hxxp://stearnwinter-giftcard[.]com/

Analysis

max time kernel
484s
max time network
488s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2025, 18:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://stearnwinter-giftcard.com/

Score

8^/10

steam discovery persistence phishing spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe

Executes dropped EXE 20 IoCs

pid	Process
1820	SteamSetup.exe
4616	steamservice.exe
2504	steam.exe
5124	steam.exe
5192	steamwebhelper.exe
5348	steamwebhelper.exe
5440	steamwebhelper.exe
5576	steamwebhelper.exe
6060	gldriverquery64.exe
3248	steamwebhelper.exe
1456	steamwebhelper.exe
5856	gldriverquery.exe
5916	vulkandriverquery64.exe
6020	vulkandriverquery.exe
5068	steamwebhelper.exe
4628	steamwebhelper.exe
920	OperaGXSetup.exe
2196	setup.exe
5036	setup.exe
2516	setup.exe

Loads dropped DLL 64 IoCs

pid	Process
1820	SteamSetup.exe
1820	SteamSetup.exe
1820	SteamSetup.exe
1820	SteamSetup.exe
1820	SteamSetup.exe
1820	SteamSetup.exe
1820	SteamSetup.exe
1820	SteamSetup.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
5348	steamwebhelper.exe
5348	steamwebhelper.exe
5348	steamwebhelper.exe
5124	steam.exe
5440	steamwebhelper.exe
5440	steamwebhelper.exe
5440	steamwebhelper.exe
5440	steamwebhelper.exe
5440	steamwebhelper.exe
5440	steamwebhelper.exe
5440	steamwebhelper.exe
5440	steamwebhelper.exe
5440	steamwebhelper.exe
5124	steam.exe
5576	steamwebhelper.exe
5576	steamwebhelper.exe
5576	steamwebhelper.exe
5124	steam.exe
3248	steamwebhelper.exe
3248	steamwebhelper.exe
3248	steamwebhelper.exe
1456	steamwebhelper.exe
1456	steamwebhelper.exe
1456	steamwebhelper.exe
1456	steamwebhelper.exe
5068	steamwebhelper.exe
5068	steamwebhelper.exe
5068	steamwebhelper.exe
4628	steamwebhelper.exe
4628	steamwebhelper.exe
4628	steamwebhelper.exe
4628	steamwebhelper.exe
4628	steamwebhelper.exe
4628	steamwebhelper.exe
2196	setup.exe
5036	setup.exe
2516	setup.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\D:	setup.exe

Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_rg_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_dpad_right_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_button_l_arrow_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\nobigpicturevista.res_	steam.exe
File created	C:\Program Files (x86)\Steam\logs\transport_client.txt	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_finnish-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\1_star.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\steam_controller_schinese.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\vgui_greek.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_l_left_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\joyconpair_right_sr.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_click_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\SDL3_ttf.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_050_menu_0090.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\flag_bottom.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_touchpad_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_button_capture_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_outlined_button_square_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_mouse_r_click_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\logs\systemdockmanager.txt	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_buy.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_up_hover.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7\dbgcore.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\crash_reporter.cfg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_050_menu_0304.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_dpad_left_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_touchpad_right_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_brazilian.txt.gz_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0325.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_110_social_0020.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\friendsui_hungarian-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steampops_czech-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_dpad_swipe_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_rg_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0325.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_070_setting_0050.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\UseOfflineModeChosen.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\GiftRevoked.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_lfn_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox_p1_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\emailreminder_close.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_rtrackpad_left.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_button_minus_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_dpad_left.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_lstick_left_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0340.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\friendsui_tchinese-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox_button_logo.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\libx264-142.dll.crypt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_touchpad_down_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_button_y.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_czech-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_gyro_pitch_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_button_logo_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_button_y_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\DialogSystemMessage.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\sounds\deck_ui_side_menu_fly_in.wav_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\steamwebhelper.exe_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\icon_community_preview.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_color_button_square_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\minithrobber09.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\switch_controller_korean.txt_	steam.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaGXSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133817839679336046"	chrome.exe

Modifies registry class 40 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\Shell\Open	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\Shell	steamservice.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	steam.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4820	chrome.exe
4820	chrome.exe
1820	SteamSetup.exe
1820	SteamSetup.exe
1820	SteamSetup.exe
1820	SteamSetup.exe
1820	SteamSetup.exe
1820	SteamSetup.exe
1820	SteamSetup.exe
1820	SteamSetup.exe
1820	SteamSetup.exe
1820	SteamSetup.exe
1820	SteamSetup.exe
1820	SteamSetup.exe
1820	SteamSetup.exe
1820	SteamSetup.exe
1820	SteamSetup.exe
1820	SteamSetup.exe
1820	SteamSetup.exe
1820	SteamSetup.exe
1820	SteamSetup.exe
1820	SteamSetup.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe
5124	steam.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5124	steam.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe

