hxxps://cdn[.]discordapp[.]com/attachments/1302716374694629517/1327568380349255680/voidware_full_leak_hackvshack[.]net[.]zip?ex=678389e6&is=67823866&hm=4f500af31f074f54f4428f05cde5584d58a40e7a5d9ac1a2b0bbba4e690b32e9&

Analysis

max time kernel
592s
max time network
593s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-01-2025 09:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1302716374694629517/1327568380349255680/voidware_full_leak_hackvshack.net.zip?ex=678389e6&is=67823866&hm=4f500af31f074f54f4428f05cde5584d58a40e7a5d9ac1a2b0bbba4e690b32e9&

Score

8^/10

steam discovery persistence phishing

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 10 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe

Executes dropped EXE 26 IoCs

pid	Process
2288	SteamSetup.exe
5108	SteamSetup.exe
2124	steamservice.exe
1880	steam.exe
5772	steam.exe
5720	steamwebhelper.exe
5548	steamwebhelper.exe
5232	steamwebhelper.exe
7452	steamwebhelper.exe
7908	gldriverquery64.exe
7992	steamwebhelper.exe
432	steamwebhelper.exe
2260	gldriverquery.exe
2412	vulkandriverquery64.exe
2328	vulkandriverquery.exe
8496	steamwebhelper.exe
6252	steamwebhelper.exe
9944	steamwebhelper.exe
6468	steamwebhelper.exe
12152	steamwebhelper.exe
12568	steamwebhelper.exe
13016	steamwebhelper.exe
15728	steamwebhelper.exe
15380	steamwebhelper.exe
17200	steamwebhelper.exe
17188	steamwebhelper.exe

Loads dropped DLL 64 IoCs

pid	Process
2288	SteamSetup.exe
5108	SteamSetup.exe
2288	SteamSetup.exe
2288	SteamSetup.exe
2288	SteamSetup.exe
2288	SteamSetup.exe
2288	SteamSetup.exe
2288	SteamSetup.exe
2288	SteamSetup.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5548	steamwebhelper.exe
5548	steamwebhelper.exe
5548	steamwebhelper.exe
5772	steam.exe
5232	steamwebhelper.exe
5232	steamwebhelper.exe
5232	steamwebhelper.exe
5232	steamwebhelper.exe
5232	steamwebhelper.exe
5232	steamwebhelper.exe
5232	steamwebhelper.exe
5232	steamwebhelper.exe
5232	steamwebhelper.exe
5772	steam.exe
7452	steamwebhelper.exe
7452	steamwebhelper.exe
7452	steamwebhelper.exe
5772	steam.exe
7992	steamwebhelper.exe
7992	steamwebhelper.exe
7992	steamwebhelper.exe
432	steamwebhelper.exe
432	steamwebhelper.exe
432	steamwebhelper.exe
432	steamwebhelper.exe
8496	steamwebhelper.exe
8496	steamwebhelper.exe
8496	steamwebhelper.exe
8496	steamwebhelper.exe
6252	steamwebhelper.exe
6252	steamwebhelper.exe
6252	steamwebhelper.exe
6252	steamwebhelper.exe
9944	steamwebhelper.exe
9944	steamwebhelper.exe
9944	steamwebhelper.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_finnish-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_portuguese-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_rtrackpad_swipe_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_button_a-1.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_l_click_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\fossilize-replay64.exe_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_r_left_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_l5_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_rstick_right_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox360_button_select_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_r_up.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_rstick_touch.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_touchpad_up_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\SteamFossilizeVulkanLayer.json_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_030_inv_0322.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_friends.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_ltrackpad.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_button_b_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_gyro_pitch.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_mouse_scroll_down_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_r1_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_lt_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\pl.pak_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0305.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\gift_wizard_friends.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\steamui_postlogon_greek.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_button_options.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_r_swipe_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_touchpad_right_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_button_start_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_075_utility_040.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\minithrobber07.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\hp_m1_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_rb.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_left_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_color_outlined_button_circle_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_ltrackpad_swipe_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_color_button_y_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_lstick_up_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_rg.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\templates\controller_neptune_webbrowser.vdf_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_030_inv_0090.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_060_vehicle_0050.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_070_setting_0010.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_r_touch.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_left.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_dpad_down.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_lstick_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\layout\friendpanel_compact.layout_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\flag_top_hover.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\ThirdPartyLegalNotices.doc_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_button_menu_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_color_button_a.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_outlined_button_x_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steamui_czech-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_l2_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_outlined_button_y.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_button_share_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\sounds\pop_sound.wav_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\1245040_header.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\empty.vdf_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_r_swipe_sm.png_	steam.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steam\Shell\Open\Command	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steamlink\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steam\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steam\Shell\Open	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steam\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steamlink\URL Protocol	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steam	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steamlink\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steamlink\URL Protocol	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steamlink\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steam	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steamlink	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steam\ = "URL:steam protocol"	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steamlink\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steam\Shell	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steam\URL Protocol	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steam.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 963961.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4828	msedge.exe
4828	msedge.exe
4868	msedge.exe
4868	msedge.exe
3180	identity_helper.exe
3180	identity_helper.exe
2708	msedge.exe
2708	msedge.exe
2508	premium.exe
2508	premium.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
1480	msedge.exe
1480	msedge.exe
2288	SteamSetup.exe
2288	SteamSetup.exe
2288	SteamSetup.exe
2288	SteamSetup.exe
2288	SteamSetup.exe
2288	SteamSetup.exe
2288	SteamSetup.exe
2288	SteamSetup.exe
2288	SteamSetup.exe
2288	SteamSetup.exe
2288	SteamSetup.exe
2288	SteamSetup.exe
2288	SteamSetup.exe
2288	SteamSetup.exe
2288	SteamSetup.exe
2288	SteamSetup.exe
2288	SteamSetup.exe
2288	SteamSetup.exe
2288	SteamSetup.exe
2288	SteamSetup.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe
5772	steam.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5772	steam.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2124	steamservice.exe
Token: SeSecurityPrivilege	2124	steamservice.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe
Token: SeShutdownPrivilege	5720	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5720	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe
5720	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2288	SteamSetup.exe
5108	SteamSetup.exe
2124	steamservice.exe
5772	steam.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4868 wrote to memory of 4972	4868	msedge.exe	82
PID 4868 wrote to memory of 4972	4868	msedge.exe	82
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 1676	4868	msedge.exe	83
PID 4868 wrote to memory of 4828	4868	msedge.exe	84
PID 4868 wrote to memory of 4828	4868	msedge.exe	84
PID 4868 wrote to memory of 5060	4868	msedge.exe	85
PID 4868 wrote to memory of 5060	4868	msedge.exe	85
PID 4868 wrote to memory of 5060	4868	msedge.exe	85
PID 4868 wrote to memory of 5060	4868	msedge.exe	85
PID 4868 wrote to memory of 5060	4868	msedge.exe	85
PID 4868 wrote to memory of 5060	4868	msedge.exe	85
PID 4868 wrote to memory of 5060	4868	msedge.exe	85
PID 4868 wrote to memory of 5060	4868	msedge.exe	85
PID 4868 wrote to memory of 5060	4868	msedge.exe	85
PID 4868 wrote to memory of 5060	4868	msedge.exe	85
PID 4868 wrote to memory of 5060	4868	msedge.exe	85
PID 4868 wrote to memory of 5060	4868	msedge.exe	85
PID 4868 wrote to memory of 5060	4868	msedge.exe	85
PID 4868 wrote to memory of 5060	4868	msedge.exe	85
PID 4868 wrote to memory of 5060	4868	msedge.exe	85
PID 4868 wrote to memory of 5060	4868	msedge.exe	85
PID 4868 wrote to memory of 5060	4868	msedge.exe	85
PID 4868 wrote to memory of 5060	4868	msedge.exe	85
PID 4868 wrote to memory of 5060	4868	msedge.exe	85
PID 4868 wrote to memory of 5060	4868	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://cdn.discordapp.com/attachments/1302716374694629517/1327568380349255680/voidware_full_leak_hackvshack.net.zip?ex=678389e6&is=67823866&hm=4f500af31f074f54f4428f05cde5584d58a40e7a5d9ac1a2b0bbba4e690b32e9&
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd55e46f8,0x7ffcd55e4708,0x7ffcd55e4718
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10041350741248599302,11338192218884790130,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,10041350741248599302,11338192218884790130,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,10041350741248599302,11338192218884790130,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10041350741248599302,11338192218884790130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10041350741248599302,11338192218884790130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,10041350741248599302,11338192218884790130,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,10041350741248599302,11338192218884790130,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10041350741248599302,11338192218884790130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10041350741248599302,11338192218884790130,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10041350741248599302,11338192218884790130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10041350741248599302,11338192218884790130,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,10041350741248599302,11338192218884790130,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10041350741248599302,11338192218884790130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,10041350741248599302,11338192218884790130,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10041350741248599302,11338192218884790130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10041350741248599302,11338192218884790130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10041350741248599302,11338192218884790130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10041350741248599302,11338192218884790130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10041350741248599302,11338192218884790130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10041350741248599302,11338192218884790130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10041350741248599302,11338192218884790130,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1764 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10041350741248599302,11338192218884790130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10041350741248599302,11338192218884790130,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10041350741248599302,11338192218884790130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3028 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10041350741248599302,11338192218884790130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2116,10041350741248599302,11338192218884790130,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3012 /prefetch:8
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10041350741248599302,11338192218884790130,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5292 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10041350741248599302,11338192218884790130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,10041350741248599302,11338192218884790130,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6560 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1480
- C:\Users\Admin\Downloads\SteamSetup.exe
  "C:\Users\Admin\Downloads\SteamSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2288
- - C:\Program Files (x86)\Steam\bin\steamservice.exe
    "C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:2124
- C:\Users\Admin\Downloads\SteamSetup.exe
  "C:\Users\Admin\Downloads\SteamSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4196

