989fc0a75645dd3528876065a433f538dd17487cf4b3ae4aa01974cc9ed1e97c

Analysis

max time kernel
404s
max time network
409s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
18-01-2025 15:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CS2 Free Cheezee.rar
Size

26KB
MD5

0c98f158b824d48f3aed8e819b7501ad
SHA1

3ecd9ac33aaa26da3a4decf9d2a882054770fd59
SHA256

989fc0a75645dd3528876065a433f538dd17487cf4b3ae4aa01974cc9ed1e97c
SHA512

a3a5b94a715d4a8565ef5583db455336cd6be90949ef7c2902dd5ab90bc164dbeb8585c7a8585c0eb7a766ef55c99fee34dc77a81fcfdc7a111f32760ce29437
SSDEEP

768:1SlOhuVwFdozBmrnpq9iQ0qO18WcGyBBB:1S5wmBmVq9v0w1BB

Score

8^/10

steam discovery persistence phishing

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1581648047-808845429-2272123689-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1581648047-808845429-2272123689-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1581648047-808845429-2272123689-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1581648047-808845429-2272123689-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe

Executes dropped EXE 19 IoCs

pid	Process
240	SteamSetup.exe
5476	SteamSetup.exe
3460	steamservice.exe
5716	steam.exe
8080	steam.exe
8028	steamwebhelper.exe
7996	steamwebhelper.exe
7868	steamwebhelper.exe
7756	steamwebhelper.exe
8764	gldriverquery64.exe
8460	steamwebhelper.exe
8532	steamwebhelper.exe
8908	gldriverquery.exe
8964	vulkandriverquery64.exe
6076	vulkandriverquery.exe
9964	steamwebhelper.exe
2776	steamwebhelper.exe
9288	steamwebhelper.exe
9564	steamwebhelper.exe

Loads dropped DLL 64 IoCs

pid	Process
5476	SteamSetup.exe
240	SteamSetup.exe
5476	SteamSetup.exe
5476	SteamSetup.exe
5476	SteamSetup.exe
5476	SteamSetup.exe
5476	SteamSetup.exe
5476	SteamSetup.exe
5476	SteamSetup.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8028	steamwebhelper.exe
8028	steamwebhelper.exe
8028	steamwebhelper.exe
8028	steamwebhelper.exe
7996	steamwebhelper.exe
7996	steamwebhelper.exe
7996	steamwebhelper.exe
7868	steamwebhelper.exe
7868	steamwebhelper.exe
7868	steamwebhelper.exe
7868	steamwebhelper.exe
7868	steamwebhelper.exe
7868	steamwebhelper.exe
7868	steamwebhelper.exe
8080	steam.exe
7868	steamwebhelper.exe
7868	steamwebhelper.exe
8080	steam.exe
7756	steamwebhelper.exe
7756	steamwebhelper.exe
7756	steamwebhelper.exe
8080	steam.exe
8460	steamwebhelper.exe
8460	steamwebhelper.exe
8460	steamwebhelper.exe
8532	steamwebhelper.exe
8532	steamwebhelper.exe
8532	steamwebhelper.exe
8532	steamwebhelper.exe
9964	steamwebhelper.exe
9964	steamwebhelper.exe
9964	steamwebhelper.exe
9964	steamwebhelper.exe
2776	steamwebhelper.exe
2776	steamwebhelper.exe
2776	steamwebhelper.exe
2776	steamwebhelper.exe
9288	steamwebhelper.exe
9288	steamwebhelper.exe
9288	steamwebhelper.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1581648047-808845429-2272123689-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
434	raw.githubusercontent.com
435	raw.githubusercontent.com

Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_rstick_down_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_button_triangle.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_mouse_mid_click_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\subvalidatecontactemaildone.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_dpad_right_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_list_down.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\c9.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_color_outlined_button_y_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_070_setting_0304.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_l_ring_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_l1_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_color_button_circle_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\icon_cloud_dunno.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\inbox_comment.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_lstick_right.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_l_left_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_buttons_n_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_button_create_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_ltrackpad_click_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\filter_banned_koreana.txt.gz_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\dropdown_offline.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\joyconpair_left_sr.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_r_right_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_vr_happy.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_ltrackpad_left.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\SteamFossilizeVulkanLayer64.json_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\ko.pak_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0200.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_security_locked.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\icon_tab_placement_arrow.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_r_swipe_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_button_r_arrow.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_rtrackpad_down_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_touchpad_touch_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\layout\gamespage_details_rental.layout_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0310.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\mini_expand.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\platform_sc_schinese.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_l2.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_l_ring_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\templates\controller_xbox360_wasd.vdf_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\steam_controller_bulgarian.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_button_share.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_color_outlined_button_x_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\joyconpair_left_sr_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\Receipt_PayPal_Preorder.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0334.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_ltrackpad_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_r1_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_l_swipe_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\support_flag_top_hover.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steambootstrapper_vietnamese.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_up.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_rstick_down.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_lstick_down_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_rstick_down_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_mouse_mid_click_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\chatty.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_dpad_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_lstick_down.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\layout\requestdeviceauthorization.layout_	steam.exe

Drops file in Windows directory 11 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8028_518682618\_platform_specific\win_x64\widevinecdm.dll	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8028_518682618\LICENSE	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8028_518682618\manifest.json	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8028_518682618\manifest.fingerprint	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8028_518682618\_platform_specific\win_x64\widevinecdm.dll.sig	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8028_518682618\_metadata\verified_contents.json	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe

Checks processor information in registry 2 TTPs 31 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133816876720983043"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 46 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1581648047-808845429-2272123689-1000_Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1581648047-808845429-2272123689-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1581648047-808845429-2272123689-1000_Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1581648047-808845429-2272123689-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1581648047-808845429-2272123689-1000_Classes\steamlink\URL Protocol	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1581648047-808845429-2272123689-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1581648047-808845429-2272123689-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1581648047-808845429-2272123689-1000_Classes\steamlink\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1581648047-808845429-2272123689-1000_Classes\steam	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1581648047-808845429-2272123689-1000_Classes\steam\Shell\Open	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1581648047-808845429-2272123689-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1581648047-808845429-2272123689-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1581648047-808845429-2272123689-1000_Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1581648047-808845429-2272123689-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1581648047-808845429-2272123689-1000_Classes\steam\ = "URL:steam protocol"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1581648047-808845429-2272123689-1000_Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1581648047-808845429-2272123689-1000_Classes\steamlink	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1581648047-808845429-2272123689-1000_Classes\steam\Shell	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1581648047-808845429-2272123689-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1581648047-808845429-2272123689-1000_Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1581648047-808845429-2272123689-1000_Classes\steamlink\Shell\Open	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1581648047-808845429-2272123689-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1581648047-808845429-2272123689-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-1581648047-808845429-2272123689-1000_Classes\steam\DefaultIcon	steamservice.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 247230.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3084	chrome.exe
3084	chrome.exe
5900	msedge.exe
5900	msedge.exe
2768	msedge.exe
2768	msedge.exe
6100	identity_helper.exe
6100	identity_helper.exe
5360	msedge.exe
5360	msedge.exe
5476	SteamSetup.exe
5476	SteamSetup.exe
5476	SteamSetup.exe
5476	SteamSetup.exe
5476	SteamSetup.exe
5476	SteamSetup.exe
5476	SteamSetup.exe
5476	SteamSetup.exe
5476	SteamSetup.exe
5476	SteamSetup.exe
5476	SteamSetup.exe
5476	SteamSetup.exe
5476	SteamSetup.exe
5476	SteamSetup.exe
5476	SteamSetup.exe
5476	SteamSetup.exe
5476	SteamSetup.exe
5476	SteamSetup.exe
5476	SteamSetup.exe
5476	SteamSetup.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe
8080	steam.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
3604	7zFM.exe
8080	steam.exe
1068	OpenWith.exe
7224	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs

pid	Process
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	3604	7zFM.exe
Token: 35	3604	7zFM.exe
Token: SeDebugPrivilege	3460	firefox.exe
Token: SeDebugPrivilege	3460	firefox.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeSecurityPrivilege	3460	steamservice.exe
Token: SeSecurityPrivilege	3460	steamservice.exe
Token: SeShutdownPrivilege	8028	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8028	steamwebhelper.exe
Token: SeShutdownPrivilege	8028	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8028	steamwebhelper.exe
Token: SeShutdownPrivilege	8028	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8028	steamwebhelper.exe
Token: SeShutdownPrivilege	8028	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8028	steamwebhelper.exe
Token: SeShutdownPrivilege	8028	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8028	steamwebhelper.exe
Token: SeShutdownPrivilege	8028	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8028	steamwebhelper.exe
Token: SeShutdownPrivilege	8028	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8028	steamwebhelper.exe
Token: SeShutdownPrivilege	8028	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8028	steamwebhelper.exe
Token: SeShutdownPrivilege	8028	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8028	steamwebhelper.exe
Token: SeShutdownPrivilege	8028	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8028	steamwebhelper.exe
Token: SeShutdownPrivilege	8028	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8028	steamwebhelper.exe
Token: SeShutdownPrivilege	8028	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8028	steamwebhelper.exe
Token: SeShutdownPrivilege	8028	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8028	steamwebhelper.exe
Token: SeShutdownPrivilege	8028	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8028	steamwebhelper.exe
Token: SeShutdownPrivilege	8028	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8028	steamwebhelper.exe
Token: SeShutdownPrivilege	8028	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8028	steamwebhelper.exe
Token: SeShutdownPrivilege	8028	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8028	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3604	7zFM.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
8028	steamwebhelper.exe
8028	steamwebhelper.exe
8028	steamwebhelper.exe
8028	steamwebhelper.exe
8028	steamwebhelper.exe
8028	steamwebhelper.exe
8028	steamwebhelper.exe
8028	steamwebhelper.exe
8028	steamwebhelper.exe
8028	steamwebhelper.exe
8028	steamwebhelper.exe
8028	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 25 IoCs

pid	Process
3460	firefox.exe
8080	steam.exe
1068	OpenWith.exe
1068	OpenWith.exe
1068	OpenWith.exe
1068	OpenWith.exe
1068	OpenWith.exe
1068	OpenWith.exe
1068	OpenWith.exe
1068	OpenWith.exe
1068	OpenWith.exe
4428	OpenWith.exe
7224	OpenWith.exe
7224	OpenWith.exe
7224	OpenWith.exe
7224	OpenWith.exe
7224	OpenWith.exe
7224	OpenWith.exe
7224	OpenWith.exe
7224	OpenWith.exe
7224	OpenWith.exe
7172	firefox.exe
7172	firefox.exe
7172	firefox.exe
7172	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3520 wrote to memory of 3460	3520	firefox.exe	89
PID 3520 wrote to memory of 3460	3520	firefox.exe	89
PID 3520 wrote to memory of 3460	3520	firefox.exe	89
PID 3520 wrote to memory of 3460	3520	firefox.exe	89
PID 3520 wrote to memory of 3460	3520	firefox.exe	89
PID 3520 wrote to memory of 3460	3520	firefox.exe	89
PID 3520 wrote to memory of 3460	3520	firefox.exe	89
PID 3520 wrote to memory of 3460	3520	firefox.exe	89
PID 3520 wrote to memory of 3460	3520	firefox.exe	89
PID 3520 wrote to memory of 3460	3520	firefox.exe	89
PID 3520 wrote to memory of 3460	3520	firefox.exe	89
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 2424	3460	firefox.exe	90
PID 3460 wrote to memory of 4428	3460	firefox.exe	91
PID 3460 wrote to memory of 4428	3460	firefox.exe	91
PID 3460 wrote to memory of 4428	3460	firefox.exe	91
PID 3460 wrote to memory of 4428	3460	firefox.exe	91
PID 3460 wrote to memory of 4428	3460	firefox.exe	91
PID 3460 wrote to memory of 4428	3460	firefox.exe	91
PID 3460 wrote to memory of 4428	3460	firefox.exe	91
PID 3460 wrote to memory of 4428	3460	firefox.exe	91