Suspicious use of SendNotifyMessage 39 IoCs

pid	Process
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe
5192	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1820	SteamSetup.exe
4616	steamservice.exe
5124	steam.exe
2196	setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4820 wrote to memory of 2624	4820	chrome.exe	85
PID 4820 wrote to memory of 2624	4820	chrome.exe	85
PID 4820 wrote to memory of 3440	4820	chrome.exe	86
PID 4820 wrote to memory of 3440	4820	chrome.exe	86
PID 4820 wrote to memory of 3440	4820	chrome.exe	86
PID 4820 wrote to memory of 3440	4820	chrome.exe	86
PID 4820 wrote to memory of 3440	4820	chrome.exe	86
PID 4820 wrote to memory of 3440	4820	chrome.exe	86
PID 4820 wrote to memory of 3440	4820	chrome.exe	86
PID 4820 wrote to memory of 3440	4820	chrome.exe	86
PID 4820 wrote to memory of 3440	4820	chrome.exe	86
PID 4820 wrote to memory of 3440	4820	chrome.exe	86
PID 4820 wrote to memory of 3440	4820	chrome.exe	86
PID 4820 wrote to memory of 3440	4820	chrome.exe	86
PID 4820 wrote to memory of 3440	4820	chrome.exe	86
PID 4820 wrote to memory of 3440	4820	chrome.exe	86
PID 4820 wrote to memory of 3440	4820	chrome.exe	86
PID 4820 wrote to memory of 3440	4820	chrome.exe	86
PID 4820 wrote to memory of 3440	4820	chrome.exe	86
PID 4820 wrote to memory of 3440	4820	chrome.exe	86
PID 4820 wrote to memory of 3440	4820	chrome.exe	86
PID 4820 wrote to memory of 3440	4820	chrome.exe	86
PID 4820 wrote to memory of 3440	4820	chrome.exe	86
PID 4820 wrote to memory of 3440	4820	chrome.exe	86
PID 4820 wrote to memory of 3440	4820	chrome.exe	86
PID 4820 wrote to memory of 3440	4820	chrome.exe	86
PID 4820 wrote to memory of 3440	4820	chrome.exe	86
PID 4820 wrote to memory of 3440	4820	chrome.exe	86
PID 4820 wrote to memory of 3440	4820	chrome.exe	86
PID 4820 wrote to memory of 3440	4820	chrome.exe	86
PID 4820 wrote to memory of 3440	4820	chrome.exe	86
PID 4820 wrote to memory of 3440	4820	chrome.exe	86
PID 4820 wrote to memory of 3436	4820	chrome.exe	87
PID 4820 wrote to memory of 3436	4820	chrome.exe	87
PID 4820 wrote to memory of 2768	4820	chrome.exe	88
PID 4820 wrote to memory of 2768	4820	chrome.exe	88
PID 4820 wrote to memory of 2768	4820	chrome.exe	88
PID 4820 wrote to memory of 2768	4820	chrome.exe	88
PID 4820 wrote to memory of 2768	4820	chrome.exe	88
PID 4820 wrote to memory of 2768	4820	chrome.exe	88
PID 4820 wrote to memory of 2768	4820	chrome.exe	88
PID 4820 wrote to memory of 2768	4820	chrome.exe	88
PID 4820 wrote to memory of 2768	4820	chrome.exe	88
PID 4820 wrote to memory of 2768	4820	chrome.exe	88
PID 4820 wrote to memory of 2768	4820	chrome.exe	88
PID 4820 wrote to memory of 2768	4820	chrome.exe	88
PID 4820 wrote to memory of 2768	4820	chrome.exe	88
PID 4820 wrote to memory of 2768	4820	chrome.exe	88
PID 4820 wrote to memory of 2768	4820	chrome.exe	88
PID 4820 wrote to memory of 2768	4820	chrome.exe	88
PID 4820 wrote to memory of 2768	4820	chrome.exe	88
PID 4820 wrote to memory of 2768	4820	chrome.exe	88
PID 4820 wrote to memory of 2768	4820	chrome.exe	88
PID 4820 wrote to memory of 2768	4820	chrome.exe	88
PID 4820 wrote to memory of 2768	4820	chrome.exe	88
PID 4820 wrote to memory of 2768	4820	chrome.exe	88
PID 4820 wrote to memory of 2768	4820	chrome.exe	88
PID 4820 wrote to memory of 2768	4820	chrome.exe	88
PID 4820 wrote to memory of 2768	4820	chrome.exe	88
PID 4820 wrote to memory of 2768	4820	chrome.exe	88
PID 4820 wrote to memory of 2768	4820	chrome.exe	88
PID 4820 wrote to memory of 2768	4820	chrome.exe	88
PID 4820 wrote to memory of 2768	4820	chrome.exe	88
PID 4820 wrote to memory of 2768	4820	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://stearnwinter-giftcard.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffefb2ecc40,0x7ffefb2ecc4c,0x7ffefb2ecc58
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,6677375358927818565,16083213556753605097,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,6677375358927818565,16083213556753605097,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,6677375358927818565,16083213556753605097,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2428 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3028,i,6677375358927818565,16083213556753605097,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3060 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3040,i,6677375358927818565,16083213556753605097,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3748,i,6677375358927818565,16083213556753605097,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3008,i,6677375358927818565,16083213556753605097,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4424,i,6677375358927818565,16083213556753605097,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3768 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4820,i,6677375358927818565,16083213556753605097,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5560,i,6677375358927818565,16083213556753605097,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5244,i,6677375358927818565,16083213556753605097,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5724 /prefetch:8
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=728,i,6677375358927818565,16083213556753605097,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:3060
- C:\Users\Admin\Downloads\SteamSetup.exe
  "C:\Users\Admin\Downloads\SteamSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1820
- - C:\Program Files (x86)\Steam\bin\steamservice.exe
    "C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5212,i,6677375358927818565,16083213556753605097,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4544,i,6677375358927818565,16083213556753605097,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4572 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4496,i,6677375358927818565,16083213556753605097,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4480,i,6677375358927818565,16083213556753605097,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5216,i,6677375358927818565,16083213556753605097,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=1448,i,6677375358927818565,16083213556753605097,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6240,i,6677375358927818565,16083213556753605097,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6276,i,6677375358927818565,16083213556753605097,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4492,i,6677375358927818565,16083213556753605097,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4536,i,6677375358927818565,16083213556753605097,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6260,i,6677375358927818565,16083213556753605097,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6092,i,6677375358927818565,16083213556753605097,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6464 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3356,i,6677375358927818565,16083213556753605097,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  PID:6132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4524,i,6677375358927818565,16083213556753605097,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1432 /prefetch:8
  2⤵
  PID:5172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3452,i,6677375358927818565,16083213556753605097,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6540 /prefetch:8
  2⤵
  PID:4188
- C:\Users\Admin\Downloads\OperaGXSetup.exe
  "C:\Users\Admin\Downloads\OperaGXSetup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:920
- - C:\Users\Admin\AppData\Local\Temp\7zS89392CAE\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zS89392CAE\setup.exe --server-tracking-blob=N2EyNzM1MmVjMTIxMmUyMWIxMzZlY2NmYzRjZjNhY2YzMzFmMTZmZmZjYjI3NzkxMGI2ZWE4YjkyYTljZGU3ODp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9IVlJfMzczNiZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTM3MzZfJnV0bV9pZD02MzViODc1NDQyYjA0NjMzYjgwYTdiNzMyNTdjMjg1YyZodHRwX3JlZmVycmVyPW1pc3NpbmcmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmdXRtX2lkPTYzNWI4NzU0NDJiMDQ2MzNiODBhN2I3MzI1N2MyODVjJmRsX3Rva2VuPTc2ODQ0OTUzIiwidGltZXN0YW1wIjoiMTczNzMxMDgyOC4zNTE0IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyMy4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX0hWUl8zNzM2IiwiY29udGVudCI6IjM3MzZfIiwiaWQiOiI2MzViODc1NDQyYjA0NjMzYjgwYTdiNzMyNTdjMjg1YyIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiJjMzVjYmU1MC02YjAwLTQwZDQtYjNlNS1lMDA5M2I5ODI0ZTgifQ==
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\7zS89392CAE\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zS89392CAE\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=115.0.5322.152 --initial-client-data=0x330,0x334,0x338,0x310,0x33c,0x6d78fd9c,0x6d78fda8,0x6d78fdb4
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:5036
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:2516
- C:\Users\Admin\Downloads\OperaGXSetup.exe
  "C:\Users\Admin\Downloads\OperaGXSetup.exe"
  2⤵
  PID:4032
- - C:\Users\Admin\AppData\Local\Temp\7zS0CFD1A3F\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zS0CFD1A3F\setup.exe --server-tracking-blob=N2EyNzM1MmVjMTIxMmUyMWIxMzZlY2NmYzRjZjNhY2YzMzFmMTZmZmZjYjI3NzkxMGI2ZWE4YjkyYTljZGU3ODp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9IVlJfMzczNiZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTM3MzZfJnV0bV9pZD02MzViODc1NDQyYjA0NjMzYjgwYTdiNzMyNTdjMjg1YyZodHRwX3JlZmVycmVyPW1pc3NpbmcmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmdXRtX2lkPTYzNWI4NzU0NDJiMDQ2MzNiODBhN2I3MzI1N2MyODVjJmRsX3Rva2VuPTc2ODQ0OTUzIiwidGltZXN0YW1wIjoiMTczNzMxMDgyOC4zNTE0IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyMy4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX0hWUl8zNzM2IiwiY29udGVudCI6IjM3MzZfIiwiaWQiOiI2MzViODc1NDQyYjA0NjMzYjgwYTdiNzMyNTdjMjg1YyIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiJjMzVjYmU1MC02YjAwLTQwZDQtYjNlNS1lMDA5M2I5ODI0ZTgifQ==
    3⤵
    PID:4544