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4824

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\voidware full leak hackvshack.net\voidware full leak\How to.txt
1⤵
PID:3004

C:\Users\Admin\Downloads\voidware full leak hackvshack.net\voidware full leak\premium\premium.exe
"C:\Users\Admin\Downloads\voidware full leak hackvshack.net\voidware full leak\premium\premium.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2508

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:1880
- C:\Program Files (x86)\Steam\steam.exe
  "C:\Program Files (x86)\Steam\steam.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5772
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=5772" "-buildid=1733265492" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:5720
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1733265492 --initial-client-data=0x280,0x284,0x288,0x27c,0x28c,0x7ffcd4f1af00,0x7ffcd4f1af0c,0x7ffcd4f1af18
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5548
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1592,i,10333195668201674578,18271422783755012311,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1596 --mojo-platform-channel-handle=1584 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5232
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2188,i,10333195668201674578,18271422783755012311,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2192 --mojo-platform-channel-handle=2184 /prefetch:3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:7452
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2760,i,10333195668201674578,18271422783755012311,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2764 --mojo-platform-channel-handle=2720 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:7992
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,10333195668201674578,18271422783755012311,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3148 --mojo-platform-channel-handle=3140 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:432
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3908,i,10333195668201674578,18271422783755012311,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3912 --mojo-platform-channel-handle=3904 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:8496
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3788,i,10333195668201674578,18271422783755012311,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3780 --mojo-platform-channel-handle=3792 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:6252
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=4224,i,10333195668201674578,18271422783755012311,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4124 --mojo-platform-channel-handle=4132 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:9944
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2044,i,10333195668201674578,18271422783755012311,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4116 --mojo-platform-channel-handle=4520 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:6468
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4088,i,10333195668201674578,18271422783755012311,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4076 --mojo-platform-channel-handle=4104 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:12152
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3932,i,10333195668201674578,18271422783755012311,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3968 --mojo-platform-channel-handle=4052 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:12568
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3996,i,10333195668201674578,18271422783755012311,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4388 --mojo-platform-channel-handle=4404 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:13016
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4424,i,10333195668201674578,18271422783755012311,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4052 --mojo-platform-channel-handle=4444 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:15728
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4552,i,10333195668201674578,18271422783755012311,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4804 --mojo-platform-channel-handle=4808 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:15380
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4444,i,10333195668201674578,18271422783755012311,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4740 --mojo-platform-channel-handle=4324 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:17188
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4476,i,10333195668201674578,18271422783755012311,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4384 --mojo-platform-channel-handle=4652 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:17200
- - C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:7908
- - C:\Program Files (x86)\Steam\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2260
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:2412
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2328

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x360 0x324
1⤵
PID:7764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\appcache\librarycache\1113280_icon.jpg

Filesize
638B

MD5
7ecdaf8a54ec52b20640a88527512903

SHA1
3133a4d748ad3be61fe9db759339cd5de73339b5

SHA256
7bd8b75aec0a4d4a377f3ca3a023fd8b7c5fc7dc6a2a66d17f8cdfe5b731ab0c

SHA512
60ae2031eed0c38264f0d8db22a9b6efeb3f80c791e916e15a1730853162d56e0da014dbd93a5479bae4f3bdd5705ca89be70c90574a524abd1c276ed5c55a2d

Download Submit
C:\Program Files (x86)\Steam\bin\SteamService.exe

Filesize
2.5MB

MD5
ba0ea9249da4ab8f62432617489ae5a6

SHA1
d8873c5dcb6e128c39cf0c423b502821343659a7

SHA256
ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d

SHA512
52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
15KB

MD5
8df59e224153b018c8d11daa3680b3eb

SHA1
8945ee855979a10e38915ea714731c1f065d4329

SHA256
3181890221d3278d42e6173952db03e65f876a62f863d6056bd7c36bc2cb08df

SHA512
d8b522b2c55587a5d6e8e6d5740255da11f7ae67cf7765ef4112c37eb0253ddb6ee035291eede1310645815bd8ce011d565061a83020111a00d1dc74319169bb

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
21KB

MD5
6ea6dbd3a859ee979d8ae55a276ae554

SHA1
a8193fe4386f30bda0501c8761b1871d7ccc7079

SHA256
80313cb7ad2a7085d06380f30683ce851763e2a8d97abe17ad04ec13b9a40ab0

SHA512
074155fbf18a64cb90d892e8e11580bd784658aeca3d993b8d02ebec30b471406bcd4b3fc017f30edeb01a60e73455da4d0a0c55343f8abfe431e66d05a9b460