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\CS2 Free Cheezee.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3604

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3520
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2004 -parentBuildID 20240401114208 -prefsHandle 1932 -prefMapHandle 1472 -prefsLen 26921 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ba695ac-5723-4958-90a0-a8462c3bfd59} 3460 "\\.\pipe\gecko-crash-server-pipe.3460" gpu
    3⤵
    PID:2424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 26799 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae6251a4-b0a7-42c2-a6c3-a60c6aad9f7e} 3460 "\\.\pipe\gecko-crash-server-pipe.3460" socket
    3⤵
    - Checks processor information in registry
    PID:4428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2900 -childID 1 -isForBrowser -prefsHandle 2964 -prefMapHandle 2960 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebf44ee2-d71e-482c-babc-d585da5e0bad} 3460 "\\.\pipe\gecko-crash-server-pipe.3460" tab
    3⤵
    PID:1232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3952 -childID 2 -isForBrowser -prefsHandle 3928 -prefMapHandle 3924 -prefsLen 32173 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7671f678-af63-4bf8-970b-bc7da2934db9} 3460 "\\.\pipe\gecko-crash-server-pipe.3460" tab
    3⤵
    PID:1416
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4484 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4664 -prefMapHandle 4660 -prefsLen 32173 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73d0e442-bee0-47eb-91ea-90c508995b7e} 3460 "\\.\pipe\gecko-crash-server-pipe.3460" utility
    3⤵
    - Checks processor information in registry
    PID:3872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5168 -childID 3 -isForBrowser -prefsHandle 5180 -prefMapHandle 5176 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {34081e6a-c7d1-4941-9ef2-ed780885ede9} 3460 "\\.\pipe\gecko-crash-server-pipe.3460" tab
    3⤵
    PID:5900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5264 -childID 4 -isForBrowser -prefsHandle 5304 -prefMapHandle 5308 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e9f79cd-81c8-4d8d-9f9c-e80b3f0c2400} 3460 "\\.\pipe\gecko-crash-server-pipe.3460" tab
    3⤵
    PID:5916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5472 -childID 5 -isForBrowser -prefsHandle 5480 -prefMapHandle 5484 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97ecfc6d-296e-453c-8229-a4e2926c3e01} 3460 "\\.\pipe\gecko-crash-server-pipe.3460" tab
    3⤵
    PID:5928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffb8739cc40,0x7ffb8739cc4c,0x7ffb8739cc58
  2⤵
  PID:5692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,16429636143402127070,2057430749239488446,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=1784 /prefetch:2
  2⤵
  PID:5876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1892,i,16429636143402127070,2057430749239488446,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2084 /prefetch:3
  2⤵
  PID:5912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,16429636143402127070,2057430749239488446,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2280 /prefetch:8
  2⤵
  PID:5980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,16429636143402127070,2057430749239488446,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,16429636143402127070,2057430749239488446,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4540,i,16429636143402127070,2057430749239488446,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4800,i,16429636143402127070,2057430749239488446,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5064,i,16429636143402127070,2057430749239488446,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:5168
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:5608
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x298,0x29c,0x2a0,0x274,0x2a4,0x7ff642424698,0x7ff6424246a4,0x7ff6424246b0
    3⤵
    - Drops file in Windows directory
    PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4436,i,16429636143402127070,2057430749239488446,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:5224

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2616

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\UnprotectSkip.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffb7bec46f8,0x7ffb7bec4708,0x7ffb7bec4718
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  PID:5948
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x158,0x138,0x15c,0x7ff6ef845460,0x7ff6ef845470,0x7ff6ef845480
    3⤵
    PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2684 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7048 /prefetch:8
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  PID:220
- C:\Users\Admin\Downloads\SteamSetup.exe
  "C:\Users\Admin\Downloads\SteamSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:240
- C:\Users\Admin\Downloads\SteamSetup.exe
  "C:\Users\Admin\Downloads\SteamSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:5476
- - C:\Program Files (x86)\Steam\bin\steamservice.exe
    "C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5152 /prefetch:2
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2476 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1984 /prefetch:1
  2⤵
  PID:6256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1340 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2252 /prefetch:1
  2⤵
  PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2432 /prefetch:1
  2⤵
  PID:8840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1404 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2064 /prefetch:1
  2⤵
  PID:6300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:6304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1324 /prefetch:1
  2⤵
  PID:6984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6160 /prefetch:8
  2⤵
  PID:6992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:8228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7444 /prefetch:8
  2⤵
  PID:8860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7692 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1320 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
  2⤵
  PID:10220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17995690393975373632,2040670382700374796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1
  2⤵
  PID:7272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3880

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:5716
- C:\Program Files (x86)\Steam\steam.exe
  "C:\Program Files (x86)\Steam\steam.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:8080
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=de_DE" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=8080" "-buildid=1733265492" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SendNotifyMessage
    PID:8028
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1733265492 --initial-client-data=0x28c,0x290,0x294,0x288,0x298,0x7ffb78ecaf00,0x7ffb78ecaf0c,0x7ffb78ecaf18
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:7996
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1576,i,7630230433901655264,450816226514450655,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1580 --mojo-platform-channel-handle=1568 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:7868
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2184,i,7630230433901655264,450816226514450655,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2188 --mojo-platform-channel-handle=2012 /prefetch:3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:7756
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2804,i,7630230433901655264,450816226514450655,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2808 --mojo-platform-channel-handle=2800 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:8460
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,7630230433901655264,450816226514450655,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3128 --mojo-platform-channel-handle=3132 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:8532
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3856,i,7630230433901655264,450816226514450655,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3860 --mojo-platform-channel-handle=3852 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:9964
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3940,i,7630230433901655264,450816226514450655,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3932 --mojo-platform-channel-handle=3928 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:2776
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=4740,i,7630230433901655264,450816226514450655,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4732 --mojo-platform-channel-handle=4736 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:9288
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4748,i,7630230433901655264,450816226514450655,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4828 --mojo-platform-channel-handle=4844 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:9564
- - C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:8764
- - C:\Program Files (x86)\Steam\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:8908
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:8964
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:6076

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x408 0x3dc
1⤵
PID:8468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\ExitImport.shtml
1⤵
PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffb7bec46f8,0x7ffb7bec4708,0x7ffb7bec4718
  2⤵
  PID:5024

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:7644

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1068
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\e13cc250-f030-4ae3-93fd-36fd79f08e2a_BonziBuddy-1.5.0.zip.e2a\BonziBuddy-1.5.0\README.md
  2⤵
  PID:9188

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4428

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:7224
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\BonziBuddy-1.5.0.tar.gz"
  2⤵
  PID:8168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\BonziBuddy-1.5.0.tar.gz
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:7172
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1904 -prefMapHandle 1892 -prefsLen 27182 -prefMapSize 244705 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a0cf1b6-d301-4a0d-9771-84d1ddb57a29} 7172 "\\.\pipe\gecko-crash-server-pipe.7172" gpu
      4⤵
      PID:7384
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2440 -parentBuildID 20240401114208 -prefsHandle 2416 -prefMapHandle 2404 -prefsLen 28102 -prefMapSize 244705 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {adcb7190-6fbf-4ee6-a793-a45e04baf673} 7172 "\\.\pipe\gecko-crash-server-pipe.7172" socket
      4⤵
      Checks processor information in registry
      PID:7420
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3108 -childID 1 -isForBrowser -prefsHandle 2976 -prefMapHandle 3200 -prefsLen 28243 -prefMapSize 244705 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36d567a8-16fc-4811-9a87-0dbfb896c99c} 7172 "\\.\pipe\gecko-crash-server-pipe.7172" tab
      4⤵
      PID:2000
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3648 -childID 2 -isForBrowser -prefsHandle 3564 -prefMapHandle 3560 -prefsLen 32592 -prefMapSize 244705 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {87e35653-7b15-4060-afcf-15bed3f384ac} 7172 "\\.\pipe\gecko-crash-server-pipe.7172" tab
      4⤵
      PID:8872
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4760 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5024 -prefMapHandle 5020 -prefsLen 32592 -prefMapSize 244705 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90a8299c-a247-43b0-8682-a9b48d67501b} 7172 "\\.\pipe\gecko-crash-server-pipe.7172" utility
      4⤵
      Checks processor information in registry
      PID:9828
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5304 -childID 3 -isForBrowser -prefsHandle 5328 -prefMapHandle 3616 -prefsLen 27097 -prefMapSize 244705 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc1d023a-df80-49b0-846d-2e280bb7aba6} 7172 "\\.\pipe\gecko-crash-server-pipe.7172" tab
      4⤵
      PID:9444
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5332 -childID 4 -isForBrowser -prefsHandle 5492 -prefMapHandle 5500 -prefsLen 27097 -prefMapSize 244705 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {daa3f9b1-acfd-4a03-967e-d53e2f75832d} 7172 "\\.\pipe\gecko-crash-server-pipe.7172" tab
      4⤵
      PID:7768
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5744 -childID 5 -isForBrowser -prefsHandle 5664 -prefMapHandle 5672 -prefsLen 27097 -prefMapSize 244705 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {248612b3-ffa9-4db1-b56e-b21605132058} 7172 "\\.\pipe\gecko-crash-server-pipe.7172" tab
      4⤵
      PID:9736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\bin\SteamService.exe