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3404

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2236

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies system certificate store
PID:2504
- C:\Program Files (x86)\Steam\steam.exe
  "C:\Program Files (x86)\Steam\steam.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5124
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=5124" "-buildid=1733265492" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:5192
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1733265492 --initial-client-data=0x280,0x284,0x288,0x27c,0x28c,0x7ffee841af00,0x7ffee841af0c,0x7ffee841af18
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5348
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1576,i,8684462228998736975,1495384907912886748,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1580 --mojo-platform-channel-handle=1568 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5440
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2312,i,8684462228998736975,1495384907912886748,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2316 --mojo-platform-channel-handle=2308 /prefetch:3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5576
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2868,i,8684462228998736975,1495384907912886748,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2872 --mojo-platform-channel-handle=2864 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3248
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3216,i,8684462228998736975,1495384907912886748,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3220 --mojo-platform-channel-handle=3212 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:1456
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=3824,i,8684462228998736975,1495384907912886748,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3828 --mojo-platform-channel-handle=3820 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5068
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2028,i,8684462228998736975,1495384907912886748,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3800 --mojo-platform-channel-handle=3768 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4628
- - C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:6060
- - C:\Program Files (x86)\Steam\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5856
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:5916
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:6020

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d8 0x40c
1⤵
PID:5620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\bin\SteamService.exe

Filesize
2.5MB

MD5
ba0ea9249da4ab8f62432617489ae5a6

SHA1
d8873c5dcb6e128c39cf0c423b502821343659a7

SHA256
ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d

SHA512
52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
15KB

MD5
9ef06d21baa4fb68e7e5b13de76ac657

SHA1
ad9c899eaa15f0fedfd874b198f6e7e6f27e3f1e

SHA256
9b468a6a755802987f04247f5aae8bc1d900c2ae826f4b854f5f5f2d0cbaafb4

SHA512
7a0846389f8d3fae52667f6e21da8e872136f2d3e9f4ed31bcbba7548e0aea8d9edbc38c96a91cb305e0c34cb1dd693766c5482941203efe9d80e85eb5c8ecbf

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
24KB

MD5
7921f038061e7dadfa13d64fb1408612

SHA1
7a932c9485ce9a0ddf68b1ca19ba511a6ac44f4f

SHA256
85cb3c0368507622aefe252ac74ea485e047a836603afc718f59fd4a3a706ba2

SHA512
998a7d4461017aa8705b66185dc2e01dc81a547c3265cbc2c65853d3af69d8d13c66b33a0e03e22ffaa73ddd3d33261dd0d1fcfb5469e6c939dd092b3cdba11f

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
27KB

MD5
4b9c47996175aa83d2d8b83cc632c916

SHA1
1b66425d4ec7fe0c34126d5e07488a9a86a092cf

SHA256
8fe0d872e37c47d20f408950c9585663e020d83522bfabcaed15a127f43962cb

SHA512
ad576c6b575b351fa54b7e0ae31fc28e67ae240760d003bac2ca6ef6be9c4e9b7cd1b7642bc5015a29d32feba0780def57718ccc72af1aed0a44866b4c39db2d

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
21KB

MD5
0b59282a80a48e8527410ac9d7208107

SHA1
683e476bf4e8ad4d907ca58117fa7ca0e852a512

SHA256
fb0157fe336a0d621cd518e84e54729b0e5e850e2d1799e4fedccbc6ed970f40

SHA512
4fda1e9a21731a71f23fd4236c6305b6fc3b56a8f5fc27946f17e49022f32a0413f6f0f65f5f3074b96b9394333b389f01c88d5e7bf24c13aa7a4986f757bb78