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
18KB

MD5
1f0b34cb4cf7ddca8592dcb0e8911c50

SHA1
5ea386c6b4862015bd42daa40e275486797936dc

SHA256
ec3b3caac76b8537df4fe3f133229325a97d40f9c619f1b2dd993b781b26942e

SHA512
fbfc2c5799f4bad995dbfd7fb74933ed95a52c0def25ccca80fbb4db0a760d52aa4ddd000ab4fe5c8438ca52a0dac0cc75ffe80df1260d0112127d90ca6f0950

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
21KB

MD5
defd40facf50d1c0a931be17be62f01a

SHA1
c2b6b69668eadaa607e1996fff9005b87c98f9f1

SHA256
ccecf28cb194310bd09c3a9feaef041710dbbeb576b4bf85fdab2db00e07b59d

SHA512
c21f837c2802ee69bd2cf3e6fbf40be54a97d214e462463885d4765167b1e1f4781ee877557362039db07779d21435dc99470195f3859b30496d7f47f2b4a2ec

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
19KB

MD5
9fb740e36f9c0695e607a899df02a175

SHA1
a2aa602c77f93c79e01180d75a9685f32986bc81

SHA256
045172cbc6385e9c031301fd4b1d17b1645bc95b5c5b45bf93d96f4a4be88e85

SHA512
6e9677d6bcce1a4a9622e270ee85540f360d9c7d6811807b3edf885b4a67003455806d33f0daad5441236887d8aae197ecdaae8ac3e8e8b1648444edf61fac4a

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf~RFe5aef72.TMP

Filesize
184B

MD5
3cdebc58a05cdd75f14e64fb0d971370

SHA1
edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe

SHA256
661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7

SHA512
289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

Download Submit
C:\Program Files (x86)\Steam\logs\cef_log.txt

Filesize
5KB

MD5
90bec445ea5b6a1379c82f8f362cd48b

SHA1
b0312a19e281f17309c96c6766b29857660f980e

SHA256
737e5735d2a4aa3ce4d7a5b4b52f7b8678fb4e9de8bdca1c03649171c38d86d1

SHA512
4cbc437e1d445355143c97b241a4f0298c4b9f8931f2fb1c3a357c71ae45d55843274c6808ffec9b20f973acc0f386931a687e1814405e8ba9f2365dcf9ee397

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

Filesize
4KB

MD5
0340d1a0bbdb8f3017d2326f4e351e0a

SHA1
90d078e9f732794db5b0ffeb781a1f2ed2966139

SHA256
0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544

SHA512
9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

Filesize
6KB

MD5
4c81277a127e3d65fb5065f518ffe9c2

SHA1
253264b9b56e5bac0714d5be6cade09ae74c2a3a

SHA256
76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9

SHA512
be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

Filesize
4KB

MD5
2158881817b9163bf0fd4724d549aed4

SHA1
c500f2e8f47a11129114ee4f19524aee8fecc502

SHA256
650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7

SHA512
f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

Filesize
4KB

MD5
03b664bd98485425c21cdf83bc358703

SHA1
0a31dcfeb1957e0b00b87c2305400d004a9a5bdb

SHA256
fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115

SHA512
4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

Filesize
4KB

MD5
31a29061e51e245f74bb26d103c666ad

SHA1
271e26240db3ba0dcffc10866ccfcfa1c33cf1cc

SHA256
56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192

SHA512
f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

Filesize
4KB

MD5
da6cd2483ad8a21e8356e63d036df55b

SHA1
0e808a400facec559e6fbab960a7bdfaab4c6b04

SHA256
ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6

SHA512
06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

Filesize
4KB

MD5
9e62fc923c65bfc3f40aaf6ec4fd1010

SHA1
8f76faff18bd64696683c2a7a04d16aac1ef7e61

SHA256
8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7

SHA512
c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

Filesize
4KB

MD5
10c429eb58b4274af6b6ef08f376d46c

SHA1
af1e049ddb9f875c609b0f9a38651fc1867b50d3

SHA256
a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13

SHA512
d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

Filesize
4KB

MD5
5c026fd6072a7c5cf31c75818cddedec

SHA1
341aa1df1d034e6f0a7dff88d37c9f11a716cae6

SHA256
0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382

SHA512
f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

Filesize
6KB

MD5
189ba063d1481528cbd6e0c4afc3abaa

SHA1
40bdd169fcc59928c69eea74fd7e057096b33092

SHA256
c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695

SHA512
ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

Filesize
4KB

MD5
18aaaf5ffcdd21b1b34291e812d83063

SHA1
aa9c7ae8d51e947582db493f0fd1d9941880429f

SHA256
1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5

SHA512
4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

Filesize
4KB

MD5
1514d082b672b372cdfb8dd85c3437f1

SHA1
336a01192edb76ae6501d6974b3b6f0c05ea223a

SHA256
3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4

SHA512
4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

Filesize
4KB

MD5
8958371646901eac40807eeb2f346382

SHA1
55fb07b48a3e354f7556d7edb75144635a850903

SHA256
b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585

SHA512
14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

Filesize
5KB

MD5
7e1d15fc9ba66a868c5c6cb1c2822f83

SHA1
bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7

SHA256
fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265

SHA512
0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

Filesize
4KB

MD5
202b825d0ef72096b82db255c4e747fa

SHA1
3a3265e5bbaa1d1b774195a3858f29cea75c9e75

SHA256
3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314

SHA512
e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

Filesize
4KB

MD5
7913f3f33839e3af9e10455df69866c2

SHA1
15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25

SHA256
05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c

SHA512
534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

Filesize
4KB

MD5
58e0fcbee3cca4ef61b97928cfe89535

SHA1
1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b

SHA256
c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425

SHA512
99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

Filesize
4KB

MD5
9b0b0e82f753cc115d87c7199885ad1b

SHA1
5743a4ab58684c1f154f84895d87f000b4e98021

SHA256
0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32

SHA512
b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt

Filesize
4KB

MD5
eb8926608c5933f05a3f0090e551b15d

SHA1
a1012904d440c0e74dad336eac8793ac110f78f8

SHA256
2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04

SHA512
9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt

Filesize
4KB

MD5
6367f43ea3780c4ee166454f5936b1a8

SHA1
027a2c24c8320458c49cd78053f586cb4d94ee6f

SHA256
f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998

SHA512
31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt

Filesize
6KB

MD5
e04ad6c236b6c61fc53e2cb57ced87e8

SHA1
e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4

SHA256
08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e

SHA512
0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt

Filesize
4KB

MD5
56dcf7b68f70826262a6ffaffe6b1c49

SHA1
12e4272ba0e4eabc610670cdc6941f942da1eb6a

SHA256
948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f

SHA512
c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2

Download Submit
C:\Program Files (x86)\Steam\userdata\1825163127\7\remote\sharedconfig.vdf

Filesize
164B

MD5
14581c90125b0dcd6edc1cf82bd9437c

SHA1
17ffd2cd41f2dda8ad8858f56b73aa1d0efe2d5c

SHA256
37f96dbe405e4ab8a04438544650bc56b98b888e20afcb6c557fe46dd4709493

SHA512
ef9474a6397081e6340b969bb39cbc88d450d9e25b418f796c9220e55716123646c9f65dfd9f55ceb605733cad7b952f198448d8a199482e4feb3702d2b7f42d

