b0e9ed0d6a16a1634fe43bfb9882461e6552c4226ff45f098f2c375059429781

Resubmissions

15-01-2025 01:17

250115-bnvntawkaw 8

15-01-2025 01:14

250115-blm6yswjcw 7

Analysis

max time kernel
665s
max time network
665s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
15-01-2025 01:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Colony.Survival.v0.11.0.8.zip
Size

148.9MB
MD5

a0b3e4c5e1cd6fb07c3d5c695339bff4
SHA1

a44e48b7f6009d8d8bc7272ac2a3668798ee2522
SHA256

b0e9ed0d6a16a1634fe43bfb9882461e6552c4226ff45f098f2c375059429781
SHA512

c598cf6c5bf63a52786010b101b8f3d7413c13d8d18ea83ad56474bbbc479604611e3692c515243b09ea7deb6d187ff5300f16b54a80849501fd73d88ed9c19e
SSDEEP

3145728:Dihf9FmThxg0cZnbrf/81i/N9bxw2Q14T9/Yj0d9+7Vt/Ykp+ZTXCi3JAX9Y:WhDmo0c5r3p9w2Q2R//d9+77/YkUZTXf

Score

8^/10

steam defense_evasion discovery motw persistence phishing

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 7 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe

Executes dropped EXE 35 IoCs

pid	Process
5072	SteamSetup.exe
4912	steamservice.exe
7100	steam.exe
5396	steam.exe
7308	steamwebhelper.exe
7340	steamwebhelper.exe
7472	steamwebhelper.exe
7612	steamwebhelper.exe
7892	gldriverquery64.exe
7960	steamwebhelper.exe
8068	steamwebhelper.exe
8372	gldriverquery.exe
8436	vulkandriverquery64.exe
8528	vulkandriverquery.exe
9168	steamwebhelper.exe
9812	steamwebhelper.exe
10376	steamwebhelper.exe
10756	steamwebhelper.exe
12936	colonyclient.exe
12952	UnityCrashHandler64.exe
13440	UnityCrashHandler64.exe
13576	steamwebhelper.exe
13796	colonyclient.exe
13816	UnityCrashHandler64.exe
14088	UnityCrashHandler64.exe
14112	colonyserverrcon.exe
14404	colonyserver.exe
14428	UnityCrashHandler64.exe
14684	UnityCrashHandler64.exe
14780	colonyclient.exe
14792	UnityCrashHandler64.exe
15092	steamwebhelper.exe
15340	UnityCrashHandler64.exe
15404	steamwebhelper.exe
15504	steamwebhelper.exe

Loads dropped DLL 64 IoCs

pid	Process
5072	SteamSetup.exe
5072	SteamSetup.exe
5072	SteamSetup.exe
5072	SteamSetup.exe
5072	SteamSetup.exe
5072	SteamSetup.exe
5072	SteamSetup.exe
5072	SteamSetup.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7340	steamwebhelper.exe
7340	steamwebhelper.exe
7340	steamwebhelper.exe
5396	steam.exe
7472	steamwebhelper.exe
7472	steamwebhelper.exe
7472	steamwebhelper.exe
7472	steamwebhelper.exe
7472	steamwebhelper.exe
7472	steamwebhelper.exe
7472	steamwebhelper.exe
7472	steamwebhelper.exe
7472	steamwebhelper.exe
5396	steam.exe
7612	steamwebhelper.exe
7612	steamwebhelper.exe
7612	steamwebhelper.exe
5396	steam.exe
7960	steamwebhelper.exe
7960	steamwebhelper.exe
7960	steamwebhelper.exe
8068	steamwebhelper.exe
8068	steamwebhelper.exe
8068	steamwebhelper.exe
8068	steamwebhelper.exe
9168	steamwebhelper.exe
9168	steamwebhelper.exe
9168	steamwebhelper.exe
5396	steam.exe
9812	steamwebhelper.exe
9812	steamwebhelper.exe
9812	steamwebhelper.exe
9812	steamwebhelper.exe
10376	steamwebhelper.exe
10376	steamwebhelper.exe
10376	steamwebhelper.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
724	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in System32 directory 48 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\kernelbase.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\kernel32.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\kernelbase.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\kernel32.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\kernel32.pdb	colonyserver.exe
File opened for modification	C:\Windows\system32\DLL\kernel32.pdb	colonyserver.exe
File opened for modification	C:\Windows\system32\kernelbase.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\symbols\dll\mono-2.0-bdwgc.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\dll\kernelbase.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\dll\mono-2.0-bdwgc.pdb	colonyserver.exe
File opened for modification	C:\Windows\system32\symbols\DLL\kernel32.pdb	colonyserver.exe
File opened for modification	C:\Windows\system32\symbols\dll\ntdll.pdb	colonyserver.exe
File opened for modification	C:\Windows\system32\kernelbase.pdb	colonyserver.exe
File opened for modification	C:\Windows\system32\dll\kernelbase.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\symbols\dll\kernelbase.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\mono-2.0-bdwgc.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\ntdll.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\mono-2.0-bdwgc.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\symbols\dll\mono-2.0-bdwgc.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\dll\ntdll.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\dll\kernelbase.pdb	colonyserver.exe
File opened for modification	C:\Windows\system32\symbols\dll\kernelbase.pdb	colonyserver.exe
File opened for modification	C:\Windows\system32\mono-2.0-bdwgc.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\dll\mono-2.0-bdwgc.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\symbols\DLL\kernel32.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\mono-2.0-bdwgc.pdb	colonyserver.exe
File opened for modification	C:\Windows\system32\symbols\dll\mono-2.0-bdwgc.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\DLL\kernel32.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\ntdll.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\dll\ntdll.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\dll\mono-2.0-bdwgc.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\symbols\DLL\kernel32.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\symbols\dll\mono-2.0-bdwgc.pdb	colonyserver.exe
File opened for modification	C:\Windows\system32\symbols\dll\ntdll.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\DLL\kernel32.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\symbols\dll\ntdll.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\symbols\dll\ntdll.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\dll\ntdll.pdb	colonyserver.exe
File opened for modification	C:\Windows\system32\dll\kernelbase.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\symbols\dll\kernelbase.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\kernel32.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\dll\ntdll.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\symbols\dll\kernelbase.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\DLL\kernel32.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\ntdll.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\ntdll.pdb	colonyserver.exe
File opened for modification	C:\Windows\system32\dll\mono-2.0-bdwgc.pdb	colonyclient.exe
File opened for modification	C:\Windows\system32\symbols\DLL\kernel32.pdb	colonyclient.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Steam\package\tmp\bin\friendsui.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_110_social_0305.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_rt_soft_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_button_x_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_lstick_down_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_050_menu_0310.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\chkselstd_sm.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_down_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_r_touch.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\movies\oled-suspend-animation.webm_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_button_y_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_rstick_left_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\1054830_header.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steam_tray.ico_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\overlay_spanish.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_dpad_up_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_r_click.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\Receipt_CC_Success_WithShipping.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_l3_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_up_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_button_options_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_090_media_0120.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\dualshock_4_dutch.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\dualshock_4_romanian.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\xbox_360_vietnamese.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_button_r_arrow_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_ltrackpad_right.svg_	steam.exe
File opened for modification	C:\Program Files (x86)\Steam\dumps\settings.dat	steamwebhelper.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0330.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_030_inv_0316.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0358.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_l_click_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_outlined_button_triangle_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_touchpad_touch_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_ltrackpad_left_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\message.wav_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_dpad.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_lstick_right_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_button_mute_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_r_right_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_button_select.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox_button_start_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\layout\requestdeviceauthorization.layout_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_expand_over_osx.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\osx_max_hov.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\switch_controller_danish.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_r_swipe_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_lfn_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\Receipt_CC_Declined_AVSFailure.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\uk.pak_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\1245040_header.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0340.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_outlined_button_x_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_touchpad_touch.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_dpad_down.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_button_x_lg-1.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_button_y_sm-1.png_	steam.exe
File created	C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt	SteamSetup.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0520.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_070_setting_0070.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\radSelDis.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\steam_controller_hungarian.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\appinfo.vdf.temp	steam.exe

Drops file in Windows directory 55 IoCs

description	ioc	Process
File opened for modification	C:\Windows\kernel32.pdb	colonyserver.exe
File opened for modification	C:\Windows\symbols\dll\kernelbase.pdb	colonyclient.exe
File opened for modification	C:\Windows\symbols\dll\mono-2.0-bdwgc.pdb	colonyclient.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7308_1843869397\_metadata\verified_contents.json	steamwebhelper.exe
File opened for modification	C:\Windows\mono-2.0-bdwgc.pdb	colonyclient.exe
File opened for modification	C:\Windows\dll\mono-2.0-bdwgc.pdb	colonyclient.exe
File opened for modification	C:\Windows\symbols\dll\mono-2.0-bdwgc.pdb	colonyclient.exe
File opened for modification	C:\Windows\symbols\DLL\kernel32.pdb	colonyserver.exe
File opened for modification	C:\Windows\dll\ntdll.pdb	colonyclient.exe
File opened for modification	C:\Windows\symbols\DLL\kernel32.pdb	colonyclient.exe
File opened for modification	C:\Windows\ntdll.pdb	colonyclient.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7308_1843869397\LICENSE	steamwebhelper.exe
File opened for modification	C:\Windows\DLL\kernel32.pdb	colonyserver.exe
File opened for modification	C:\Windows\kernel32.pdb	colonyclient.exe
File opened for modification	C:\Windows\dll\kernelbase.pdb	colonyclient.exe
File opened for modification	C:\Windows\ntdll.pdb	colonyclient.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7308_1843869397\manifest.json	steamwebhelper.exe
File opened for modification	C:\Windows\ntdll.pdb	colonyclient.exe
File opened for modification	C:\Windows\mono-2.0-bdwgc.pdb	colonyclient.exe
File opened for modification	C:\Windows\dll\ntdll.pdb	colonyclient.exe
File opened for modification	C:\Windows\kernelbase.pdb	colonyclient.exe
File opened for modification	C:\Windows\DLL\kernel32.pdb	colonyclient.exe
File opened for modification	C:\Windows\symbols\dll\ntdll.pdb	colonyclient.exe
File opened for modification	C:\Windows\symbols\dll\kernelbase.pdb	colonyserver.exe
File opened for modification	C:\Windows\dll\mono-2.0-bdwgc.pdb	colonyclient.exe
File opened for modification	C:\Windows\kernel32.pdb	colonyclient.exe
File opened for modification	C:\Windows\ntdll.pdb	colonyserver.exe
File opened for modification	C:\Windows\kernelbase.pdb	colonyclient.exe
File opened for modification	C:\Windows\dll\kernelbase.pdb	colonyclient.exe
File opened for modification	C:\Windows\dll\mono-2.0-bdwgc.pdb	colonyclient.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7308_1843869397\manifest.fingerprint	steamwebhelper.exe
File opened for modification	C:\Windows\kernelbase.pdb	colonyserver.exe
File opened for modification	C:\Windows\symbols\DLL\kernel32.pdb	colonyclient.exe
File opened for modification	C:\Windows\symbols\dll\ntdll.pdb	colonyclient.exe
File opened for modification	C:\Windows\DLL\kernel32.pdb	colonyclient.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7308_1843869397\_platform_specific\win_x64\widevinecdm.dll	steamwebhelper.exe
File opened for modification	C:\Windows\symbols\dll\ntdll.pdb	colonyclient.exe
File opened for modification	C:\Windows\kernel32.pdb	colonyclient.exe
File opened for modification	C:\Windows\kernelbase.pdb	colonyclient.exe
File opened for modification	C:\Windows\symbols\dll\mono-2.0-bdwgc.pdb	colonyclient.exe
File opened for modification	C:\Windows\dll\ntdll.pdb	colonyclient.exe
File opened for modification	C:\Windows\dll\kernelbase.pdb	colonyserver.exe
File opened for modification	C:\Windows\symbols\dll\kernelbase.pdb	colonyclient.exe
File opened for modification	C:\Windows\mono-2.0-bdwgc.pdb	colonyclient.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe
File opened for modification	C:\Windows\dll\mono-2.0-bdwgc.pdb	colonyserver.exe
File opened for modification	C:\Windows\symbols\dll\mono-2.0-bdwgc.pdb	colonyserver.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7308_1843869397\_platform_specific\win_x64\widevinecdm.dll.sig	steamwebhelper.exe
File opened for modification	C:\Windows\mono-2.0-bdwgc.pdb	colonyserver.exe
File opened for modification	C:\Windows\dll\ntdll.pdb	colonyserver.exe
File opened for modification	C:\Windows\symbols\dll\kernelbase.pdb	colonyclient.exe
File opened for modification	C:\Windows\symbols\DLL\kernel32.pdb	colonyclient.exe
File opened for modification	C:\Windows\symbols\dll\ntdll.pdb	colonyserver.exe
File opened for modification	C:\Windows\DLL\kernel32.pdb	colonyclient.exe
File opened for modification	C:\Windows\dll\kernelbase.pdb	colonyclient.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe

Checks SCSI registry key(s) 3 TTPs 18 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	colonyclient.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	colonyclient.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	colonyclient.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	colonyclient.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters	colonyclient.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	colonyclient.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	colonyclient.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	colonyclient.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\UpperFilters	colonyclient.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters	colonyclient.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\UpperFilters	colonyclient.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\UpperFilters	colonyclient.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	colonyclient.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	colonyclient.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	colonyclient.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters	colonyclient.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	colonyclient.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	colonyclient.exe