Filesize
2.5MB

MD5
ba0ea9249da4ab8f62432617489ae5a6

SHA1
d8873c5dcb6e128c39cf0c423b502821343659a7

SHA256
ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d

SHA512
52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
14KB

MD5
bb3afc927a28c15bc119d7ffba35485b

SHA1
4008414c9e5ab075a08662771be87a42b40ff253

SHA256
3efbdf72a24ccf59f35dc1d549274a45ba8fdd7164187ecdfc6df66d8d14047a

SHA512
b7d840f77a737449639e6c1b4617cef593d6ec0044c20defab133b51d180632b92402ea50f6cd7d05302bbeed3df85149ce6bd7cf971c36b32f87154e64b02bd

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
22KB

MD5
c59f387021bf9fd63b9631e9a52d2ffb

SHA1
d724bed824c496c0cfc2d5f1e96eac40fa66d41b

SHA256
1bd274acf07003236b8f292310f4beba3ce9e3abf1c29e79e496c0a49c308234

SHA512
e7ae87b1d8be281bb6bc8fd994024d1eea2314762f6b2c34db7ea4c803283d26e0a9b5ea7567b66736bb8db2aea0f3837017d97f298c249f4257ba78ee730e9d

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
22KB

MD5
cfd6b7197744f20826d7feaebb7d7bd4

SHA1
7f335c83f56c75c358d8346250b169673f4d7b03

SHA256
fcfe1b071417afb23e4af0269a27b9b5baaa3d7f2d46028a29cf1591ca094d52

SHA512
25044785d20ed02316764ec6ab49579b4c3dbf8f4a066b61c8eddc0992f75122c978e2df6803e303c3c95b1ba9b5e788e7ccccdda9ebeaccd294f62ea05add7e

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf~RFe597aa5.TMP

Filesize
184B

MD5
3cdebc58a05cdd75f14e64fb0d971370

SHA1
edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe

SHA256
661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7

SHA512
289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

Download Submit
C:\Program Files (x86)\Steam\logs\cef_log.txt

Filesize
4KB

MD5
ef52cd07ddf929d037252c66c5f226a4

SHA1
3fb45d27cb6be13255c742313478a33a6ae162d3

SHA256
1756101027b2365445b52caf04bf54dfc20c82df2f442ed2c76aca974854ce2e

SHA512
e22fec4319ad55c086072d40d67dcbc863336258957017d33aee693af7c099ac655d36684cc2aed2b7641b26c7271d7ebdafeb2f4229d5c83c93ffd57d09ac6c

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

Filesize
4KB

MD5
0340d1a0bbdb8f3017d2326f4e351e0a

SHA1
90d078e9f732794db5b0ffeb781a1f2ed2966139

SHA256
0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544

SHA512
9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

Filesize
6KB

MD5
4c81277a127e3d65fb5065f518ffe9c2

SHA1
253264b9b56e5bac0714d5be6cade09ae74c2a3a

SHA256
76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9

SHA512
be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

Filesize
4KB

MD5
2158881817b9163bf0fd4724d549aed4

SHA1
c500f2e8f47a11129114ee4f19524aee8fecc502

SHA256
650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7

SHA512
f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

Filesize
4KB

MD5
03b664bd98485425c21cdf83bc358703

SHA1
0a31dcfeb1957e0b00b87c2305400d004a9a5bdb

SHA256
fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115

SHA512
4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

Filesize
4KB

MD5
31a29061e51e245f74bb26d103c666ad

SHA1
271e26240db3ba0dcffc10866ccfcfa1c33cf1cc

SHA256
56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192

SHA512
f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

Filesize
4KB

MD5
da6cd2483ad8a21e8356e63d036df55b

SHA1
0e808a400facec559e6fbab960a7bdfaab4c6b04

SHA256
ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6

SHA512
06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

Filesize
4KB

MD5
9e62fc923c65bfc3f40aaf6ec4fd1010

SHA1
8f76faff18bd64696683c2a7a04d16aac1ef7e61

SHA256
8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7

SHA512
c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

Filesize
4KB

MD5
10c429eb58b4274af6b6ef08f376d46c

SHA1
af1e049ddb9f875c609b0f9a38651fc1867b50d3

SHA256
a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13

SHA512
d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

Filesize
4KB

MD5
5c026fd6072a7c5cf31c75818cddedec

SHA1
341aa1df1d034e6f0a7dff88d37c9f11a716cae6

SHA256
0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382

SHA512
f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

Filesize
6KB

MD5
189ba063d1481528cbd6e0c4afc3abaa

SHA1
40bdd169fcc59928c69eea74fd7e057096b33092

SHA256
c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695

SHA512
ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

Filesize
4KB

MD5
18aaaf5ffcdd21b1b34291e812d83063

SHA1
aa9c7ae8d51e947582db493f0fd1d9941880429f

SHA256
1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5

SHA512
4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

Filesize
4KB

MD5
1514d082b672b372cdfb8dd85c3437f1

SHA1
336a01192edb76ae6501d6974b3b6f0c05ea223a

SHA256
3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4

SHA512
4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

Filesize
4KB

MD5
8958371646901eac40807eeb2f346382

SHA1
55fb07b48a3e354f7556d7edb75144635a850903

SHA256
b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585

SHA512
14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

Filesize
5KB

MD5
7e1d15fc9ba66a868c5c6cb1c2822f83

SHA1
bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7

SHA256
fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265

SHA512
0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

Filesize
4KB

MD5
202b825d0ef72096b82db255c4e747fa

SHA1
3a3265e5bbaa1d1b774195a3858f29cea75c9e75

SHA256
3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314

SHA512
e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

Filesize
4KB

MD5
7913f3f33839e3af9e10455df69866c2

SHA1
15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25

SHA256
05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c

SHA512
534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

Filesize
4KB

MD5
58e0fcbee3cca4ef61b97928cfe89535

SHA1
1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b

SHA256
c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425

SHA512
99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

Filesize
4KB

MD5
9b0b0e82f753cc115d87c7199885ad1b

SHA1
5743a4ab58684c1f154f84895d87f000b4e98021

SHA256
0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32

SHA512
b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt

Filesize
4KB

MD5
eb8926608c5933f05a3f0090e551b15d

SHA1
a1012904d440c0e74dad336eac8793ac110f78f8

SHA256
2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04

SHA512
9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt

Filesize
4KB

MD5
6367f43ea3780c4ee166454f5936b1a8

SHA1
027a2c24c8320458c49cd78053f586cb4d94ee6f

SHA256
f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998

SHA512
31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt

Filesize
6KB

MD5
e04ad6c236b6c61fc53e2cb57ced87e8

SHA1
e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4

SHA256
08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e

SHA512
0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
db00b73297905bc408850f625d4b6f50

SHA1
5e5f1dc0d8d7a991295715507774024558fc88b7

SHA256
b62b2adfecd4b11fb3934838faedb40442db703448268d9fd277650a144ef6c1

SHA512
ecd2e724a8059638a9a115b2d090b1704cee103e578a64265196185b9842e2ddb5601fcce00f860e18ab40d6979a198c4bc38d00d38793fa66379e083262a4bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
968398da3310db2fb20a74fe9394921c

SHA1
99ec2e283c7a5165bd79174f354eb2e206e4f788

SHA256
874ebe5c7dc9ad37a52b4e2eccdffbb66603483a948930d109fe10cceff80677

SHA512
686f148fb7f7052b7d315a310724fad1d0c3315a90f86ade69073dfc9ef2c0614c33f4f66cc524ecb6ef72fe54976e2bbca26bbf9bc9cb6dfe4225d897cea9dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
3500751a4ff82943738305fa518181cb

SHA1
cefe60558c7fd861e21d419859963cb6d80a12bb

SHA256
358a451438319242f76ffb6f81fc09132d6b729c519aaf6abd759f2363d33d73

SHA512
ec37bcd98c3c03f5e2fec5cab172b67dbe262965519ece43d6507e83e8ce65e7fe1b7a11d58680acd73bf1e45809c653b29a90f631eeb1fd15fdf1d3cd1ca95c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
661e351dacadc7613218f9b47fb03dce

SHA1
cb48f38d81c0363c542696f9ce3c028a0df41672

SHA256
b64985a387bce980add7e62f442bc5a9daf8415542f4f564d4baf3bcf687f748

SHA512
823924b8dcc7d261afdf25a4e318421da09505c5140ee303b4c6db5e1d082a851ee1924b549fd4221a379fca476a0600877e777183a18c50319377f3ce778780

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7ce5cd9b91ca9150a684a24e99bf0296

SHA1
4f1755820784a81513e074f3325d099df487e231

SHA256
62b21304ad3a4bd41cb0d9b003752f738f7eeadc089c035732b5cc6f71d84dcd

SHA512
289df047b243208b28a11272c99e33c5f674930a75fad9d3191d7bcc2c031149395e5107fe0b322e92ce45bf60269ba5f351ea7d116e722370818b1f6d5dbab0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\de2f66b3-dad0-4988-bd8e-c908e824eace.tmp

Filesize
8KB

MD5
7829d86da6f029dd68353d6cf76eac2b

SHA1
f0797084b91820f957f6d8eef5605ab10a3b0f7d

SHA256
0f3216c361b0e1264881d04d69527255c41bdce55336eadfc9e1787b5785f838

SHA512
5ede7a026b56a77a11d20f32f6934cb69dde56758384a550ed3dd1e9db186713e12c22e881f82f6445f95f043e88861ed652f2ba7787a44e84d51010de512b04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
02bd05e8fda5b16a2440b0dbbae8a56e

SHA1
9aa293de4657fbc244586a55b93b082a0c84d8f2

SHA256
3c7ab22547e40aa4cd8d5bf0a16f0f3c99a011025f1c5ff1dbf90ac48131933b

SHA512
5af600cc9e22df75808913d3dd21d0963d826cadc8e32f149a2484988cb12d2e08dc8dd7aaa01738203036148cd167055cb6ddd335541ef20c1573e94f554659

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
0d49faa4f81b01947ef3b83c184084e6

