hxxps://github[.]com/Da2dalus/The-MALWARE-Repo

Analysis

max time kernel
1050s
max time network
1009s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
14-01-2025 15:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo

Score

8^/10

steam defense_evasion discovery persistence phishing

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 17 IoCs

pid	Process
4620	SteamSetup.exe
2316	steamservice.exe
3936	steam.exe
1672	steam.exe
2956	steamwebhelper.exe
3788	steamwebhelper.exe
2704	steamwebhelper.exe
1168	steamwebhelper.exe
1616	gldriverquery64.exe
420	steamwebhelper.exe
2824	steamwebhelper.exe
2564	gldriverquery.exe
2732	vulkandriverquery64.exe
3604	vulkandriverquery.exe
3172	steamerrorreporter.exe
4636	steamwebhelper.exe
3436	steamwebhelper.exe

Loads dropped DLL 64 IoCs

pid	Process
4620	SteamSetup.exe
4620	SteamSetup.exe
4620	SteamSetup.exe
4620	SteamSetup.exe
4620	SteamSetup.exe
4620	SteamSetup.exe
4620	SteamSetup.exe
4620	SteamSetup.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
2956	steamwebhelper.exe
2956	steamwebhelper.exe
2956	steamwebhelper.exe
2956	steamwebhelper.exe
3788	steamwebhelper.exe
3788	steamwebhelper.exe
3788	steamwebhelper.exe
1672	steam.exe
2704	steamwebhelper.exe
2704	steamwebhelper.exe
2704	steamwebhelper.exe
1672	steam.exe
2704	steamwebhelper.exe
2704	steamwebhelper.exe
2704	steamwebhelper.exe
2704	steamwebhelper.exe
2704	steamwebhelper.exe
2704	steamwebhelper.exe
1168	steamwebhelper.exe
1168	steamwebhelper.exe
1168	steamwebhelper.exe
1672	steam.exe
420	steamwebhelper.exe
420	steamwebhelper.exe
420	steamwebhelper.exe
2824	steamwebhelper.exe
2824	steamwebhelper.exe
2824	steamwebhelper.exe
2824	steamwebhelper.exe
3172	steamerrorreporter.exe
3172	steamerrorreporter.exe
4636	steamwebhelper.exe
4636	steamwebhelper.exe
4636	steamwebhelper.exe
3436	steamwebhelper.exe
3436	steamwebhelper.exe
3436	steamwebhelper.exe
3436	steamwebhelper.exe
3436	steamwebhelper.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_rstick_up_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0310.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steamui_bulgarian-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\radSelStd.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_button_share_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_r2_soft_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_rstick_right_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\ChatURLWarningDialog.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_l_click_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_color_button_square.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_ltrackpad_left_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_dpad_touch_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_click.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_lstick_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_dpad_right_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\logs\steamui_update.txt	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_stop_down.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\osx_min_hov.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\overlay_french.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_buttons_s_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_r2.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_button_circle_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_gyro_roll_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\Receipt_Server_Timeout_BFS.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0328.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\icon_cloud_synced.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_l_right_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_rstick_left_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\filter_profanity_koreana.txt.gz_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0319.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_italian-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_japanese-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_down_default.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_button_steam_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_polish.txt.gz_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\shaders\D3D9Overlay.cso_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_button_options_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_touchpad_down_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\gameproperties_betas.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0334.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\stream_notification.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_rtrackpad_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\OverlayCDKeyNotification.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\broadcast\icon_mic_on.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\minithrobber04.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_l_ring.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_rb_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox360_button_select_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_gyro_roll_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_color_outlined_button_circle_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_color_outlined_button_a_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\SteamFossilizeVulkanLayer64.json_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\mssvoice.asi_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0407.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\hp_r4_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_ltrackpad_down_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_ltrackpad_ring_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\he.pak_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_r_swipe.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_swipe.svg_	steam.exe

Drops file in Windows directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2956_1837853594\_platform_specific\win_x64\widevinecdm.dll.sig	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2956_1837853594\_platform_specific\win_x64\widevinecdm.dll	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2956_1837853594\manifest.json	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2956_1837853594\LICENSE	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2956_1837853594\_metadata\verified_contents.json	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2956_1837853594\manifest.fingerprint	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamerrorreporter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133813428747461346"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 40 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\steamlink	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\steam	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\steamlink\DefaultIcon	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\steam\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\steamlink\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\steamlink\Shell	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\steamlink\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\steam\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 849466.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5088	msedge.exe
5088	msedge.exe
4016	msedge.exe
4016	msedge.exe
1336	msedge.exe
1336	msedge.exe
2292	identity_helper.exe
2292	identity_helper.exe
1500	chrome.exe
1500	chrome.exe
1356	chrome.exe
1356	chrome.exe
3236	msedge.exe
3236	msedge.exe
3456	msedge.exe
3456	msedge.exe
2236	msedge.exe
2236	msedge.exe
1868	msedge.exe
1868	msedge.exe
4620	SteamSetup.exe
4620	SteamSetup.exe
4620	SteamSetup.exe
4620	SteamSetup.exe
4620	SteamSetup.exe
4620	SteamSetup.exe
4620	SteamSetup.exe
4620	SteamSetup.exe
4620	SteamSetup.exe
4620	SteamSetup.exe
4620	SteamSetup.exe
4620	SteamSetup.exe
4620	SteamSetup.exe
4620	SteamSetup.exe
4620	SteamSetup.exe
4620	SteamSetup.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe
1672	steam.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1672	steam.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeSecurityPrivilege	2316	steamservice.exe
Token: SeSecurityPrivilege	2316	steamservice.exe
Token: SeShutdownPrivilege	2956	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2956	steamwebhelper.exe
Token: SeShutdownPrivilege	2956	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2956	steamwebhelper.exe
Token: SeShutdownPrivilege	2956	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2956	steamwebhelper.exe
Token: SeShutdownPrivilege	2956	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2956	steamwebhelper.exe
Token: SeShutdownPrivilege	2956	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2956	steamwebhelper.exe
Token: SeShutdownPrivilege	2956	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2956	steamwebhelper.exe
Token: SeShutdownPrivilege	2956	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2956	steamwebhelper.exe
Token: SeShutdownPrivilege	2956	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2956	steamwebhelper.exe
Token: SeShutdownPrivilege	2956	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2956	steamwebhelper.exe
Token: SeShutdownPrivilege	2956	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2956	steamwebhelper.exe
Token: SeShutdownPrivilege	2956	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2956	steamwebhelper.exe
Token: SeShutdownPrivilege	2956	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2956	steamwebhelper.exe
Token: SeShutdownPrivilege	2956	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2956	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe

Suspicious use of SendNotifyMessage 51 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
2956	steamwebhelper.exe
2956	steamwebhelper.exe
2956	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4620	SteamSetup.exe
2316	steamservice.exe
1672	steam.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4016 wrote to memory of 3776	4016	msedge.exe	77
PID 4016 wrote to memory of 3776	4016	msedge.exe	77
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 4880	4016	msedge.exe	78
PID 4016 wrote to memory of 5088	4016	msedge.exe	79
PID 4016 wrote to memory of 5088	4016	msedge.exe	79
PID 4016 wrote to memory of 4752	4016	msedge.exe	80
PID 4016 wrote to memory of 4752	4016	msedge.exe	80
PID 4016 wrote to memory of 4752	4016	msedge.exe	80
PID 4016 wrote to memory of 4752	4016	msedge.exe	80
PID 4016 wrote to memory of 4752	4016	msedge.exe	80
PID 4016 wrote to memory of 4752	4016	msedge.exe	80
PID 4016 wrote to memory of 4752	4016	msedge.exe	80
PID 4016 wrote to memory of 4752	4016	msedge.exe	80
PID 4016 wrote to memory of 4752	4016	msedge.exe	80
PID 4016 wrote to memory of 4752	4016	msedge.exe	80
PID 4016 wrote to memory of 4752	4016	msedge.exe	80
PID 4016 wrote to memory of 4752	4016	msedge.exe	80
PID 4016 wrote to memory of 4752	4016	msedge.exe	80
PID 4016 wrote to memory of 4752	4016	msedge.exe	80
PID 4016 wrote to memory of 4752	4016	msedge.exe	80
PID 4016 wrote to memory of 4752	4016	msedge.exe	80
PID 4016 wrote to memory of 4752	4016	msedge.exe	80
PID 4016 wrote to memory of 4752	4016	msedge.exe	80
PID 4016 wrote to memory of 4752	4016	msedge.exe	80
PID 4016 wrote to memory of 4752	4016	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd662e3cb8,0x7ffd662e3cc8,0x7ffd662e3cd8
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,11639233691748370812,12930360361917951724,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,11639233691748370812,12930360361917951724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,11639233691748370812,12930360361917951724,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,11639233691748370812,12930360361917951724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,11639233691748370812,12930360361917951724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,11639233691748370812,12930360361917951724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,11639233691748370812,12930360361917951724,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,11639233691748370812,12930360361917951724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,11639233691748370812,12930360361917951724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,11639233691748370812,12930360361917951724,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,11639233691748370812,12930360361917951724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd660acc40,0x7ffd660acc4c,0x7ffd660acc58
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1748,i,15051867337454307405,4503625132962391935,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1740 /prefetch:2
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2060,i,15051867337454307405,4503625132962391935,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,15051867337454307405,4503625132962391935,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,15051867337454307405,4503625132962391935,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,15051867337454307405,4503625132962391935,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3584,i,15051867337454307405,4503625132962391935,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4500 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=2196,i,15051867337454307405,4503625132962391935,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3732,i,15051867337454307405,4503625132962391935,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4804,i,15051867337454307405,4503625132962391935,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,15051867337454307405,4503625132962391935,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3464 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4824,i,15051867337454307405,4503625132962391935,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4928 /prefetch:8
  2⤵
  PID:2476

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2020

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd660acc40,0x7ffd660acc4c,0x7ffd660acc58
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,13193841218756987987,1225517766815613347,262144 --variations-seed-version=20250113-180118.677000 --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1720,i,13193841218756987987,1225517766815613347,262144 --variations-seed-version=20250113-180118.677000 --mojo-platform-channel-handle=2068 /prefetch:3
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,13193841218756987987,1225517766815613347,262144 --variations-seed-version=20250113-180118.677000 --mojo-platform-channel-handle=1736 /prefetch:8
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3060,i,13193841218756987987,1225517766815613347,262144 --variations-seed-version=20250113-180118.677000 --mojo-platform-channel-handle=3068 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3080,i,13193841218756987987,1225517766815613347,262144 --variations-seed-version=20250113-180118.677000 --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3056,i,13193841218756987987,1225517766815613347,262144 --variations-seed-version=20250113-180118.677000 --mojo-platform-channel-handle=4400 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4684,i,13193841218756987987,1225517766815613347,262144 --variations-seed-version=20250113-180118.677000 --mojo-platform-channel-handle=4700 /prefetch:8
  2⤵
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4856,i,13193841218756987987,1225517766815613347,262144 --variations-seed-version=20250113-180118.677000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4692,i,13193841218756987987,1225517766815613347,262144 --variations-seed-version=20250113-180118.677000 --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4720,i,13193841218756987987,1225517766815613347,262144 --variations-seed-version=20250113-180118.677000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4712,i,13193841218756987987,1225517766815613347,262144 --variations-seed-version=20250113-180118.677000 --mojo-platform-channel-handle=4904 /prefetch:8
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4984,i,13193841218756987987,1225517766815613347,262144 --variations-seed-version=20250113-180118.677000 --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5404,i,13193841218756987987,1225517766815613347,262144 --variations-seed-version=20250113-180118.677000 --mojo-platform-channel-handle=5392 /prefetch:2
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5268,i,13193841218756987987,1225517766815613347,262144 --variations-seed-version=20250113-180118.677000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:756

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd662e3cb8,0x7ffd662e3cc8,0x7ffd662e3cd8
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,14296436940508542877,12137888593481349271,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,14296436940508542877,12137888593481349271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,14296436940508542877,12137888593481349271,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14296436940508542877,12137888593481349271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14296436940508542877,12137888593481349271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14296436940508542877,12137888593481349271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14296436940508542877,12137888593481349271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,14296436940508542877,12137888593481349271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14296436940508542877,12137888593481349271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14296436940508542877,12137888593481349271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,14296436940508542877,12137888593481349271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14296436940508542877,12137888593481349271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14296436940508542877,12137888593481349271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14296436940508542877,12137888593481349271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14296436940508542877,12137888593481349271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14296436940508542877,12137888593481349271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14296436940508542877,12137888593481349271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14296436940508542877,12137888593481349271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14296436940508542877,12137888593481349271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1908,14296436940508542877,12137888593481349271,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6352 /prefetch:8
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,14296436940508542877,12137888593481349271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6808 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1868
- C:\Users\Admin\Downloads\SteamSetup.exe
  "C:\Users\Admin\Downloads\SteamSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4620
- - C:\Program Files (x86)\Steam\bin\steamservice.exe
    "C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:2316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2072

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:3936
- C:\Program Files (x86)\Steam\steam.exe
  "C:\Program Files (x86)\Steam\steam.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1672
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=1672" "-buildid=1733265492" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SendNotifyMessage
    PID:2956
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1733265492 --initial-client-data=0x298,0x29c,0x2a0,0x294,0x2a4,0x7ffd658caf00,0x7ffd658caf0c,0x7ffd658caf18
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3788
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1564,i,17168695846140984092,16138942207412797527,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1568 --mojo-platform-channel-handle=1556 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2704
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2196,i,17168695846140984092,16138942207412797527,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2200 --mojo-platform-channel-handle=2192 /prefetch:11
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1168
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2708,i,17168695846140984092,16138942207412797527,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2716 --mojo-platform-channel-handle=2652 /prefetch:13
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:420
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,17168695846140984092,16138942207412797527,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3104 --mojo-platform-channel-handle=3096 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2824
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=3720,i,17168695846140984092,16138942207412797527,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3716 --mojo-platform-channel-handle=3728 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4636
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3704,i,17168695846140984092,16138942207412797527,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3712 --mojo-platform-channel-handle=3700 /prefetch:10
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3436
- - C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:1616
- - C:\Program Files (x86)\Steam\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2564
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:2732
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3604
- - C:\Program Files (x86)\Steam\steamerrorreporter.exe
    C:\Program Files (x86)\Steam\steam
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:3172

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004E0
1⤵
PID:1144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
14KB

MD5
c92cd5a71a9437bf2f8b37cc892236c0

SHA1
93bd6fea0bb3c7443f6e6f2bd970298aefc90470

SHA256
f79015ce28528c8dda5d3cd1430a007786bd6f0a71c823992f77f6a7ba98b23d

SHA512
d751cd7d89c1f416c6e6bb099d7398a556b7f5e9ec1edc1473152490a095cdf7e0a4fceb8e1cdc3b15578acd871a96d534aa8998f3a0904b243312c36a20fc66