Checks processor information in registry 2 TTPs 33 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000\HARDWARE\DESCRIPTION\System\CentralProcessor\0	colonyclient.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	colonyserver.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	colonyserver.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	colonyclient.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000\HARDWARE\DESCRIPTION\System\CentralProcessor\0	colonyserver.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	colonyclient.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	colonyclient.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	colonyserver.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	colonyclient.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000\HARDWARE\DESCRIPTION\System\CentralProcessor\0	colonyclient.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	colonyclient.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	colonyclient.exe
Key opened	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000\HARDWARE\DESCRIPTION\System\CentralProcessor\0	colonyclient.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	colonyclient.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	colonyclient.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	colonyclient.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\steamlink\Shell\Open	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\steamlink\Shell\Open\Command	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\steam\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\steamlink\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\steam\URL Protocol	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\steamlink\Shell	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\steam	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\steam\Shell\Open\Command	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\steamlink\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\steam\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\steam\ = "URL:steam protocol"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\steamlink\URL Protocol	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\steam	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\steamlink	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\steamlink\DefaultIcon	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open	steamservice.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	steam.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5072	SteamSetup.exe
5072	SteamSetup.exe
5072	SteamSetup.exe
5072	SteamSetup.exe
5072	SteamSetup.exe
5072	SteamSetup.exe
5072	SteamSetup.exe
5072	SteamSetup.exe
5072	SteamSetup.exe
5072	SteamSetup.exe
5072	SteamSetup.exe
5072	SteamSetup.exe
5072	SteamSetup.exe
5072	SteamSetup.exe
5072	SteamSetup.exe
5072	SteamSetup.exe
5072	SteamSetup.exe
5072	SteamSetup.exe
5072	SteamSetup.exe
5072	SteamSetup.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4312	7zFM.exe
5396	steam.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	4312	7zFM.exe
Token: 35	4312	7zFM.exe
Token: SeDebugPrivilege	816	firefox.exe
Token: SeDebugPrivilege	816	firefox.exe
Token: SeSecurityPrivilege	4312	7zFM.exe
Token: 33	4460	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4460	AUDIODG.EXE
Token: SeDebugPrivilege	816	firefox.exe
Token: SeDebugPrivilege	816	firefox.exe
Token: SeDebugPrivilege	816	firefox.exe
Token: SeDebugPrivilege	816	firefox.exe
Token: SeDebugPrivilege	816	firefox.exe
Token: 33	5428	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5428	AUDIODG.EXE
Token: SeDebugPrivilege	816	firefox.exe
Token: SeDebugPrivilege	5072	SteamSetup.exe
Token: SeDebugPrivilege	5072	SteamSetup.exe
Token: SeDebugPrivilege	5072	SteamSetup.exe
Token: SeDebugPrivilege	5072	SteamSetup.exe
Token: SeDebugPrivilege	5072	SteamSetup.exe
Token: SeSecurityPrivilege	4912	steamservice.exe
Token: SeSecurityPrivilege	4912	steamservice.exe
Token: SeShutdownPrivilege	7308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7308	steamwebhelper.exe
Token: SeShutdownPrivilege	7308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7308	steamwebhelper.exe
Token: SeShutdownPrivilege	7308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7308	steamwebhelper.exe
Token: SeShutdownPrivilege	7308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7308	steamwebhelper.exe
Token: SeShutdownPrivilege	7308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7308	steamwebhelper.exe
Token: SeShutdownPrivilege	7308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7308	steamwebhelper.exe
Token: SeShutdownPrivilege	7308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7308	steamwebhelper.exe
Token: SeShutdownPrivilege	7308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7308	steamwebhelper.exe
Token: SeShutdownPrivilege	7308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7308	steamwebhelper.exe
Token: SeShutdownPrivilege	7308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7308	steamwebhelper.exe
Token: SeShutdownPrivilege	7308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7308	steamwebhelper.exe
Token: SeShutdownPrivilege	7308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7308	steamwebhelper.exe
Token: SeShutdownPrivilege	7308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7308	steamwebhelper.exe
Token: SeShutdownPrivilege	7308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7308	steamwebhelper.exe
Token: SeShutdownPrivilege	7308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7308	steamwebhelper.exe
Token: SeShutdownPrivilege	7308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7308	steamwebhelper.exe
Token: SeShutdownPrivilege	7308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7308	steamwebhelper.exe
Token: SeShutdownPrivilege	7308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7308	steamwebhelper.exe
Token: SeShutdownPrivilege	7308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7308	steamwebhelper.exe
Token: SeShutdownPrivilege	7308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7308	steamwebhelper.exe
Token: SeShutdownPrivilege	7308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	7308	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4312	7zFM.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
4312	7zFM.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
5396	steam.exe
5396	steam.exe
5396	steam.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe
7308	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
5072	SteamSetup.exe
4912	steamservice.exe
5396	steam.exe
12936	colonyclient.exe
12936	colonyclient.exe
13796	colonyclient.exe
13796	colonyclient.exe
14404	colonyserver.exe
14780	colonyclient.exe
14780	colonyclient.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3808 wrote to memory of 816	3808	firefox.exe	84
PID 3808 wrote to memory of 816	3808	firefox.exe	84
PID 3808 wrote to memory of 816	3808	firefox.exe	84
PID 3808 wrote to memory of 816	3808	firefox.exe	84
PID 3808 wrote to memory of 816	3808	firefox.exe	84
PID 3808 wrote to memory of 816	3808	firefox.exe	84
PID 3808 wrote to memory of 816	3808	firefox.exe	84
PID 3808 wrote to memory of 816	3808	firefox.exe	84
PID 3808 wrote to memory of 816	3808	firefox.exe	84
PID 3808 wrote to memory of 816	3808	firefox.exe	84
PID 3808 wrote to memory of 816	3808	firefox.exe	84
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 3992	816	firefox.exe	85
PID 816 wrote to memory of 1112	816	firefox.exe	86
PID 816 wrote to memory of 1112	816	firefox.exe	86
PID 816 wrote to memory of 1112	816	firefox.exe	86
PID 816 wrote to memory of 1112	816	firefox.exe	86
PID 816 wrote to memory of 1112	816	firefox.exe	86
PID 816 wrote to memory of 1112	816	firefox.exe	86
PID 816 wrote to memory of 1112	816	firefox.exe	86
PID 816 wrote to memory of 1112	816	firefox.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Colony.Survival.v0.11.0.8.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4312

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3808
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2024 -parentBuildID 20240401114208 -prefsHandle 1952 -prefMapHandle 1944 -prefsLen 26929 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {498494ea-f37b-475a-8a09-8ffe6cc25ca2} 816 "\\.\pipe\gecko-crash-server-pipe.816" gpu
    3⤵
    PID:3992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2424 -parentBuildID 20240401114208 -prefsHandle 2416 -prefMapHandle 2404 -prefsLen 26807 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c0d4b4e-daf1-4e5d-90a1-80735dd4825b} 816 "\\.\pipe\gecko-crash-server-pipe.816" socket
    3⤵
    PID:1112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3284 -childID 1 -isForBrowser -prefsHandle 3288 -prefMapHandle 3272 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dde622a2-9c73-4afe-98f0-1b7556cc49f3} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:3264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4104 -childID 2 -isForBrowser -prefsHandle 4092 -prefMapHandle 4088 -prefsLen 32181 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fae7e94b-8200-4941-90a4-56b0aa37a7ae} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:4680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4816 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4808 -prefMapHandle 4804 -prefsLen 32181 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b15bef40-e76c-4c23-9b54-0b1eda58eff8} 816 "\\.\pipe\gecko-crash-server-pipe.816" utility
    3⤵
    - Checks processor information in registry
    PID:1460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5336 -childID 3 -isForBrowser -prefsHandle 5392 -prefMapHandle 5360 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9181363-ae0f-4835-8143-faa0ed5fb732} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:4432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5496 -childID 4 -isForBrowser -prefsHandle 5624 -prefMapHandle 5620 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33e0ee84-e86f-4c66-9b5d-75093d81659d} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:4520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5760 -childID 5 -isForBrowser -prefsHandle 5520 -prefMapHandle 5768 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ff150a2-fff2-49e1-8f51-e80de3521ead} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:4044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6128 -childID 6 -isForBrowser -prefsHandle 6216 -prefMapHandle 6192 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {628019ea-3501-4645-9e37-f9b8d399bda8} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:4056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6268 -parentBuildID 20240401114208 -prefsHandle 6216 -prefMapHandle 6336 -prefsLen 32654 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec44ae07-c8fb-4c25-a014-e76a54597f5f} 816 "\\.\pipe\gecko-crash-server-pipe.816" rdd
    3⤵
    PID:3164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4376 -childID 7 -isForBrowser -prefsHandle 5292 -prefMapHandle 5288 -prefsLen 27823 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c16a87e8-6fe4-496d-9240-ac6aa1980da8} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:3320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6672 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 7116 -prefMapHandle 7164 -prefsLen 33444 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e38e248-efa4-40ad-9c02-21f7d676f37a} 816 "\\.\pipe\gecko-crash-server-pipe.816" utility
    3⤵
    - Checks processor information in registry
    PID:3276
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7240 -childID 8 -isForBrowser -prefsHandle 6980 -prefMapHandle 6472 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1dd1ef9-f0ab-4bcb-b08c-2fa9e99aa604} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:1732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7404 -childID 9 -isForBrowser -prefsHandle 7436 -prefMapHandle 7424 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cab0c107-a263-4e0d-b9db-fe6db7242959} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:5172
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6256 -childID 10 -isForBrowser -prefsHandle 4272 -prefMapHandle 4396 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26f7cc77-a49d-4672-a69b-827cd82fe383} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:5632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1504 -childID 11 -isForBrowser -prefsHandle 2836 -prefMapHandle 2796 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8d5dab4-a537-4549-ae1a-52bd1dd9c305} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:5644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4396 -childID 12 -isForBrowser -prefsHandle 7644 -prefMapHandle 5760 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e6b4bb4-52f9-4ea8-b1c7-462961839bf6} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:5180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8200 -childID 13 -isForBrowser -prefsHandle 8244 -prefMapHandle 8240 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80ecf597-a554-4a2d-9944-1bdae89778ca} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:1956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8516 -childID 14 -isForBrowser -prefsHandle 8580 -prefMapHandle 8584 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4816c023-f762-4ea6-b26c-bcbcca4776b5} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:3640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8724 -childID 15 -isForBrowser -prefsHandle 8732 -prefMapHandle 8736 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e272c09-2f02-475a-ac78-ff1b62288ec6} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:4436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8732 -childID 16 -isForBrowser -prefsHandle 8800 -prefMapHandle 8740 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d519e5a-171d-42a0-914b-40a6850bc942} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:5380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9196 -childID 17 -isForBrowser -prefsHandle 6128 -prefMapHandle 3576 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50363346-e214-463e-a275-838a9137b89b} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:1968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2788 -childID 18 -isForBrowser -prefsHandle 8788 -prefMapHandle 9088 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2f31a04-5ff2-46ab-a932-5b980ff9d66e} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:6116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9248 -childID 19 -isForBrowser -prefsHandle 8740 -prefMapHandle 9072 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c73a288-f11c-4e4a-8576-21857ea66f8d} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:5208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8964 -childID 20 -isForBrowser -prefsHandle 9252 -prefMapHandle 9080 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {21766268-da26-4023-967c-b56e8496cac4} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:5296
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9788 -childID 21 -isForBrowser -prefsHandle 9876 -prefMapHandle 9872 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98be9501-f272-4f9e-abe0-9edde187a005} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:5680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9912 -childID 22 -isForBrowser -prefsHandle 9872 -prefMapHandle 9920 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d9b79c4-b2f8-4f11-996c-ddc1b89d2673} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:5972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10012 -childID 23 -isForBrowser -prefsHandle 9900 -prefMapHandle 9904 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f7ae7dd-257e-48e9-9055-1f37e45002b0} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:6016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10020 -childID 24 -isForBrowser -prefsHandle 10008 -prefMapHandle 10000 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc01c287-6ca0-4be9-9a56-4f018d7e2b9c} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:6052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10624 -childID 25 -isForBrowser -prefsHandle 10616 -prefMapHandle 10032 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0a28ccc-beb2-43d9-9722-2bc2e0b6860e} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:5360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10556 -childID 26 -isForBrowser -prefsHandle 10832 -prefMapHandle 10776 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c53082e7-4c7f-47da-b8a5-484f3640b0c4} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:6220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11052 -childID 27 -isForBrowser -prefsHandle 11044 -prefMapHandle 11040 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f560219-320f-4191-8e8f-9d7ec7eecc1e} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:6932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10768 -childID 28 -isForBrowser -prefsHandle 11104 -prefMapHandle 11100 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c020fac-aa85-4d03-b089-be6a59fc3b35} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:6944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11232 -childID 29 -isForBrowser -prefsHandle 11240 -prefMapHandle 11244 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33fc04b1-8835-4778-b059-ee335dc89896} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:6956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8196 -childID 30 -isForBrowser -prefsHandle 11116 -prefMapHandle 11104 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24b638bf-5a5e-466a-a052-8344b416da5a} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:7160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8268 -childID 31 -isForBrowser -prefsHandle 11520 -prefMapHandle 8232 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3f97548-6997-433a-8219-efef96f01acf} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:2716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10344 -childID 32 -isForBrowser -prefsHandle 9328 -prefMapHandle 7716 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4a6f86c-f68d-4062-ab0e-7e79cf3ff3a9} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:1016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9292 -childID 33 -isForBrowser -prefsHandle 10320 -prefMapHandle 10900 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0907a47a-5322-4596-ab19-9297a9738641} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:6640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9320 -childID 34 -isForBrowser -prefsHandle 9648 -prefMapHandle 9656 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b70c01e-be3a-4758-a1d8-96d7afd8f336} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:1772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4664 -childID 35 -isForBrowser -prefsHandle 9088 -prefMapHandle 9540 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d7a7fa4-f379-42ef-b4f9-c92c6286086c} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:5656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9632 -childID 36 -isForBrowser -prefsHandle 9600 -prefMapHandle 5268 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75ea6388-fca5-4779-a307-ed024f0f0549} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:3272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9720 -childID 37 -isForBrowser -prefsHandle 10536 -prefMapHandle 11516 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24393fb4-9086-45c5-97bf-162a76acb53b} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:3704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4488 -childID 38 -isForBrowser -prefsHandle 10832 -prefMapHandle 11056 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5d619bf-ede9-4abf-b8ad-bf23bcf58280} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:6216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9648 -childID 39 -isForBrowser -prefsHandle 10660 -prefMapHandle 10672 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cc5b4c5-c459-4e23-86f6-b7544d2b7363} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:6156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3560 -childID 40 -isForBrowser -prefsHandle 8532 -prefMapHandle 8512 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3829fe4c-77bf-4869-8aa5-ee3048559997} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:6164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11120 -childID 41 -isForBrowser -prefsHandle 9044 -prefMapHandle 10060 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d52bb13-6f93-443b-9ff4-22d169e6289b} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:6864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2704 -childID 42 -isForBrowser -prefsHandle 9320 -prefMapHandle 10992 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f34b7fc-04bc-41d8-a4a8-682b0c397ecc} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:6740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10272 -childID 43 -isForBrowser -prefsHandle 11176 -prefMapHandle 11164 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2027abf-b79e-49de-bc73-2ee41fa257e7} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:2184
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8680 -childID 44 -isForBrowser -prefsHandle 11536 -prefMapHandle 11200 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14477740-fed4-4f21-9264-b25f041887c4} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:2848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10160 -childID 45 -isForBrowser -prefsHandle 8940 -prefMapHandle 9600 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8d52da1-d3e8-4e39-b9c3-5fbafd082f4a} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:2556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7568 -childID 46 -isForBrowser -prefsHandle 9608 -prefMapHandle 7704 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dde6b8fb-5090-449d-9599-8ef7efbc2096} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:2664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2792 -childID 47 -isForBrowser -prefsHandle 8860 -prefMapHandle 8844 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9e6b5f8-0da2-4c92-af04-fb279489eba9} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:5344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9320 -childID 48 -isForBrowser -prefsHandle 11076 -prefMapHandle 7756 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d9fa2c2-70a4-4016-8ebb-3d479a1211ad} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:6048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11132 -childID 49 -isForBrowser -prefsHandle 11120 -prefMapHandle 8968 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {946b05df-e5a1-47e3-9636-8577039c4f3e} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:2368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11176 -childID 50 -isForBrowser -prefsHandle 6544 -prefMapHandle 7680 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df3c64e1-6305-418b-bc9a-350007aff3f0} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:188
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7196 -childID 51 -isForBrowser -prefsHandle 6412 -prefMapHandle 8472 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {139ab122-8dea-4558-b772-bce7973934d6} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:1560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9920 -childID 52 -isForBrowser -prefsHandle 10336 -prefMapHandle 10256 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d15fe4a-8b8d-474f-8829-a770792bfa21} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:5520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6560 -childID 53 -isForBrowser -prefsHandle 8420 -prefMapHandle 11200 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb79eece-f523-4f1a-9782-a0bfd9ede629} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:5720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3628 -childID 54 -isForBrowser -prefsHandle 11576 -prefMapHandle 6948 -prefsLen 34257 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31b85be2-632a-420b-977a-d24ad68bb03b} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:6100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10236 -childID 55 -isForBrowser -prefsHandle 9256 -prefMapHandle 8244 -prefsLen 28338 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d95e38d6-d728-47a8-9b16-8ee41d0b716d} 816 "\\.\pipe\gecko-crash-server-pipe.816" tab
    3⤵
    PID:7000
- - C:\Users\Admin\Downloads\SteamSetup.exe
    "C:\Users\Admin\Downloads\SteamSetup.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:5072
  - - C:\Program Files (x86)\Steam\bin\steamservice.exe
      "C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:4912