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
22KB

MD5
a80a7c1a8fce6708c96282bd65387788

SHA1
57a1ed77a305cbb37678996db28dc9db094ce595

SHA256
89e4f182b1440eb807f7a1c530f0dc48b627732ce7955f7421719e5ea655993b

SHA512
869e77f4ca8a4ec95cb404dd482d4a3ca101f993bde35e2a899fc2891bed9c45e30d3568d39aeb90ebdec8f673fe279680c505fa63acc9c0785a526e26825c49

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf~RFe5a3db6.TMP

Filesize
184B

MD5
3cdebc58a05cdd75f14e64fb0d971370

SHA1
edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe

SHA256
661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7

SHA512
289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

Download Submit
C:\Program Files (x86)\Steam\crashhandler.dll

Filesize
347KB

MD5
7a93763803b9ea422e70015fcb23f981

SHA1
9765753a26e91b908acca2e88a3c1db9d57b2f53

SHA256
85b6c815533b6016062e3536eb04bbe0dfaed8e3c89eca8da1d586f12b780001

SHA512
0748982ce6f5db44c09e6f9a01ab343ec81adb775bf10ec1bcc84c51c7bc3710c165ec7286db587a4997815926b480f1c53a9b87f2762baa7b28ed4187a7396a

Download Submit
C:\Program Files (x86)\Steam\logs\bootstrap_log.txt

Filesize
20KB

MD5
1bef5397ade5fba3b5d6205b8b8643f6

SHA1
9cb85a78779d1562fc307969dc85b686dfab6d14

SHA256
81a08eb254cbcc21dc4c1c0fbc061f03d61a8cb12e0f9a4fbf59f358979847d9

SHA512
6cae8cccb3d663b8a02f2333859d66fc81bf6cc1155feb7fd96657e83d01781ddf7c1c63a12045e2f3fcd12fed5e8c08e6047b000261eb4fa2b126f32bcf713b

Download Submit
C:\Program Files (x86)\Steam\package\steam_client_metrics.bin

Filesize
3KB

MD5
382ab3847f9a824687d9c175e333ee88

SHA1
7f36244aa07902c18a547f2e49bc1f9fec3e0976

SHA256
3d7bbde931da13a21483b52c29cb1cf8ca03b0857cb6caabc14d99f39e2981f2

SHA512
84831f5199bdfc39c21028ef2e6ebd9c41ae74dac380eddb98c1c98ea0e4af5972472cd07563d85e691246275ffcecf937718d5dc9c20280e5176e3399b1d069

Download Submit
C:\Program Files (x86)\Steam\package\steam_client_win32.manifest

Filesize
8KB

MD5
78079dd63939f7c2db1ae475b12cacb9

SHA1
a2dda051df71353b2fe2cd8600a6714650ee37ac

SHA256
529e2294203328f262b6fdc8a4b26077840aea72b8a1e752603ce8c625a1db77

SHA512
74d4f33c2eedada639378e9b32f1703cd67cede37dc4ce0dd733bfba9a6e6a63a3ff667c2a6616961c56c2900888288d7d2aa3070269ea6696771cdccc05b132

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

Filesize
4KB

MD5
0340d1a0bbdb8f3017d2326f4e351e0a

SHA1
90d078e9f732794db5b0ffeb781a1f2ed2966139

SHA256
0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544

SHA512
9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

Filesize
6KB

MD5
4c81277a127e3d65fb5065f518ffe9c2

SHA1
253264b9b56e5bac0714d5be6cade09ae74c2a3a

SHA256
76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9

SHA512
be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

Filesize
4KB

MD5
2158881817b9163bf0fd4724d549aed4

SHA1
c500f2e8f47a11129114ee4f19524aee8fecc502

SHA256
650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7

SHA512
f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

Filesize
4KB

MD5
03b664bd98485425c21cdf83bc358703

SHA1
0a31dcfeb1957e0b00b87c2305400d004a9a5bdb

SHA256
fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115

SHA512
4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

Filesize
4KB

MD5
31a29061e51e245f74bb26d103c666ad

SHA1
271e26240db3ba0dcffc10866ccfcfa1c33cf1cc

SHA256
56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192

SHA512
f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

Filesize
4KB

MD5
27993eb75894ca4894db266ad9b5e61b

SHA1
4def653ee04b0514822b690052598435ec25e686

SHA256
fbc09c1b9a55d04b57be8fb2ad5ab58b38f76054ecd3d1b70440a2d08191b05b

SHA512
eaebeee5b1a7dfb9bdf661623554793d7ef7e15d9f9cf01f94da1eb0b84b88c8f24176463d15c407ebf670c5b7fd4052daea33ba43e75c1de2979487c4987bab