SHA1
710ea00f0ba84c3e276d78bd0df0c05c20e759d4

SHA256
7c6300d506d6bc912bdb48ad42a93e47771239d25a912fb5172f38ee24b64dcc

SHA512
8bee61b34e23ef4a50498ace6527c3e328e69a3d77a57cc1a2b425320169d76fbb4b6e1955432497157b7a1fb6158f27d81240693f3e8f3337b31f60df4d748f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c8eb7d84aaea5c0c37cdce43d1ad96dd

SHA1
0a27d004b734e4c486372c6888111b813e806811

SHA256
27ec491fe2b7f0eb567a44deb50c74408376ff3addf6c88a2b1060adc4a5976e

SHA512
f39070a20583f7ff33b7b3c0e97c08da2a3ff36049e256bbe0d0031bf15579c6d9c3da8d1f9daac1073519b648a1d005a8fa195ee2232b2962516e9aa14dac3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\23c39e56-87b7-4408-b443-4f39141ac939.tmp

Filesize
6KB

MD5
3e19034c54f9ee796358dd6795ebc9d7

SHA1
4e9ccebcb12f7f4fe6457cabb9021f352e22a33f

SHA256
e188683a5891272975cf6136470d20307c243bbe7eebcf8a4614323149cd841f

SHA512
ef1c288bda3230ff0fa1dbb1d99313e729425c5591549ac24270e7ed7ff8cf5cd1237466c86a2b448c56fd77cb204eaf1f6379e580c6d79acf3c4c148d910f0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
26KB

MD5
8ce06435dd74849daee31c8ab278ce07

SHA1
a8e754c3a39e0f1056044cbdb743a144bdf25564

SHA256
303074dab603456b6ed26e7e6e667d52c89ab16e6db5e6a9339205ce1f6c1709

SHA512
49e99bffcdf02cfe8cef0e8ef4b121c75d365ab0bbc67c3a3af4cf199cc46e27ab2a9fdf32590697b15b0a58ee2b7a433fe962455cf91f9a404e891e73a26f59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f

Filesize
20KB

MD5
7247e91eedf36d653790d6d0a1c8a4e7

SHA1
88281d63857f377a82426d9ab6963249c37443c7

SHA256
bd6e42e520f77a213daeee8749872b2ef6b220f7864e72c90f78fdb916861e5c

SHA512
7780717bfbb9661b6715f46c89b81e0241d2a7305893ffed317b0ad5ebf57548552b6ad11ce1518f6bf20aa5671bcacb77dbd86f9b484abe4b7dc2071c4c42a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
2KB

MD5
5c42cd3bd761abe2d15848cd244de6b9

SHA1
30cd885ae7048efcdf609db9c671f145af139aa9

SHA256
7553e3735a2dd6e3a8df3832c05c418419984e01f6b5b6de5689b733c814ab95

SHA512
6f6bbb5ddf1763883c0300a03f781cf568f936c761cb9627d60c61c781fe781fbefb655621d513627e1f59430f6dc2591410f90e6a8ea4c53830b60acd4460f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f4680e8f8f8a14f_0

Filesize
9KB

MD5
5c22d6bc45c4bd2a47623175e3a5b7fe

SHA1
b1daf24d37b7d567a83fa08a071759b4a43f7ce4

SHA256
d7db37cd99ffb6fd59b2208cea562b04adc093f09e91819df97f60323c78fad9

SHA512
dbdcc6fe2a54fdd17032087b856ff3288c68203b2f1be9cabad2f02d2fbbc0455fe966af55ef15e21335ab43913a6306fdd17fa6b538e6980ee03e6ef5e560da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
d6e13dad9f72007b6ec28b071ebaf613

SHA1
023c129e0c5ac586a5218b5d27f7cd967329744e

SHA256
8fffe5fb4fc8271ad404d042070072d0a6b24267886212c2c3a7132feedde595

SHA512
b1ae11262f800d51695ffcbc46acdedf2f08374b6dd8113cd1aec8e7aef94f99b035152fbfbc1226ab309a835b5b3e1b09fa5bb256ddf2220fc1569a96b77e2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\766094f4b47e839c_0

Filesize
9KB

MD5
48f034e4f1dd49f6443f79cf89fec373

SHA1
fe3611eb97ef4d58d8be873d137a7a85235f951c

SHA256
74afbab996057c7a1d13966aa4c2af9de463329bcd943b13d1728b934fd523d1

SHA512
6dafe17456abfce7fa7d9f50a8b9a1461b720a31da211f0d61d8b102350461375a9a70ea91fe46786c02bd84a918c585b60925e3fd2782e5003b8c1d171fc61f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\86b9cbd77d05d034_0

Filesize
6KB

MD5
0ce648a5a896a811d4ae91745e1a6770

SHA1
97582649ec6ef4aced49abac4c1d801cfc7993dc

SHA256
8af83041d3b952689aa3d37b867d6ce6913569d9852288ac37072013f0238b77

SHA512
dbf1bc70316adc67eb1ebc2e40f7e6f4a1a98ea27f56fde7be1a070e44199fc99b8ad0fc8166838a5951a7d50a774348af6023e5289e796db036f09b5aceda41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
a4ce82a779f8f0ba57dc422cd0bca046

SHA1
9742b27c226d637994a3f88065ff5920c0221016

SHA256
6f00ef1667e2de6b53567e8dbd258c81d4fe9a38c7a52180ca403837b73c563f

SHA512
768c79e4b7945df019d1d09799a8c2668df461da19daf460f2d557013844a3b7327d09a278857a78bef92f27b22cd7ae4c05f4d53016ee89cad4c71c185d7bf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
a121935880ae2d7436cdcdd4138a7dfc

SHA1
6f0e80573ca69b880e2bbe4cf0419fa6dd628bb8

SHA256
c9170867399487f7ae62fddc2030c1f2a83ee5951e6f0fe7bed51a156fca92f7

SHA512
4e1859a48f3fc447f4475359a5a15747404fe7acd42fe7470f0ff28175d23161b2240a2e2d69b591b0b4f38348a1b6204be8e79ebbf53ad2e5fbafcd21d9635f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
aa699863ba3497cf90b0982abf6e1642

SHA1
b57b67cbbb122083a2ee693d2f30030ae1bb63e1

SHA256
9115de012e1966cd6e8e3db822d20faccd7ac6a1917e448a6e064c9deac16c60

SHA512
ed4b016413722f8c3f5f545e94fec0a533d170c3900e2e557ce6f56a8b4b7753d8d3fc5fa6c1439a8dcb311c49f916f9cf20e299bc639ec32406f9c10cd58d29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
dd8dbd39116653e284aae9255dce748d

SHA1
18b92104aa1be83d94fbb4e90be17b5bf11b184e

SHA256
6ac6fa1235e45cf8de50ec9c16ab9a90e38492a1ce030a28189b29b88cb0d407

SHA512
55c449251580d5e4adc5d5693e0d48662a274fd97dc804292547be4d9e41c396bd5437dd2dc4b2fefacc74e6f1fa9643d04ca9b109f5cbd5ba90a4745bf8a32b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
a03688629834e7d66b46bf133cc69f12

SHA1
a56f2d961ebafd72a43068e608be168266b6cf66

SHA256
a15e799eedf5a808d3ea3b76d576b566a9f6ec726455c25252d514550f3b09d7

SHA512
e94d9cdf9e2d2d080303786d1b29249cd4380bccc840f449d06cd78aab8d2f305ed6fed44e8849059855002469c187c03d536cfdd9cd425fb4ed88007ba0122b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5f7c4f70f953c473604e852af0b94a0d

SHA1
1d237b427bdd983da9cf693a99fd1b5aac87b001

SHA256
3faa5d6c36dbb6f3811a01fd68b9793c34336e75f0545d5d873378997d109f33

SHA512
c4098363e8e9d5b9aad1e2d04254c916ca9d2344407919b5be1102ba1bd90e551d6ffc70766e19f85d1a2ec1ca3c38bb62d9fd7f509c238f07f6b5ffb9890ec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1014B

MD5
e4d88e4063e4d954579c5e80c94fb5ef

SHA1
15a35ee0375aa869ccd3cdb5e99379aaca06cbbe

SHA256
3c220576c8d9692854363d674cb5c24ceba54d592d5db2dd42adae40fb662e73

SHA512
bfaff0a6efe024bbff77867f0cbea31bf6e92db725201d81aa3dc7bff1a34392fdc3dd17e01c1d67958db4f2950ce59dbd441a6c22f5c08f7c2cc54470233e3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
45669a73759d3f6e90fa69b08d227ab4

SHA1
9aad475822a7aea87d07e1c7419bb12f3355e2f3

SHA256
36fdaf26b2dcf5945341a05f9e57fd950afe06a9039639534b950633ec6d8f51

SHA512
841534d7a95bc66a2f7f02482ba55c58f3d5f0937cbe04a402799c034a8b56a70f0b54c5eca797e165d9886c574ef2eaccad736d9d257b132b2f49e4509f6a59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ca1c17522e74a3e43d05d6318c5d6f30

SHA1
f8d50b3d1b27b9491ff9756ee3e9ec7bb71e0f1c

SHA256
0ebb2aaac9e356e8f9ab0e86d564e128c9ab515bfeaa94a816e9d5429ca936a3

SHA512
8915efe93a15475d98012ef763029178ab703532f8ccb9a9794a3cfccf6a38795fe2766440b17b831cb98fc0b1d06aea281f4e4aaccf03117e2e51e77bc8eaac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0ca29c9698c0e930ae44b68569060d91

SHA1
6d481877600e7f4eb4c1b79830d6a0c21900106c

SHA256
ee8ed159b8c80405d7b32351730b545d38a451aaa8b77553f9663b136c26ea6b

SHA512
174b1821dad7b1547061fcbadec4b91121db0ceae602cbdf44a6aad994d54f9f00f110485d6032bdcc7be4795cea2f3833ce3b4f95a4f6ef002197faace4e450

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe595c6e.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
39905c6beedf632e3de9b5d135820e87

SHA1
38e81ce8dad89ab6c0bd980d3e196e9422fd9870

SHA256
a55df29a3904441dcf9e7fb8b21d81b376594d0a9d95cdc2ed45438694ae4bbc

SHA512
ad83042cf5fa41af47f87f8323e91f9fc683ca8e5e723c5081b2d04432a991eba8297cec6eb402bba913afd9211ba5c5b90ba760403279d89bb573e0dc4934ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fd5591bfc733b3bd6dc30213807310c3