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x300
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4460

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x300
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5428

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies system certificate store
PID:7100
- C:\Program Files (x86)\Steam\steam.exe
  "C:\Program Files (x86)\Steam\steam.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies registry class
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5396
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=5396" "-buildid=1733265492" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:7308
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1733265492 --initial-client-data=0x28c,0x290,0x294,0x288,0x298,0x7ff80403af00,0x7ff80403af0c,0x7ff80403af18
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:7340
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1576,i,1026613684241708254,17393004956986395209,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1580 --mojo-platform-channel-handle=1568 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:7472
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2196,i,1026613684241708254,17393004956986395209,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2200 --mojo-platform-channel-handle=2192 /prefetch:3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:7612
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2752,i,1026613684241708254,17393004956986395209,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2756 --mojo-platform-channel-handle=2704 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:7960
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,1026613684241708254,17393004956986395209,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3128 --mojo-platform-channel-handle=3120 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:8068
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=3872,i,1026613684241708254,17393004956986395209,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3876 --mojo-platform-channel-handle=3788 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:9168
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3560,i,1026613684241708254,17393004956986395209,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3520 --mojo-platform-channel-handle=4076 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:9812
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4228,i,1026613684241708254,17393004956986395209,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4212 --mojo-platform-channel-handle=4232 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:10376
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4548,i,1026613684241708254,17393004956986395209,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4604 --mojo-platform-channel-handle=4376 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:10756
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=3808,i,1026613684241708254,17393004956986395209,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3812 --mojo-platform-channel-handle=3804 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:13576
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4020,i,1026613684241708254,17393004956986395209,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4168 --mojo-platform-channel-handle=3868 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:15092
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4156,i,1026613684241708254,17393004956986395209,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4120 --mojo-platform-channel-handle=4068 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:15404
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4108,i,1026613684241708254,17393004956986395209,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3968 --mojo-platform-channel-handle=4140 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:15504
- - C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:7892
- - C:\Program Files (x86)\Steam\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:8372
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:8436
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:8528

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:12712

C:\Users\Admin\Desktop\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\colonyclient.exe
"C:\Users\Admin\Desktop\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\colonyclient.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:12936
- C:\Users\Admin\Desktop\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\UnityCrashHandler64.exe
  "C:\Users\Admin\Desktop\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\UnityCrashHandler64.exe" --attach 12936 2751884890112
  2⤵
  - Executes dropped EXE
  PID:12952
- - C:\Users\Admin\Desktop\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\UnityCrashHandler64.exe
    "C:\Users\Admin\Desktop\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\UnityCrashHandler64.exe" "12936" "2751884890112"
    3⤵
    - Executes dropped EXE
    PID:13440

C:\Users\Admin\Desktop\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\colonyclient.exe
"C:\Users\Admin\Desktop\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\colonyclient.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:13796
- C:\Users\Admin\Desktop\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\UnityCrashHandler64.exe
  "C:\Users\Admin\Desktop\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\UnityCrashHandler64.exe" --attach 13796 2490979651584
  2⤵
  - Executes dropped EXE
  PID:13816
- - C:\Users\Admin\Desktop\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\UnityCrashHandler64.exe
    "C:\Users\Admin\Desktop\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\UnityCrashHandler64.exe" "13796" "2490979651584"
    3⤵
    - Executes dropped EXE
    PID:14088

C:\Users\Admin\Desktop\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\colonyserverrcon.exe
"C:\Users\Admin\Desktop\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\colonyserverrcon.exe"
1⤵
- Executes dropped EXE
PID:14112

C:\Users\Admin\Desktop\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\colonyserver.exe
"C:\Users\Admin\Desktop\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\colonyserver.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:14404
- C:\Users\Admin\Desktop\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\UnityCrashHandler64.exe
  "C:\Users\Admin\Desktop\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\UnityCrashHandler64.exe" --attach 14404 1933863817216
  2⤵
  - Executes dropped EXE
  PID:14428
- - C:\Users\Admin\Desktop\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\UnityCrashHandler64.exe
    "C:\Users\Admin\Desktop\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\UnityCrashHandler64.exe" "14404" "1933863817216"
    3⤵
    - Executes dropped EXE
    PID:14684

C:\Users\Admin\Desktop\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\colonyclient.exe
"C:\Users\Admin\Desktop\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\colonyclient.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:14780
- C:\Users\Admin\Desktop\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\UnityCrashHandler64.exe
  "C:\Users\Admin\Desktop\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\UnityCrashHandler64.exe" --attach 14780 1383865651200
  2⤵
  - Executes dropped EXE
  PID:14792
- - C:\Users\Admin\Desktop\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\UnityCrashHandler64.exe
    "C:\Users\Admin\Desktop\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\UnityCrashHandler64.exe" "14780" "1383865651200"
    3⤵
    - Executes dropped EXE
    PID:15340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\aom.dll

Filesize
7.1MB

MD5
d764264518e77cc546a5876c3bcebad4

SHA1
ea17d45b396fa193a851bfd345e2b2c20ad60e12

SHA256
e78492de0ab575add50b925bfd44216d224d09904a9b14c17087a92fdcbc15cd

SHA512
7cf132ea5254a55c08186ffcf5e47360ef5ddd57d03d7051171f6753b22e3925304d183c2037bfd320ad56c08e079f9b2c4640db8cb3dbd38ff500c7a39e997f

Download Submit
C:\Program Files (x86)\Steam\appcache\librarycache\1113280_icon.jpg

Filesize
638B

MD5
7ecdaf8a54ec52b20640a88527512903

SHA1
3133a4d748ad3be61fe9db759339cd5de73339b5

SHA256
7bd8b75aec0a4d4a377f3ca3a023fd8b7c5fc7dc6a2a66d17f8cdfe5b731ab0c

SHA512
60ae2031eed0c38264f0d8db22a9b6efeb3f80c791e916e15a1730853162d56e0da014dbd93a5479bae4f3bdd5705ca89be70c90574a524abd1c276ed5c55a2d

Download Submit
C:\Program Files (x86)\Steam\bin\SteamService.exe

Filesize
2.5MB

MD5
ba0ea9249da4ab8f62432617489ae5a6

SHA1
d8873c5dcb6e128c39cf0c423b502821343659a7

SHA256
ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d

SHA512
52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

Download Submit
C:\Program Files (x86)\Steam\bin\audio.dll

Filesize
183KB

MD5
63203b19d445107d45ad60e15c4dbf51

SHA1
0437eda1fa6acaea24dda0825982c4ed700205b8

SHA256
a02ebac018b3477e6d5c4f68672fb7bcfbcc19caff690447391eb5909067b6ac

SHA512
d13280fe2ff018bf324c58598cd40d7d290e0c3358d63ab1fc3dfc8f3cd3365e92cb971f808daf85f1e8e5cd5661a27a74e56b7e4b939842db6342a8a0eaacad

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\chrome_elf.dll

Filesize
1.3MB

MD5
0eeaea918f3603e5ff2bd955f9f0c0aa

SHA1
0404b3bd9324703a46d5f3e3d2471386951feee5

SHA256
3f49301338c33f40b3ca8528eaa40e9f7fc8f7952f59b8f4281ca5d3e1ddf25f

SHA512
0fa19dc76d28d449f2e96e4faf3ce57e7ad811b8888de2140152ba0355cc8d6ed787371ff90fbac0d1b0c900fcb1fd4ef1f45c8114b0f10ca5f97f05146ef945

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\d3dcompiler_47.dll

Filesize
4.7MB

MD5
c6c2fc1388f3d04c170417d733fcd52b

SHA1
fe74b15be9b5227cc3597471e4df0913b5acefb2

SHA256
8b575383ebaf641d7e29b85d010af232dfe008be800ec936d5b4d0c19ae47ca4

SHA512
e155cc3d0e1f1b2ad8992cc907c36923bcbce17cb53e731ea3d02e529bef11324219a86e461fbb6d0b9247d1638d14d558e083fdcdd2c6ef301160d00bc88fe7

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\dbgcore.dll

Filesize
211KB

MD5
e6bcc49fe10142480344ecf6f78f17f7

SHA1
fc8d3f1e85b2dc6934cbd4d2fb9250792eb991aa

SHA256
b4675afaff6fe2d9253a16e4bbeb376b0b4fdee087ce71419e11b78ca211ef2a

SHA512
9152d99fc8ab1a4a7f6d2f73fd3cde17c741620b42e7011fd4534315ce18ac12517846ee21f12327d6343e5c4f4a86d01e4b40a1ef1ffc803e4969f3629dfd36

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\dxcompiler.dll

Filesize
21.0MB

MD5
e3f531e75b63bcb3bbf8da1d5df8aa43

SHA1
9574e78e7ae36944687083923a9d09e15c593ebb

SHA256
fdf572f1b15982d6b6b0083026fad4a0352a5c99efe97f182e8ba72d682de610

SHA512
424fdc9da6518d5f269cf635aa66524161fa31771a8bc6dd91add826cdde9f0bed7879b259419c33a1d00155546d1a68aadc6a9acff32290b9543767dd04a9d3

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\dxil.dll

Filesize
1.4MB

MD5
8167a6e8cc35988d02938cfa3ae1c0dd

SHA1
1bb1b83c7dc957e074320b033aab83f015eb777b

SHA256
bf97fcfc4f107a98932ac6f9169d9fb936dbedaac5cc06005a87fae436b577cb

SHA512
bcb9e8fbc79c108ec525ec2a1d5d8bba7c2a295e39eabf48d8eba2095eeffcbb2a2b8f66219cda9786bae6a1fa6ff27f054f97ffa002957d16f2969018e62606

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\eventlog_provider.dll

Filesize
17KB

MD5
a73d3ef675f9a0840a4f08e71066f5b2

SHA1
bbe14a1ea609bf288a54b0299c74f8f8f66a1bab

SHA256
7359a29c5c6201c815ab3e58487f0f95617f766bd6cb2eda182dc8da5e058c8d

SHA512
30b34a9c91fd08f6f689271fc486e5a2d7f984f6bb0717aa68d4d1d8b58e3e18059cf24ff679893249f1b40d2514994a0b36143425e6dce02f1aee3751810958

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libEGL.dll

Filesize
472KB

MD5
9a5749b691b3c345f4e313b06b127a94

SHA1
bad7c65d67e3d548e9ae757a7aa5bd5a079fd3b8

SHA256
682acd1cfa7390386d8cd8c8267e365ac0abbef1788587f8150b99e424e9b0e9

SHA512
4de9d18b4245105ea22520ee6b27cf7cb8f5ca0777408eb9993f4f97d1820582c6e3694e0142cdb373e8406e1117f568ae4f314b3027a0791d8866bd191b545f

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libGLESv2.dll

Filesize
7.7MB

MD5
35f34351979e8aca52c09d674dde7345

SHA1
3fad78f021c78f8368823d6a26b81999d8b10ac9

SHA256
cdcd26fc7fc0c79b03726f66c235634f1a58de0ea2418281c157b9f05151f2ef

SHA512
5a1941c673d9fb101189e65bf3ca7d016baf0b75fd29ee2bbcb30270d27717c292b4c8ed08a646c022a87d94434cd29ef2719f8fc4388ef2be00b58f036f43d4

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\msdia140.dll

Filesize
2.2MB

MD5
4aa30cedcc1b685865f518c70aa50bc7

SHA1
d457dd8fc0fdb1cc15879f7f09f2ffdcfbef8cba

SHA256
0b07dd35f63e959e25627ee7f439440bf59ce27b68eb2512eb68b8933cf734f2

SHA512
bef70d17dd68cd9060d1e4db9fe9a36ffccad5f2540a1e9587385d48484d021abc2e493397bc4284d40a44379be3c576a8244603388f20cfcd9e95d64f70adeb

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
12KB

MD5
e97373c9e354ff10b51cc407f798f86d

SHA1
ab954376aba6f619ebeaf95104b0bac4b9989f62

SHA256
1d7a28be35039e6f7d5fc8d2553d17940f758cf5046975f11f8ca3f8bca48d5a

SHA512
33690d3cd2b0fd555954fbac99b792f9b78bfdb893f9443fc9e89b2df9880777c1578b19b2e90b351251b4fd155453f2b0f72d59cb9439c4911a02584c076a78

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf~RFe5fc211.TMP

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Program Files (x86)\Steam\crashhandler.dll

Filesize
347KB

MD5
7a93763803b9ea422e70015fcb23f981

SHA1
9765753a26e91b908acca2e88a3c1db9d57b2f53

SHA256
85b6c815533b6016062e3536eb04bbe0dfaed8e3c89eca8da1d586f12b780001

SHA512
0748982ce6f5db44c09e6f9a01ab343ec81adb775bf10ec1bcc84c51c7bc3710c165ec7286db587a4997815926b480f1c53a9b87f2762baa7b28ed4187a7396a

Download Submit
C:\Program Files (x86)\Steam\logs\bootstrap_log.txt

Filesize
14KB

MD5
aa3fd33e615d4791d918f8951841c476

SHA1
a5af0d3c919b257ea45c0fc92a731b7fc77f73b2

SHA256
7ecc88ba515c6f719dc73389c0796196dfb92c618a4d4f631c44f9529906230a

SHA512
b6d26e05cdff5740f2b69b141715b1f7f309b656fe6f8b62aa254e4f55457b7fe45c7a40426d525ec3dfaa79a9a2d7e21efc75841f9a6bf7dae13107b6c56809

Download Submit
C:\Program Files (x86)\Steam\package\steam_client_metrics.bin

Filesize
2KB

MD5
66563995e26f39cd720dad9975f241ab

SHA1
76cac4e2ed36e5577315567c4bb7cf549bb46276

SHA256
1c9bd8c111533459a30a87433420a41777e5ac85e3411cbc2bb9623c90cffb69

SHA512
833ec363a8abd118c36c83154edcdddfa93d3649f26108f0c3d0c17f5da7c8d602c216c4021564cd4b4988cc2d05411ee41322612fd6159c4a522542dfb76dbf

Download Submit
C:\Program Files (x86)\Steam\package\steam_client_win32.installed

Filesize
462KB

MD5
4521a6206cd321e2ab326d6afa9b363c

SHA1
461641c39fde053d494253e72ab2f22d84fabe50

SHA256
04d04c2c9b1d82949bb4d3724cc477a9e9a7f0873d4fe6fe9840ac3e0971ea24

SHA512
fe0bc85d077ba19584f6a02649c5b675efb8d0788a45c051aefc40b3120288abf68bd8cef7e62f35c2ceb21547c4aa7fba149441a66636d013821b18b4b3d5c8