Download Submit
C:\Program Files (x86)\Steam\userdata\1825163127\config\librarycache\730.json

Filesize
7KB

MD5
92b708e0c8fb11f9fb7dfe40d49776c2

SHA1
8b8ddbd42d2a693db149904fae5634c932d000bb

SHA256
63ac343623878d77e943d218079330f575eeb51decc00fc26d8634e5ca62bc14

SHA512
9da06750385f86a3863fca53034499f73e77791dc53f36fce9c9d31ea427c9734123675ceb87bca064c31573249acca0d200c285ae14c4e28658c95756b4313d

Download Submit
C:\Program Files (x86)\Steam\userdata\1825163127\config\localconfig.vdf

Filesize
3KB

MD5
e03a8fbd61dcd8b23e839018d6b8db79

SHA1
42b302f95c877b95712527c55c7217f67a6199c0

SHA256
4c407041d7c2766cd0130bec9f1d6393a88ff922e8c343ea9c8b4694ca6ae726

SHA512
f2af02d9be3c2de25c31eb87719d74742b84df2b967cdab54c770f7b813230b1382397d59d5d89f68e9cc106118608d9300a3c3dc4ef24fbc9a9209a776b8b7d

Download Submit
C:\Program Files (x86)\Steam\userdata\1825163127\config\localconfig.vdf

Filesize
3KB

MD5
9a8fde5af0f9e687a0ff9d7c3b15b3c3

SHA1
5cd4c7269f46b3c1e9421e8c3bb32729de691f7a

SHA256
4b9b141b70c8a7bde4ef15292dd33b110b6b069970324af34294fffa090b29cf

SHA512
5f1f2ba169c2a1fc5b02064eb5c548af298c122bd0ff80713723abc7d0eced889a591ba828039d21adb58e91008c68f615f089f35a9d07a74c90037733c6b4d2

Download Submit
C:\Program Files (x86)\Steam\userdata\1825163127\config\localconfig.vdf

Filesize
35KB

MD5
a5e90382f3bacd6ce42279eb3502da9e

SHA1
83d9c1b998833bc8c610361ff88408c93ee46562

SHA256
e6cfdc4bbd649fe3046e40788aacd30b87570ed673b572d0e4d9a025f96d7071

SHA512
da6767a355480eaf9f2c392f64b54412b24af6cd93dcc98e6bdee9cf27f693a19cfe96aafad579636ec2a8788b69f6f34e4c7b68d9e1dc6aa90b900c05c3f917

Download Submit
C:\Program Files (x86)\Steam\userdata\1825163127\config\localconfig.vdf

Filesize
36KB

MD5
220858ff1455a8c8e4fe4a7543595dd5

SHA1
cabd89708b9ee0c9c8c474bd84aa260c5a6189d0

SHA256
62ad4d195d7612ffa3931dbd6bd8eb8d8edf4db36707dfdd3881db4a2d425800

SHA512
86d96327946d07a4cedabd3246c790938e5265776b7a7a579958a8012edf88b2b19917d09001b6162bbf871d256e6e4e358cfd76d4b6403b3e423eb69b9db111

Download Submit
C:\Program Files (x86)\Steam\userdata\1825163127\config\localconfig.vdf

Filesize
4KB

MD5
d60f2c7c008a7c5d1ce976f0db13d5c9

SHA1
509254fed40dde4143855db17029872cce648175

SHA256
70b757ac2d0380551b05aa30db152f889974494061c9151b6b54a1923543f624

SHA512
29e19b836819e091bb3df5132e83075c23f1c9a4c4488795afc7d586e18a1062103e32bd1b2f130f32b9e3b54288b2e914a1fa0368b097929cba0c912b9095e9

Download Submit
C:\Program Files (x86)\Steam\userdata\1825163127\config\localconfig.vdf~RFe5faa43.TMP

Filesize
235B

MD5
30e41c7e6f8961a9e57420fd2d90e0a2

SHA1
846391ae29d381c2af58fc42109fb4c0e918a3a1

SHA256
b687b315978a4c61c23a98d7b50400a7ee2ba4aeded1532d1f1507754a6a7236

SHA512
792fe3e79890bcfe54dc3acf6f7666608d9b741c9f883e19119953116e84c76f6cb92077622db8f2d25e589b58e133f159b0d2f77b6843d1751bf4f2f1d03b8e

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5720_1914713924\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5720_1914713924\manifest.json

Filesize
1001B

MD5
2ff237adbc218a4934a8b361bcd3428e

SHA1
efad279269d9372dcf9c65b8527792e2e9e6ca7d

SHA256
25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827

SHA512
bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e041f35955cc286712288ba75f8c3e2e

SHA1
19912d1362b3d7ee55cbbcfb569a620395f51093

SHA256
38a2c4dbce84a3827f1db8b8142b8af2f2925f992ef457cbeb3adeccd871a23a

SHA512
caecc8a37222ce33af292c2546d9115903c058e90bca672d51b4b1d3f706509d8f5bb858e20d2eba6f537c774e0c34a4279de0d714e99491e043f1f59f23a564

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
186B

MD5
094ab275342c45551894b7940ae9ad0d

SHA1
2e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e

SHA256
ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3

SHA512
19d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
804B

MD5
1ff5b9e4371f8e4ca97bf4ca216a1bb2

SHA1
88100ef138af824e800d82a818d4cc60e9e36cef

SHA256
6ef6b2d94ae6754130c104a6654fb92635eaaa1068dd3134627024ef360ebcd9

SHA512
f024f3171449406f19d060e0f7edfb483d58c650ab3a8a6c5fea0c5413dec3f432ec4a44b88bddff1a1a7265c6428c960e43f24bcd5e5eb85e4d0efa1a560969

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4c6da01014b57b66a4e2b22f757c081a

SHA1
ad080a0135cc45313ef5ea7f4c1ed171fc40ec27

SHA256
fde594f9afcc43c4ff6d50687ba45044dc0129317d3e8117ed02d600a509e2f0

SHA512
e79086f725a96ceb1c296449a575b6c7c152834e3e486531ce8450be5002b77621155d6f6dc8b64767cadb4d44cb4b94034703aa7de519717765e75986e61877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
12b5523f5dc8db0821cc691cdd98937f

SHA1
57ec76ef7cf481e9c4eb8227362fc1767f18caaa

SHA256
c2ef4e83066e246d8f59dd37119bcc5ea526f2b42145347af3a0a960a00fcc0e

SHA512
cdf40edddafdd11dbfd3ef6b1e46f895a6e35222e7171dfa402b77ba514ed9c704978a4010a51449ec1c08eb6d78ee2a25e2d6e9355e1f0f7405eda579d2141b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7f675db089853755f67e89e3f6791118

SHA1
627786a9fadafff927b2d4886081414641699279

SHA256
2098267be0b7c063e12d884cabd1066321a4f259402bd9bd8283a03f86748bb2

SHA512
99bce91d699a6bd3194070a08b9d92aec466a9aff6f6e3683bf76dbf4094cde9baa4348ec57bdfdfc9923ada159394a9d27334574b6dbb24d7cd77e58584dcfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b68bf3e69d94875f1f1bdf7aea39bf3b