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

Filesize
4KB

MD5
da6cd2483ad8a21e8356e63d036df55b

SHA1
0e808a400facec559e6fbab960a7bdfaab4c6b04

SHA256
ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6

SHA512
06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

Filesize
4KB

MD5
9e62fc923c65bfc3f40aaf6ec4fd1010

SHA1
8f76faff18bd64696683c2a7a04d16aac1ef7e61

SHA256
8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7

SHA512
c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

Filesize
4KB

MD5
10c429eb58b4274af6b6ef08f376d46c

SHA1
af1e049ddb9f875c609b0f9a38651fc1867b50d3

SHA256
a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13

SHA512
d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

Filesize
4KB

MD5
5c026fd6072a7c5cf31c75818cddedec

SHA1
341aa1df1d034e6f0a7dff88d37c9f11a716cae6

SHA256
0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382

SHA512
f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

Filesize
6KB

MD5
189ba063d1481528cbd6e0c4afc3abaa

SHA1
40bdd169fcc59928c69eea74fd7e057096b33092

SHA256
c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695

SHA512
ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

Filesize
4KB

MD5
18aaaf5ffcdd21b1b34291e812d83063

SHA1
aa9c7ae8d51e947582db493f0fd1d9941880429f

SHA256
1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5

SHA512
4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

Filesize
4KB

MD5
1514d082b672b372cdfb8dd85c3437f1

SHA1
336a01192edb76ae6501d6974b3b6f0c05ea223a

SHA256
3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4

SHA512
4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

Filesize
4KB

MD5
8958371646901eac40807eeb2f346382

SHA1
55fb07b48a3e354f7556d7edb75144635a850903

SHA256
b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585

SHA512
14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

Filesize
5KB

MD5
7e1d15fc9ba66a868c5c6cb1c2822f83

SHA1
bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7

SHA256
fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265

SHA512
0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

Filesize
4KB

MD5
202b825d0ef72096b82db255c4e747fa

SHA1
3a3265e5bbaa1d1b774195a3858f29cea75c9e75

SHA256
3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314

SHA512
e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

Filesize
4KB

MD5
7913f3f33839e3af9e10455df69866c2

SHA1
15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25

SHA256
05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c

SHA512
534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

Filesize
4KB

MD5
58e0fcbee3cca4ef61b97928cfe89535

SHA1
1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b

SHA256
c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425

SHA512
99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

Filesize
4KB

MD5
9b0b0e82f753cc115d87c7199885ad1b

SHA1
5743a4ab58684c1f154f84895d87f000b4e98021

SHA256
0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32

SHA512
b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt

Filesize
4KB

MD5
eb8926608c5933f05a3f0090e551b15d

SHA1
a1012904d440c0e74dad336eac8793ac110f78f8

SHA256
2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04

SHA512
9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt

Filesize
4KB

MD5
6367f43ea3780c4ee166454f5936b1a8

SHA1
027a2c24c8320458c49cd78053f586cb4d94ee6f

SHA256
f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998

SHA512
31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt

Filesize
6KB

MD5
e04ad6c236b6c61fc53e2cb57ced87e8

SHA1
e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4

SHA256
08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e

SHA512
0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt

Filesize
4KB

MD5
56dcf7b68f70826262a6ffaffe6b1c49

SHA1
12e4272ba0e4eabc610670cdc6941f942da1eb6a

SHA256
948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f

SHA512
c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt

Filesize
4KB

MD5
66456d2b1085446a9f2dbd9e4632754b

SHA1
8da6248b57e5c2970d853b8d21373772a34b1c28

SHA256
c4f821a4903c4e7faea2931c7fb1cf261eba06a9840c78fdca689f5c784c06c4

SHA512
196c2282ba13715709ece706c9219fe70c05dd295840082e7d901b9e5592e74b1bb556782181cdbe35bd1ab0d6197fef67258b09491fabc6f27606dbed667d49

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt

Filesize
4KB

MD5
b2248784049e1af0c690be2af13a4ef3

SHA1
aec7461fa46b7f6d00ff308aa9d19c39b934c595

SHA256
4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690

SHA512
f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt

Filesize
4KB

MD5
194a73f900a3283da4caa6c09fefcb08

SHA1
a7a8005ca77b9f5d9791cb66fcdf6579763b2abb

SHA256
5e4f2de5ee98d5d76f5d76fb925417d6668fba08e89f7240f923f3378e3e66f6

SHA512
25842535c165d48f4cf4fa7fd06818ec5585cc3719eff933f5776a842713d7adb5667c3b9b1a122a1152450e797535fc7a8e97ebdd31c14b4d4900a33ede01f3

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt

Filesize
7KB

MD5
53f7e8ac1affb04bf132c2ca818eb01e

SHA1
bffc3e111761e4dc514c6398a07ffce8555697f6

SHA256
488294b7faff720dc3ab5a72e0607761484c678b96d6bcd6aad9ee2388356a83

SHA512
c2e79c2505a6fd075df113ffce92ad42c146424ca39087601daa4ed15a2b5528d478a093921d9d8a738c7b6b963275a0693ebe526b6e2135d14ced03639d0e70

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_turkish.txt

Filesize
4KB

MD5
29f9a5ab4adfae371bf980b82de2cb57

SHA1
6f7ef52a09b99868dd7230f513630ffe473eddf8

SHA256
711675edb20b3cb70acf6cf75f2eea8e0d87c8ace3e11c8df362b4517427a34f

SHA512
543fe63f791250e05e8fda24fd2ceadebb4c8925e8927de49ae490895c87eed3e61a9ad50237532649f99fe3165836261de215ee3f66ffbfc6d677ddeea7732a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_ukrainian.txt

Filesize
6KB

MD5
cadd7a2f359b22580bdd6281ea23744d

SHA1
e82e790a7561d0908aee8e3b1af97823e147f88b

SHA256
3dd0edfbe68236e668fb308f92fe7c6493dbb05bfca85a48de93588f479ccc99

SHA512
53672dd13e6ccbe96f6d4a61297c595b6d6cba8de92caa51ccf8ab1d8a82eea5a425eab348f295b9ec27de0026ef849d9230f751a46e040be8863923f91b8519

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_vietnamese.txt

Filesize
4KB

MD5
f350c8747d77777f456037184af9212c

SHA1
753d8c260b852a299df76c4f215b0d2215f6a723

SHA256
15b6a564e05857a3d2fd6eec85a5a30c491a7553d15ffc025156b3665b919185

SHA512
efb86809a0b357b4fcd3ba2770c97d225d0f4d9fb7430c515e847c3dd77ee109def4bef11b650b9773c17050e618008fc03377638c1db3393ac780b5b0bc31b2

Download Submit
C:\Program Files (x86)\Steam\steam.exe

Filesize
4.2MB

MD5
4bf015883412d366a1423e51ea534a21

SHA1
e89e0e631edc7aa0cde78463e3b5a1250e3a976d

SHA256
b5d588810e2b68f8a92de74b9741e0120f130d1e079144d50951c54cc04ed72c

SHA512
3610e464336b85793da07de2dc9a4940936bc47314b0aeddd910f2558a7669249fb4d588fb29d3b862ebddc5e3cd2883fbccbde9c35ef7215c1c864525bfa4be

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5192_300075135\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5192_300075135\manifest.json

Filesize
1001B

MD5
2ff237adbc218a4934a8b361bcd3428e

SHA1
efad279269d9372dcf9c65b8527792e2e9e6ca7d

SHA256
25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827

SHA512
bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\45b11fb0-bb48-4bcf-a064-0158491be9ea.tmp