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
21KB

MD5
0a5a5466b7de0e676b981e130caf13f8

SHA1
4e23b4810bc76aeb5e9faba6c2a9b0b5b4d27047

SHA256
eeba365f5f03310dfde5caab9af11460c8e4f96621df5683354ed7fb50e250e8

SHA512
6ee901a1f396fa4016e4ebe75f8558a36ac182cd609f2404998a0423b29d2e6157db8ec437abf81e79e76d6ab1986b6d779bb64260897046ad962d9b02c49b47

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
21KB

MD5
605c4f445e69ba58aa0a8b8b21d31427

SHA1
93673bd5a5fa5ab401850f5185ff2914809b3969

SHA256
e07962cbb34b217533ceb8b6d0fef3b2e5dc78228647a3d455f2290b88f1f790

SHA512
8bb0a19f75bf21469164d968dd04983a9862c523807e7a9aaefce3270d737fbfce6a914d3e624452f3fc35a38d6cb246fcf6bdad96b1c574efa8ae7cce02ba07

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
24KB

MD5
20b0b5da83c8a519a734f1a862bdd6d0

SHA1
be33b29969b29f30788f0178d64f96ce62c737eb

SHA256
d2771cdfa48125ea485ec91ca93b38c1d9c43aeb4ca635f0c0300e44b1b8d244

SHA512
3dadc23d8bec61125c522c6038359a4ed12890209508c6a1a87f4bcd2f4f2c235e088cd81d293b0bbef4d3b22e93d7139617c3d8b7cf981dee52da9fd256f2e8

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
20KB

MD5
72510cb7adb651e64bf7f25d2f6e5aff

SHA1
3ae7b3414ea6571a2496a0e61bc8a02fe9c13284

SHA256
ad13d6a15c34610b2e8b6a24131e88e35adc98f5b439fe0095c8ac30de4701fb

SHA512
fea613c9c890d51dbd843f1c364a6b26f8456b7f190a9c7667484d31f3c4ced673b1152f48e7877f76fe7265c72dc025da39b928424f531eb4b7222fd3452ad4

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
26KB

MD5
a73f57cf1b63ce6da8ff1e3d28575cab

SHA1
46a2ea13dddcb3a554a4531e9cf3695b4cecac64

SHA256
ad1f46d5ed6e68c874bc19f3ba3e1d837c92b5ebe8d6e6a93a5b71f2fcdfd15f

SHA512
af0d5cc59dc9a33367f6d9678b547de3dad08ebc15a10c1a1b87e55c1f53c106853e7f2763023b9aa8dbd6cc02ada9e14b9d582588eaf4b47183cc14d5e637f3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
24KB

MD5
60ede83c2819fc20eba04eb82b76ea84

SHA1
4c5b7230b75094d1955780d6427a9d871c6547b5

SHA256
aa6754d208fe1a15c9579cd4c17424efd3cb99fc7f9006f4d678e1e4e39c370d

SHA512
54f53ad7e2893e85a5164fb0f21239165da184ee5961a2a6545d5386ef507517ac7b0f503ae67a532d950e626fe4b37248b377f4afb4d63f7e84a93357f830b4

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
25KB

MD5
a787bddab56ab8882a52fd0e85d53aef

SHA1
b946c5d6d0dede2373763ca10cc81c4f2c882c07

SHA256
0315833fa2e87914dac24c19774fab8bdbf3692676824b239b1aa57338808eae

SHA512
73abe00b22c7e89be4e5b740aa3ad1a242700df3ffd3004fd2d8bbe939a3e4dff5f9daee3e4765365b50fbe1a1e4261a5d12ca25275be602bcaf52448606bf47

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
22KB

MD5
00b9f9b41d7db5908ca8c6e4a363ad22

SHA1
f0ab9c21c2a87c39b013e390cef53093475b4d36

SHA256
c12e24ba7097f1cb406cf5ea74078389895ec5df3cb853a6131d357c5eac3908

SHA512
7b6da961ef2f78487bdec256482546af4a86f1e3bcdaf674bbd47f517b89d3adcea3198886c1ccc2147954a64eadcc75d2758405d402772b4f34b98e64200bf6

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
28KB

MD5
92f78f6da5fe014779422025876dbee6

SHA1
28ed0c5e5e41233827af6b0abbd535157bf6a776

SHA256
5f348623f1604074740e2fed808050914724dc83d9a00c9edeb36b1cccd8aec3

SHA512
371d3517711c3a8581ee1ddb709221bff7d80f90beb4ebc5ac5fac1b483c9178033a82b890fc067ff57c4a8766bf9ca2641a0d56ea09d42d6210f9612316813c

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
21KB

MD5
7bb04d5c95ed2e1d868be84f7d3393c0

SHA1
777a4e1a765d22692672af9ffee1e513da0546f5

SHA256
ee4775ec2f549cb1765bfb7dc3b2281a1489ed59afeaf586ed1523c425ee802d

SHA512
ef7cbbd0e036628be8cf68593df63fa686ac92f5786ecd8d206f1669e5f047391bf2585b0a925e7c070ab936e5361043300e59e6a7ad285e3a3dd1acb37cb422

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
18KB

MD5
30fe3cd381a07b90925b0524a924a05b

SHA1
18f47675efefe35e091b649225d376096a137b73

SHA256
8fa47b52676a1f6595d369c12b2b8e9ed752bd985d281182b58bb5aa8ecc60da

SHA512
f1597744b8c08307c1fb99005cb656a50dfeb2e671a72e134e50457b2b0ada4a4f6e0db4b76a927cd3fddaf57c720856ff9a608611a56444031cbc40b604bde5

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
19KB

MD5
6e3fb8a893d9b318d6bed07dbbdfc9ed

SHA1
5219c8c448cee00736e19269c5bfed232d35882b

SHA256
47b084230cf7a959a9c91fe2929524e71b7a3b817d048dbcc367c4e9590d6e41

SHA512
006bcbb5cac645dba055651f079bd31046754895d0fdc30e14ae96ea6dd9c77efb30b404a3c826d79de00a716dbc88417405d8e9b53ff9f30e3a83768478209b

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
23KB

MD5
961f3d4552128e35fb48e49ba9fad49d

SHA1
80d6c55638c428fffad14814edd42b8d8acbb820

SHA256
d5b3718ffe056c3d56fd0f1deaf05b470137491154238f855d8d8aa02873bb98

SHA512
a157beb0b13f855179a9d9c4c9edad29c4fffcc17bd63dc405dc20f91f2306a31c1ff21124d59e4ba9be71388d81c2824f7bbd3aaedb3cd7113ced25c0a57e18

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf~RFe59f9d7.TMP

Filesize
184B

MD5
3cdebc58a05cdd75f14e64fb0d971370

SHA1
edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe

SHA256
661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7

SHA512
289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
3940148bb31c739fe5a813002002bb78

SHA1
8c934f084062d305772a6643a8610c3a4587f95b

SHA256
b23186f7aebb73adbbc3edab05170def7edd8081ef6cbf4c802db559f5a8d538

SHA512
feb308a2c3f1263afeb806eb34e0dd986f735ed08bea4e2692ab73c3c8b52907d2947d6cefe259888dae95e86d3c7ae0dc3b38777b94cf73e326ec5b5df1a6be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5e072edc2d66a0f88fbfa503dcf9ab88

SHA1
a41d4727480a132fdfd6f1e9a9d5bcecadac3cd1

SHA256
50e19fe8e8b08ef6fa05accc606d7867697ed7b855ee8c3ba879f9fadc6d8c32

SHA512
60dca8069d6f1701f6c1bd58b2d43f23d33ee714eb46eb7d2cf6c4d7ecba5caa02784ae6cd64f37fd003c7c09a22a0a7711e05a848dc42ba047b77b9bcc1cb67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
51d873cee0f811a5b9b188623b6534a7