SHA1
062cd9f571efc84f9d802d6a3955f7f8b3b50c91

SHA256
87e0fad78cd9cc4cd1c3da1dda1d1f7568ab52a792b18b51d199da491e8c10e9

SHA512
315cbb5219e452cc467555dc041aa688e0bf1b6918c1bb1abba0988232908009b59391f526c98c526777adf6ca8aa76a0d390ded251f7039e16ab1336da31a88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cd8a60a6a3aab05475af8ff41902c12e

SHA1
d9ca7311284c16462d2ce2131be842321b79270f

SHA256
99147e0e28b03e65e1aa13fbdcfbc68434a233310ef11a6c7f8571e61cd1950f

SHA512
b36c30d43a807ee69fda4b1ad287fced48ca88c7ca92aa371d211c2cdd4958c29188bf4d94137bac6815867e3d1db6bfc9ad80bad0aa8ec86c6c0f67764f9cae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
131c7c10ce8d64b4d4dc2d76985aba39

SHA1
5053f7d074853141149857634b65cca105b665e0

SHA256
76deef484daebab226ebc0414a5be0d020b7a88cd09bfc7f0a940f40db5b2a2d

SHA512
6e3c32e5f64a02236bbf4685d816221360399e81ec10d2e97c1065e27d6de014a5c44c9da75d05a33b12f6e569ef735cf62cb42c7d719be5819671a7e9b7596e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59c598.TMP

Filesize
874B

MD5
cf7f76ecfe29d05d0f8d4c9182887189

SHA1
13e9530f7c982fa88852ce27d07ab95072fd7f91

SHA256
f6a368cc57d05f433c9c7b4017f48070ec236f7095ade16f77f39e89abc1ec3b

SHA512
b2531685f7285264fb01d42722ad962aba4c051955d81c2d1dd8b09df9eac22df8982ac848026ae8c1bc78eb9a0da87088f1c12b04e32db1e8aeede659f047b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
339d97d96c61b5bc535c80745573ecb9

SHA1
772650110afe781f1ea07ac867ba4a4f16a92eca

SHA256
cd08eaa4e970b6dce6bcdb96721045b93c05fd3b5c11717b31f6589681b5b8ec

SHA512
0cec38385d6139792b5ff5eee29ad5d1662e616a0b1eb05f02ae0286f04346acbc70799ade2dfe477377dfd0916f49e3c22f7f080f7f1e44b748f20d6c4e084a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
36e60f9bc87a2329068d774fe9dc3a66

SHA1
c5bf881e21a92e5309be36b57c67fe7f5c7424f7

SHA256
5cd220d0a58ad7d5738d2e8605dd9845167622a60588b1b27477166e594a2665

SHA512
3711eacfd9943d0f839a57c220ce0853fde2dff3a2881ccf407bd4164abfdb141c35b15bd22e1a3e4f213a7b3338c6f87dba37bda3709a028b5b4cb3ce456d9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fc1d3976ddad9e2fef2e22cb6ffb6ed1

SHA1
86d82752c3095c06b749a4541451d9c759005170

SHA256
0bbf61700741f11d617891e0944228c92c003f4ac8237429e00e5f31c0cb4ecf

SHA512
bd93d193486620dcaeca3e23df6763d35d427070c038ba75a9f662c4984166624ade63bb7da8a6860efb2ebbab73c8576ea78befc967d2af998cce6700b93480

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4a7a6f4c3a2fdad2296080302fc1d223

SHA1
dffc56c79bef25e598841c453b6edca7557ad145

SHA256
413b58dcc0daf00aeb2acc955dc748c76bfc59fe3ac0e78944a35a349add558f

SHA512
75afa3d6a8b7d08e04e96709ceca1e0660cf3a954222af46ca5350827a427afdd563f474a05d7148c0d2a73b05ca7d33207f1e6e31a9827fb56a2fe0f3407ef0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000002

Filesize
19KB

MD5
78b74803f3c9414d9cc61c2dbdfac487

SHA1
17d8cdcfea6df48eb438e18485be8ed00e35e411

SHA256
582044d423b604a4122e00d1da5534bb9c19017b88b94d16855acdaed4e7d130

SHA512
4fb210165074acdd82b8ec011bd31497cbb8c5615bf27d28edaf0ca026caf105b10d376e75eedcba88cd0de56148d3d543e8725f86540eb047dc708c4df4e62e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000003

Filesize
24KB

MD5
b201e8da90ef456598b8b3bb0e31bf53

SHA1
8bb524c8e9b17920c83d9a06c0b305e41cfca560

SHA256
2c8b630d1edafb8cc8c8cd73fff10c8ab6d06232929a4d458ec34628920f1665

SHA512
50126ac5b7800f5a848ef49ebc8e71d78cb5ee9c1602486b30e697ce57af32c868e46795ac2c157cdfd7fe65c03133c7a752813d520a9106adc3e50620b473f3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000004

Filesize
40KB

MD5
46f57737d50e34053f1f7633d74d600a

SHA1
ebb8c24e34d2f6f7e25de8ff516cb46ee8dafa36

SHA256
b49341286ebd650e4486d60e7bed27076f7d583f825f7440faa15d16ba3714b2

SHA512
c72f440d2a1a3fd6be82cc8c2b10a15f045f0c3485d734ede9fcbe436ba1a9f291830830005d386458092a1a6df1431b58cc6ac95fe2ea745e74ba70b050f2cc

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000005

Filesize
32KB

MD5
31b05e57c066452d73ab005bb42865f7

SHA1
2a8efd5d7753dd756c539ad66831b01f603fb13c

SHA256
84d0be622ddeef6d0793df5d274965d6d13a756979b4b484185dc7a051eb4071

SHA512
f793863cec23493b58311d37720fe7d48e21c92da5cbc9c5d4562e47a046e33be4584d58a1c031513298c55a9c33f5e591fd5ce831c9c33af9c2594bb071c277

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000006

Filesize
36KB

MD5
9d69a62bc96e67bf779bae3744a8f693

SHA1
bd8a95a103317e66551c2129fe392998dc45c7ad

SHA256
39ee252af15a86d1d4d54a5c3fb9ed2678ef2ecae9ad9d711290acce7a7a611e

SHA512
e1fe5393201c37a9c34196fb986e818d5a94545009c6536b3c6b1a1bf71d528d458039ef1f30eb1c064e233b7238b72f7cd69d204827ba8cdf3f783aa012ca10

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000007

Filesize
19KB

MD5
48ffef4fc267c7350a37339001bd1a02

SHA1
9379041d4d542c116b420d014c7ebb68137a008a

SHA256
254467e453cf3cae3c70085b41462cd71b233c247b5e212f444347537b4c4873

SHA512
34b459dde39b3056e2f0a4c593b342d32829c9eebb2b01f146aefa0d54f0b52ecf4954873cf76b424abb25f84370d0b5ac06fdac734b397a7444b4b64b4d52f6

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000008

Filesize
19KB

MD5
280188959917fc5a7ce9cbca5ba6fc05

SHA1
f651c19d05fb115f031342f12b36337d866c0034

SHA256
430750b0cb0ab5213be051d447bd370fa4afb2c0ca0275cd4f1beb8e0bec8f15

SHA512
fd0c1159142cfe42617bdfff51613aa6f72119e35d21bd1ef01a76697cbb8ecfff6059e52e8218be0e2fa37389a7e5582f5d6e9e0d80c2b00602337be5125eab