Download Submit
C:\Program Files (x86)\Steam\package\steam_client_win32.manifest

Filesize
8KB

MD5
78079dd63939f7c2db1ae475b12cacb9

SHA1
a2dda051df71353b2fe2cd8600a6714650ee37ac

SHA256
529e2294203328f262b6fdc8a4b26077840aea72b8a1e752603ce8c625a1db77

SHA512
74d4f33c2eedada639378e9b32f1703cd67cede37dc4ce0dd733bfba9a6e6a63a3ff667c2a6616961c56c2900888288d7d2aa3070269ea6696771cdccc05b132

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

Filesize
4KB

MD5
0340d1a0bbdb8f3017d2326f4e351e0a

SHA1
90d078e9f732794db5b0ffeb781a1f2ed2966139

SHA256
0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544

SHA512
9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

Filesize
6KB

MD5
4c81277a127e3d65fb5065f518ffe9c2

SHA1
253264b9b56e5bac0714d5be6cade09ae74c2a3a

SHA256
76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9

SHA512
be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

Filesize
4KB

MD5
2158881817b9163bf0fd4724d549aed4

SHA1
c500f2e8f47a11129114ee4f19524aee8fecc502

SHA256
650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7

SHA512
f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

Filesize
4KB

MD5
03b664bd98485425c21cdf83bc358703

SHA1
0a31dcfeb1957e0b00b87c2305400d004a9a5bdb

SHA256
fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115

SHA512
4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

Filesize
4KB

MD5
31a29061e51e245f74bb26d103c666ad

SHA1
271e26240db3ba0dcffc10866ccfcfa1c33cf1cc

SHA256
56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192

SHA512
f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

Filesize
4KB

MD5
27993eb75894ca4894db266ad9b5e61b

SHA1
4def653ee04b0514822b690052598435ec25e686

SHA256
fbc09c1b9a55d04b57be8fb2ad5ab58b38f76054ecd3d1b70440a2d08191b05b

SHA512
eaebeee5b1a7dfb9bdf661623554793d7ef7e15d9f9cf01f94da1eb0b84b88c8f24176463d15c407ebf670c5b7fd4052daea33ba43e75c1de2979487c4987bab

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

Filesize
4KB

MD5
da6cd2483ad8a21e8356e63d036df55b

SHA1
0e808a400facec559e6fbab960a7bdfaab4c6b04

SHA256
ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6

SHA512
06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

Filesize
4KB

MD5
9e62fc923c65bfc3f40aaf6ec4fd1010

SHA1
8f76faff18bd64696683c2a7a04d16aac1ef7e61

SHA256
8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7

SHA512
c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

Filesize
4KB

MD5
10c429eb58b4274af6b6ef08f376d46c

SHA1
af1e049ddb9f875c609b0f9a38651fc1867b50d3

SHA256
a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13

SHA512
d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

Filesize
4KB

MD5
5c026fd6072a7c5cf31c75818cddedec

SHA1
341aa1df1d034e6f0a7dff88d37c9f11a716cae6

SHA256
0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382

SHA512
f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

Filesize
6KB

MD5
189ba063d1481528cbd6e0c4afc3abaa

SHA1
40bdd169fcc59928c69eea74fd7e057096b33092

SHA256
c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695

SHA512
ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

Filesize
4KB

MD5
18aaaf5ffcdd21b1b34291e812d83063

SHA1
aa9c7ae8d51e947582db493f0fd1d9941880429f

SHA256
1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5

SHA512
4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

Filesize
4KB

MD5
1514d082b672b372cdfb8dd85c3437f1

SHA1
336a01192edb76ae6501d6974b3b6f0c05ea223a

SHA256
3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4

SHA512
4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

Filesize
4KB

MD5
8958371646901eac40807eeb2f346382

SHA1
55fb07b48a3e354f7556d7edb75144635a850903

SHA256
b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585

SHA512
14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

Filesize
5KB

MD5
7e1d15fc9ba66a868c5c6cb1c2822f83

SHA1
bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7

SHA256
fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265

SHA512
0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

Filesize
4KB

MD5
202b825d0ef72096b82db255c4e747fa

SHA1
3a3265e5bbaa1d1b774195a3858f29cea75c9e75

SHA256
3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314

SHA512
e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

Filesize
4KB

MD5
7913f3f33839e3af9e10455df69866c2

SHA1
15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25

SHA256
05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c

SHA512
534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

Filesize
4KB

MD5
58e0fcbee3cca4ef61b97928cfe89535

SHA1
1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b

SHA256
c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425

SHA512
99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

Filesize
4KB

MD5
9b0b0e82f753cc115d87c7199885ad1b

SHA1
5743a4ab58684c1f154f84895d87f000b4e98021

SHA256
0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32

SHA512
b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt

Filesize
4KB

MD5
eb8926608c5933f05a3f0090e551b15d

SHA1
a1012904d440c0e74dad336eac8793ac110f78f8

SHA256
2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04

SHA512
9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt

Filesize
4KB

MD5
6367f43ea3780c4ee166454f5936b1a8

SHA1
027a2c24c8320458c49cd78053f586cb4d94ee6f

SHA256
f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998

SHA512
31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt

Filesize
6KB

MD5
e04ad6c236b6c61fc53e2cb57ced87e8

SHA1
e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4

SHA256
08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e

SHA512
0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt

Filesize
4KB

MD5
56dcf7b68f70826262a6ffaffe6b1c49

SHA1
12e4272ba0e4eabc610670cdc6941f942da1eb6a

SHA256
948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f

SHA512
c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt

Filesize
4KB

MD5
66456d2b1085446a9f2dbd9e4632754b

SHA1
8da6248b57e5c2970d853b8d21373772a34b1c28

SHA256
c4f821a4903c4e7faea2931c7fb1cf261eba06a9840c78fdca689f5c784c06c4

SHA512
196c2282ba13715709ece706c9219fe70c05dd295840082e7d901b9e5592e74b1bb556782181cdbe35bd1ab0d6197fef67258b09491fabc6f27606dbed667d49

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt

Filesize
4KB

MD5
b2248784049e1af0c690be2af13a4ef3

SHA1
aec7461fa46b7f6d00ff308aa9d19c39b934c595

SHA256
4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690

SHA512
f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt

Filesize
4KB

MD5
194a73f900a3283da4caa6c09fefcb08

SHA1
a7a8005ca77b9f5d9791cb66fcdf6579763b2abb

SHA256
5e4f2de5ee98d5d76f5d76fb925417d6668fba08e89f7240f923f3378e3e66f6

SHA512
25842535c165d48f4cf4fa7fd06818ec5585cc3719eff933f5776a842713d7adb5667c3b9b1a122a1152450e797535fc7a8e97ebdd31c14b4d4900a33ede01f3

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt

Filesize
7KB

MD5
53f7e8ac1affb04bf132c2ca818eb01e

SHA1
bffc3e111761e4dc514c6398a07ffce8555697f6

SHA256
488294b7faff720dc3ab5a72e0607761484c678b96d6bcd6aad9ee2388356a83

SHA512
c2e79c2505a6fd075df113ffce92ad42c146424ca39087601daa4ed15a2b5528d478a093921d9d8a738c7b6b963275a0693ebe526b6e2135d14ced03639d0e70

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_turkish.txt

Filesize
4KB

MD5
29f9a5ab4adfae371bf980b82de2cb57

SHA1
6f7ef52a09b99868dd7230f513630ffe473eddf8

SHA256
711675edb20b3cb70acf6cf75f2eea8e0d87c8ace3e11c8df362b4517427a34f

SHA512
543fe63f791250e05e8fda24fd2ceadebb4c8925e8927de49ae490895c87eed3e61a9ad50237532649f99fe3165836261de215ee3f66ffbfc6d677ddeea7732a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_ukrainian.txt

Filesize
6KB

MD5
cadd7a2f359b22580bdd6281ea23744d

SHA1
e82e790a7561d0908aee8e3b1af97823e147f88b

SHA256
3dd0edfbe68236e668fb308f92fe7c6493dbb05bfca85a48de93588f479ccc99

SHA512
53672dd13e6ccbe96f6d4a61297c595b6d6cba8de92caa51ccf8ab1d8a82eea5a425eab348f295b9ec27de0026ef849d9230f751a46e040be8863923f91b8519

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_vietnamese.txt

Filesize
4KB

MD5
f350c8747d77777f456037184af9212c

SHA1
753d8c260b852a299df76c4f215b0d2215f6a723

SHA256
15b6a564e05857a3d2fd6eec85a5a30c491a7553d15ffc025156b3665b919185

SHA512
efb86809a0b357b4fcd3ba2770c97d225d0f4d9fb7430c515e847c3dd77ee109def4bef11b650b9773c17050e618008fc03377638c1db3393ac780b5b0bc31b2

Download Submit
C:\Program Files (x86)\Steam\resource\filter_banned_english_cached.txt

Filesize
1KB

MD5
fe6e3546ca0b0f1a2afcde1fb99c75fb

SHA1
4d3cc83d3540ba957638ad3b0aba85c6ca9ac246

SHA256
3a6b793c18cb69902a585cf4218a26854d5335a50f51e283f9467d99bcbb1775

SHA512
f6f72b1365656c07673e93f5fc26cca0688c450a9f7a88f373c37081f63488eb52510681f1f2b6e4411a3f7dc16a159cc509bca8c8d80f3c82f1b6cfb11fafac

Download Submit
C:\Program Files (x86)\Steam\resource\filter_banned_english_cached_timestamp.txt

Filesize
29B

MD5
cacbd4400cd91ba64c84421de1073d24

SHA1
5a500e4f12ade04f4cb5267cfc7bd828bb1e2c2a

SHA256
d5cced9b21ef818aa102417295e76092be5a4b2255de7eb6f9c29d72a04cb9a9

SHA512
52e6aaa7a6a700b905bfeb9066a08d61431c9e7aec19a5ce739079d82278af61ba05fc5cf2db2bab5c98dfa08acb11dac0a4efa64fef1c9f11e28cf623a74148

Download Submit
C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached.txt

Filesize
2KB

MD5
f4365b5a69ea89beb37ee6982b419a9d

SHA1
1fc17226e9ed16e17a5dd384f6cbe1737c67f54a

SHA256
d3a0a81ff0e7b5a1a875c8c1dc51fe364109374915cce621c7560d9c60378d35

SHA512
d6ba5ae351d809116c8b09f8385ef6b83c6b3f19939bb7351af3f045238da3e277e253c2c7b18537500457a62f333014598f51fba686276a9691380c8070b387

Download Submit
C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached_timestamp.txt

Filesize
29B

MD5
95e8f82fd08b464d1c27a751bf2b6a5b

SHA1
3363afb3770bf99abc5e84e170d506c7da874801

SHA256
ca3ba8a4ecc9ef6472ed1a85c9909aaaec32c1cb392a7f97586665d4f59fc258

SHA512
ac74fe749ddcd5499af885bed87143bb14c319fd341230969df1e123dfd3347c76c51d3318e3f54f8489d73821fcec24019cc7c13d2b9f4787da7872faf45ff6

Download Submit
C:\Program Files (x86)\Steam\steam.exe

Filesize
4.2MB

MD5
4bf015883412d366a1423e51ea534a21

SHA1
e89e0e631edc7aa0cde78463e3b5a1250e3a976d

SHA256
b5d588810e2b68f8a92de74b9741e0120f130d1e079144d50951c54cc04ed72c

SHA512
3610e464336b85793da07de2dc9a4940936bc47314b0aeddd910f2558a7669249fb4d588fb29d3b862ebddc5e3cd2883fbccbde9c35ef7215c1c864525bfa4be

Download Submit
C:\Program Files (x86)\Steam\userdata\1857256111\7\remote\sharedconfig.vdf

Filesize
164B

MD5
82ed2ca8c18f79f2e2ec064ba9d7416e

SHA1
6562b03c23ebac1b1771b0370ea119f8f4aeb3e6

SHA256
a96cdb9d3744f487780c657a59373c053ccdc279a778b9c22ccaa567fa98b105

SHA512
3ff09454c88b2c99b7407f5f044c17da9856e600287fd21fb4973b7db8c7d9bdb4fe01c104b7d6ff24af7c250bcc7e41322485cd39b1d650c43d533e9fac65f6

Download Submit
C:\Program Files (x86)\Steam\userdata\1857256111\config\localconfig.vdf

Filesize
3KB

MD5
d4811733bc445a1cded1700318c1f90d

SHA1
e1cf5f5e6707cfcba3ea9485fe7728e1e532ff79

SHA256
a46060df5286bc037afaedd5f69319898f0f8de0c80ed4a644d4ac5953953c10

SHA512
af0ee0f62cada1d371ffb80e2947d3821315e2c526a8af18399ee702b289778caeae2ee7a2e5ec2779862c847d4b61902761a9d70471362a50ab1595de1f4bf5

Download Submit
C:\Program Files (x86)\Steam\userdata\1857256111\config\localconfig.vdf

Filesize
4KB

MD5
77f3c0f29e0ca34b7ab57dc13325a20f

SHA1
d470f43d569f18dea1626e625ab631d7b75d1b31

SHA256
d7edab9b87a8daa98c767380d0af39fb4dfa22d8ad546ab39793bfa227b98621

SHA512
6723d8c50c9c29af851737cd1ec1001a7227c935bb050c66ab77ee66ecad01a2be12df3f0b81e152db3d6161140be8ee5b4338e36969067670586dfdd993a40a

Download Submit
C:\Program Files (x86)\Steam\userdata\1857256111\config\localconfig.vdf

Filesize
25KB

MD5
c47e8432f93e4f55095f50f2ce7fd42c

SHA1
e3febc6acf2a75b3867cbb22c7e2e42d073d7d27

SHA256
433b94ea5b285ecdc37d1869d552ee920fd6a9cc7e169f49204a379b59a17c5d

SHA512
f1f1bb5ea01fd8a4c1c50f07a71337f9eeb666f5f40bf564b3c50a904aa70b942409178735073e929b694c8e946ed84fdbdd8e283fb1d64e7ba4dc7be018e526

Download Submit
C:\Program Files (x86)\Steam\userdata\1857256111\config\localconfig.vdf

Filesize
30KB

MD5
5038da593bb83c70e8e888cfa12a8a3f

SHA1
4b0a2e9f732d1bfafab17612be2c4e926a25fe2b

SHA256
f0a7204234e2a1392416afa8fa857e3bf837c9576f261a6eaf452ff6786637e7

SHA512
eabcfeb867cd67d157f17269114ba0d3074ea5bc3ee5e9188c4c63fd8346ed5662f323f4934a3199f9104aa2076f38b53c937dfb52880fa0782404366b34d9ab

Download Submit
C:\Program Files (x86)\Steam\userdata\1857256111\config\localconfig.vdf

Filesize
3KB

MD5
02be286058dc8760c1c94821a1679f2c

SHA1
85332735db479b28ae4cd78d02eeca09ab9622e4

SHA256
c1ba88a2791db30c9dcbe9a1a4e054c78aee1fced9d7647e0014a6ed0d350a71

SHA512
883d32f3a99927d680f11b333b467dbbe4dda26b370dc85d593a073cedd38716ca98359ab8ccbbc856ac99f2a73447c20b4c9d735fb9ab5accee6037e0b8875e

Download Submit
C:\Program Files (x86)\Steam\userdata\1857256111\config\localconfig.vdf