SHA1
7ec64cd18fa6c8663a3e04dd440d8fbb83a02b1b

SHA256
963f7c1e3722816daab23c307ed681664664493979936c2ac0e8492f1dfd2473

SHA512
8932d57b95d3a743b4678aa10d78c8b666e229dfe945f36bb3bf14f166829a3828a871773eca63af5af2ed727b193e68b4b3b4234de8c49681cab25fbdb9bd7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
d592843d6d57d87f026916191f999518

SHA1
fb7b130ae2df476f74c275a8af15d101e04068ab

SHA256
e5ef77811d67128038a2e5d2f7d67c9abb9ba46d244b86629275f61aa5295dcf

SHA512
51f1c748f0506e8835fbc9a36fd5ed03c4e9d552eb3114e5011b1d0df5cbb666cbe590ce7da2cb4790fcfd572b8b4ef96ca079c5fc158d8ed8f18597d6262ecb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
76a15725ffe966bdb770e38539bf214b

SHA1
1bd4e87e5cc2a511ae71d449db21c2f13d69a641

SHA256
7f83804a06f47aa6a4caa8fd149d7f4106fbf16519a1cdd888ef7c0868809b6a

SHA512
8fc0db95f2966b28d76a09188f4aad00cba1a4c382332173a6e88eac66d25be3ce8def8e17e59b14088c568d3b7fa62207a6ce6b8c6e92cddf76a7ee95825f01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
59a9c04e195c844fcb36c58c404bbb7e

SHA1
1d55459550f0f78858b5793593a94990b755af12

SHA256
b29cb80688503005f88a22f3a45220430671f00305f4ececda8ec8ae7c147deb

SHA512
15ae10dfc9e4b384529b810e0d1725ef577cb1b680ff34faa9d479bf681b936a5c7a00d43e0669e72debe92b9839b88c89d5e4b8f2249925cd89f655880e3fa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
3bc2b6052ff1b9feff010ae9d919c002

SHA1
dd7da7b896641e71dca655640357522f8112c078

SHA256
483a3494759a05772019e091d3d8e5dc429d098c30007d430639926c3ffa16e5

SHA512
0b1632b73fd87e8e634922b730f83b7950e9a39697a46a3429f0bebb3f1ebd14c815a4651ee8f663a437d00ecbeb6ddaa47b2fcad719777edf1b1de8a7cad0f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
9214cd4faeaa7291fc2ea7019391edd1

SHA1
13d182c57ab35af00e394a04a135aecbd9cc0952

SHA256
a0bc572cdd3b67c25a05d4823e139d2514a10aff360027005912fc7c41c42297

SHA512
d4df364647974fa8d7bb67aca23cc1839801c045d4b5fd71e28ab452470bf88f4f4d68b3f53eee156d1166ad0c95503ba69a2d0e8f51d8baa89be5354e74ce0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
7450dad24f2943b50d777d99a902d1c3

SHA1
af056aa16356bca94401188a652bf1de634de8a1

SHA256
87f464b586e899a454c1c0fec5d259cfdeef4219c5d342ce8ac4f3c1f89abcda

SHA512
df87f679d2346835c6ba2221c3a2a595a2544a482b6eef98419d1b6927c8f0c0b88ed942539af0982f5b61d9f9e6a613e4bfb915c7ac9f8f4402dcdad4587993

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
0433e3c49073a3bba79456d31551e9e4

SHA1
3e0598e120c9eee9cfe9683c5057f838b75d220f

SHA256
33f6bc75a84b18aefab4d4140d2ab3c4f6a1cefb06433c528914abef020cd91a

SHA512
9d644f0c7fd44ead3e2961677e8e46f311242d7480c6df71b3544b8f24928553fde50bf035733ee3a63cf13ad30f56589c2b8d554d4c6c7e8432b7083eb5c734

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
b3336102c4ead520d69ad2150c916cb2

SHA1
fe389261c37ed0789419e068fc6225b6b291bed2

SHA256
8419787e71c3d2a6cebb597ace03839a36b2b07c9364b1bb33210f35a7914dcf

SHA512
c77e90655038926f6a820ea2b3efffc6c22ec179ffb72f1ccda0472a1970e712907dd286f4d797a64ea50420d6529b14045e8ce59e67d889d6ccb2d771eb2c10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
676e6776061d7c9fe9cb87e3878a9767

SHA1
5c2d3ea6797926488bbc6bcf57a00098ffd1de27

SHA256
63c86cfaa7b8d60f37fcd69403e2ae73f2bfacf13b7a1bcde84430c7401a2475

SHA512
c0dafac8e76db28bd75040e1d2bfe793f979a5ec882047364816627b551bc39a9b8610778bf6b8e00d43212edccb38b88a0d712aea77436d20a525f1faa52b17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
1.0MB

MD5
b334e57fabc26e241246fb2675702e76

SHA1
563b74075cf7883482c9ed4029d245e0f1434d12

SHA256
db1d4766bc28a4159b24f29fc789ade733a372367dad4f8ef6a55a84eaf61b54

SHA512
7b0eb2544d93d13d03f4ba282ce232822a5fd78b16750c7409e1d071573f31c7e799b6ce5882f48da6c23c5ab48de2e0c41c6aea0d44cb0b426799e7c4ba9984

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

Filesize
4.0MB

MD5
8f564bfc53b371853e712843a2c9589a

SHA1
853d49f7a896ed08af83826a7dd427124301c770

SHA256
dbfe505a6e9e5d1424ea288a885c2fff079b9f845535de28663b0b6e528ce882

SHA512
bcb7b3603b1d08f0ac3d15af07ee879f37e98d5f5685136b2f4c90a3f0f3fd6314c3b034f9767673c791a81b6d8aa2d9acdaedbfe99cb900d8631101f1b10725

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
adfc59d06c62c7ff93579be7eba1d9c8

SHA1
9c58819abc3300a49e1193c54975d654000f1280

SHA256
35818bc1f7dfeb6521fb31545a5613f1c63e3e54d1825d326b3847e4d1b6f94f

SHA512
9625352ade576bb93d6f2ec57339ac35356735b5c8fdcf41a0bd54a09207baa00170653a83154d3613cd328cc08e78f3704d4069254c1d5cb61d8f053aeec3c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

Filesize
121B

MD5
da894bb9e05fa41a23bdae7668e2db26

SHA1
cfa8a2a2914575ea0570a1b404e65ecf83501d56

SHA256
98b31166978fadea68381862d6e5be8a9818564d11ec0a03e4a93987f137daf1

SHA512
12f9b623700f96650f50e0fc04f9d5d64a0208cfcde9c4dd061377216d1c91325062eb6bc83fab020b6d78736d3e210207da1d2e7343280cc680066ed8986bf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
16611b5b12ef730a74ad7477aede7a98

SHA1
ef0c015602d535ee8c22ea3492267efd0fb33388

SHA256
4278a3715de34843cda5923989699579a71256e751b4471af5a81bdf49e0791b

SHA512
52295c6041b3eaf953c3015a2f501b61307392ef9b9d6c450a8d017f5e383891636f38125c81fd9233d57a2895745d8b72b3c17c979132c71d1e6271e64c4df6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
7a9a2d08594a4d477fdac05e2fb48de5

SHA1
ee4d360767f33ec9552d9c2f494903a13a1bf372

SHA256
d1434bc358853189824477f012a81fb6a6f73b44e5f142489192ea4350ee2f61

SHA512
d32c286831e58a5c0b1b2edb5bff8f0a24a218454e9c16d25635e8aebe0855d265b8276b1162f828dcbba924a49ae87dca18087b03fbd326c8f54f98090e7093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3011b160507b8bcb55330249b3fe9bd0