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000b

Filesize
150KB

MD5
52344bfd16b4f6d1dc61922468458ce0

SHA1
142e9ec2e44f56e7e97f243624655decd4ee75ca

SHA256
d4636d2d08503bfd82c4e2a614efaac77ed9aaa38793703e16cf8f73b445aefa

SHA512
4bdf08a37c220abdb1ff30a30b10573082960ea9ad4118d3a9abe3e0334aefbcbe07eb60cf17d9f8f4539c5f719a67c803a452a4e79ab64e71e7c7b83c0de172

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000c

Filesize
268KB

MD5
0f6192618cc95b90b08c888009300563

SHA1
20bc0faf53892a8bb835e3dd7edb4794dc8f7446

SHA256
6bd273b2441d8135d9b18cad1c0a71b834105e18607fc5d1db1fe66e19142855

SHA512
50d6a2f2b9753319120266379cd8d00e5af547a7fd0117d5f3c445c69260f064ebe61074727c98391729cd0b0f44e3f30cf5e28921f27c3a5592ed2cf1d1c3bf

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000e

Filesize
55KB

MD5
6ecc042104afd91418d836a35a8cbf6f

SHA1
d00c8c076eeb4b9f056f7222b345ebfe264b8ebc

SHA256
74d3deecf7f8004e959a660bf179022bcdb0a31476a5cb85002ce7f8cb7f7867

SHA512
2082508f252c74c9a07cecc4fccac77335adad2aa3e439e7929a834a59f34672119f30818d2099a5de35897ec05da2244d1c60e36e910835ad65e449aa9ce6bb

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000f

Filesize
48KB

MD5
debd8144c2ffd2a9aa8cad719675a051

SHA1
74b6d1816ff86b6c058a8b9adcca6062b5df7dc5

SHA256
f1b27141cf12a63ce528a64e82f07f2e0c42b37d1871f0e4869c76cea22bcc2f

SHA512
6e25807f2d299147a7d3e14bdaf8f84ac6db78f5c0826971f3affa157b167b8992994d758197c05f9b8b91bb5ecdadbfaf9505b89146aca751fc73f890b14738

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000010

Filesize
17KB

MD5
fb8793329dfef8cabe9a3fe1daec8347

SHA1
a7c26a54d2e919426f22f280af2166f7cd66b000

SHA256
7727c9986dad1956275a100cf7ecd27ebe3bdb5f442280fed6c2e16c2a68e591

SHA512
1de10e3e77c73d93db2b22c92b266ba0e8f7018a3ac1505a25e8f283b02adfe2b19799fa23e33db07fe6281ee04306e141486f4e7f994f5bbe6a55393151f556

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000011

Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000012

Filesize
115KB

MD5
ce6bda6643b662a41b9fb570bdf72f83

SHA1
87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8

SHA256
0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6

SHA512
8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000013

Filesize
99KB

MD5
5b8d9158a3d0f8b609a42467fb3279fc

SHA1
58bc85b8a63f31d952f3967d7aa370d31a2c025f

SHA256
6109eb45400e1a334dee50b44a7429a4765069d5b1cd052c0e06568005c905a3

SHA512
7a9fdd9564316883e736d65ca778e3bc1f44f533070a6e7cc910e86ec83d8cd2e790d55b971f585930ab5db5d86f745376203b7d354b2f1ea005387321fa6330

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000039

Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
b53c0ca0cf823709e873a5dd71deb91c

SHA1
f888cd8d890d24eed1087f166124885ca0418747

SHA256
c6112134dda25a66db26a70706c3bb52157574a015eacabf6081d99728970730

SHA512
5844e2f2bfd3aed1a3d97cbad25e48f223fe8ccc7a034c158f625578e6e9f719d6d645b924554db2b9cfbdd0dee1d335f39173c5952cb83c09e8289ca5cdac07

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f60581e2a746e10059298bdd6dbf410c

SHA1
e23f51aef8cd989b4ce93af10a313728e125259f

SHA256
8caa2ef0003cc7e2d32f5193558a04f743818d641181135175203d932e364d08

SHA512
a0774af96ddf73f615cf26232b330df69d94cf28b4624b93eb7d1b308ee0e592df2b8b1319bc1a7a2d291ba96c3a38a25c46132fbf73f1a202dc1d31e359fd50

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
281bfc7377b3838c6520c9d52a76b85d

SHA1
3e6494d8857cf78cfed529e2aac2a553a683c996

SHA256
3971d75d02ca0d6493ce1bcf53a74b5c85852d712ac7f59a571d6c4c906d8772

SHA512
20191ef42112c8ef483001743ef93a5e46df94007e1e5099382aa39cc1ee37dd19900cb0320fc3da73e23e0a31c67f7c703b23c12372601c181c120cacfc7cb4

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\wasm\index-dir\temp-index

Filesize
48B

MD5
319f158acf806854fd54d1a30ad2fdd5

SHA1
dfce51582b55337f361e68c4632cd3e66daf6143

SHA256
438aa28c97fd7800463e1bcab0b33d9b1bfb11d94f7561c252d191ebfa728cf4

SHA512
0b65eb8613d447991b32a329bcaa6224db7fee202a6fd3fb065b23f297430a3224d984b20ed72154351d65584238d570da8b79ab002e9644ca086bf1ca216440

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
822B

MD5
3946de5c2b12a998ac5aaf93fdfef6e6

SHA1
81e169d57c5537244428e1011eacd1a47f3bb17f

SHA256
d5846331c779e1f183e01ef1358df6d21099d1c9efed44a2437500b5e9faded6

SHA512
63222ab3569c4e2baf1f5192bba51452de21967106b0019f77c21394d64da6507e584ee205acb90441a084d4a5ab5b36b40bce548559cdbccd3ed026f7226fe1

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
710B

MD5
8ee40b63447f98ccaf6292f8028075d1

SHA1
9a01e59c1abd499c1205e67c825e4ce6cb1e18c6

SHA256
276fc37f786ca1e117bdbb7018337d880533857af87db463e9bdb7b0648b24d6

SHA512
ae5d8c4a101d17731abd0b19bf28d62f35db30dcf3b9f53b632cc0a476030b70262f179b45b68588b2075bb9cc679f8837fd2affda3bae4f67130afba418f1dd

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5bfc5e.TMP

Filesize
529B

MD5
28b425bc6a8d574b5624d527ef4d3cf1

SHA1
252b9bfabf816a62f41a951496fb17ae05f21a60

SHA256
5f22d2339029e200eb74d7b904078f567bc2ec9cdc34cd81673ee0d4f6e0592b

SHA512
9159423776790a0357165b240e928698e2cf2a28c3a5d4d22d7e92609ae159031f4e2ef7a333b90fe0e3afd73283f03f38c49f3d7fdef195762c05bc9b631ea4

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
0376281c2f14abc7d86bb08115813241