Filesize
116KB

MD5
2c4e005dc4d039f3cae8ecb706e57c65

SHA1
144709b9beae0debf96b1905d5b617bd823b0d07

SHA256
745574db73420dcc72b5f290a812f02623afcd2417ddf632e5a081e62b5097a3

SHA512
0451ff031ddbde297e7e7f6a815b5dbbf946a5005ec5441c7b6bfacc0703d052e058a0f72d3051cd4d7c773d89edf6eacb127997d64906d268ab3b906e5cd0fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\04b712bd-a834-46fa-ae62-bc5325f3bff0.tmp

Filesize
11KB

MD5
2524b450226e8b234105c5c1a19c1889

SHA1
90b65e51d7b6bb44efad83e9c3e038f8767b7e71

SHA256
ab4b87004d2a19750212742e16e5f28a5cc5fb3745d4b4e06d4263e2c15a01d6

SHA512
af584616e41a33c150e62fd1cce387ab1426fa6926cb283138dbec7f9aa8bd3b5bdab134fa7e9cfed0189f77d08643612cb1eea83be3f487df843dcdce795af7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3b477b14-69a8-4a65-9a9a-2643f2d870f5.tmp

Filesize
10KB

MD5
344ac59375bdecf6c8a199b73a306437

SHA1
0e5df744a3f4603e9a25ce563710a2de5825480d

SHA256
b23d469348c38d7d3c1076da4710963bc89789a6e34459f69c773e64c573dd8a

SHA512
60a86a735d4b211f786f4323fe8201171bfbe1398b594afb6175a50e0f5bd78aad07a77263074a4b27381b9f6d22171696e2ec5ab6be7c3abf5a27e580b0ba07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
6deb933184d82d29386b62a312422353

SHA1
590c7c38382dd7b6c77e4dece324ec91dee91868

SHA256
662624751e5fe63d0f9299de2714049d8c91db582945c8cbdc0b61500520848a

SHA512
aefa64ce018f9838647a566073ca19cee5e4dbc9dd72b0cfd7e8fb2e2f63b63670ef0e9bde0db248ea2da084d1b6b8d37a555a6174f9881210dcf6fa44012d1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000081

Filesize
41KB

MD5
3bc2b6052ff1b9feff010ae9d919c002

SHA1
dd7da7b896641e71dca655640357522f8112c078

SHA256
483a3494759a05772019e091d3d8e5dc429d098c30007d430639926c3ffa16e5

SHA512
0b1632b73fd87e8e634922b730f83b7950e9a39697a46a3429f0bebb3f1ebd14c815a4651ee8f663a437d00ecbeb6ddaa47b2fcad719777edf1b1de8a7cad0f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\03395fafacfd901f_0

Filesize
19KB

MD5
755c1def878471e6cf8f2534f75410aa

SHA1
4b2223a5abb7bd2beeea808c2f4ae6c52a3c9763

SHA256
78c12b5ad30d9d40fb9237117e26645b8ac317fb0ef91fbb988d135d982b7ea4

SHA512
519190a616b6bbddb001322a15ff2848b0b9457ed98d40ac3b94ccced7f0e148773f737dfdf03c952c46908c460732d305930186ebe65bae7250fd6471789647

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0e3ad5a80ba7db88_0

Filesize
280B

MD5
f20f7cd6b2cdc5438b3060c695aaa1d0

SHA1
0fe795525f961a100c35da5122f20d8a8f118c5d

SHA256
c96eca163d793eb543f624f417c26384fcd3d15fbd6145d99bc5341004b0b388

SHA512
90bb65bda0bc70120797d5beac3c01b1d44c9b62c3b699d270bd2cf7baa43d5055ec86e1717d4e9344a5ac8275235a36014fdddeddd6cca76eec957e5e71f96d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b3f5c619dc99febd93dfae8b38b48af6

SHA1
f59e6eba02e3942a36c4f3dfd2943c0b2a59679f

SHA256
c63a63fb2c3400cf87c78e789505400efacd541f7d6cc016e50f42da5d84cab3

SHA512
d35a1ed21c2c336337330d3e7973e1a24f60a16835cc00095c2ea6781ca6704b15a841a8d3f07f8c23ce69382acc375215ccf0c76decb0c96f75dac60d36d0ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b242ced9492758f843c2a08400cb1a44

SHA1
44abd882a534f6fb4e316c222263c58858a398f7

SHA256
f3b82dca2f703ae934036a4eeb5a928d3e36a4453680343aee8af5910fb3dfb7

SHA512
961ec35ac7e95b91dfd49419e4a08822ec027d9db6bbfa0e738930d0f8eb2aee3af5517cf6c2c104818568c402dddb0566ba770d097b130cdccaae72f40373e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3d9c9e41867892c22d14706b602daadb

SHA1
b465dd596933abccde2e8ab580dcf1a2303d0c8f

SHA256
d9d499c028267c93b27ffc2f1ef1523e382288b5d9289687f7c8b19b765d8481

SHA512
6131f19948a6df3dd353caa55f3db9e3abd2cc0b5b1c1cc3f957f30a9d6a089ff79d057e000022685da5fa038442ef04aee893fa523ee100d259c320a07758fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
77608080cf033df074b12a3203e398e6

SHA1
30b047ead8c207a93f7b64945679a919589f12b0

SHA256
7fab06d4af1d0d4a344c6c1370b609767adca071485df3a6a26b41f18d49d404

SHA512
c3b70083f37609037fe399dbcd0662b429c2fc7284f97877795701df4f67836f9edc92f27d51b5b5d94adfc46115ed35c1885a7f6ab337ae70c54ce43e482f04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
961631e4f4b1f9df7c01862905526f15

SHA1
0562ff761fac987ec7184c4aa2a3be196382f5f9

SHA256
ae2c06c1b4f0fe3d89d7eae4ff2e88222332a1aaa7ac574b6f1a34fc81a9d4a5

SHA512
37d07b0895fe60920b32aceedd53187c572c3f20417a7c891ecabccd3ffc986de59f1c82f9d981fe5db4271f28e9afa33ca6464f98afd23b0da0988af2e28fcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f751e92dc2b280ff7692045a56eebe6b