Filesize
3KB

MD5
73a631b57d75f053d31331699d705640

SHA1
dd86032b4ba48baf8aac1209638a37445c97ec18

SHA256
0804aba2cf00d4e887225362ed1b5d7a3a3631ebbaf30dac6ad2d803b2c3bbe9

SHA512
5d9534be48feebf043e200017bbd9d862b92cb242be2f175cb82689c44d3bd09619bab82843f03df0b37fddf5a417f5486daeb85daf8a26385547d6e1d2b5dc9

Download Submit
C:\Program Files (x86)\Steam\userdata\1857256111\config\localconfig.vdf~RFe6094e1.TMP

Filesize
233B

MD5
4b79a25c23920f998467557272471450

SHA1
ac71f1f288a8736a875e4ede2eb1df0028c3bb5d

SHA256
6d6e543931c354973dd54c593998b966b3cd9332866c6f2e2213dd77223261f5

SHA512
97b58c55f2b852b18e9ef97c535b55e210535c49d278518f91ae00baa7e8c07ab9255862e8ebc56a73370bea5d9de9e0dec1348d0d1dfc7d09eb3c38de36a529

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
92f1e490dea3bbc87b16d6a0f04adf26

SHA1
56b537fc7238c8b9c960dd707e5cff477d7d1b22

SHA256
9c8050dc3d0d4603dc0f65c83d7baa4d45a6e28d1265337d7bc7d1a35efa1183

SHA512
abe9686788572216897c6d77cec6753cf80ae24585354185e44e7db7d29da69b894282342c517cf638766475d7dc480d050e0d86d2476cc7c8775dbb5143f4da

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\cache2\doomed\28606

Filesize
8KB

MD5
2ff637f9b23b7ebc9b0cdf42a7ab7e98

SHA1
6d784d1221b6d5aa4a3b34ed9de52a1b3809a031

SHA256
d92b05a9a9184432b86e240affbcd3c4c61b36b8bc5d258388f191130a8f0770

SHA512
0b99fe5a130bf14d5a79912996f5e9a4e2a4ef05fcb43312939edcd1c79155c2b5df89d2eb91d68b9d06615efa72ff70e90a825e5e59ad841824920ca25556e6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\cache2\doomed\31871

Filesize
8KB

MD5
630ab3e6581a0c87ec52ebef9dee100e

SHA1
0fe137420b6aee7bc53d9e2f7b8a33f6354b608b

SHA256
6f06dc054a35a5aeae16f0ac48b5299639b4e058c8dc8e3cc8a4fb4d95741113

SHA512
d3f709b7bb2df7885e303eee081ec0c154406ec78ca1097640764cc6e4d9a35e106a5156f31cfc4b81156c1393bd4a6022ca226f4983dda23876d61d7a549350

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\cache2\entries\0594D20F322E88265C0D547AD4EF5F45B49EF9C8

Filesize
144KB

MD5
5e3b016e85c08dc26d48a71352c82b1c

SHA1
dfb8d1eb32274e98aa06c8d757e3d374a5a281a3

SHA256
4f4570d5f108941d6951be0317a555b7660b2a7f2228be35966701c81dbba5bf

SHA512
7e9d8e2205345f0cfe54e7f12672e3f0397f8398b6101d09b5f960a04f93130d90a9986f8892aa20734b67f4a0f1a3ebcc2eb037862ad33bc3f45f0f0cd94901

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\cache2\entries\084AAC6EC378B73C20507FBB3DA429BEDCD36EE5

Filesize
18KB

MD5
9ee31b3df6c8a54d8466cc4bdb474a41

SHA1
05356f9770a8085e0e9d48b8622f120e7e43d7df

SHA256
922c40bcc483e1396772776824b912575d7bf182f71ff663aac27dc0a35c6e3e

SHA512
f2a6d869c68b430991a0d5ba4a3086e41c40fe9fadcaef42708d514594680e43c92ad1fc20824765546230cb3d794e21ff258b3a595fe838b34ce0505692aea4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\cache2\entries\0A8E0255A8575C96B65543779224737ACCD97222

Filesize
74KB

MD5
aaf71bf5d6f0ea003fb20cb1e8b6a0d8

SHA1
0ad4c8972e2dece3a62d4571d9ce86d8f6d002a5

SHA256
b854813983b81d9b1ecdd88374ca1899291c3cb780967b4ec1594e4d21007aae

SHA512
75760a01260013c41911984ddadb0ea29eae262c9ec46bd061d4bbb736b6b5a6fb9b7435927ca3da8648a831dc2719effc49344151b2931f7e08dfcd13067563

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\cache2\entries\0C3782CF9BE3D8E9BE247D60E694DEC90A00FEB8

Filesize
53KB

MD5
3d8fbfeddf4b31714c72ae46411cce82

SHA1
0a48f97c8a881abf0bfd467ebc9b666d562d3e7b

SHA256
c2d0f3619d29ca484a3a30dfa74214d5f23e52b19560e3520773a3a3b08130cc

SHA512
0c0327e45a823d34a8224a0403a8399c2b6ac28021d2a6bb4aa491034a5120629d8d898efb70e801a86235fd5dd9ba0f941c99713a87761304bde688c90806df

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\cache2\entries\0CB1F934DB891E9DDB24BDC26C317331398508D6

Filesize
22KB

MD5
21893c0ce60e5f18870986c004da6b88

SHA1
9747fed798d4b4675220237badd67754c59e76bd

SHA256
1f28866ce329b37d76fd92f48c0770e85f3ac642b1b4ec2aef3996791a9e1e32

SHA512
ca688febf182908e169e0dcbc9b2f6812a42ac5a28ac1215843e303d14a04874e53bba00949b86e30b6f29d4f04b2f18971df0143a1569d54912934be17bed35

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\cache2\entries\36568FF4AAEC52E5FBA97C17EE969E667A8159EB

Filesize
14KB

MD5
649ef2081909ce02ef298d2f137477fb

SHA1
4c1e03b1dc43e4676e2c10167f2f00b26d42d92a

SHA256
b11598af7d70b5abb13d6d692812e0fac81eb5b6d1578284b2e8e9c79ef95157

SHA512
b839160c663de0ef1d11131d1ef53e584378654d3065ceace3c94766c4cf88fefed19703cd0cc56c09ae6c37c71d15d59801e2f6e03b9fd31ac7c182dc0cae8d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\cache2\entries\371AB2F3C3CB60F299E436C8635AD89BCE8BE1BC

Filesize
671KB

MD5
8adc9dfbd461fdd5fb841505a6271e1d

SHA1
e4aacd19f2453a5f68e15ae22e96722ba48070dc

SHA256
c3107a14377491407478c302568e90736b1b29251d5bc5551be37614c10f85d5

SHA512
ef6b349542758d7498320e77e185caa26438924b9a2d33caed8d59fa2f9af641cb6f4419fc7c1e48d85cd3170db22ff071d3588858f6a12e3ac392c005b85f82

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\cache2\entries\3A37EED3D1E6B3845C02BF0570CEDAEFF93A93F5

Filesize
76KB

MD5
3f894e48ed068a36780f12dcbe2a5659

SHA1
d90e532bc1fa5545d960bc0c2301a7307decfd62

SHA256
4a8916759640906196aed8e01eefe34f9347c63b2d7fc2ccd297cfeb3e88000b

SHA512
d80008776842b41c600fef411a99342d0d491ecb59699cb9061c863f9cbd473e43a05c81ea6ae25aa627cefb15d2da8010f0f4a59f5b86931b0c7acd14d2583c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\cache2\entries\3BD9C40186675E5BA7DDC1A762EE036677025669

Filesize
57KB

MD5
52fd550c7dee17af11dcca77e91777ea

SHA1
5973bd3f31621847902d66603b742d7dcd808998

SHA256
df9d30c1a2b5d74becdea65d5a9e957eda248ad5565afee70eabdbd47aebb704

SHA512
cbeb62743746a6e7a20276e4db34700e5921c26cbf97316c06f50a23e3be1b4f149ae4ced64353497d9449d9c846b09520aa6b7b3e96e0533e26b3e3be917657

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\cache2\entries\4CF2DACDA5503EB6940010621E45544AFD9BCF8E

Filesize
5.0MB

MD5
ca4ea7575e347ec55f5d0599b3991a2f

SHA1
3a5acb2a7ebe9db38b62f74bb905872277b877db

SHA256
b71a2ed0792c5c23239dcc469eb63c0770c8b5857ac708e8ce8795ae5de129e8

SHA512
7c6f530247ad15f4c86ee0b3695ac1b03561b4ba9825bb6f2dbb53cbffb327aa32c86325ad25309736d9656bb47f0ee9ce7cf8aa063c6b53f82f749a622b589e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\cache2\entries\675D22EFA25FA9115F4AC10A9109A73EAB2C7BD8

Filesize
226KB

MD5
df77d8ec78775861ef37005634fd669e

SHA1
aad0b4b9c3ae04978021c329e5225450721ff120

SHA256
94f464c7dc8340e34ea1a09aefe75386dcdd7d6a4a3997b8d7d3440607b3bfba

SHA512
78ba02ccb8234dad93288f51ecb9843ea3df509355642c81a4247d2e2ab7cea071343f69e24f36fb08b455b6a4341b86dd22af17bd42d202d89e609746a7d25a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
13KB

MD5
2f1e815b6d04ba3061d633b7bb169519

SHA1
faa3f55b4447b383c9ac9c06d3ff08140a6291af

SHA256
f7e1ad5be429471ac1704dd3e7d4bb2cf6fe419d679b100f9bb33ec5fa297a0c

SHA512
2c54fc105cd4a625e5032c4469b0c5cd271823e58b696c83644501e0ac30507fa250558402467771f23ce14dc1ab8d9386bec97abe67fff11c94ba1904d023a6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\cache2\entries\73C66D1B5613B0C63A9B652EC79631DD55D5EEA1

Filesize
17KB

MD5
131c200498fa78e5dd8b4a3d1b833e18

SHA1
8ea18a063356442764b04072dd4b51ab69591a1b

SHA256
ce8d63a5706f30b2d0f2ee6d976ee1f5a3b6310868333bbec5c38d873e007837

SHA512
e5317c4fecacc5ecaecb6c9126004dbccf158b4847908235dd040829857cfb9ac6309949ac057199f64819682cc69617add13eeacba53825654151ebc1d68432

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\cache2\entries\7DEB6EED671F0134A5F5B7956E44ACD6C7EC3D49

Filesize
227KB

MD5
731a4631cf8f3c990038dc14515dbf11

SHA1
2edde4f1e3151d4084988fd7f685d0587c371fd8

SHA256
f18557d4e0d97210da619d1d58227c58a3914fdd42e887c0937682b3dbfa162c

SHA512
7ac09d4c08c5e322144aab4f2eccda7e899ef5b487eddc17619a6901180793308139602640846574ad2b7627f6c6aa842b1e22a637ec75f997138c5e0c6e57fc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\cache2\entries\9918A877D2EBA33368D7E957071DE4FC2D9C0EC9

Filesize
83KB

MD5
26390f71e3fb9dd3c353c7cfa4a06149

SHA1
2711c96a83768da5ef8a75079a11ad1494a16b6d

SHA256
c4ac078b02fe669454ff49d7533507a9e0c8f46fb59aa79a955351fee0d24eff

SHA512
cbc4b73833416260d01366d67b85641901d1badd3f37af48b89056fbb01141c7d2d51e4c4c128d3e53aa54a40b33038f537e3f693889f28a6d41def613656b3d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\cache2\entries\9964912A66D6F91A127C4967D775FC943F6AF8BD

Filesize
105KB

MD5
59951233d15e367c12f837134e6c7f5e

SHA1
ac5e1f15c7cb9fc2e5f63c59295d9a4f413a7023

SHA256
b4e2d6eb83d3e69e423fe7964a63e265fbb072293c56ff486035c6592cbc4c49

SHA512
ec5e715fdd0130321b2d169ac2f83159a95a75e876ac990c9c4279c48dc7a5c28c85b099d52a66d244a81dc9218096bcb9fe63c61155f4230cfa7292735751fb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\cache2\entries\9D6A2BAD4804D38979BBCBE42F8506244638CE5A

Filesize
44KB

MD5
2badfc9b165be588ffa68c01a351cede

SHA1
6de99f05753e232f4738a7c7966881430217beb8

SHA256
da2a4be5e5a440484b7a747deb49aec484fdfe5eef3386dd4c56d1ba0a5a4357

SHA512
78890fdce31b8f2058e3ee6db0f2ab30e78ad782d2b5d7c9925deeec2c1cf79f1d14a1ffcf5fe45834238b340ed1a452bf2ceef300da11bd0f2b93e8a8f59903

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\cache2\entries\9E2CA398CEB209201099DDBC28F342BBA5D5AE97

Filesize
429KB

MD5
a2e474c62d1ad49a73136d4ff2e66501

SHA1
4fb19941508cd9459256790dbd15b522fcb5b1be

SHA256
8840eb35849b48314dc25a5a71ec3d2c7cbb9d82229b27ed8cb0100486f48801

SHA512
9e2ceb0a84fa5a17c7adc9d14a53b736a1ab92ce3254407ba8fa7baa3d844fee9c1f239db71b02ec9f79fcb101ecfb5ebec49b1b639c0a9cab063e2478715043

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\cache2\entries\A13FBAB2C3F9B61774586D75A469E4DAE89D27BF

Filesize
252KB

MD5
40015dfb59ba73637dc5b898de4efd62

SHA1
8f4cd0541b46424d909255e235145771e3aa4eef

SHA256
b758b5e67ecb68b23a0f1be23a5e727410afd97340b04e184bdd03fc11bb9218

SHA512
74db8a32f4a0bec242f6e8c023ac485f67f7bd6d72cff7f86df51709d43594661a24f5776cdf124d42e66873ae5b9c13af47e2f76960f495f1bf488cecead6e2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\cache2\entries\A4FD507BBAC496BC314914D77FA4D053B3681570

Filesize
2.4MB

MD5
9228136a0f8b72126f90f425fa21897b

SHA1
e8cd8a2ea9aeb4a60b2dff6f0d68988e84789d38

SHA256
d22136b443e31dc98f91033ffe0b53565267ddb4b113954de67d5b857db5e058

SHA512
d4a09a35a3c94dbd59a728017c5c2973e40a0931f8560e002b0f85e607926ad6e9f8afc3e714cd14bde425bd719292309d9f0e0471d7b82be086adb986371c7c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\cache2\entries\AF2259E877E8ED5EEC48C34E39434200EC3E0E26

Filesize
243KB

MD5
0049d3f6dc46a5587ef8af4c6e2b1104

SHA1
37d15755608b973b2de7601651ac9e043bae2e38

SHA256
c8096ab122186f1f9f36de894b75ecfe2753735a9b05d7a051aca4ed6e89bbf0

SHA512
764ad4c43b9fb4925437e0995b1dcf7bef39c802d37f3040573b297c67b37de0130b110b693d01c8f9f0c1b8c07eae79203ed9ec7700e0bd794645eeef2c6d89

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\cache2\entries\AF9D579A99D87C9A00673FBA7477FA44A838B70E