SHA1
68aa9839e556cd9afb1bf1b82fce1c1f1bf4cd55

SHA256
4ac754141a6c3f09a6c3ee8b05771043363cbe201803bf541936d1a9d21dba24

SHA512
13cb19ee257030da4033ecda233ca50bab5c9a5d21108ad4809170fb7e1ee9e068ca373ed30719e0476881911faa28bfac69e039271e683ef24c1477b7c4762d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
df3d60ee56e1ec30381bed9c1c666e1a

SHA1
c94ca64b3033584d3868e1827b90db69773ab2b0

SHA256
491d48486bce8d996f6b11fe06ee69d58371f071253ccef65c15bd3dc8ceb5fc

SHA512
2901d3cbb3e4dd6f809fe8bce726d8bb60eb3e4fd8c632273d4e3ccca97519f12bc94f46f4884b2e976f386d0676eb239f8e4efb998b47f6182ce978aa4a570e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
296872c02cfab73dd3d67e78b8202d6b

SHA1
801115d6135d4b36cfb26b1dd1650125f1326f78

SHA256
ba77db1c4e8a0bb6d353be61c0baf9ba8cede0d4e77ed1e6527a9e5983ac338c

SHA512
9e9f69d4eb1816b6210509d8b80a651c061a4f6d0e42a8a022c4294b2f7cd2bfcdfda0e0002d4929ca6a418cdb154d3a0fe6d2b31f48b4e9dbc000cde59a7f4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
75ba39955d5fd9cef178904f77910f77

SHA1
24c21955d49e70443aa8f92675e3252b43d398b2

SHA256
4de75b006a9c5930597b70545a2a21853cfd5a6c774da1fdaa9efc4ff66efa6e

SHA512
79d80f8abf6f88af679d74b11014f11121b1b11743731c0e03e10a1dc988f4129189fecbd52dcac11861b9a97539ce5d60c7a83acf613afa336c6d96b81c64a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
d3e8b254562f7a82c9c10da7e2e74410

SHA1
afb9d50c0e234989d21968f34fa7221b95536d3f

SHA256
58d6ab06978ed8e3dce05216c4a0e6c51b154261dd73869accc11fb1a13467aa

SHA512
bfe7480decd7647f6ab9dbf05c3c4ed3b72bb4ec8190a2589282b7248565068b51412ae5cfaa874d208fe4d4f0150fd57dabf4358456f5cb1a0a98b156c7abba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6221a77da6bdc6600196d3817fcea2c1

SHA1
1db7daf942b4c30832eb30840bb2addcfacf4ed4

SHA256
b091ca0c419117101974d3e67e420a3c9cfcfe7036425c523e40d3d9113debd8

SHA512
a94d5f224f81f7b272488ae4eeb4a0295197144bf87a5ecfa7c360f3e8836633dc2a8f171d1cb4f5702a798fa50dd9ac85ad9f744f48b8bb7bdda665f9e532b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9c5588ed1ce10765004bd6eaed50e332

SHA1
7d4ed9d47d7e31391741d73ef0b7703e5d4f46c4

SHA256
cd996a8d2cca841041eb9346ccae4692f91350472ad2a394e5a5399b1a6df013

SHA512
d5f877d9f291f1fecb67d402d1bc2067e731351e6a18f110d745e1834243b5cc4d3eb688c8ed215fe88549de270ee8601c9579e7262a28a5264e26bc4d73e0d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9c8b9887f9c45a6e27d76f86d7bf7013

SHA1
6d6ca90fcf08ced70b0bb62e7057bd1829fe13f6

SHA256
310f4e660f3750bfd96a00e075e5ee7da3943f191f8c61109eaef7d168c6b745

SHA512
4281ca50e4bbf596f123859d7b92ac2469f5ba2424b4742edd7421a9b27312dada6b650ee3a356ef57bd42c0563591451d14715fc945efcd012a1a144ae65f40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a9cf1ac1e0cc0da7af2efcce4ab37378

SHA1
3bc24121df6da31b1f69c77763a12b776d803c17

SHA256
fc9c04b95fed61069aab9ca4f333b751290744b8cd9c08e82c0b47c25a9257c1

SHA512
006f78c4d4bd1bc75d48091d406b14d616317186105d465da329583ce9736cf6ac9d1d37697bdff59541c8a75dfa7c7b4d9c3d5c929ccf642b11683837d26837

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0a545d420d1bd84c7b9ce42e56bb1fa6

SHA1
75c97826a2c78d6326fa474e4532174a1056a2bc

SHA256
269d35ec597030bd0152b4870be2d532691868ef3077e8e2ae449fa33137796e

SHA512
fc0127eb614955c887bcb75ae52f3d498f058ff3fcb93526dd8f91d3ec5aff444baaacefa28ad26f7a93d69d12552882d253ce750e6c10e3ee8de6f50d798661

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e71d8bda5cf9263016faede4e83faf21

SHA1
61d9c907110c74fb95d1f81f0e3621f4c945afa6

SHA256
949ddcb1fa1d94cb1caabba0a14378bf38e80da3600a0bd115d5ba6c4577dbd4

SHA512
a68e07e6f1bc4d731bd2d8f5592903bf73f667b7bd1f2b8f3f2ab487263e259bb1230b1a8b6cc623a946fe9480894442c9d0009893b8c9604d005b3b581f4c2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
336B

MD5
efff4d1a7c951a0153465c2575e9e088

SHA1
111cc64ffa15c771f732e6a16cb775097744f316

SHA256
782a2df06796f277209bbe1083b4722d816dadae9a5bbbadfc9ce256be5d2f9a

SHA512
70464563a98c50ea7b0071a57ff7fdcabd9bb09559f0b160aeb33b2ca942f1c373795e1394fe3c1d20564e865fffcfc57d2e79b42712022c05edd0b6ed27eed7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Filesize
72B

MD5
118c4f44ad3409a4ea515fae94fec472

SHA1
544fb364d72b111159ac53a5b202bbc177d390f9

SHA256
e1972b1263166aefb73719b32fb1750c41c127e476b03d560c18e4b67cc255a9

SHA512
81890a89bba0c0c306c2ca7732c6b65b2ec6d96b75c8e5982fb5b7b6d00a07e4fc0ef4a16a98a509cd016873a87a52cc5d3b72213b43c2406c9413f5fa57655e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13381342875274144

Filesize
3KB

MD5
6d241783718aedf4ae7bc51ccaca5941

SHA1
8f05b7ba2ccd46ea21c666fb045c05b67a989f1f

SHA256
9c9ddd2d2ce744422797080ad9a4d8b1ced88ee6da128d8ee53c7a8e1faca31b

SHA512
f59030c98249b3b03ff36ef81d3519c9f9e8387bde8efb7149f0fe38cebc6a23467826d716c102c9a21252687e41ff00cb3a3b024ad4d935fc61bcebb123d640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
cf2a8e25700dc0cfff304f04d7fc5e21

SHA1
987786471fd65c50fd9e4c68a688ff5bd4ee7f6b

SHA256
ce8de5513a9f5e10f7be7ea324dd396a828bb173b9117f029aebb16196640a86

SHA512
4a3fc20e20a1dabe5cd14be0fe1d1b30e8c327607393d69537832eec00390929e6dd59f58a30d22a1cbd77420a9ed6dfa54a4ec2e046ea73c8ec41b5dcf44128

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
50c2c0eb467234ff81205dd287192629