SHA1
64f2f4d5006918238c24415d50f2fc5bba574fcd

SHA256
648ff8d9fd330cb66674b1dbc52b934aeec824a49634d47cc058ec258602e42f

SHA512
dee14004a7290d0b8ac81a9a1927b0d1d10afe18348fe8daabde79df090bd14a104a70cc360bca387aacdf4b9d87ccb77f7ff67ad949ad4f3f922a1ce002e9fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e7eb4e74c2248319de74f85ed7064d28

SHA1
8d16f18f634284e49d1a4fa8c6ea2ae8177c9abf

SHA256
0d8c32cec23362536f83aff5fab71bb9586a741617c12c08f8e9360b7989744d

SHA512
c9b59f82424e1fc7372c96b17e601c3e036f6f8a683d22141efa2e20302b7ebfcab7fc7cd67d99a41a4252c506f819159fd309ae6f4f381c26f8ce066e6cbbeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1420a4a4507a965378494cabad4ace89

SHA1
6251c9aaaa6aa5164bce8f39f9b7c26d44c6c13a

SHA256
52d39d9fc2a24b71366b82ff8f89f5209a7cb909b3fcadc0f64eb035ac6ed51a

SHA512
1f50b057385848e15dd91d411676a614ab9412744b5de1c345e7064a792a73c8b929b4132008d310972b988ec335ad0eca0d1bb7ef849ed8a7cb122f8b6fbb65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5f4584bbe60c94f964a355ab27cea500

SHA1
a6d8f5e637388be1046385c753900052f0a2d9e3

SHA256
af5d3502a0dc97873c3e4233b005390ecc9ea247fcd370fda62ee9541b900ed4

SHA512
2d66937e32f138f217d3cfbab70338d45bf8d8e2cf828a9fc8425e0be291d17def2e2eb153f71dbae0ca036ae510c771765faae30e185a57b415a0290de35780

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
f5cef051f35605da6c4a57317c59af6f

SHA1
e3c4b29f2636be0c05eab15746fb4a7fb959fa04

SHA256
56f7f700aa89e7c4152e4a25c28d71c74ef83a72d004bc7dc0558af79d2b0d21

SHA512
715caa0e7c7a0f6bd10d41af6cff2aa5acef76bfb7d104bf797af4c94e754a5617785717293fd94089e6d7eccafb2cc8ed8808139f6285c87a1f0e575dc9eddd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b88056e1f55d5279436f553bb46abe45

SHA1
088f382bd1bce36651a6e262da1c281109f56213

SHA256
a4d59a48a08c6c03d29a1640b9bb2b9b53b1b0541ecbbf8febfb84394328b007

SHA512
2116034b92923425614e6e5289a6d32ca246da366627ac29f8d93d938d50bc758233819ce56b901ada18e2f96814258c4dfe7ac439105117323f303fe0e684a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
0947a33e6520b249d50b40c795100aab

SHA1
1006f1f9153eb3d21bebb221d24bef8773b2bde0

SHA256
f36092851b72ec3ac6c960e88b1a796be8c4f3f13de7b34b6e8f7ecdbd3062a5

SHA512
bc92c12061141d95af97c094bdc90db543f3e9d52744e367cf81b6b014e6948917cfcd22639de60f062a39b4c0c6910b271fac63e3cea16419b3191b14bffbea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
2bee42f0dfccdbabeb72a4765fc83a32

SHA1
61025d81d2acbf7584979a6fa427f55e46768ab7

SHA256
18a59ce089f972c69b0a8ec7e48de36575f07b4ec2464ccc897bacae73a5ec7b

SHA512
92a642edf153a93f71a67091cd9fe0a0257ac6407020a5550bfe8861524ceeab11af52424c136ed184d5829c4c8274d8d4575efe506ca94bbac4a58af6fef634

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
c86ef449ae7277f754860dd56120676d

SHA1
ea37237cff9d8b7723fe13a37c509452d1c0550f

SHA256
36867aca0fb3bbaf50afdf5cf6dd8e97895d44e3c2b03d622524c3cd8c21c152

SHA512
6b40b06c0106775e29df532658f2917573a15f5484bb34f4e8ef3e49c609dcc4f340f7161040180aaaa43ff21553f97c75601d2898613fd1dc2198a8413543e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
150e308017e3b192b38096e1a6d8fe7d

SHA1
9d15cfcf6c08693187665bcd8327f70b4ef84d20

SHA256
9f02418cde740cdbd02b8406fc1c5f3dd201904a01a50e4df97c01431850fbf4

SHA512
e9ba0f1c0464f8e8dd980601a5dede4cd94ba1f68d203993b69bfddc79a03f286425474d950f0d3f2ed807b72d2eadfd07b332686ec33fb87044bd5350a18dfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
50de7341bc34fdb62f8a1bedcd5eb6e4

SHA1
f96ad68866deaeb3efa4eb5b5fb45d03edb8c25c

SHA256
d2b5d4143fd4f8ebfb1ede6c5bb6ffdc45088618b26af280b6cb58c62514b7d6

SHA512
d527c27fe7aba7039efe6409c519a6a7ef7ab7343183ef2857bcb4b562b878633983b8e9a7bd5cb3a1a8f4bdc7bd14e41198ec49829c2b494d7df59c53ffd4a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c6a8c5dcea451dedc3261353a7c2f798

SHA1
b9dd97ec498b0876a716bf001c651e098f4372c1

SHA256
19df94a49eb9e01ca35d731696566ecf2d9ab363eb4bd3d4c8f5ff243392e3e5

SHA512
2873e386954ac349ebf4e324503f3f55b61746cbdaad9f668fe5dcbe4af1850bdfda9aa1d9add0a125c3ae540a315941e95dcaf49d453b65e7929d952cbab3f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
235fec07c49751d1ea54c5222441153f

SHA1
105188e3378837b529c23711ec36acf0c0a563a0

SHA256
4098c957bccca48112f69cccd102ed31a9b0613e78d5ffce5e039e5ebd85cfea

SHA512
28e217259d8433e7e695323e8cd4e9f7d02650207a772b21cc87c236532c6d4beca4a3ac58a7fd92c5b4736a011feea4c9927cf7c63c0c4e0ba2035f06a587df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e9cee08386e858718debf5cdc14336ed