SHA1
c27df0525770d7d33cf90cde605684d18ab8a612

SHA256
4e883cee9063aff8570ea7c2e954d3235124dbb2cd07370fce66be3c23b9a657

SHA512
4aa20ee5245c436016864da93e62da06e1a95fc93b7ada1361910096dccab14a6543197d2401041462e168f26abb1f53e9757face5bdfd111ec99a432812a6de

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
21fc15c17664aa0370039356f2efe588

SHA1
362cb90d4086a71f29346e6a70fe4dce48f1488e

SHA256
7b123b657012d3484f6e9ab59e7f3f24a5ab8b819b66c8ba0d8bcdd03396e684

SHA512
90c100ede3e36f1ba3927294889b46c5d620fa71cebac86b0a46d718d752babfabbcda413c502c86a4903d9273ccca9095c83fab418087886cf0c8fe2be423b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
2KB

MD5
b45579a0ce487037b04419c8f7c49f8a

SHA1
fa44ff9cd53f6915cdaa04939ce176c165e23134

SHA256
a7e68e70c0ec429d84d8b9b389e65f745f3d33817594f1e867cc49178d7777a5

SHA512
511a74b5684690b54bd5e1fb5e659902842d9f092b087fa30274e23b6f373968665bfbab5aa842380603fa55583a6e64dc6df77a0856913307854041ef1e693e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5c1005.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
4bfcee1fd39f9a308e70bf766113ffaf

SHA1
567b1f819cc94a589a53686d8a050ce23fd91ad3

SHA256
d9fdcbb0f5c6851f69003d28b6daab6d0a31c04fcbad18d0f8817a94c09123bf

SHA512
ea23bcefea4ff7919ff7e787b61f82aee9fed2d934b492885d329fe8063d791c9d34e0b164f6cdc357c7465adb571e648257120334183661dace81d0cd472b59

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
646fdae8393fd4c1a99e952c2d8930d5

SHA1
1395ba4dbdf545c302d3af7e598da49e21943893

SHA256
4effbfa38f80728af805c819e212886011cbb6fe7e1c302d60c5233c884c545e

SHA512
4fd4eced935dcb5d458a8fa7243dac45aa46142d2e228f24cb05103d181366e41eb77460111f083a440f9f6d03dd1fb13b86de125ea2b34d715ba28ebcd52b4a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
945fc63382db86826962148914d8da2c

SHA1
5bf3e0ec8d9dc2f321dc79e4b4f18929d54ffa7c

SHA256
a405d9b5dfb7bf01d67602dbd855ffc5937521cf8aa055853e7d0f1d8e769888

SHA512
7707c93a9d53389fd5df098c4a99719b4598535364bbe4528499145d7db8eff8665897ded1cf46f73035fa495a304e991b1636c4ac825928b80259953ff79f17

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
b8eea71cd57f92b40cf4beb64de71757

SHA1
32c4ce18c656a4109ac0a9aad3258bd8e709c281

SHA256
ff3d1e8d58b13e9944360651ccdc676ebf3f830dadd323cabf582d83e49d1397

SHA512
6b845c76b0f740e28367b7118a124dd1ce4900a02c7c65370de7ccf100221f1f138d7ad3a5ec0fa4706e37114784691991da73377cb35f7ba7b9bfcb26638a94

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
14f99c050154d70cf7ce48f538900ad2

SHA1
db4975aba4e26556536012b1fb2d613496c8f2e3

SHA256
770c49f0eb96eabec28c9aa231536f2cbe69d3188c4345ada401be45e8834f85

SHA512
fb637a4bad257a3a983898516e08c708483087f8d9b3034fa0e9c5606eb9caae2728236e6c0893a5aaefe5d76f97fb91d06359d70507339c8c4f8fcd72c9914c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
53e946d5282c39c79c80f094fdf5f491

SHA1
d3ab1af78907a30decffcc3f5bc417fa8de1637d

SHA256
d0d6037c1bcd6b59ed331a4a7a35cf6253b72a6962ba9db0bbe2b686c2027a7d

SHA512
c138b7aa0204fbee5c15231e0b54c76f4a00b5bcaa436cc0248f84a9a645bc1e65d8b04a4dde14c93f8ffca49ffc084638da1346680783bc77838bf5c320e0a3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
742440ef4f64490a0f29d3520ce08a26

SHA1
272084566ae3ab3cd4b8811d836c33a7d3700840

SHA256
344f2134fd24821a76de15555aa5dc192d01422b7e32c500e86fa6d3cadc4d62

SHA512
2a481538be64f452263bf78aa778c55911f0563769014d9b39668a221ac9cc949cfa93a38688a4fa4934b318c6d872bc52901cf701b9277bcc5146ac75ccf77c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
813251fdb883b62e220487fc5e6027af

SHA1
13fe3b5102bfddb9e2b75d7c746bf8eb5a686105

SHA256
ac2a2f0cf876549f09a82b976666db8db00877d28b267b8857cfa885d9f2c16d

SHA512
8f19dab5a4442cf3522fa42a0c78879ae7247d26cd6c1d9582baf10bd85e74e3e3eb7c3231f7cf4621fe083129b0688678935348f7a056a3199d638a476fa2bb

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
8c60ae0fb6b577fbad0dbb57bb27257b

SHA1
0ed350c28ba9de3c09634b065267cb303e7a4489

SHA256
89ee962292f10af4c3357f5ca9456e35e664b16ee9d167003a1433bd3a01aa19

SHA512
3be4dbceec733e856404a78ed53b41ec15813e860e844cc45af2a5c31b4931de33f34a74af2cc612e0e88c127c5957cfe90515f70f26c6fda6f9a86d7d75723d

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe5b4d51.TMP

Filesize
858B

MD5
e977b8a06cfa31773b883097802f8003

SHA1
ee0d1c569988ded2d571ce249a503f114b77d346

SHA256
e81e5238e3863899db91de4dfa930998c7d18dfd6c48a874c47af718549aa639

SHA512
65cf7fd9372ac9db6632ccfd5e84880b018d6dd582ded5730963d129b1e0f8af9ed5c87298599e630ed8fa3e86b2937e92641c453cecac03cae4874f4b6b0f72

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\ShaderCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

Filesize
2KB

MD5
602c49f9246967bdcff45b4f43cf2fb0

SHA1
4c5796e0c724bbd7a9244cc8a0fc9e8f40181f2d

SHA256
a3ad9649c1038078038be1abd591cdba73b4b4f5cf30e11bb6cb7a432b746114

SHA512
2f273c0dd0127071f4c768cfe7277c6efff84c1ef4f4271c1326db3658c84261794b106af3198717f349fbaaaf276163700bbb50ae20fe52ed0a88a192d46f77

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe5b730a.TMP

Filesize
2KB

MD5
68b20851ccb9834d21fb32615e42bd43

SHA1
88fab935f0b9484994097c08f785e9ecb7d68127

SHA256
a954b528dd65ad6c4c2091fa32f17abdb7a49454ce88e10bb6c377734c70c26f

SHA512
dcb0771120c8fe35213d60e9abf4b242af807324759e3c99e9b2569c00a941d885d53ef6fadfe69e6b740e0b52a6008602605d643801190a2d29175a7d065e15

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfB619.tmp\StdUtils.dll

Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfB619.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfB619.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfB619.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfB619.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfB619.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
9KB

