-0x000000006F140000-0x0000000070481000-memory.dmp

Filesize
19.3MB

Download
memory/11520-13484-0x000000006F140000-0x0000000070481000-memory.dmp

Filesize
19.3MB

Download
memory/11520-13516-0x000000006F140000-0x0000000070481000-memory.dmp

Filesize
19.3MB

Download
memory/11520-13364-0x000000006F140000-0x0000000070481000-memory.dmp

Filesize
19.3MB

Download
memory/11520-13513-0x000000006F140000-0x0000000070481000-memory.dmp

Filesize
19.3MB

Download
memory/11520-13525-0x000000006F140000-0x0000000070481000-memory.dmp

Filesize
19.3MB

Download
memory/11520-13348-0x000000006F140000-0x0000000070481000-memory.dmp

Filesize
19.3MB

Download
memory/11520-13490-0x000000006F140000-0x0000000070481000-memory.dmp

Filesize
19.3MB

Download
memory/11520-13537-0x000000006F140000-0x0000000070481000-memory.dmp

Filesize
19.3MB

Download
memory/13708-13224-0x00007FFC289A0000-0x00007FFC289A1000-memory.dmp

Filesize
4KB

Download
memory/13708-13360-0x00000224AD850000-0x00000224ADBC8000-memory.dmp

Filesize
3.5MB

Download
memory/13708-13222-0x00007FFC288F0000-0x00007FFC288F1000-memory.dmp

Filesize
4KB

Download
memory/15344-15760-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/15344-16091-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/16200-13361-0x000001D2678D0000-0x000001D267C48000-memory.dmp

Filesize
3.5MB

Download
memory/21456-13491-0x0000020D7CE00000-0x0000020D7CE01000-memory.dmp

Filesize
4KB

Download
memory/21456-13501-0x0000020D7CE00000-0x0000020D7CE01000-memory.dmp

Filesize
4KB

Download
memory/21456-13500-0x0000020D7CE00000-0x0000020D7CE01000-memory.dmp

Filesize
4KB

Download
memory/21456-13499-0x0000020D7CE00000-0x0000020D7CE01000-memory.dmp

Filesize
4KB

Download
memory/21456-13502-0x0000020D7CE00000-0x0000020D7CE01000-memory.dmp

Filesize
4KB

Download
memory/21456-13498-0x0000020D7CE00000-0x0000020D7CE01000-memory.dmp

Filesize
4KB

Download
memory/21456-13497-0x0000020D7CE00000-0x0000020D7CE01000-memory.dmp

Filesize
4KB

Download
memory/21456-13503-0x0000020D7CE00000-0x0000020D7CE01000-memory.dmp

Filesize
4KB

Download
memory/21456-13492-0x0000020D7CE00000-0x0000020D7CE01000-memory.dmp

Filesize
4KB

Download
memory/21456-13493-0x0000020D7CE00000-0x0000020D7CE01000-memory.dmp

Filesize
4KB

Download