SHA1
277e34f7775e19008f87bd118ca3b4876e3bdef5

SHA256
ba64a92d6ba4d899b28c92825c095e800f912cfbe725491e7c9430baa06c78e3

SHA512
6f75ef7b997b1b2b6eb79b6a60bc6741bd8c76b711da6756e81eaf92608d42d78d4ec8ce1296b3cb9795a3453bef77fa5d02f3707271ab994a8e0c85ff2d2523

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
beb54850fddfd63ea79e87ce51401dcc

SHA1
5d5de951eda2e069efbbcc1cfcb4aac149ad0dc5

SHA256
f47d6f0eea296f2e9ed5904311777a5adbfd15550ba55148b2e64410007dd159

SHA512
6ba4bee96ee25dce9deefd9088d413099f4f85d64cf722516d659a5cd6ab00e0c290a8c4995ecb94696a070d3eee7b340a5dbf28f73ac4ff4b8329f6b51d422f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fb8cb36aad7142e651d4d4712c12ff7b

SHA1
bc3398a32a6addc6af6e21903c1b05e9d920aa0f

SHA256
246f9317be50950fa69162e67c78f7422b761af03e28156a62738cbfc82a18fc

SHA512
5a1482287aca403231ad595bd9c4ff92d3af80230c95a5ef710275fc9f8e3de8ff18479ca8584330f19c47f95729eb03b1f0c4df65709899d95bb572bd891c14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
256b3f9596fb30238f3d54f03fc08e9d

SHA1
c40417a0b3107e348f2adcee87fab7fa78738b1b

SHA256
01528ec9eea4b6d368ec1b22d88c71c0d2b62675ae788ede8a679882c0587650

SHA512
6df976cf647b0cbdaf94feaa9fd4de2d888e27700578245dc0852ce4b6917bb4f13746e871c812cf9d9f606d0e6be01582379e14356f022573ae7a73769b5146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
48536457c8772f38ed01d82fadcb0922

SHA1
be695d47ca86230a3a5be2d549803d2be6120bae

SHA256
b1743baa410c8ef87bc40fe23c61f16534b06cfe433b7d45282a7b6e0eb4d5ec

SHA512
f6ecea0597861baa2d9f95857104db9b49b9736e638d01b3c78928b6e8f34c654fe3e06e072341bf0f70c6382707ef891e62ebff668100a3097a37b7f056714d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ca3672ef9940bf80a913fe8789b91b1c

SHA1
2960172105d94b2381322f05391930187c5341a6

SHA256
3483aa808419dcdcff979bd9743a3e96bcb638634f20e99f481c1d42f83d5598

SHA512
e74e13ddf50d19158edac1cea8dd079bb49de56208a9cc631ebcebdb89298b16d549153b80f7df71f94300c2285dec3321e3289e21dd53be9dee99dd56f7739b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
973955346060ab200f5685ace327e187

SHA1
179fa10f1fd240e361a285106d7961e75fd9570a

SHA256
86664d3b090ce88223452300b040a9ffa35b82d21add73fbec1449534007f3f2

SHA512
8d00df5f1fda8066ddb3961f61593874148ba9fcc02dfb1ea4be567729aa92f01e8c18988176283a594a098665c7ac661c581770e8b6c64f228e414a9a15a0d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6338e51cf2d1cb4bfea21c7d81cb3dc3

SHA1
0049d2863f309423d889fed141ef1f146246ac82

SHA256
2636a794e74289532973b8f1f9c62a0009520dad49951c956dceba846835e0ac

SHA512
ffcbb8f086de4ca9b51f2a86ff75f283afd9a08ba7fdfc16b119f4b80e452579fed0c7d5eb02cda11e6d7c6762ca8d5a1e542e90e106020f530d755933fb3ea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
b321aef296129848c0c2c5c77ee69951

SHA1
402afa01ec8a6990a78514994f9648aedead5817

SHA256
e44d575c1dfcf221b68c84c2cf1d4f1bea45a7e32cd8010228acff6120daff1f

SHA512
cbb689d400fceb2f59d67e9e9d28007d2bb7562cf18f806420a9adbb08e0be5825153a44d4199ed03fc8e87311c2f5d4ab9aec5f3667984572070487475e8642

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
befcb9910f809a7545e1ef1fc7a54983

SHA1
7dc5b51b204c648ad42f4003033406028f6e443f

SHA256
9756d7c4600c48bfc64f9e82e860ccb5b56cdd7cafe9187d5dbfc2e437d3c069

SHA512
a3d0da642adaf50b1cbf940bafbc21e862fe11b2a9bd84d619c1b7cb3daec0def517e511e7038c331dfea135e5f6ff009af0c03d09bdd03c17c7a048a0c86fc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
037521643ef259978f5cf9b1eda19022

SHA1
c9b17bf811a60603deea7633310bf99c7c4906ce

SHA256
15f4eccf42639d23c3393f28e85cb55b31c858540b451bcfd36242021ec56638

SHA512
38863a16c872e61001797e65b7e5d3db3fa7e917c7339ee012120203d9a7d4475abce02a531464a3f67fa4582ee087e9317ab754e1331175aab97c7b204c5d07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
6476c45a5425ab97e8f7b09a0feb4d22

SHA1
1e01ed30280d31de1eff85df64c2d236ca34ec11

SHA256
5fb3d9ef67a850af240785cfb492d84b65699b1b0cce9e493c01677e14f57484

SHA512
ce3fc2911053799a2347b640668a1fe15cad33d3f2110b2507cb56941643fb718c8a421aabe3d1957524bbc5eb23d4a0526b724bafeecaf52ea746b29abc6d71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
9912c99d8c096ec85f6613ef4bec2c56

SHA1
a0e5faecc8e5ceab13e6c57c806edeeeff40633e

SHA256
539371ce0ecd02f14b2fc2024e999b1ac93befda355ffbb61d567a3740dfd7a0

SHA512
01b7af523983c65c2607c052d6343a37f73d7d784027833c86a7defc26f8245afb43220e3e7371b18f2bcf85b51c2230f74ae1cdfb668db2bd6cf92658340288

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d08a9c8954be1e5c5019092b384d472c

SHA1
a9ec948437a9a9c1d120f04d1da0ec85a347e904

SHA256
0955e26b48b62b05d586f306da200addccbbedd28ae36a5534402d2a33c29782

SHA512
94864f8f99421fb0d09151ce5071dac2177f5137aa7746807426cbcd5a89e5fec9ec52e73df59d5bc44d0ffc81c4e732aeca1cf8d5e2e41ab25b7abde708be69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b58a5252506a89034a0e965eb4fcd35b

SHA1
6c3ca2bb41ec92a84819b047065901b9d270e6e8

SHA256
d67da79a7896307abf2d815fc850ab4ae44db0bbabc69b83f7fc93ae78f8b1a3

SHA512
b3a4f7432fea91905331feb7a610a6f77c69b069b37a60d4128e605a72606cb813802451054b2d8c4c58fd9f4cb9eaf87feb5735c31ad2904cbe108513bb3df7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a57d6.TMP

Filesize
874B

MD5
f307db90eccd95eeca39fb67e9bcc641

SHA1
81b60fa9e01b849422cc5be427905e70245ab5f6

SHA256
45015447ef88ba0df452d54af7a0874fca443a8fe26c10f19ebf0328e73f448c

SHA512
b3cb0f4557d3f8efcaff3ab6b9ba36a5d376607bfe3de6e9d2e88635b43d5b10d62a2b03bd8457067a5c3a0e9a46eb2116fcdac34728c53034a16dcd8ecb0b11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b472e85b-d5f4-4188-8343-3911f08e5919.tmp

Filesize
1KB

MD5
ed0dbf58a7312809827a55eea71dc89f

SHA1
370b8e6f72a75da2054eda869d9137c32542c5c1

SHA256
3e0dcaede080b3017bfd462f488daf12dbe0c552ae3277d9b12b41be927a8f3c

SHA512
0d4c416103bb9dcab35ac2c00c7d000f9700f7940a96d9e4e5d761c221d09eb335ab4822a0f4394ba911443546395f0bd9ba9f673e5705f73ec579c31f188e53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4b40f0bb64c1c6b14e5dfd288283135d

SHA1
4f954711a2958e6d399971e61b353ce22b51d7bb

SHA256
10d4ebc33e2ba9cc06b8ff27a3d519d4ab3c982c8e9a4ec01f27a0d9621bcd5b

SHA512
6f1dd293b536b0aef17d1687bd8ebfa1844f615c707653c19a476b36ff5ed1e6fb47362d5cbd18234a280d8caf698226fdc464eadacbe9962b29637907b43425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e580c2be68909d1a031c971e3ae83a32

SHA1
8b2c08a844657333bba639f1d60333e478683e6e

SHA256
1fbf4a19448a40af22b02c748ece89afa384d38bc44652c9bc6838047144817e

SHA512
7eb92a2117d1ac13643b4ef6ca39550ad55be6cdb141766db5dd2fd9de155b49d4f7846dfe258917422afb0fcadf740994ac9ecb32fab6f838808929bff172e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a1bb4c96154a79d579298650a4461369

SHA1
24572183c40c4bea7ceec1117b9ae546a9e99646

SHA256
9db6b40f0835bda442a3283952f3a67139ba77c91aeca180d3abbb6b7b3f9958

SHA512
0b016cfadabb0eca7c6648a203b2c128ff068db4a4e3677991ddc30d3c0830efc2521ce937af97e5b9e55af0bd7a0e10a0e5d2dedcfc63fc430916238fe7e2fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7196752f61cc55ee311bd3905fc3f06f

SHA1
605add310a0162386980e5306a3bfab2ad434780

SHA256
6ce04b234a94eec683e14705e561a0c862f35311841a43fb6a9f137955714fc3

SHA512
51dbc3bdb162e9c99f184b6f0a2379ef77e81d69997e7e0783b767f845b251381168916eeeb1975c123c6a09d66e534bc72da0292ea4b2c2880929e872d9f30b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
03e88c672dd4676711e30005e4d07c28

SHA1
fda747cf82bf3382828b1456c7040b36a949f656

SHA256
a5d43729061e2fbbb5cd3e83874440b8f446dd61f1d320f31da1f2f18edf7a6d

SHA512
439177cf8cf8c23cda70ee95d1c513f72863f743a815ff408fd3b10d9d6450babaa35e8ea5e1ed75c74a74f9bafd9b1d6e765fe9647895188dfca0c098b53445

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
da43e3b44246e148d35dc8a3d79ba019