MD5
2bc1eb28d7d00001000558f7ad44af1e

SHA1
5cadc1b4877aecb0d587f62274a96ad66bbe6e28

SHA256
4d596517b01259f6c65f2d0b660bff7a16acdb48dda2aa3c707d653276d05c52

SHA512
c91579a6baf85d92dba27543afd24e04fab427b320d9061473717f722f0a7a6e0d8acebd133ddc61143914814079fc95715bf70931054ed7b1e49f345bd2b5d1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
9KB

MD5
f8c7a3af3107fdf368cfdf54fdf87bc3

SHA1
fcc6eb7e3c72d3e2083d542a3fe9c0ec5d67f4c5

SHA256
c80362b5af687d1922048a798e71c29d78dc9a3968a0fa104864d12b503a5397

SHA512
27d8dbf8fc8393c7fdaf15fc518cb35b4578ce59a46097086108fa7edf990e6de96a4b0f4d948c242150e089e7c9886a613ba719122cd60143fdf1d5b44e7b15

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
9KB

MD5
ab37fdfe6ddb12489b2a89cea5125800

SHA1
bd165cda2adc1e5351efa3f79b630d2a27511cb0

SHA256
f663bb34474d7c6a0caeab9b327e60e5befe26eac89c0943394d384b2be48b00

SHA512
b7e2effcc54bbfdc3b40eaa7a6f67d56e1351318f7b5130414c97cf81d0f520e28edccd236c0c788987a55b9b12ede6ea758a73550761807014a5c3156b03ded

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
9KB

MD5
385ee14278dcfa88e8de215abea97e0d

SHA1
862e70033a4d150d9cdff376db5f793910997213

SHA256
6c41d6a89c7f362954278b088fc3400ee8df05ec718453eb375101a038696e0f

SHA512
766ccebb6fbeaa4b7dec2a08bdb37437e6f6807d0cee142f601b9f6e7b34919d9dc0d4ff9e35fb628619d21bd7c061bfdc5f605f02523a92cbd8bee0259d9b90

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
5268576cab460679604c567250c2feb8

SHA1
915d10dfbf507e6efdac2432868042c70a1cd0ff

SHA256
7f56b795578a5e242308c660bfbc97fc36a58b1a49bd8330bfc76cf9c70a4b29

SHA512
703c198365aa1a9d4619b915428fff29bc43d717ec6bdb977d306c16d28f73928a381a1a137e8f46e1429fe5d3e05731a28d5849b04e00ecd67645289a994d4c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 963961.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit
C:\Users\Admin\Downloads\voidware full leak hackvshack.net.zip

Filesize
850KB

MD5
bb388f9ad96678c011166b2b3ee3e9d8

SHA1
33919da0944d18c6368f9e45615fcc97e59c653f

SHA256
a117efe6a4975f9c3b5ed3980de66ccf3efeb37542ccfac33d90701bd40cc836

SHA512
834edbbf97240aee7fd6a8a485affc2c62b016e53a4b4702462cf49e082e024446631902dabaebcade7fc8a008a06b4aec39f3c72ffe7418fb8db90dab54e45c

Download Submit
memory/432-13034-0x000001C87A380000-0x000001C87A42D000-memory.dmp

Filesize
692KB

Download
memory/432-13033-0x000001C879D00000-0x000001C879DCD000-memory.dmp

Filesize
820KB

Download
memory/1880-12866-0x00000000003D0000-0x0000000000882000-memory.dmp

Filesize
4.7MB

Download
memory/5232-13146-0x000001EAFB870000-0x000001EAFB871000-memory.dmp

Filesize
4KB

Download
memory/5232-13152-0x000001EAFB870000-0x000001EAFB871000-memory.dmp

Filesize
4KB

Download
memory/5232-13143-0x000001EAFB870000-0x000001EAFB871000-memory.dmp

Filesize
4KB

Download
memory/5232-13144-0x000001EAFB870000-0x000001EAFB871000-memory.dmp

Filesize
4KB

Download
memory/5232-13145-0x000001EAFB870000-0x000001EAFB871000-memory.dmp

Filesize
4KB

Download
memory/5232-13148-0x000001EAFB870000-0x000001EAFB871000-memory.dmp

Filesize
4KB

Download
memory/5232-13241-0x000001EA82580000-0x000001EA82581000-memory.dmp

Filesize
4KB

Download
memory/5232-13238-0x000001EA82580000-0x000001EA82581000-memory.dmp

Filesize
4KB

Download
memory/5232-13239-0x000001EA82580000-0x000001EA82581000-memory.dmp

Filesize
4KB

Download
memory/5232-13150-0x000001EAFB870000-0x000001EAFB871000-memory.dmp

Filesize
4KB

Download
memory/5232-13242-0x000001EA82580000-0x000001EA82581000-memory.dmp

Filesize
4KB

Download
memory/5232-13147-0x000001EAFB870000-0x000001EAFB871000-memory.dmp

Filesize
4KB

Download
memory/5232-13149-0x000001EAFB870000-0x000001EAFB871000-memory.dmp

Filesize
4KB

Download
memory/5232-13235-0x000001EA82580000-0x000001EA82581000-memory.dmp

Filesize
4KB

Download
memory/5232-13240-0x000001EA82580000-0x000001EA82581000-memory.dmp

Filesize
4KB

Download
memory/5232-13151-0x000001EAFB870000-0x000001EAFB871000-memory.dmp

Filesize
4KB

Download
memory/5232-13236-0x000001EA82580000-0x000001EA82581000-memory.dmp

Filesize
4KB

Download
memory/5232-13237-0x000001EA82580000-0x000001EA82581000-memory.dmp

Filesize
4KB

Download
memory/5772-13225-0x000000006E1B0000-0x000000006F4F1000-memory.dmp

Filesize
19.3MB

Download
memory/5772-13153-0x000000006E1B0000-0x000000006F4F1000-memory.dmp

Filesize
19.3MB

Download
memory/5772-13024-0x000000006E1B0000-0x000000006F4F1000-memory.dmp

Filesize
19.3MB

Download
memory/5772-13174-0x000000006E1B0000-0x000000006F4F1000-memory.dmp

Filesize
19.3MB

Download
memory/5772-13205-0x000000006E1B0000-0x000000006F4F1000-memory.dmp

Filesize
19.3MB

Download
memory/6252-13160-0x000001AFF60C0000-0x000001AFF618D000-memory.dmp

Filesize
820KB

Download
memory/6252-13161-0x000001AFF6390000-0x000001AFF643D000-memory.dmp

Filesize
692KB

Download
memory/7992-12909-0x00007FFCE3D00000-0x00007FFCE3D01000-memory.dmp

Filesize
4KB

Download
memory/7992-12908-0x00007FFCE2E50000-0x00007FFCE2E51000-memory.dmp

Filesize
4KB

Download
memory/7992-13031-0x000001FCB8900000-0x000001FCB89CD000-memory.dmp

Filesize
820KB

Download
memory/7992-13032-0x000001FCB9010000-0x000001FCB90BD000-memory.dmp

Filesize
692KB

Download
memory/8496-13158-0x000002A2EAAF0000-0x000002A2EABBD000-memory.dmp

Filesize
820KB

Download
memory/8496-13159-0x000002A2EB250000-0x000002A2EB2FD000-memory.dmp

Filesize
692KB

Download