SHA1
5fba997da8b05d83cd63c07ed3a4595c07e7b245

SHA256
dd01eaea9a460423e36af28f2d7c8d01b495c81e00f73cd392671f0a83fd6559

SHA512
55544c55c82678a3b17b14219b4799edd1b781e5d10fc1b7ad6a30c8fee0581e0949aaa2195cc3b1460e2ed1732894954344ea7fb52ffc32d751fc375e1a42f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
313915855014878e704e9abf4356792f

SHA1
6b935c894ec599922398761c6c209520d1204076

SHA256
bb9369c0da9a48cae4752ed6c48a57a3244fc22fe49bf1e5ff4835b96d22aa57

SHA512
52e39ea2ad63465ef8e1bae525ecb0baea7deb0d5430708c312e6e01ea0990202e536c10d85e7abbab3dc4916c1164ebac8db7e559566b55134cef39b0a07667

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
bd151de5f18fa3dadd110c1b1a3540a3

SHA1
637f931418f8f0005b46b924214283aa3caccc68

SHA256
0f1746f61dfb37c7dca0e6a3604bd579549878174d9db0b34ef30a8ed0f86a62

SHA512
57450f6b23a035a5c75b8622763a42309e3050d5e1061e8fd74fcc9e11f8205c86c72026c46dccac017fedb462582870c2c8f009d74770dc5386afd844c8b8c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
114KB

MD5
a45bfe01143ddc191346814a67d049fa

SHA1
9d66c32c5cb300b3cef2c6069b52463f6cb8ccd7

SHA256
958856b99acce903e295e27e32b87d18c9790aa0f1bcf3bb74e95c9aa6909a8f

SHA512
7109d5abac2f0bd2df990bda43f0ff5ad947b8c8da7df5fda1d29b936c1f5504447b51f2044ec0d912192845075b98d673645746324757585355cb44ea3b31a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
ae04aa7fa4c8966be902ddc9d20c86b5

SHA1
8fbe63e53d5940c4464aabfaeb1d673da780885d

SHA256
4b4493860e88805384d9862fc7ab474a2ce70b26e63277530ae28eeb89e41fa0

SHA512
afd34af1ee69dceefe15000d5aea4e5567ca43a77511b91ce41b46624c1ec7c503f89f0fb0605f0ed0384407cece7c28f383736dd7d72816a258e27d2864939f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
119KB

MD5
e7a76cc26964e60ddafd41e933afd7bf

SHA1
4f67f34a5f339c7ad0b0afd9e37980b2313296ae

SHA256
e7f5e1dffb01df8475d95506f894dbf1f326135a31c09258a8f7d44f20fd0049

SHA512
d6f1428ad152e7f02cdb629c478aa49c41a70863a1a748ff4f14807363389cab12c0f2d9108fa32837c4f0e39a7f233e14f8661ddd654857ea80d963d6b1e79e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
119KB

MD5
471912c1d5db0eaf68a0a0e199ddbfca

SHA1
edcf3b59ea12c2ee0bfb3941c92dec067fafe234

SHA256
32a753c28393a5e8f5558dd63a851f10431e5cb18c85de6accd2bbc998257d12

SHA512
58249103406444ff7b574b407973c7c230d05a0a51a05b801473e480bf752dcb4b6c68e27b33d9cb985323f87613363fb294c6859d2d3e9331ea3616cb5fc3a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

Filesize
28KB

MD5
f9f1acda3da6598132283b52f0b51355

SHA1
d1845cfcce71a7cb525e5def46041c17551103fd

SHA256
5debca0284cb5fbd52c8289f0002e4ba6a328e5fda9ca8bfeb430f2acacff355

SHA512
1452dd2baf6b5a635085b41f19794f0add53a41280e1047c1358b85c314df75702ce63ef5e834b65898426a158fa2bd90b784938f4337aa30a7655e1e400c832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e27ed6ff29a297ddbb2c0a420fddd745

SHA1
cbf36d12ac4e487a2e346937ab2d1cf525a2f49b

SHA256
3408568e92108bb28de2abc9f068dd00dfc9522c5db9e0d8c754d7060e78f5fd

SHA512
313de74865698c772290e5ce4d8b1e4c5f0f370eb35b49d1faede9a69a9657ec01f6b26d8a59043171590867872ad2623d63c7110b0bd8f987eaaf767e41eb7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9675efdcb679c9d8efef09e9d870dcf3

SHA1
83c8009d08cad75beeea575f7c42d0405ef6e0a3

SHA256
6d5347170bc46914e2124cdadc2cbb5d57cbee015f2a7374dad8fe73f5bf7227

SHA512
5aa01c9f0dd03444d34cd07c7836e497efce1d3ad454c225abc639d5a10ee9e90db654c0836642fcc1b491094db07375808289fd1608e616b3534b3227d20def

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5431d6602455a6db6e087223dd47f600

SHA1
27255756dfecd4e0afe4f1185e7708a3d07dea6e

SHA256
7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763

SHA512
868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7bed1eca5620a49f52232fd55246d09a

SHA1
e429d9d401099a1917a6fb31ab2cf65fcee22030

SHA256
49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e

SHA512
afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\23366d5b-caf6-47c3-b9d7-26d4d8d6fd68.tmp

Filesize
6KB

MD5
dbae1411814b99a60d0c4ed35cac4b7b

SHA1
d41c1a183967f59165878bda45566c256a07d28a

SHA256
9b6ecbd84d7ed5aa6744e4dc930b390a51dbaba92808d84313b2952506e417cd

SHA512
888b1b680aa4380a00472c79af44a6174f8d814273b3eaa82ccf06dcd7dc5819734c907c776a4abff52a8f57f6c5289d17867608e1eb91841675d49913480707

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9f754b7f2de2386abd76943603c54a64

SHA1
4eab75e9e61ce4fccac813755326c0f93fa4b91e

SHA256
a3e99991a460d3a787611636a9152aa075e7ae69432f0db7d288a9a56001acb5

SHA512
a90e99e14b749feacf7d5fdfea0404cb6b1b770dfa63532486c6d890ac5b0bc78bc1713febbdca1786ae2e7ef1d38936bad54888c83395f243a7eb48245393ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
5ab068e5c5f14ba2571bffec3e11fa18

SHA1
512912f76c6256e8227d65d09770612cde8be76b

SHA256
f6b2ca20d7d3ef702d0284469fc8b2a9900b4d9b902e560936cd5b3475d331e3

SHA512
374317ec9230fb815d9643229575b1279117ee33ec3b8d65a454230d281d55dedca5f3b3e3bc20d96534318831465d9b27b14f8306985ee3f9223976444602e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
feaae336c45baa329d92390c9a7b75dd

SHA1
822885e36414716ad0d6aff00115e5f551b6e1e0

SHA256
4f8200ac0d4cd8c280f8822c6337c08b6d8a9d69987925b504903ec7ec05bc9a

SHA512
4107e8ae1ef1c6bd9429f8de01af7622fc0f2fb06c883b8db438b74c8802bc0f7fa8cfdf55552f5cc19e41b49057747ae9bd65ca50da4a91bde1b60a8de2b789

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
82eed7f6ef92c6ef0f8e81dbb28b7dfe

SHA1
053e648ac8b91789cfab64112250d3ee6023d7ce

SHA256
0e6641cb544fccbd802fdbdb5d7c9d0ffb4c7f73c6f89ef2f05738e4f10b9f3a

SHA512
0e479ac82709b089aa78f29b9622e51b71f3f1d6b220bf1ad7144722a4cc47e5d428830e47b7fed74d8907f7b39828886133b17d1ac530d9668340a14cf0d69b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7865168fc7eca5e1ed5ca31e27687247