Filesize
45KB

MD5
be1587603294cb51d87d7444b13add96

SHA1
7f54fca598412f2137100fc1f8fdf6a1064d4e43

SHA256
19455258b7e17a131a3254d038dfac3e8848d4911272987e105e2258f6e87d5b

SHA512
356d721e0b5eba4eadf97f35cd2131727581cccfda9f4c1a1562a52ad1bc0537ea7599fad8898d1b7b4af9c70105f81137fba614ea9434517b434d90d3f92420

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\cache2\entries\BC3B0B6320041CD98FA853BE18DE4077F7EB3B67

Filesize
224KB

MD5
28e00aa987d46edeaa321c37a9194c9c

SHA1
393cbd107a2ea2aec08c9fe29412ef329108d623

SHA256
49d54264975fd0cfac8ab70ffff16b7a91229c775e1ab36f4c06dfcfdaf5cfe1

SHA512
62549996e41dfc3d2ce4358fbf3e2591f9934a138dfe3d2afcf0a43c4c2570f16769ba07a5d471a95aed341e465b357822f4139df3b414b9255b1d97076667fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\cache2\entries\C876CA242432D7996210144797199D224BA0CA86

Filesize
44KB

MD5
d55a412250e48c776e75f4d15caed50f

SHA1
c3d34f7ad7e4178d3117c16ddb77f24ae18eac0d

SHA256
85ef662ac51095118fe914c1c4438a1aac89b95a6f12a83d6f4d2ad1f1085b38

SHA512
daa64aae6c25d049dc0a1983dac2bf8f23511dbee218e27548e7722a7ce42b87a525f40adad2e7b6d90f8a5f1566d623fba3f93dd2195bc10bfe3fc02b4fd4c7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\cache2\entries\CB1585E502F77C2E898BE49836BD3C189B276F0B

Filesize
39KB

MD5
b1b2e47698038c117e31177cb0d70d49

SHA1
bdb2a1b74974ecca2a4440fe089d40833300fdb3

SHA256
6958fac616603c86d44c68e970e15d5085e7cccd4e0f902f43983ad22fe015d2

SHA512
587dd2d0c6bcd43ffb1303796318103f578dc068580bba18fea78123cb80fbb54d99f593f74b42c0ed4d2f40ad1c911c59bd11985b583921fff32f1569de7658

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\cache2\entries\DF0F087B3B322D19A4DE0F953C1E5B5461B51731

Filesize
46KB

MD5
1c2ebb6121f1c36a2b837842692b0d59

SHA1
7faa7b422e44be1995c68a0de6a516ae9bffa43d

SHA256
76d806f9ac4119a4315fc077203bf5e8335e76be3ec9189b7a147d30069d527c

SHA512
08fff93fe7e360bc131511da569d42de6cf2639ae096cff827de8dbec7892aa82a2f23418e3ab3af9da893430f0f28d579d00cdbbbe36309747cf4ecbc85e7d6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\cache2\entries\EC9C1A50BFCB6FE93C1A0053B2AE10499DC50B98

Filesize
718KB

MD5
e13c62d7e5a51f71da7be0c0e38209e6

SHA1
ac25936892ea543d57ed6dfa0739f6d462cb2022

SHA256
29c05ec81c8d6ff66063d9bd3aebbc88424bc7f6af742b8862848945069bb53a

SHA512
283cc4924651ac76d42aa87321255c8da3a1c041f818441c99783ffa23ebfc1a1f58f5c3bb15da8964dea578dc39fbe9f727974aff5143a4fcd802319b9755bf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\cache2\entries\F7EA52190214F03AAFD27255C4E40081E2781F2A

Filesize
2.0MB

MD5
b50deb18bb61449fcfff2b9cbebfe8fd

SHA1
ce0720d26d27de792711b8282d767be5dfaa45c0

SHA256
40bd3a5dcf1b007b6053affc44116a4f00434565a4931f212f3e3bf553e4067f

SHA512
5ac3e982a607118e10c7b798f644c3947bed83c5e26e07fd5e6ddb25c2d933a48578c8fb9fd62490e64388ee1e8574f2b979ba2c4b0ff5fb75abebec2759241a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\jumpListCache\oFgLS2dB2kS01yMbtmqHYQuCzNaHdg1IdC+DguhCHrU=.ico

Filesize
858B

MD5
6a54172fd34ed4f0b24c56ed661d8f31

SHA1
71e1d9850488259ed8279ca0d21d7d5931082bb6

SHA256
f5c98058c9c0a232efed8b173f59804447a766365335c8afb95c3e729c7bd9d5

SHA512
73ad5b248a724d55a7b5424df3cffe8635d54de72ef625d5888f655de9f091ceebaa70a1ca626466ddfdf44dde6e3556f465171d53d4d3bc8f8535b0fa7fd786

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ul5krx1.default-release\thumbnails\7e10205b1b9c99630bf866d89d92a8f0.png

Filesize
18KB

MD5
29b625f9fcbb3507fc3ff5451a1188b1

SHA1
f7a81b30e93b028a6b1259b1588466740c529143

SHA256
2ac295cfe5e002eba75aa22527f5454a31b2e7d1b9a29a28af6086a4bf28100f

SHA512
fa5dd24fb69ed6b9059e39c76eab39033505fe6bcd5c6294e989a4bc899aea8490b3bc2e4e35203be1871a7aab2008819edba458ae6c8b37e22034d9594e3eb2

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000002

Filesize
19KB

MD5
78b74803f3c9414d9cc61c2dbdfac487

SHA1
17d8cdcfea6df48eb438e18485be8ed00e35e411

SHA256
582044d423b604a4122e00d1da5534bb9c19017b88b94d16855acdaed4e7d130

SHA512
4fb210165074acdd82b8ec011bd31497cbb8c5615bf27d28edaf0ca026caf105b10d376e75eedcba88cd0de56148d3d543e8725f86540eb047dc708c4df4e62e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000003

Filesize
24KB

MD5
24c1ac9e5814fdba1876bd70e65b55d1

SHA1
440f8a4de77e05a029ae06d4f500c72308285d6e

SHA256
7cf9b84f3812c9377c20ff7b0826eda7092f11f33dd4af560413a6773f3fca43

SHA512
bc848fd4ccce7a1705b2b14b2ba1a1503a6a306096ac8460480bc653a2d9d4744fe21a0a39db573d7363b3c1252c6db1b594f029c04beeee9ccb5714c80af7cf

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000004

Filesize
40KB

MD5
25043b3ecd7201069b59a289cfa91e06

SHA1
4709b985b6e8760e2fcc6f221b7c1d92d28eac67

SHA256
e895db7ab7ef01bced675cb3dd5e0b2093fef1d84f70b00b268ec9b8ff57b889

SHA512
e2dfbac618a568b9ba7f0c326362b749090087ffb271ee62eae8b78184936feea14640c30177e00a2a8a1fa18d64fdb3e3dab5a1ac643052d5cff9bd58ff7442

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000030

Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000035

Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000036

Filesize
115KB

MD5
ce6bda6643b662a41b9fb570bdf72f83

SHA1
87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8

SHA256
0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6

SHA512
8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00003c

Filesize
716KB

MD5
25081476466948e2df11adc8c9937804

SHA1
a8bb6209d8264de390513e4e44df781260ce6c32

SHA256
40d8df14959a05ab2648d03121318a336d5b346b997619dc4c76423317b04476

SHA512
9b274130212f0c07c1befbe3702febe0457faa5455a64455cb8f1372cd7108a6ab7d9192ca2f8fbf4cb121d826a345df7049cccbba28b848abc9fb9e3bf228d3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00003d

Filesize
499KB

MD5
d07fe0483acbc3805f1e48cb971c606d

SHA1
a8d9fcde781b5045cf6572297dab853097a2178d

SHA256
1b8a56da98c2552790865d9295586b5116c9f2f08cdf69bb4479432f249c6380

SHA512
03cf0c25ea172525572ce45687207854a3a5d9c7a69d44b2de295529da7205322846d611baf9f2dcaa48235796eeee4568439cc201ea9fdfd53cfb19f2001232

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
252b07cb3589974ebbe58df1006c6179

SHA1
b74899c359edc012e851f9bae039a791ffaa57c7

SHA256
b5a449d0e1dc9dd5346389d5e0dcf9988306bac4b66b91379d78c54c2af23d90

SHA512
a9de537bcfe3973078998613882e7819f7d1cc31273889644ba990d1db08f9e3185187224e8cb6cbf79956972cea5c7cd095029074f5a88be247418ca56d20dd

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
6cdb421d1baf62517aa18391d0a65634

SHA1
cff7046dc4fc0382129b464d8a76a4b8cbc4a053

SHA256
bf8bb9c9a4feb095bca8ce41210a9bf348243f166373439aff3104e3819c3377

SHA512
c023547ad8fc96e05c89b29ff0e4d126c57952d4083243cbb0d7a21633885c1d26074878020d8506f8e25df26235fc56c6d784b96384b43cc07bd4520052cc2c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
aa5d9cd3341fd595b491eec861d94b36

SHA1
3bba880fcfce8e2b25652a9fae72fe76d583fab0

SHA256
c5355887ce92916bba921442386985150ebb060b13f3d488d6cac0f1a1ad524e

SHA512
c917accf26e636d4a2fd37ef1b3c4733c8f718610616e13c2d17ddaf51f141ad8237c3bee193f93f1fe298e77cd357f386a3a80adb31a9ab99c52e140f0c7e95

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnGraphiteCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
710B

MD5
2c6df981d9994c1454b58f18441e9383

SHA1
38362c5e30a8e2ab35831123fcc541c8e90d56d2

SHA256
6432f4d55bfdfa3b61e4acb9f1c0d6f68f21fd8d7c804e384cbbe601bb725683

SHA512
60a660908b7f9f3d11237d859c80677df605138f9f1c0b43efecf72e4a95d3735d5cd8a3e90acca88db5c09811700cfed491564e6d79a3528b71de5ddf1235bf

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
822B

MD5
f5dd4c1745ecb7522d6f3f5101970fa8

SHA1
21aca14980303e3652c80c550efc43b071bf13a4

SHA256
4caf9766b22867777eb70a9235c9c5e83bc942e9f93eda3b08ce3757b3886cc3

SHA512
135b9019dc4a947244ec80695fda7e0f6ec8d54227e5759f5669d7b707562d909fe40999ef6179392822fb7a2e86da160f5f7519f5e0ee015032467e10b4c684

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
529B

MD5
1adb105ee9668bb24e6932461137921f

SHA1
339a8698b091df63c24e071fc7e4a22dd2f23fcf

SHA256
ca421a5f8058cb7c11c708510df009541b19febc27c878a3961c354b2b160b04

SHA512
d68b2847a33b017e674e6a9332a8ebbbfc6fd0b2591bbc22739e7d7d0834bd0670e5172cd620a498d2a4b9f3c44a0d59e83144d2b73b28711c462c70b56115de

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
866B

MD5
42d7175098b618d8b7b0b11b7785eda8

SHA1
1437b272a54acbe7d0ff51eb9a9f589e43d9d8ae

SHA256
d187d0f7dd894248f0ea3ddffa6e2656f0f7be54d2bcf40f64672cfc04b8f96f

SHA512
a822cca12b9456335c6574b34d7602ab9b9ff844a121718a5dab6c562faad6ac6852b9cc2073cf98bcb3a553274b7a8af5d2422dda1c533bd7d134b80b18553f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe60db9f.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
ed7226af6daa8966dda8ea827d3fba9e

SHA1
d6189977bff0065536f418a572233fbaff4f4245

SHA256
374b16df1701f5b2b83d29dcb73f38ee19bd72fc8b1c45b2cbeb109a3a9e6745

SHA512
2c743a2df7a1292415925deaf14afafc60815c76ce67b35b2874b302b509eb430fd4032ef80e826371dcc3a254b9cdff0c83411ed3e7612334d001b9780e7b93

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
188B

MD5
d2810eef2711217b1d5c49ef8659c0c4

SHA1
2c5f5427ccf1543ec6c937a46037559a5f7e31b3

SHA256
23932a8bcf50289a95f81176c5ca4c2b28b42ccb2914412404f5a52254f9cd71

SHA512
8e45956e232c8dcc0c56d31c40d282430fcc1a2abe732026bde7821c850b3ea6afb2e7431d81d8e8cc763060bd73fe6f9a6f028d81b1604e0b1ac0ef26fb7d7f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe6033b6.TMP

Filesize
188B

MD5
2a2d5e73356eec8f6bd7e867ac3d3c36

SHA1
3e8dd7a85ab07614e798297898b7ffca01e8569e

SHA256
8aa29f2db155d139aba195e8fccde195279256bb568a89399755a8631c9799f9

SHA512
b97b57c8d04d1a25c6f522cb7b27f4ec378a8f4ba97e5f3a772362701e9faba85de795f54eb1bf7249a8e7eb3e5801a2c548e75316289861167dfc99201f2665

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

Filesize
2KB

MD5
602c49f9246967bdcff45b4f43cf2fb0

SHA1
4c5796e0c724bbd7a9244cc8a0fc9e8f40181f2d

SHA256
a3ad9649c1038078038be1abd591cdba73b4b4f5cf30e11bb6cb7a432b746114

SHA512
2f273c0dd0127071f4c768cfe7277c6efff84c1ef4f4271c1326db3658c84261794b106af3198717f349fbaaaf276163700bbb50ae20fe52ed0a88a192d46f77

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe603387.TMP

Filesize
2KB

MD5
68b20851ccb9834d21fb32615e42bd43

SHA1
88fab935f0b9484994097c08f785e9ecb7d68127

SHA256
a954b528dd65ad6c4c2091fa32f17abdb7a49454ce88e10bb6c377734c70c26f

SHA512
dcb0771120c8fe35213d60e9abf4b242af807324759e3c99e9b2569c00a941d885d53ef6fadfe69e6b740e0b52a6008602605d643801190a2d29175a7d065e15

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8D09FEB7\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\MonoBleedingEdge\etc\mono\4.5\Browsers\Compat.browser

Filesize
1KB

MD5
0d831c1264b5b32a39fa347de368fe48

SHA1
187dff516f9448e63ea5078190b3347922c4b3eb

SHA256
8a1082057ac5681dcd4e9c227ed7fb8eb42ac1618963b5de3b65739dd77e2741

SHA512
4b7549eda1f8ed2c4533d056b62ca5030445393f9c6003e5ee47301ff7f44b4bd5022b74d54f571aa890b6e4593c6eded1a881500ac5ba2a720dc0ff280300af

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8D09FEB7\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\MonoBleedingEdge\etc\mono\4.5\DefaultWsdlHelpGenerator.aspx

Filesize
59KB

MD5
f7be9f1841ff92f9d4040aed832e0c79

SHA1
b3e4b508aab3cf201c06892713b43ddb0c43b7ae

SHA256
751861040b69ea63a3827507b7c8da9c7f549dc181c1c8af4b7ca78cc97d710a

SHA512
380e97f7c17ee0fdf6177ed65f6e30de662a33a8a727d9f1874e9f26bd573434c3dedd655b47a21b998d32aaa72a0566df37e901fd6c618854039d5e0cbef3f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8D09FEB7\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\gamedata\localization\nl-NL.json

Filesize
85KB

MD5
499d6628624fc30a895905741dec147f

SHA1
7f72cb5c5842bf93830573b349e85b8b1c0cdc90

SHA256
36fdf3da51cbc7ad21402b50df5cff97e7c3064553b7d6eeb08c6aac4a09f981

SHA512
1b4ebd8a5db5661fd942820d9cd854ccca45f0aec95fed45e82590a323eb93b8dc0ca2d0425ad07f2616afe200e09ba859055453209e5b2a62f2507bb46bc6cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8D09FEB7\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\gamedata\localization\vi-VN.json