SHA1
6414b34e6503e0699be8bd64ee544472b5b15874

SHA256
88c8c2be3649f2a08a81829b34fbd48768116f7a1ee9d73117acf80619062414

SHA512
cee3076147f245a2bcde03080cd826c2fa049da744ee410c70fa5420b4b79579bde1f42e5412cbc4887bc14625719d607c1a3913205960241eb3a39b31b516fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cd0e7a395d4dbe3b88ee9b571e4acc99

SHA1
f2c3093b6846ee407c333b8d80aa8345a3ac6343

SHA256
1d6b766fa09b44704fe12b079a34985a35827ffa7e187f0922daa3863a244b2f

SHA512
bbe76a090146ee0cda341a8abe066bb737d6c3c47e12e3cf565a4eba00392b285700256dd31a2d5509c355f1d45175deaf030b78108e594b233708685b3c5148

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1zjbj2oz.default-release\activity-stream.discovery_stream.json

Filesize
22KB

MD5
88d775d962219d03527b0436ac88a14b

SHA1
8bc9450541bf82d20f23ae23412e2ba38091877f

SHA256
4da6238edf657e90151c4be325d25df3ef484d4068799b360f3d1711894f8690

SHA512
b779c995862b15aac0a089b9f951a9c4e189e5f038679f84d007511895994b1e0c65da5bab13e9ff5885825b7aab3f3539313871ca2236066c6b5390d2cd64a1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1zjbj2oz.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
dd0368c68292d99e8a75916a607b71c3

SHA1
715d9fca0f9d7cc4bc67fffa3f60390df81cdeec

SHA256
8a15d2613a545af70a7f782ce4c09baaa04dc4d8bf627dcbb5056d036137d220

SHA512
f9cc598f6d6018bfc53eb7dc52247e52bd2323dfa25368cb222931381a0ac31cadc3671fabe8cc73e2de5641286c149a72f3e1a2baedb583b1112a0b26f39e91

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1zjbj2oz.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
9cbe795935fb506a1f9cf8cdcd3a7c50

SHA1
cf6f5418182252908276b04b510a4306ad2b5922

SHA256
18dd8b65aed3c698cf543ad9683875ce4bb5def78ece77df7d664ce0af57d549

SHA512
22fbbcd7c1b7ae1f14d5e72f036fa727b04e029b15da6415442705614ca7779a34b35978d4d5ece9965749226537cd392405be1ae13c7523d938ebd443564887

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000003

Filesize
24KB

MD5
24c1ac9e5814fdba1876bd70e65b55d1

SHA1
440f8a4de77e05a029ae06d4f500c72308285d6e

SHA256
7cf9b84f3812c9377c20ff7b0826eda7092f11f33dd4af560413a6773f3fca43

SHA512
bc848fd4ccce7a1705b2b14b2ba1a1503a6a306096ac8460480bc653a2d9d4744fe21a0a39db573d7363b3c1252c6db1b594f029c04beeee9ccb5714c80af7cf

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000004

Filesize
40KB

MD5
25043b3ecd7201069b59a289cfa91e06

SHA1
4709b985b6e8760e2fcc6f221b7c1d92d28eac67

SHA256
e895db7ab7ef01bced675cb3dd5e0b2093fef1d84f70b00b268ec9b8ff57b889

SHA512
e2dfbac618a568b9ba7f0c326362b749090087ffb271ee62eae8b78184936feea14640c30177e00a2a8a1fa18d64fdb3e3dab5a1ac643052d5cff9bd58ff7442

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000016

Filesize
99KB

MD5
5b8d9158a3d0f8b609a42467fb3279fc

SHA1
58bc85b8a63f31d952f3967d7aa370d31a2c025f

SHA256
6109eb45400e1a334dee50b44a7429a4765069d5b1cd052c0e06568005c905a3

SHA512
7a9fdd9564316883e736d65ca778e3bc1f44f533070a6e7cc910e86ec83d8cd2e790d55b971f585930ab5db5d86f745376203b7d354b2f1ea005387321fa6330

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
db5292455b0364b5ddd7c0ba4ce2f8ee

SHA1
0b3a7dec1955f8b739205a3a2b841032cf0aec6f

SHA256
8389944996e0e673c5c7a531488c9d2c679026af6d2d23c4ca405d7c5ffcac28

SHA512
5b3b912b6b1258e4e54841004bc74359313adabfdb2582e09f63052d38ae80d00d2a7512d9c2182946478fb9f6653d2d431bad26d4400725dcd53c081860041e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
ee3fec971d0e5d05e3f7e1a3dfd5ab9a

SHA1
6ed6f2f72fe57028b587e9c5d4c4fda1e35b6290

SHA256
fc50867d3befe054e3790c49f40efb0774fd17281c402dcbf1e11ee47832b6eb

SHA512
8b86a4febbf51e224a01d1c5c31e7f9fc30d72e49998c1a7b009c028b941dedb93c3560cb7c9d4862d7bbca59f0277cbd0a5d5cc19dd8c35da3edba9881268f0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
54f7bdcbe81617f81a1c0fb5bd3cdc61

SHA1
e15fd2ff8788ee00d78fe1ea26dd081d943a4498

SHA256
4cb675e5c6928436da12baef574d8114c1033ff99052e6569416d7eda58698a2

SHA512
47a367501c1033e9f93e7eb314a987ca25ec33e7bc1b321381e30cff506fda42af52a9dd6a9fb6afd26a69acd874a55436a2ed6efa81b01e94259f7dfc447518

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\wasm\index-dir\temp-index

Filesize
48B

MD5
be6eefc672afb93093806f0d31ce5020

SHA1
5060c2e5bf790c89bdb29c84f3df076716915f1f

SHA256
a706907b1c7060d0b790effefd2e6636e927e078e1ef06224b2b6ee4e49cd3e4

SHA512
92b1b29609e264569501e3eaaeac587139d00346c8e0dc32b9e27d3f9bcbcc8a1651b05a3f78643c5b5e4851b73320ab935667684996081823d1d8b2a9252a5b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GraphiteDawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GraphiteDawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GraphiteDawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
822B

MD5
320071f89e3acc8fbc108773f0f39512

SHA1
5b50a283af968faaec9a4ec04c9cc4a0175e1510

SHA256
8126a1aecd5bd0c2bdd0d8ad0d3b93e0b5e9e54d529f1dbcbe300bf3ec965665

SHA512
1ece483c1b98478ed2638d81f234daeec78f62445e1297ec6b0816257f20f6523997177b38ea29596773f8ff0edcc700baabf43dd73ed15c7141407215d75b2b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
710B

MD5
269e2323f74110523075339566fac830

SHA1
fb74a47653ad3b8e49d95bb9af0cbd431350a6d0

SHA256
0385fc5fd7b1842b392afb175fc48a3d56fab786d4c92d0c32f9aad598f7649c

SHA512
7d8f4e6cefb9a1e47f5155a5d24855ac8202fba4e0a1fc60cefa6292489cd239daa1c511316fa5bfa0c53e74606f623fb4088c66500138514e3cf7a24fa38749

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5a882d.TMP

Filesize
529B

MD5
a9b2197c009bfc9ebac7b4e3466ac226

SHA1
ba1d0ea75733c64957e947aef79dc6681ba54d43

SHA256
a1e49c4ea16d93170a67f43927870bae1fdd4bea9897eaf082f81090031c0a16

SHA512
168653e6dff14025af09c3634855eacb6e7db70e908f83bae6464ad34781ce35363f9e848ad7c997671df49a26238627574bb4d17ecf95bc10cb11041987a856

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
550cf994a592cb43214cf8ecc9bd8cf1

SHA1
394b9168641acddf2b9b356fe612598ec162c373

SHA256
158276f9051f78041a82ab48a47bf51c4aa4f2b2e1f544b3ae5b554eff6d2037

SHA512
82231e11d60c2cf86cb6c36feb591f24d92882859e7023e2564d5437cecf7c0ffc4e9c42a666f326ec148ec4933dfc4549e9684513a541ff441cd811c91a04af

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
23b7956d76978ca216ae9d3f67764414

SHA1
82f6e97f2b1198497e4d5dcf42e4bd0ac41b8ec5

SHA256
ae5ae3e989463b823e111f6e2fd16611012b6b98492d62ef3915aa56532da0f9

SHA512
2475a908a0300f7a401748c9f5c82d4923201fbfe8fb4a8ddd45491fe93b3ab700850a1e2568ce81f00187c5e6e51fbf2167d03c754ae57c55c2b4a4189bc2c5

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
ba3a52102c2be156b0e7416318c7e650

SHA1
541a4e05ba86509a6dcaba1defbc95f9c34219b0

SHA256
4421ba799c04c896586e257d53420cee36b650d9bef1ca511644103eba8a4df6

SHA512
511a0a51b6b3b93dfaaf2fb9bddfe8bf2c6f8b31d8dbcaf9c8a17174a6fbd55352bf4737568e0ba9350fbd3a16820a72a87c41dd66bdfeaf8e70d21b7de58eb5

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
5eb8f973ca7bd41de21c2d07d615f8f9

SHA1
6e6772290cb410744d40f0fe26c16f9603742e82

SHA256
1fd2788c900bfe95b7bd944a8d4a887666a6f262607cefd32ce2da1c16752b9d

SHA512
5883a271d5b9189f372df245f8771aabdf09fd0fc4a34b296c670c204c5343d1fe93acf067a2ceda19d611e1ec8065d1f57c3553a6134e43eaa74367818f1f91

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
bfa21b16b292ffde57b0ab71b1f64d51

SHA1
7a1208ffdb42f15d47d4ba5320363e95689bc259

SHA256
f1097c347170828c3663802e969981552508133ee7393229e77520789cfdba4a

SHA512
87c3ee67c017c669be537b0de53291409af1d519f2ee215ee6db66cc1961b1f5b4b9f092e663b2db46f35e3f60adf136167fc111bd5741eed567b536fad4b34a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
517859cabb18dd4ca2ffa0301a4095f9

SHA1
c6a8effd2239d5bbfc92eeab7bbc1b4af41c18e5

SHA256
ff35f60d7771b8b5e6248d2536a77f09c661f08e413a7df923e014ff167e07a9

SHA512
63c28c8cb3e941b827bd79eb58610b1cdc7b1b3c234fc5f4f4c4b6e5c2205fd00d40d05fd68acd4520b266aac32a25efe514c60b546342082372c1b2a3cb7a5b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
ae420e9552595741d2c2d7ef32fb4b62