SHA1
117eadf4dc16856a412ffb0a6bbd8ecdead3fa96

SHA256
14dd467ed77da07ec070b75db3647a2706e7d6298976ec07e71ee85ab5ba24cc

SHA512
3021a61a3b12af4d4806828d9a53e381dbbf78a1bb69162b0425c82fb28d55936bdc6413b537f32a2a3e400e6040ba7fb46dc1e56fbf065191202f4d1fce193c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
68a9abf3fc3c4e2913a3112f218bd9b6

SHA1
e8e0b655206be41ca7ae60446429cc2c783f01b0

SHA256
eb9fcd3766f4b22745c561ee6d56fdee3cdff69482dbbab24ec7dd1a395763a0

SHA512
e5812226f8785be461cbe605b5feffcad827ac2d662b3ca393f30c50175c79de1ce49792435fde7aae2307b613a7a01b9dd16db3611a5bf47cc09d5b52795abe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
95d5c14f9c85a94f0867c5a7a7e9cce5

SHA1
de902d426f7dacdcec3a3922ddde3e5f6484a2f1

SHA256
14e79ea59d1742a84407a78bc098444e1a705d7d54f9eec7818539043b302630

SHA512
df320b5a7a00d3d68e4eaee72e87c0537502d9fc9f51fd19382e0e4d8556b6bcba918702e34bb97a4f083931d50be524904757c119701f9709f3cf43d9b3fd3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a33fd7051293ad96f2626899e39b295a

SHA1
5f92c82326d6f42f68b5b6fe2a1eb8f0366229a4

SHA256
26d2b5725df9f06a2ca42c50e0316ed78a361185405d86251e8439d4ca3638c2

SHA512
21e4fee011271ac9e5de5c0a83e104f70250cb30a037b58a01311020ac0270f429b005f29461df67e91bff911277585fe805f13d1b2a8f07a04f34372db53b16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f2bb67ad9589dc4eb3c5f7a3778dea92

SHA1
33b2be5b10172e7c26323c105ec6cf66ce46e8cd

SHA256
6b3b06fff22fbc9adf458cff43362a3281071e5891df929a4de11f05e6c8cd0f

SHA512
5fa91c253972cea5093e836d9c0222fced68e7e88f9f011d49ab1fb15a0e8cf1ea67e08ff06cb0c6ecb7e26bd885d9efd02e8a3eaa917ed4175b2c885bdc7385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3a20590eed2a7a61e568e0b816c00404

SHA1
26a5239f97205086976982042d58b970e7f7dcdb

SHA256
5ee147f0feb0565687a8612214f677e2b3485c9fa98d994e99ba0efd10ed9d64

SHA512
aabd43213b4f244157ec5b84d396f02c6d842efe4f19a9737ae747f850899561a68f6147db3bf71e616c8a6bb2f815d46b21af76fa6f6ade72ec802713b58ca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4c64bb9e1e44b9480d5d475a6fa7e1f9

SHA1
9473b0600e5c448eff18905d80f76848e512b631

SHA256
5d2d96c45e448f48b6315a78a20612a5d98bd069cee824fa3ce4d8ce74f7cbbc

SHA512
cf0825569d883142fe63f685a426cacffb3f854d1dfd9478d27be2fa88597bbb2f5c1866ac5d255f71105594bf6531b2e8ff104b426d370d02fea84786850b60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4339c257210ca2237eb6c9698d012ba5

SHA1
c389880e4b77da6957d52e414013f06ea5b2d7f8

SHA256
4824be1b23597fdc929d7fdbd6078ee47ad95ce93806bfedd3f3af55309a2510

SHA512
864685b17751936b623f734d33f14c2e4af47e73b08dd477543c02e5812678ace87b3b82141b2fb3826893e04c8b560069bf3207e8420ad8e2469eb0de75cd6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
73c705302a5cdc608220cc12ec344a95

SHA1
6c3a8bc57cc2fe931cb5c71de1a804ec59583995

SHA256
e3e40f212f544d3ca0b99938877436fcacc92ac95b8d5187e5730d35986e4c98

SHA512
6fcc359495599d180e65fe50361d0623d407c6c9cffdca345217c694105766e67abe72d2f77885f3aeaed9e542655f1c55e0b08719b3258f83e99d15755bb54b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5441493feb0a289cb6f10cc8a91c650c

SHA1
d03503edbe2be1a064dd57b888f7972a77302f9e

SHA256
1f0c72bf74cda75f520828b4e0958ea78524b049766fdf17fdea32fcf99ad4e9

SHA512
fe3c643caf93d36ae6d84628f7b556c01188c61edf56ee5d5e4fde119dff50ec1691d7d02b502d7eb2ca359a68351f5b838f68f68bec236f7c5d8de8be84af84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b5f9e83118cb299a22eee91513ec278a

SHA1
ddde23ac35688619b386be5f490911f69410cc7d

SHA256
c93c2435691e5f26b2323e926a12e574b8cb86385591a3de788b17ce4fe48ba2

SHA512
9efcad2cd3948f675bc9d134925a6023fd8d55b059d1352140d05f01bf0cd8d0d2ba0b960f3fc975e82bad2ee01355e80311fb4f47dd44a00163b8d007a6c1d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5f7645260732d3fc5f54c54eba2f10d4

SHA1
b2afd71133200cd0b4e1cb9467dadb385fb72829

SHA256
c8a83a39988b2eb340cb2072e4c7002e72601a62d8d60efb5cccdbacec8f0c91

SHA512
d828668a1094c9699b8cf951b88b3d843d20cd9b01007ab92fa53f7f0ae0dbce64cbf82d5e047d16cb9e5cd6fc8589f4fb59b8ab0dbc3b85a071862bae7efb06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bb5cd3bb3b6223a25a276a6095ccc00a

SHA1
0eb690582ff89676a09442b4cabd51761974e8c5

SHA256
869612be5b4a9ba13cf7c4378bb3084e0e8a3a5564aa1c7b8f4bc5e1b2f3c660

SHA512
4ca525cdfafcd60b362832417cce0ecd714cfd809ee853318bda718feb6ef673dacd438e947976cce7eb38dd2a2ee8b3de4f31d051d91b385d0a27b7469f3765

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
7e77c2cc147e1739588c0eb9c961e092

SHA1
92693539116d34f6eb2bf0a65e59053a17c43cf5

SHA256
7230bdcf9708c795d9d6baf61a98dd2ba4607bd7d8e1324ba23e3e692d96f9de

SHA512
2bc316b320e5037230a07ea77ecf33dfd1ac00a7d989faf3ffc1757df3a42c5e9516e053d96808357e5808dd914490b66efd6db7d981c1cd45d96c0bb05c4313

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
17c2bb27244690c4dab4c953318b5520

SHA1
498926f36455741002a262f1f67d4ee481b300eb

SHA256
3fc6519301e27fe18523496d6169ad0b351ec6a9a78b327b05fd2012d2ba96c8

SHA512
81731f453567b9ebaccd048311076e2101a704dd8bdefadd679876f2f0c1b2f5db89230fbd044e28867f0dd75a15035fc6a06c782c9d5c2fad21dbf25c98776f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
822B

MD5
4f2f4409cde6262514c8ccc62830e591

SHA1
6972900e45ee8bb11ea64303d6f4e20fade48024

SHA256
66fc411ac0cef2777934855aa64950f232af9f5ae11a03e38636b328cec2707d

SHA512
6bfce7280814acee23943f55365a0113481b3df21aadc3cffefcf860533f407c5a3d50c0d8ec50fd5ff9b2f149aa1dc0576ede9525b12b1d766068ad2fdd09e0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
710B