Filesize
86KB

MD5
e8b8ba29d8b2c5cbae9e22a904767482

SHA1
83c1a41625d8d32b498633734d34276e6154b8cd

SHA256
dadb7871a2808dce39b6325d7311b576059532bb389dfd8f4f2d3e9912bef9a5

SHA512
b052cd662c60696f790754245da1c6590e5331133400915bf5014dc993a67c0a65dfb40cb4efc60df36f0f74cbcae8afea2864b9f09c9669ba3bfc10cccc1e3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8D09FEB7\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\gamedata\meshes\jobs\cabbagefarmer.glb

Filesize
64KB

MD5
8783da5b1e9daafc367b1b59e09b1e63

SHA1
e53c4fd054ecb90db34cc20a220e62ec12691912

SHA256
887ef04be5aa953f7570e4233e06f25ea03096467dd1afb7bbdd0c50aa0f4c1a

SHA512
d879ed090773b0beb6f38066f1619a1a3ae038d23d99468a7a9de6140f0bc30be9a4920ba2be6c8e286243a919937db77feca0d3af8e20637d7fd498e06643ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8D09FEB7\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\gamedata\meshes\jobs\coppersmith.glb

Filesize
76KB

MD5
7f6d54d619de0c15ca865eb7d6ff9fa7

SHA1
89c066feafbc310f99209caeaa4b387b53c59477

SHA256
ae557c23bcd53d8edb3050593591f7020321ecfdd31286448e5ca44e7dcf1625

SHA512
65f23dc2d8e0eb390b9d91504ffda1973d6196121b012090afbb602c13c485159184741d0704b9e25adaf4624f04ff836eca92154844b44c5291ab1a03b30c12

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8D09FEB7\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\gamedata\meshes\jobs\glassblower.glb

Filesize
77KB

MD5
a0a6f0b3fc03b1c9388bc30f60ebf71e

SHA1
1dd5c1f1ba04fbfd53b06db2240edcfc13c26b99

SHA256
8a11e8c3fbe3762d1c45369fe0d0a4a12eb583605ef4c9a128230fb939fa7e2b

SHA512
f4325e5d853bcc092b7ef041d8f50c783148c85911cfea51408cab1ca8bda74fe5363f2c4aea135af53c0c83447594a69e5f421e9917b20c90517c3e57eb0799

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8D09FEB7\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\gamedata\meshes\jobs\jobblockcrafteradvanced.glb

Filesize
76KB

MD5
5280c8d92a7a40e941b636aaf0ec1209

SHA1
0748086e0d39c3d7457a648f05203ddd48df4804

SHA256
29eb84fd7f0442983d68503523865315e815459e65d678ab97307b492c83b50a

SHA512
4b9343801c2fdbccc926446d7cea81016d644cdfd59c688aa04eb7b3d1a29eec1a0943e663f6c8c1bd0209d496dd590c3b1565b2dd313a08e82c499b4e80437c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8D09FEB7\Colony.Survival.v0.11.0.8\Colony.Survival.v0.11.0.8\gamedata\meshes\jobs\scribe.glb

Filesize
59KB

MD5
73e5b7542cf88a795ca40e775db4b4b5

SHA1
49475c8833d5fe6a89171818dd911bddb5a320ca

SHA256
69bc5256043d5fe879fb56bc1cc58ed2d5832d22d67c42bfc34a34a40f2ce816

SHA512
e31a46e17fc2796cdd36a703a9d96e6cffeb21d87a95c0c4bc8a2b5ca6dcfa094f6e7e8d0702a87c96aa4c3cfb16f98222872ae7feb8a23f1bc4a713e3ce00f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshE1C5.tmp\StdUtils.dll

Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshE1C5.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshE1C5.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshE1C5.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshE1C5.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshE1C5.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
a65935faf157c35cc5e0d1f50adbf5ed

SHA1
29548be7a93dc014c3a0857d1bca6464cfcfafaa

SHA256
384bb8e8aeb6da95404d35a29b64654dbb43f4d5fa27e8858b9310ea790e7216

SHA512
eb85f8ca7853bf7a45eae78d70d067a2724f2ddb4401f4abe6aed3cc9bafccdb83627fe02eff2f6ca1de0f9f505d9afc22accede733329e812fd2ae9721de106

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
33b575d9cd896c921bcf74261d17d80d

SHA1
9ef65dac03daffd5bda1cd86408c69c46a04e9bd

SHA256
b6fdc3537399025316181b93dca32360e403094894f0f5addb2980ed2096ec26

SHA512
6be33e0e4e2ce02ca33e2bbbf5e34da5fb7c72e77819512b17064ff9ab0a32d43950dd0cdc46a6d6c8c21adfa99b790dc1317692d16e5bd2b1326dac66fa682e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
18KB

MD5
9da2ec320ce25a4e942b1250da48d5a6

SHA1
4e1d0ea08e38a6b51ba51c539fed0d3bc13850dd

SHA256
0992954c0bb6c135ff0d97a190954f5a621fe1e448116fe92792e5debbd8a4fc

SHA512
b1588affe018f6c0d422e318fb7858255048120f533c16f6e24d19134315d8af73f9b7cbd349148a4847ae8516cbd3a40570844bb7b8dae03e6eb1ad8bb7691d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
2f2e57489291af11fa161772f003a434

SHA1
bee5205c75febd873f38bf26393cb8b36a705aba

SHA256
77d824dbde3c6da94eb2444906489b108ec35d5e899808373b8efcf161b44874

SHA512
e35004086b9f0ed70d352820b9eaf8ec7f8c5f8e8acae04dd423cf737729da190928e80da13d6fc6f160d60c9fc4369db23d0d121c9214e107badb59f97adcf8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
727012ec18c376db736811cd733b4969

SHA1
7861f9c7f887a479f9c65a75e8a33d3aace94eea

SHA256
247dfb0da955ca85514beda7598af61b55c44a3d7809343cf8ddbff1f1ccdfa5

SHA512
1d928ec4983830964925a072e0d45e96fb935e053d9e73ba84050e2f977840114816e7504e942354722da79102643782acb23adb88b6a9513209518ab6841f19

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
0d93143d41bfd89f563408a92b090851

SHA1
f34ca58ef3a4004e4abbc41664ae02cd376227a0

SHA256
b7ad7a47c6ae88e2e85dfe89018c4888405f58e688f0cf894b407d74b3e45ebe

SHA512
40226660da23ebfcc2c13b22cdf091c6641c5783a928cc64a35b7f9b0ebdfc36b739fae8cc112672cede179621a9b4e61af0b720cd6b04df254ef6af5b1a34e1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
73fa44f2f3a772cdbc8c5d320ae92f15

SHA1
7b29df3ffc9a6b240e82a6ef846ba8672f4fdf77

SHA256
82186c57a49435c378e092d197aaec2ad6d435e7b4237ee2fd855313fa1cb353

SHA512
a15a7d18980ea9826ab0cfb5744bf61d69a62be33f1a6f2fde6c9660d3bd2703c770997d403fe34f52718f837f5d24f0284c43eefc999eef835f1b80909e4e54

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
179e72d2c5beb1b2b1667b0c032dc775

SHA1
fbeeeace0951104e9e9ffaa14b91f969dd1b605d

SHA256
4378e523c3dfc79ce6e1d9c6a33cb5ae133e689366ffdcbd5a40213641b30eaf

SHA512
aec581fa6eb4843a61fccd78ef3d95b7133dd153cb143e90029b77572979c70c18f1e9e249952cb958128de0532427962ceb0aa99b501fc838556f4036de1a43

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
d084f5dbea0bea7c4a09f056c64ef321

SHA1
fd20bd28299cdff9d13a7a569c5ff35febf81f33

SHA256
165fb62adfae52f248c29d1075fa5ea85edb53b17a72164a40b3b67af9797677

SHA512
116f55adeff9fe483741270b3a864b6e8bb741a4166bfb30d47daba9956bacb70e6b1820f7ef95485b1d3d087225d5fd487b76ef16f397b42b753a38e4687c9a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\AlternateServices.bin

Filesize
10KB

MD5
6c34c9c0c5327d5abcc7e91e049d577e

SHA1
ab4074d548363caf033cca063eb7f49ef4b37b06

SHA256
ff1c8de257694ea33809c62114fc62aafa25c6b4d8e47d44cc9ad4a51b4dbc87

SHA512
d01a37cad0e2fe5d76b7d8645aedd7df03beca0470bdf58a52570ff7add7c6833adea72eb02cf196a20be2cf17f1b0ff43065f59457b3aae7dc6d287b6a2e693

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\AlternateServices.bin

Filesize
61KB

MD5
2e0af1c6f14922623729636553b7aefa

SHA1
96ef2fcbb7beccb97873b8bcce950ac3225369b3

SHA256
898036244859fcb81edc9ca29645fc8c1e04d71fe15c5ac87f200c17f06b0b8b

SHA512
a56e40a302dc2ee9c41324d9063d257b291defa721a85d0742ebc4b6bdf51bc49cdff3dac2d9a4b4d212ee06af7e3d7307b5deecb66dff3e24b65ff0b68e1ec2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
f4339691bc23d3d3b2426e4d10d43de4

SHA1
2edb4aff430d6d903debdad6d973eae1e7f65cbb

SHA256
040b6fdf51ce5d6d117be1827617e2b0ce1ce1ca2960d6a438fac51c58ca3052

SHA512
f302478176f4765a09c75a70cfb931170ab5d00f5f009e20c1c1aefe96930c4aef59af0ee37de66d6896744e836aa3a19ea44a9098c14230abad6d83e8eae95f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
38c3a983667ea81156dce95dac7c1b97

SHA1
5709e40d909036086c85e86737c04ecb4b34d5a6

SHA256
cdd3308f0731092acd60e4330f2991c62eb2f8a6fd0633341255827da86ae6c4

SHA512
4e84be7a5c7cc6c41a9b5e50fb65cf4ab924c5d9fcdb243b595fb76efbb540a473691c65b14a134b8e9bb410ed401f9d9332d5c9212e95ebf0cc08ecb6d72bd9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\datareporting\glean\db\data.safe.tmp

Filesize
119KB

MD5
d36fd12ca1568e51d46b2ae91ea981dc

SHA1
c58650cf63f11c5330e74239c0d1751612a9ad9d

SHA256
fa9902f832aedad3c9a70b4e1f55413de32a7e59115a30f6a34ef2b609af8b17

SHA512
3ec542317489030745d7757add0c1dce29f141d9177e871578e1e6e20ada9a30cdaed1f350a6a60d30debaea7fa5bd9dacaff17799d388ec311d17670c047ec5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
44dec7f7b51df9f4f94ac20708c051ad

SHA1
c951c1b87ba06436d13c091494e347169d086946

SHA256
c826fd009cae6d20135de593ec9e080d50d9bc53bbefa51a277b11b4dc2966b8

SHA512
80c055b9286e62a916d2d66a6f24be54e993ee9cf697da25004c7b4d577ab90922cb80ae2548987373cba6b98a45e28bb63b70118fc57faf77a3a6d7d573382e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
b65261fd32ccae021a8034098bf656ea

SHA1
1c967cad58ad471d8ac1775e6b4683fc07ede19f

SHA256
1d4e055b82cf473c995329df28e7f7309c2032d992dd08912a3d50c62e37c036

SHA512
3e008887a6d4baa7d5e9d22b836418dcf6a6c2ddbb42609dad3c9d2313c9abb9318c0c11a97b8d4dfde3c103a0e16e86a9084206a6dd872feb277bfa88f51fd3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
c8719715b723d6a7731f5b8d20c0592d

SHA1
914debc3c39e3c7979300e36305276fc42e7bb7c

SHA256
c975ce3e6e1c3c78909916b56a519a6b8bc3d6bbd7dafcfcdd1e3372c3c307bc

SHA512
64548e3144fc9024383f9cc28cdbe74d3eebe77a6cf819e69dd301e5be20b6a9710f8a307bbe7be36fc7d6a305accd7d37a19986d65ffc51c4b2e0dfaf71d0de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\datareporting\glean\pending_pings\08d25f77-f802-4b31-90ea-de6bb723dd9e

Filesize
659B

MD5
cfa21544af34a1acbe1c6f370ab74afd

SHA1
e33670f7b2f41cdf572f0cb33f8698efbc778e2e

SHA256
ca1f2bd55cb45a8c86113dee4b8b58158130a60013e9c159352f066bc1076943

SHA512
1d3d4c6bcf50afeb58f018ff2752c4b8cc7a9319ca6c2bd75be225809c2b0cf3147e10f2371b3a17c9a398c96c4915cda63cf11b8cbc595a10c049d5193371e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\datareporting\glean\pending_pings\3f2cdd0a-09fd-4848-9552-c4f10e21a4a5

Filesize
3KB

MD5
493868946c091f7f6c3e25953c62d7d5

SHA1
f4d1738ab002ef3161f86ff003be4485f9817653

SHA256
852d147e70080019848c7038820ad09a87675cdc284097e3a30a7b38b6a00c51

SHA512
c6e7590da112adf920364619a122bc1bdcabbb5faf9ae5001d7b035422fee2367770526e144857ffeb16df71d88dd1c069e28721e91f3edace2db195e09a3783

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\datareporting\glean\pending_pings\9ae61d93-6347-419f-97d3-0837cde2607a

Filesize
847B

MD5
dd3e2cdc51c9f8ebe2f0b51c93693694

SHA1
23daed77bf2edc660064c46d540799cb7dd43d60

SHA256
c3cb29d4a24c6e26fcd3908ba57a83f162816f7dad353b0f61d3bc6691d91da3

SHA512
c55ef79799d51aa6ace368daf34a4af8df552473348e14a48b0f82f7e077ae7b9fab9ed28a17af8192e87e5f4b90d5d020ee89920e4b53efd14b375e6077bf5c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\datareporting\glean\pending_pings\aa5d6c9e-4747-4120-ae24-5a82284c4f4f

Filesize
982B

MD5
a2ce9646d0a60158aec42a01cfe957e2

SHA1
472c1da0a1fe87c6ba160e33de6a0a69d0ed5243

SHA256
95bcb8385640392ec2c2103fd26b35e6a984dca46d76f9ec0095d8b068008336

SHA512
f40f55ea120577d98d12bf85f5bbc45a63040d7bbcadfe9171ef72f2b649df5ebb394ee44ce91a28d7c5a6c1a3043ea78b01e7411be9ebf0ce37c870550c0809

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\prefs-1.js

Filesize
10KB

MD5
72189fd8461893dbad4fb715c3bef5ae

SHA1
0823517e0c1ab673d50ae61ffbcbc85f0cf527e3

SHA256
f216f1a1eb21bec6a2fe28641160f84343ec98ef9a86352522644ff42f8c023c

SHA512
b480d5f4080e2f942ce660b41e582cc35f4f98a9bbc39b2d173b816680eeabd2b19ba014e274eb9c1dbddc8e7de46103545777de2f2e808e2337d1cf71724c06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\prefs-1.js