SHA1
32ea04ba1d233fe4b5a2eeb58265cda1ab6df2b0

SHA256
ec253db4575dacafabd35e94492b0169f7398e945e0a52c1b92a569990e06f15

SHA512
cb4f989b3979b93e186869bdcb76026d4f9bd93d35c59f71365a3cb8ea616a524febe66575ced8b2a4bba9d59f85baeab70808cf9befde2919f1f90130ae65a8

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
1a6b2bcafa216cf29af7816fc9dff5d3

SHA1
3db107761d27f665db3e37b5929dd62ce17d7706

SHA256
faedb85e6a7f7715603811b01522fabdc7976f94398ebcaf315a0a94af94a33f

SHA512
a9671742f6d0b286ec5c9d22c7b7fa4fb112cbe8b20b90bbcbec7945f3af46f6811773a2b93ea3e087f47c2cc288fa985bea854507f69cbcb6c9211e14169dba

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
8505c733a66aa73d001d08335be392cb

SHA1
b9c7c12f07b7c424a1298aec3ecba4089e12ff22

SHA256
99625979c3d867f67a8880a6fb3f4fe62660b843e47e7b1c3ea7098393d2a6b5

SHA512
f6a5e65d733bd93660508c0978970ef97a0bf5c47ef54a6030f093f4a9521387c554a3a7a41be0ec83bf2e9bebd5af1c00108f189b494fcb771a5d7bda277193

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe5a202c.TMP

Filesize
1KB

MD5
cd62151764ca3936e8a17a4c24e2a821

SHA1
0bdc38791301b358faba09ce60b05982e56510b7

SHA256
5c3e926e92daca20c57e1ee0007e2bc54def896b0314883a2dd6ef06a1cdb496

SHA512
bba2d2b4732e61690636f01a201f46f79f58a1b524687bbdb426a045e2e3139ef678071ad530d83827f9f96eec9928623454261fc11f9b6572658d3f0591e011

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

Filesize
2KB

MD5
602c49f9246967bdcff45b4f43cf2fb0

SHA1
4c5796e0c724bbd7a9244cc8a0fc9e8f40181f2d

SHA256
a3ad9649c1038078038be1abd591cdba73b4b4f5cf30e11bb6cb7a432b746114

SHA512
2f273c0dd0127071f4c768cfe7277c6efff84c1ef4f4271c1326db3658c84261794b106af3198717f349fbaaaf276163700bbb50ae20fe52ed0a88a192d46f77

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe5a1ffd.TMP

Filesize
2KB

MD5
68b20851ccb9834d21fb32615e42bd43

SHA1
88fab935f0b9484994097c08f785e9ecb7d68127

SHA256
a954b528dd65ad6c4c2091fa32f17abdb7a49454ce88e10bb6c377734c70c26f

SHA512
dcb0771120c8fe35213d60e9abf4b242af807324759e3c99e9b2569c00a941d885d53ef6fadfe69e6b740e0b52a6008602605d643801190a2d29175a7d065e15

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8490.tmp\StdUtils.dll

Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8490.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8490.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8490.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8490.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8490.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
6a74ba2aabc7d6781d3d097953cc8fb4

SHA1
6915d3933beeeffc1a36ad171e8f89a19e24457d

SHA256
85ad3d07303727618305307f5600a8456115f0d0876909dc9e9dfdaaabf2e6c2

SHA512
a22edee64efbb3758092df277682557a153ed380daa8aa32c7d206fdd8587aafd82a55e4edc9d91631b0fc59cfaa382aa847163ceb65e1fdd9def27ce819b891

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
73ed2a8436c8aaa699d99c866f533557

SHA1
618dcd88096d67113467b402d903144b53c5a516

SHA256
77915fb2f2e46549e877913f43c9035773dd36f3a4042827e7ae95c439d81d92

SHA512
022b99137439e6436be170f2e8a7a7adbf4c1c60b5ac106aafae3177ab667b670af405008ac81257a96243dfdf260bc541100a410d7dff3cabe6978db3c849fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zjbj2oz.default-release\AlternateServices.bin

Filesize
7KB

MD5
3955634f662c224a1b2fdbac4cf05940

SHA1
2753fd0dbe99f4f82e285c957530657165215c6e

SHA256
eda9cd78dd10aef4ac0c779cae7bed4133c11fae22085e16485452ba7caf51d4

SHA512
6497e71f05c324f52c3beee57f02d183a28e3d1e0eef04d235e29a612b0014c7c8f30015a5714e8b973b647c56437ef5bd5ea47853a7aa0ad60e10448d23c590

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zjbj2oz.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
a4cd8bc1ae7684a0104786d616adeb05

SHA1
17b25892dc38be4d0f6dc8eafaf1cf637a83e4e2

SHA256
a7889c29ea20a73354c9db79ab5e6ee97cfe9e6a5b34ad2225bb3c89228fb87c

SHA512
4c1507c250b263245b52a60c94ab316c5eae05e6718e157f005485d0c497e05cf7dc2f92505959beee6ba771ca8d5ef0251e9ee1798fb9f447cb1c8f80bc9b60

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zjbj2oz.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
6ce4364b49bebba2ab2a416a7432149e

SHA1
23d8f6a7d421c220d9e52a5ff5c20c99e986cb2b

SHA256
90935e3f0636c0715219bff121997be6b1304099d29659124bda2a8d28cbc50f

SHA512
6ad722d5069c35eff8e167d11d59773adf1f7e83432e870ac7f40d4d876b720c983bb586e937335991ff5ab58dbd9542cce3d9a229ee7ce1462d81a2d4e61599

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zjbj2oz.default-release\datareporting\glean\db\data.safe.tmp

Filesize
43KB

MD5
fb14e77082b50b18098ed50a330c48eb

SHA1
d7e7a4c4ef0c349f90aa313b7c3d84f353b87c11

SHA256
34202872713af02046fe4acf98ce116bc667d06642d8c00871f66c5ad29cc0dd

SHA512
dcec2ea806848da932413baf47ad94120aa4af69aea1d1c3589c6f5a011475d3c18f3424cf15fc09749a36daf9f360fe6634295bba4a560791ac93d10acdd9e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zjbj2oz.default-release\datareporting\glean\db\data.safe.tmp

Filesize
44KB

MD5
7fb564b65662964f4ceeae0498079f78

SHA1
a8dbd7849b2299434aba44afe2a47558412d9da3

SHA256
94ea50eeb3ed37a0e8f38c8781be44943ea90befd2e81c5ec25fdfefbff26121

SHA512
1f1c416b38cbab969db2b96f33a3c94df23eadb83144bb6ced01b03413d574e8ef64b0803edba03a79f7cc57060057eaed229b887f2e17a0dd34c817ec702db6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zjbj2oz.default-release\datareporting\glean\db\data.safe.tmp

Filesize
44KB

MD5
2f114d450d05e5bee81b52b1f270b6e3

SHA1
ad3aa9244ebab4534fc6b4fa171ef9a2f87dfec4

SHA256
efe717efcc8c758189fc0049dc37de6423c8aa27d49f75a55273f38f7e3d5024

SHA512
f1bc3d391b6cb5192268a869e8ae300243325b1794b5430e87ceb2cf8922a048d746c9f6972e36c0588b53c622e46248d6bb51430be41379def70a77c6ce23fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zjbj2oz.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
45bcdff2ed97097dd73363c867320db8

SHA1
7435e0ad025e64b2c9bb588f10ca1e0b803c2423

SHA256
969b88283271c0cad41c030d57d24eea94a83849f08eab1c4688aa4caa6d40e8

SHA512
179c7371e2364cb96fa23ba478aa756b37d24e8bdee2b3fd8deab38230633168a2c4c42a188f3c2a2775b844ecfa2659d52220b011cb1a7f3ef0a8e257d024bc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zjbj2oz.default-release\datareporting\glean\pending_pings\00997a70-34ef-48fb-9084-29b141a93005

Filesize
982B

MD5
2c15ed86ca06366716d99eec51fc7de0

SHA1
d96f031c664570f4a947abfa71e5cde1c46e3d37

SHA256
d283c1baf94384db3441e0b5c278daa2d90b285445b543efaad211566732f67a

SHA512
bafab14adb3fd6bb2e50813ef254cc2ea1baa4d6e9a0c6240ffc536e99f3fbc4fd55d0c773f44b3743e9b20113078d17f021ef185addbc651b08f1fba9714584

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zjbj2oz.default-release\datareporting\glean\pending_pings\04038627-d539-4975-9ac3-5971db410b52

Filesize
11KB

MD5
d25378385e1604e3f1f20932f835ba8a

SHA1
cfc665bbbe2aac9e559af8f6a5c75e681193af16

SHA256
89bcbe83206c3321df7f43f3c39895d700b148345bce29ed4c19c76a669ffadc

SHA512
e0fe8f6e6b160aab3e6a3dd017965301750ade272c440d0e910bfd0f0d830dab4f901dc9c900408a268a341a460181d1759d3b26a4b193829d2cde4816d37ea2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zjbj2oz.default-release\datareporting\glean\pending_pings\0ec69264-3d99-4c70-a8c0-370d1e6c5990

Filesize
5KB

MD5
cadc4d2bd8632b6ba7289d8891d619c9

SHA1
19d7d37ef92021246b8248321f47d9c82d77dbd1

SHA256
a2c305b3480516188f63838f3ffb3dec924e0d2936f95812348a9c3f7dfcca80

SHA512
b29d75c272975f2f4a82f100c289b712953e0f9654e3f97e5da47c9168fb374f8b0bafa94e368821cb1ccbb433ffb4e767cc3c120239fa2555e035eb63ff2797

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zjbj2oz.default-release\datareporting\glean\pending_pings\4b83e053-d4b6-43e6-8bc2-0d4ae415e07c

Filesize
1KB

MD5
e41a5f09c23f6e4137c778aefc59597c

SHA1
af737edd6ccf48b94c8b8e69cf8b6ee3a124254b

SHA256
b812629c0c9b247259e58b8892815cf5ad200fb3771fd8ac23a7ed8bbae65098

SHA512
3b30693806a954e98c29115dbf089bb2120bedf2f139cce81270519aa164cc5ff3b0096d15b182133ee665b3b094fb5e48e8558cb5cf8fe06369bf2ce325b781

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zjbj2oz.default-release\datareporting\glean\pending_pings\68e41fe0-7e8c-426b-a23d-210bdcf11d48