MD5
3585806c53114fcb54d2bfe3476b1ace

SHA1
d7fd51d1df2fb12b8ed7d59674fea34315476357

SHA256
2296ccd3cb57da069bcb3a170c672ac80974e8d1a166ca285a81ee1d28011d2c

SHA512
f55c7f361752efe2b4fdfd506fbf03cf9a5c4cde36dda71929850c0e337832e8ef0ddc9418451dc322fdb7590bc0db5315f3c8af17b0e95cb19155757ab2d132

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5b07bd.TMP

Filesize
529B

MD5
c3559618f837b1c933ab9e919001aff9

SHA1
512fb569ad768dee8db4d74c4dd9efdc5b73ee49

SHA256
ddc3faa436adfede9e8429ef79074994b8fb88c50ca4e978c68feca12d2e0a13

SHA512
5c49fe899d3bbc289cb5513090938a3aed207fc7b7a2950f917cfab5ef5bc65fedc47426b1b349fa16a5b78700553a50d9fdc2bd2bf487f1b168a550c5914be7

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
300B

MD5
a8f493ee692988c064dabe718041550f

SHA1
7b817aed5fcff9698ad6289038f46945300e2a5e

SHA256
319d651a1bdc4dda575ef17af32b76beaf3f9d1f4c5225c7d2732fb36cee5c97

SHA512
7db45adb455054097ee18828abce62fd4bf4ac7c355f437de35b453d8c4b3a8b7f39f324866620294bc68b6c54c0819f2168df3563f911be22415e4a82aeab2e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
686B

MD5
d0c3497439062eadd62fed4b8e296374

SHA1
42e16abbe4e2bc13e726e8eb4704deb6b90aeb0e

SHA256
fc34f2be2d3c9a73a653e47e6624128f5fd47acd6c839a01f5d8d434d703b60e

SHA512
547f20b9bc31852ae81cb41791678f76234ab22e8137b2bdb60c9be4aaa00a043cb23955e7a151b6d8dd1bb0fccc5c2d8e488256f860b2e92df639283d6d5626

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5b1b54.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
188B

MD5
3e40986980c6718e49620de9948501a5

SHA1
37a2d9fbad9f254361a863b1b880985b7ab80bb4

SHA256
af4a0588178a4203ea02b03e61f334d498123ac58b94de4e6c0dcb4100af30aa

SHA512
a83fc4f2e3f72e9c45abe2b4f295e12de5e7eaab1082f969693b56c7a5288b2a7737560a93d6db1020f1a6e7bb8ea23adf4a7091214d6e9406a7fb427bff3379

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe5c6dc5.TMP

Filesize
188B

MD5
c90429a4d6d9cd36d6f2fcc9aabf24e6

SHA1
67b158e3a8299b1f01cf22df1123625cdaa4187c

SHA256
f79853a3aff23f45119756c5e3054f47e190c4e78530ed798f7ae2e418796670

SHA512
050f95a2484eec99fad6ccfa43369b97c6a47a1efce40bc249fddcbac90babba951e26237223b768f3a08dc0145d64491c4c5e9a257e8f244c7b1f16e76e34f0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

Filesize
2KB

MD5
602c49f9246967bdcff45b4f43cf2fb0

SHA1
4c5796e0c724bbd7a9244cc8a0fc9e8f40181f2d

SHA256
a3ad9649c1038078038be1abd591cdba73b4b4f5cf30e11bb6cb7a432b746114

SHA512
2f273c0dd0127071f4c768cfe7277c6efff84c1ef4f4271c1326db3658c84261794b106af3198717f349fbaaaf276163700bbb50ae20fe52ed0a88a192d46f77

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe5c6b54.TMP

Filesize
2KB

MD5
68b20851ccb9834d21fb32615e42bd43

SHA1
88fab935f0b9484994097c08f785e9ecb7d68127

SHA256
a954b528dd65ad6c4c2091fa32f17abdb7a49454ce88e10bb6c377734c70c26f

SHA512
dcb0771120c8fe35213d60e9abf4b242af807324759e3c99e9b2569c00a941d885d53ef6fadfe69e6b740e0b52a6008602605d643801190a2d29175a7d065e15

Download Submit
C:\Users\Admin\AppData\Local\Temp\e44f128f-a455-404f-b25f-6b6e8177beb9.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBD23.tmp\StdUtils.dll

Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBD23.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBD23.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBD23.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBD23.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBD23.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1356_135928142\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1356_135928142\CRX_INSTALL\manifest.json

Filesize
1KB

MD5
fdd84176e246824c748bc9ea6bbc3653

SHA1
4c2fc398308428a257d743153b3a2a90fc79b3d5

SHA256
e2acd1525dd716d55462f73a122e79070d0b12f2dae3da8b4b83d5ce59e568d9

SHA512
da48ae01704f3fa61fc5684f9638177d511fbafc3c782f9d61066e18fa82a036c25c4691f73d3266f53ed496f87b6484195370f39b34248acec16c3ae3d635fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1500_857202369\8541f3df-c34a-43de-84af-366415f617d0.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 849466.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2956_1837853594\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2956_1837853594\manifest.json

Filesize
1001B

MD5
2ff237adbc218a4934a8b361bcd3428e

SHA1
efad279269d9372dcf9c65b8527792e2e9e6ca7d

SHA256
25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827

SHA512
bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542

Download Submit
memory/420-13842-0x00007FFD73DE0000-0x00007FFD73DE1000-memory.dmp

Filesize
4KB

Download
memory/420-13843-0x00007FFD74070000-0x00007FFD74071000-memory.dmp

Filesize
4KB

Download
memory/420-13964-0x0000027C36760000-0x0000027C3684A000-memory.dmp

Filesize
936KB

Download
memory/420-13963-0x0000027C36050000-0x0000027C36170000-memory.dmp

Filesize
1.1MB

Download
memory/1672-14115-0x000000006F260000-0x00000000705A1000-memory.dmp

Filesize
19.3MB

Download
memory/1672-14053-0x000000006F260000-0x00000000705A1000-memory.dmp

Filesize
19.3MB

Download
memory/1672-13988-0x000000006F260000-0x00000000705A1000-memory.dmp

Filesize
19.3MB

Download
memory/1672-13956-0x000000006F260000-0x00000000705A1000-memory.dmp

Filesize
19.3MB

Download
memory/1672-14098-0x000000006F260000-0x00000000705A1000-memory.dmp

Filesize
19.3MB

Download
memory/1672-13993-0x000000006F260000-0x00000000705A1000-memory.dmp

Filesize
19.3MB

Download
memory/1672-13999-0x000000006F260000-0x00000000705A1000-memory.dmp

Filesize
19.3MB

Download
memory/1672-14120-0x000000006F260000-0x00000000705A1000-memory.dmp

Filesize
19.3MB

Download
memory/1672-14004-0x000000006F260000-0x00000000705A1000-memory.dmp

Filesize
19.3MB

Download
memory/1672-13983-0x000000006F260000-0x00000000705A1000-memory.dmp

Filesize
19.3MB

Download
memory/1672-13969-0x000000006F260000-0x00000000705A1000-memory.dmp

Filesize
19.3MB

Download
memory/2824-13965-0x000001D979860000-0x000001D979980000-memory.dmp

Filesize
1.1MB

Download
memory/2824-13966-0x000001D97A000000-0x000001D97A0EA000-memory.dmp

Filesize
936KB

Download
memory/3936-13801-0x0000000000500000-0x00000000009B2000-memory.dmp

Filesize
4.7MB

Download
memory/4636-14077-0x000002719F370000-0x000002719F490000-memory.dmp

Filesize
1.1MB

Download
memory/4636-14081-0x000002719FA50000-0x000002719FB3A000-memory.dmp

Filesize
936KB

Download