Filesize
9KB

MD5
7e920c2e301a681fc886cbe7c97d0a82

SHA1
e4c2e8ab0132a26843d290d0236e2e95abf997a9

SHA256
b7f108f8cf6d7ebbb64300ae6e2084beea953907452eff5981b276c96609645f

SHA512
f68cc5d7a72bc0c03db8ad0dc8a795bd993481a61d389eddfd2caa11670eec4e5641e89eb0b9360b63d9381ec9057cf460a53771b041bfc84361b18022df9ae7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\prefs.js

Filesize
9KB

MD5
6b9f2c6c1706f8322c99532336a29254

SHA1
c4e802f707572029ae8f9514e058ea8989ca7085

SHA256
1a05b8eff9b947c4501c22e34e90f9ad6634a6c5d0e5551b1adf2fda1bb38450

SHA512
15d4603948b250795e499013c5a9a9d3369747da8899456f7b9d3873eb90218b9aea00ad4de7107ad72ba66e0937fe3a199c1b093da83fc23b81b84bedc7cab4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
0438b24122c8ab53113e29c5c024b2aa

SHA1
d5105aa561d7976b040e8421437db4856a272181

SHA256
9bf7a322584dc2e86294cd2c21f962152f127edcb08a44dec6caf32647298318

SHA512
9f600d03909fb2a173e8d82d93ad3596941a18e5b6fef030206d4416a0264c1f06edf95543970ca8672aa827dc2f50dbdc88f0ed7f1252d06ba89ee7f60d49ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\sessionstore-backups\recovery.baklz4

Filesize
43KB

MD5
e5edd918ee3b800c4508adc4c0b0f157

SHA1
3b2d66aa75527f7c662cb22e0952683e1745fb88

SHA256
c139f9c0a9f6065d7c5473f961b430a5470ec31fd6f48d46d6bc5249c86edc25

SHA512
b180e4426e424da96513703cc039b094d2824868ce5113287e04cc7ebcbdfb58924c0f6622e4afdd3645aa7276f7713b7827079d49bfd643edc89ffd930571cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\sessionstore-backups\recovery.baklz4

Filesize
45KB

MD5
ca09c6072e29eb53888540ae52532626

SHA1
486839e88684bffd72c1941a7234bdc3abc22d5d

SHA256
56b2dad2cef526f9a4fcba05c1d35364f508c45ebe3b48820acbd7125e1a4532

SHA512
d7488e20d381612a5db55ad876e852d83e5021d6d513a1cfdd3e13b2ecd63ac3898550f36c51b66dceaf81bcc5e342586cf761b08e2d03e6dcb4d7f1124bced1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\sessionstore-backups\recovery.baklz4

Filesize
51KB

MD5
a431a4f7a9526043f2c287b00619a640

SHA1
f49e9050641196e1e7c236643a75e9ebddd1c904

SHA256
94f428332a410f9f6da8a27e2e4f25124c00ab0eae3ec9274cc474688aed2db1

SHA512
0fa9376677e6b58a8b97b15743e1d907e8f955d0b60395e3d33594f65b3443fcb8088bda64c0a0ccee4d2d1bc4d2c4ee482c2e94d0dbec08bd1a704e4bdfce87

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\sessionstore-backups\recovery.baklz4

Filesize
51KB

MD5
296ac2e8671b32d5bdccf3b4e7e9493e

SHA1
775c95352b4480a7d6ead0dbc0edc99207d6099f

SHA256
6ec062b3cd13905db95c2011f1afca3255f529f70711db8db8638abb9d6241c1

SHA512
80a7a64f06f1af6179ab0ad55f1623a4138799266d671a2aa0cf377c14b274277775d904420410dbcfea40a218923e7678642cb6f2a3c0f909f00af494e0a1c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\sessionstore-backups\recovery.baklz4

Filesize
51KB

MD5
ef24b0696e236b5c985e35788284c9ce

SHA1
b6223d5f65df9df114d84947a9558357ffcf3d71

SHA256
169d03dbcbd937e2ce5809d09862d5ab6f57b36a027d797da68139f2d9997692

SHA512
7965f03187c4148a27de0d5663c48178ac06ffc951e264d79456e96ac3b30b71e1829584bfe5ac469ab7a33891017c5f1f4ee4f3ac98e8e35fdac81bdbaa082b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\sessionstore-backups\recovery.baklz4

Filesize
52KB

MD5
3c5eda6cb4e741342e60fae0c3c2fbd8

SHA1
4fa97df895e147cd2f6061294f41652e85cbaeee

SHA256
3353ca8c3b9f7666ef8a8e3488856dc140eada30d9c406f91690202f36b43775

SHA512
812ada0e92470414b541bdb3f30429624302c2c24d520786e3533f84a7f791f9acf259c9cdcde3f6b20fa60c14b403e5fe53ffa507e79dc41943954f7d825f30

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\sessionstore-backups\recovery.baklz4

Filesize
53KB

MD5
f1bf6cfddd321b2a034f690ed1c9692d

SHA1
8771fbf8bf71f30cb5762e5e24b2de6fb730435a

SHA256
7e3aab1d22003be57e6744a06da67ad562fa6924efc4f871a5a2699f6bad8b3b

SHA512
19c9387fc6752a863d4db6e7b2dda363ee163be81242c6c7502cc7470e150cd2240a88e17efcc041965bcb750c463227cd7f6fb5e926e6515ea0b5d53c985df2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\sessionstore-backups\recovery.baklz4

Filesize
57KB

MD5
a2ad4ec39f9a21c9ceb86d314c8face6

SHA1
cf71d79d9ed50d7a4a3e1f3d9ee09d85edecb024

SHA256
c066223d34969950ef7100f1c1fd684dc8a557d55546226201c065c286f2dd18

SHA512
1c811f43ba21fc348f541a31141ad2e1b1bec293143dde29264120579f1085b574a263cbfcd779d547b02084dc6f466a2cd4900f900ad77bc6e602929ab0b643

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\sessionstore-backups\recovery.baklz4

Filesize
58KB

MD5
344756b5a8296ff2d336636b36d0a305

SHA1
f3c43e78072d466e1ee84660534b622ca48701cf

SHA256
e8bd323fd77e26e567cbfae764cb758d608134b8c873d50ce20a947a5d13bfb7

SHA512
81881f1058bb7ba98b80f5bfdd6535f13199257aff732aa2535a3d468d6bad45ee9243669a59041803afb2107b44a239ab104e1db88e2ec67895afd8c4a70ef6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\sessionstore-backups\recovery.baklz4

Filesize
53KB

MD5
93ed9b2bd23225d061ad25301393c150

SHA1
9cb0a57e16b7d51737487d336b6e5ad62898a8cf

SHA256
81bda9de576dbafd6aa71ac3fe639495326a160ba667b21684ba9a6115d8a134

SHA512
a707f0813a7f2ed60a4c36ede8bb1f0ba0595e750b86bc95e17b7572633b5324cc803ad74836ba43771d9c34a3d84fd39f6e7ae554d9d23003501e5354867411

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\sessionstore-backups\recovery.baklz4

Filesize
53KB

MD5
f9c7a9ee59fd851daf0c592430715efd

SHA1
f096dd61fd0637e93b0b3e7ff883d9e3b05b795d

SHA256
75ab607d62930acf0378b1ad232b8883c0df113083457dadc7cabfc7fa80e344

SHA512
f314ffcf7df6bb927bef67f62f3e326eada8676e46e90250091d22789fc72e1bc3098a5f26b3579cf1a6f624992a88d8836da11b9fcc611a4d6728ec31b30326

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\sessionstore-backups\recovery.baklz4

Filesize
56KB

MD5
e0744a27d3c9aba64e850a043f711935

SHA1
dfa71dd544e450233f322867806d3385d95f3728

SHA256
87929d40438008ca2466c2d05065fb365d0debd704481b3a8c4d077b4cf0901f

SHA512
4aaff36907c22587f82e6c6f85c8938f1b5caee56e3b3d0cc47c484ab996a7ba7195d2f315f09571f07c1b94597850e57be413340cbd43fb54d320913cf55742

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\sessionstore-backups\recovery.baklz4

Filesize
57KB

MD5
b0f77ce566d5262f63bfaaa3032367ca

SHA1
aeb552ee670adf67b77246923fdf72d3d141821f

SHA256
9e98e63eb6ca15d2b465f7c3d8b1de51fd839520ba87ec4ce6b6b1c5ca80e71b

SHA512
1701d2c9159c64b55c14f2a0497d0d42245c7655b350a5408f0da15d7c42bc8ac008dd0b6beb82f405f12b7144445be1cc6dae49fb52758197f6831bb3689960

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\sessionstore-backups\recovery.baklz4

Filesize
14KB

MD5
3aca8a776ea38049d25cc5b11efcb3be

SHA1
73ccd3d16df6d3fd9b6d940922a63600c8fa33f0

SHA256
a7c1cf67ba0c9a199e0c65f930cc02dee08354b2a0e83b056bbcf0dedb9b4acc

SHA512
701e0b7dd9188139aff5fcc0721338d8ccd96d9ef87d8ba0d0be9f3cca0ed6000eda6a9214ce18f0ac7c64ebc59cd5126f219b2415ad7f1d06f7ce99d0aa45fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\sessionstore-backups\recovery.baklz4

Filesize
44KB

MD5
03ba1faecb7a9d4c4946e414f7d3a8e6

SHA1
88447c63b1d5ad49182deb23145637475305ea0a

SHA256
e155ebc597a8589368a5b7aaf82933167ad6c2671abc7f01fb020c0c1b2cfb97

SHA512
f68b64f4f34023e1a49da3025f29c2f7a4a042150900d561c6f337ae732109ac992e7750d3c2fb7c4116fafaf354f9f6679cf8c66e827a50d2b3b29428396260

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\sessionstore-backups\recovery.baklz4

Filesize
50KB

MD5
164d85bebe3b6e3d634f4e6b52e937e4

SHA1
943a646b6ff85d13b776254e928654e1c7abf0c4

SHA256
fe2b7884481a31db345480ce54d2afbac1bd8402d4bf78d7f6ee1c80b183411d

SHA512
c95a8bb0c1a5544bc90591603c62ddc5dd55a093ceb1e238d0910b5f956d6c361b92449db2958e0a69350e82efa8f3c651aabdbe6bafb7e90460d91dce294d04

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\sessionstore-backups\recovery.baklz4

Filesize
51KB

MD5
1ac2cd4a373aec7d72d3db09304ed96e

SHA1
3f5241cdc1eb3c77b74ccf8dd52e517ad24232f8

SHA256
b82eb788d5b593d3de1951529cd15398782357e43a6e301f81138df96b5c7f96

SHA512
de60fa2093cf525c3604ebd032fb6511527dc70af32664c5c081e16875a2b8fd876a451138e811fbbf726762ecc9574524de241f43301c9f934abd06e271a67f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\sessionstore-backups\recovery.baklz4

Filesize
51KB

MD5
8fe85b24953d0ceab7bcd0240da74ebb

SHA1
b429d6ff950a2409ec361c70cc0576822c44a207

SHA256
dea7704fd7890f0fb46091c2077817504b9b3f363f95802439f78212733c9df6

SHA512
b90cdbc04bdb37b22869063171e101ed975390808993cea1e1f981434c0f400f87bfe6f12d005a8078782227a7256c4a6936035888ead2e7bb820d641491b628

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\sessionstore-backups\recovery.baklz4

Filesize
52KB

MD5
57ad8af85d3273b9437d69e7b644b1d7

SHA1
bc6c3671c58793fc46d8cd123adfa086a831d07e

SHA256
3514cf3465e281e1de10ce50e082771f041ae225450afb5ea7794e8a54dc9af4

SHA512
36680228ffc323afbd7678e8427f43a943c9acc1f131ff452eadc8641f59a02453cc3114a5b899223cbaeb5848812b033735e81a3dfd06b8fd7ae9697c3c1c1c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\storage\default\https+++cs.ingage.tech^partitionKey=%28https%2Ctemp-mail.org%29\ls\data.sqlite

Filesize
6KB

MD5
973ba02d313a4752880e2a581162464e

SHA1
caec292a258cbe8d0c81df86bd48cec00c571aba

SHA256
d791acb6f84b0feef0e4724a94b25517f52f26c171ff1e3f5059a1eabc8a41c9

SHA512
29c684527c60f17f05c927d676c5b491651dc705fec5444aca7cf74ec08a97cb209799330fc7e39ec7024e21fc447136acadd458000dc89ea2e763bc733d6101

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ul5krx1.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
632KB

MD5
0d53e999457d609db37fe41913ba8646

SHA1
2203fc62a67bc87f9d8ef302917e6afdf57e338e

SHA256
f1d55f96d3e6bf9a282de3be33fc07e9115ff179b90b36cff9a0d28cb220babc

SHA512
2b122dffee986c569df743046a0668f32f034c6ece205a5f2d7be409c7844e584092f2d64cb08a8414d54ba81bf53dcebc22bf3f051ee9238e35fc01b2271eea

Download Submit
C:\Users\Admin\Downloads\SteamSetup.7a7b7cuV.exe.part

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit
memory/7100-18270-0x0000000000B20000-0x0000000000FD2000-memory.dmp

Filesize
4.7MB

Download
memory/7960-18327-0x00007FF8230D0000-0x00007FF8230D1000-memory.dmp

Filesize
4KB

Download
memory/7960-18328-0x00007FF823600000-0x00007FF823601000-memory.dmp

Filesize
4KB

Download
memory/9812-19128-0x000001FCC6540000-0x000001FCC65AB000-memory.dmp

Filesize
428KB

Download
memory/10376-18833-0x0000029E68450000-0x0000029E684BB000-memory.dmp

Filesize
428KB

Download
memory/10756-19455-0x000001F9C50D0000-0x000001F9C513B000-memory.dmp

Filesize
428KB

Download
memory/13576-19284-0x0000022486A50000-0x0000022486ABB000-memory.dmp

Filesize
428KB

Download
memory/14112-19310-0x0000023E1BA10000-0x0000023E1BA1A000-memory.dmp

Filesize
40KB

Download
memory/15092-19411-0x0000022F84A70000-0x0000022F84A71000-memory.dmp

Filesize
4KB

Download
memory/15092-19408-0x0000022F84A70000-0x0000022F84A71000-memory.dmp

Filesize
4KB

Download
memory/15092-19407-0x0000022F84A70000-0x0000022F84A71000-memory.dmp

Filesize
4KB

Download
memory/15092-19406-0x0000022F84A70000-0x0000022F84A71000-memory.dmp

Filesize
4KB

Download
memory/15092-19402-0x0000022F84A70000-0x0000022F84A71000-memory.dmp

Filesize
4KB

Download
memory/15092-19401-0x0000022F84A70000-0x0000022F84A71000-memory.dmp

Filesize
4KB

Download
memory/15092-19400-0x0000022F84A70000-0x0000022F84A71000-memory.dmp

Filesize
4KB

Download
memory/15092-19409-0x0000022F84A70000-0x0000022F84A71000-memory.dmp

Filesize
4KB

Download
memory/15092-19410-0x0000022F84A70000-0x0000022F84A71000-memory.dmp

Filesize
4KB

Download
memory/15092-19412-0x0000022F84A70000-0x0000022F84A71000-memory.dmp

Filesize
4KB

Download
memory/15404-19454-0x000001F67A090000-0x000001F67A0FB000-memory.dmp

Filesize
428KB

Download