Filesize
27KB

MD5
c650a6c6d76c0c73ca77cb2e38a2d71d

SHA1
712f7f6aa8c7e517714ae47f845c01e587f1bd86

SHA256
21d231121e7abbc032a2e51f5e96eb39982a243d0456b2ca15add46c96308a6c

SHA512
c2d2adb4bb11cff6b746baba3d6e6057504504efa09d2a839e5da125366684b108b8259ca2955b8b6fd6e0c07cc1e8384959b109508b4ed98eda14c25d401095

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zjbj2oz.default-release\datareporting\glean\pending_pings\a5772045-b568-4598-8120-42a0405db259

Filesize
766B

MD5
561323897df9e54ec1d5de51a5fe14a4

SHA1
adf86c43c41b86380cb1b3c20c34e98b8bfcaa04

SHA256
129034da55fafe2dda47b3f15dfd726081f286b17542357e852caafff84c59d1

SHA512
8086ca891cd94edf623436b778ac91e627fef5f2e0b72ca628b2caf1d22b106691f441d922813faa5230fe93ac61b4e99fa0d90107f394b29957238980165d49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zjbj2oz.default-release\datareporting\glean\pending_pings\c7f99c85-8638-49f1-92f2-cb22eac38060

Filesize
734B

MD5
460c91536e608bbb631f2ef1270810de

SHA1
e6690436e5d9914174209c2d2c4280672fa8215b

SHA256
35229e4c6bb8223f7dac10a03c4541c73761222a302bf92829534070270eb711

SHA512
3dc361ebc520ea1fcabda2f33566610c71a9233f905893f7b14e1c471f90bf43e5f7970fe882f98b535a7a05650466d2b1e32efb673d8e7bdd83804969b8f6e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zjbj2oz.default-release\datareporting\glean\pending_pings\e565b229-2eeb-4c3b-93d0-2d6f3003035d

Filesize
671B

MD5
c996a54cfe417460a53ec798f78f6c36

SHA1
9960f62ddc9b84f0217469a5991aab6b154642e6

SHA256
f705027b30bc982a1e504ae6662baa1019882d5388f7ef66d6777dede7894f1b

SHA512
046ee930092bb460c6fe5a117a2231045b30bd7110e9295a319b0fa52bc40e5c9489885859852183c12c82cc33de6844aedd5e208d007974345b6afd8d52cd3b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zjbj2oz.default-release\prefs-1.js

Filesize
10KB

MD5
a6c3920a91e2990b7b15f45e048618f9

SHA1
2704dbd76d52ebcc3bc8195d9fa228d4a06daca2

SHA256
2c70979db154ffd71109382b1bca61360d698a07a257148af512e75e4b8f0bb1

SHA512
8237ec3bb63454bf4e543c6f615efb869e86723aff4a910f94ca4d82d53e360227c2831355faade8fbecd068fb94868d8d8b49f67eb07cac4b7c910b54bc352e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zjbj2oz.default-release\prefs-1.js

Filesize
9KB

MD5
3455ab18fe6dea26ebed252e8f25c23e

SHA1
82aa81d9da598a7089cb28de0fd0ca58746bb611

SHA256
02fa80d962144eece2e5be72b509a3a91086fe911411e2fc529d7fc99ecb72b9

SHA512
538499f2c2562157fea83faaff7d0e49e1b14a3422ee2ffe49ce9b59d0a0cbc474598c62e07def337fb1331fbe07633ea7e7f66c973aa04ab040abc7a67d7641

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zjbj2oz.default-release\prefs.js

Filesize
9KB

MD5
0447fe0e16ef707c6b53c6d323cf84b8

SHA1
a2334bf6f2a2b12fa4d6feb49b29466ad0ff4f6a

SHA256
66ef2a60dc46786d8bd28d204b61aefcb14858fb7dd0ce265b35125aa657d5aa

SHA512
c05dc1e0aa310aabde06508cc115d598a4b90099b483b92042c16c67912486fa1aea86ce3172e296191c712ca1e947bd309712187e002c5423cbcb59a80c1177

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zjbj2oz.default-release\prefs.js

Filesize
9KB

MD5
729e9dcb8899a079466ff428514823be

SHA1
e759860cf54174e6ad4ec8b31dc603841d9bfed0

SHA256
ffb4d8c06a0003a0727cbb053dd258f208df42bc4583553bfe2378d7656f076a

SHA512
f1c08c497cb58f9a5e80cc3ec91798f023c9044bf53ae99b9a07cc9686a27b268df71a735180a7ca40b26964969fe95e969b580b0030dcd6ac7568134fb8603e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zjbj2oz.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zjbj2oz.default-release\sessionCheckpoints.json

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zjbj2oz.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zjbj2oz.default-release\sessionCheckpoints.json

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zjbj2oz.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zjbj2oz.default-release\sessionCheckpoints.json

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1zjbj2oz.default-release\sessionCheckpoints.json.tmp

Filesize
228B

MD5
a0821bc1a142e3b5bca852e1090c9f2c

SHA1
e51beb8731e990129d965ddb60530d198c73825f

SHA256
db037b650f36ff45da5df59bc07b0c5948f9e9b7b148ead4454ab84cb04fd0e2

SHA512
997528e2ecd24a7e697d95cd1a2a7de46a3d80b37fd67fac4fb0da0db756b60a24648b7074255dc38f7651302f70894a53c3d789f3d7cd9f80fb91bd0cade4be

Download Submit
C:\Users\Admin\Downloads\BonziBuddy-1.5.0.tar.gz

Filesize
925B

MD5
f085a02db61679c06d37cdda76a80d38

SHA1
c3a06200aba94395b2c1874ea8c08eb760f73a67

SHA256
e839c538b360aba626d4459a8a54c6060ca86169fabf621b8ce93e51cd89b063

SHA512
622b1e1789d7cffd21dfed7b8ff5ba83009ccff8773cb91a0edc31bc9c768a72c8780ee45d48528ef6df5204b8eb4a2a1fbbe53e3b92e600b1291d2d2baf329a

Download Submit
C:\Users\Admin\Downloads\BonziBuddy-1.5.0.zip

Filesize
997B

MD5
b2a6338ccd902e6bfdef228fb0f7a270

SHA1
d0fb880dcca92309143dc16f52f6d7d2fa354176

SHA256
e2f28b842a249fe17909983c887ee70715114bcaa422615c3e37163dbc4307e2

SHA512
f3e50c22b898827a373a4a4f60f1b7a842baba1b20dec539f43f92fb2ca8b2344c868732697ee2bcb90332f5dbea2bc2b9b0f58d32477da2aebe402169f6c628

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 247230.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 75963.crdownload

Filesize
6.4MB

MD5
fba93d8d029e85e0cde3759b7903cee2

SHA1
525b1aa549188f4565c75ab69e51f927204ca384

SHA256
66f62408dfce7c4a5718d2759f1d35721ca22077398850277d16e1fca87fe764

SHA512
7c1441b2e804e925eb5a03e97db620117d3ad4f6981dc020e4e7df4bfc4bd6e414fa3b0ce764481a2cef07eebb2baa87407355bfbe88fab96397d82bd441e6a2

Download Submit
memory/2776-13769-0x00000216F2F20000-0x00000216F338E000-memory.dmp

Filesize
4.4MB

Download
memory/5716-13470-0x0000000000200000-0x00000000006B2000-memory.dmp

Filesize
4.7MB

Download
memory/7868-13754-0x00000223D6E40000-0x00000223D6E41000-memory.dmp

Filesize
4KB

Download
memory/7868-13761-0x00000223D6E40000-0x00000223D6E41000-memory.dmp

Filesize
4KB

Download
memory/7868-13759-0x00000223D6E40000-0x00000223D6E41000-memory.dmp

Filesize
4KB

Download
memory/7868-13762-0x00000223D6E40000-0x00000223D6E41000-memory.dmp

Filesize
4KB

Download
memory/7868-13756-0x00000223D6E40000-0x00000223D6E41000-memory.dmp

Filesize
4KB

Download
memory/7868-13758-0x00000223D6E40000-0x00000223D6E41000-memory.dmp

Filesize
4KB

Download
memory/7868-13760-0x00000223D6E40000-0x00000223D6E41000-memory.dmp

Filesize
4KB

Download
memory/7868-13757-0x00000223D6E40000-0x00000223D6E41000-memory.dmp

Filesize
4KB

Download
memory/7868-13753-0x00000223D6E40000-0x00000223D6E41000-memory.dmp

Filesize
4KB

Download
memory/7868-13755-0x00000223D6E40000-0x00000223D6E41000-memory.dmp

Filesize
4KB

Download
memory/8080-14109-0x000000006EA40000-0x000000006FD81000-memory.dmp

Filesize
19.3MB

Download
memory/8080-13883-0x000000006EA40000-0x000000006FD81000-memory.dmp

Filesize
19.3MB

Download
memory/8080-13792-0x000000006EA40000-0x000000006FD81000-memory.dmp

Filesize
19.3MB

Download
memory/8080-13978-0x000000006EA40000-0x000000006FD81000-memory.dmp

Filesize
19.3MB

Download
memory/8080-14064-0x000000006EA40000-0x000000006FD81000-memory.dmp

Filesize
19.3MB

Download
memory/8080-13706-0x000000006EA40000-0x000000006FD81000-memory.dmp

Filesize
19.3MB

Download
memory/8080-14002-0x000000006EA40000-0x000000006FD81000-memory.dmp

Filesize
19.3MB

Download
memory/8080-13773-0x000000006EA40000-0x000000006FD81000-memory.dmp

Filesize
19.3MB

Download
memory/8080-13768-0x000000006EA40000-0x000000006FD81000-memory.dmp

Filesize
19.3MB

Download
memory/8460-13763-0x0000026547670000-0x0000026547ADE000-memory.dmp

Filesize
4.4MB

Download
memory/8460-13512-0x00007FFB98650000-0x00007FFB98651000-memory.dmp

Filesize
4KB

Download
memory/8460-13511-0x00007FFB98960000-0x00007FFB98961000-memory.dmp

Filesize
4KB

Download
memory/8532-13764-0x000001DD9D8C0000-0x000001DD9DD2E000-memory.dmp

Filesize
4.4MB

Download
memory/9288-14092-0x000002BBF8010000-0x000002BBF847E000-memory.dmp

Filesize
4.4MB

Download
memory/9964-13767-0x000002D608A90000-0x000002D608EFE000-memory.dmp

Filesize
4.4MB

Download