SHA1
e451440a653ca7f6f16d10e63387c28a96ab2eb5

SHA256
daa0e9f79ac2b69798addd619f978d7058171379aee7fdea4109cddf8d856ffb

SHA512
475759bf565d0427f7c850a60b6b5641e2387cbb599f63b8432d0621f7c13c21ef840ec355b87f7fc96a30ea88f1cc03f57b96e5045e33fde48ade85b6d9892d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
0490f6fb3a6ab9d4c8f8160a2929983e

SHA1
13ade5c47a58d7822249c60154f4224e0f41e1c6

SHA256
9686122d68c67ea8b40dea709667ca2eacb32289937c22606c384b0c58acdaf0

SHA512
0e3008850383ab62e851f588cf7b216d0e145e65cf2ca8aab1c9717ceac77a67337b6c3ed812d8f6a6f574d64686ffc0a2903453fa48f0e3d7e8a9c23dc3dcd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
502b5998603e4bd960171e0c2a607c9d

SHA1
724d7dbd32eceb6b9bdab28faccbefe62826af49

SHA256
4ae9027a36baf699c531fb238fe5dda60835e5187af857b3ab5ea94cc71885ef

SHA512
caeec777765224ead5ce92d3185ca984fa421cb87ad5fe50ca7b617b648db3c08ea6fd16ed89ad912aa20a991c7ca7eaa428232576a139c37525de7d39f80be3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
5afd151d547b237881c72f85ea6b4bbe

SHA1
6e852e6f2585a0415217b559660dd005c2c87477

SHA256
30825e9baefe3d2bee236d16d30cc91d64685dfcbf23bf973bf14087c26fc812

SHA512
50d971e3de9da2224e87b206286ac393b5bf0befad623712175d15f0e2dff2a6c0c9830c0c7f77dea1da79a5fa643f3cdf3242ac3a4dcda0680c2a0f9e7258a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
12fc71ad5c3b97c199703a950bb4883c

SHA1
dac1e2f92a35a76a265992174eb79ab6fd1f2b6a

SHA256
39a569d5fcbaf2a5176ae3a416670c0862763adb294ffc55c5c5c6ad4d9095fc

SHA512
e699fd0dfa3209a94e99d947b32d43f20838713e09ab6a756f535f75e77fa967e6ca4c7b8b4d9fffb6612ad4f07ad309ae673e07c19f146aa5833194829d79dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
3a57ec08703e56fdc7865e46635db979

SHA1
bbfbcfef8c10ddf5139befe9a074b5401356c18e

SHA256
88fe73a3e0caf6770f577ba4ae1c26622f00ec90e5ee478da7d0257438671da4

SHA512
cd1fc6e654e7defa24c9ef723406c8d4a6c3dcfdd38af84ab3cd7671cc570161e6eeb75fd0f48a33823e9eaee1bf1992b259a2f44f49ce7ffcaef82e5f8be0fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
552e739a56a0d103b5d6c280df1897c7

SHA1
e470f07681b4bfa780f695bca9fc3bc16cc35d20

SHA256
883b659c224a9dd7ec5a41def22da8ad7af8f376cbcab5b3317e6feee07f16e4

SHA512
2f2a34a92fbca439aaf08d813d65e1cdc4cf505a42b1c3bf8657ed18a8a79f2fc3d0833b4be3da4e7a1d3bcf08273e85becd26fddb73f28ce2402b9cbed04110

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c7843017747b055f1454d3df0b546e3e

SHA1
70b1994713ab45b9272b02e9b477c6b4892e69b3

SHA256
cd397b73340f4fd63f4e238714de875b89dfe152a8b37a286f86f6a24408bb49

SHA512
bb4ed2ecf7b59291cab0deabf1cd6ebd49bd2e70ea3388d587535939705e02ad0fede23f2217ce8bbdf7e20613c0ec6562d9217742fba5ef078eceff29a4a4fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9f8088f4c3e79314bcaeffcabb63617e

SHA1
34d7f2e7da64b20ce84b92670baa9c0019fd9aa6

SHA256
791b7ca407eb74fdd31b1b7e439a51a55c510bc2c038243af8869a83c2ba1e3f

SHA512
c5871669bc358647167658a326237ca8fae8b5de57abe488210a7384d9d1514a9f32bc259f3773bfc7da1019abd195098bf37d90ac868a57d021697b745a567f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2dbcb96b1a87fa4666171e9b591b1f3b

SHA1
f577fa8db112bb428960535a9518ed22b9a98375

SHA256
f5717b7428723538a0b9929395fd8880ab116567a04cd293877180c52d7947f9

SHA512
bc6a9e929bca9023f8af0102709e0c290a4fdc9d15917618b28ed9eddbd0d2dcbf65650fb12aa315f03d7186f8d14b9326df4aa39ba443dd40daa73be01925f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2cb98ec6ecd9a1918fcf7e1e5cd45c28

SHA1
6c278a67e826463161ddcfe846b0ef09c3602d6f

SHA256
eb5df3bab13c81375cbd66b88453c4ef9414f6b8433b4cc829ba88da171174cb

SHA512
85c6d7faf2364a18a1cb284d530957e9f85fc9506bc14dfd09b5338694aa7db7c60f8fb17090537074863c7e4718578867f03f209ae68f47936a2892db4f0a07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dbbcc441e9f2b0dbe7d12b69a06159a3

SHA1
80964e7d521dd3217a7e581a4d2373cd4ec40320

SHA256
ad3be98ac8c4bf41936c4905a3028f2cd50e52a47209f3a28929338802edf1e9

SHA512
442690ed3dcbdeb735cd0860ee0b04636c342c3f07c27cbd63263cb896a4a6bfc899f10cff5a8afe3cd6a6d94c344355c1d599a302a3630b942c288389bd2da5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8ad7161e4b62d0ccab88f2fb054a5a03

SHA1
f30862dec431cd3462a5057ad79447c95db11e37

SHA256
166ae4c2f159c66216ca805f4bb9a30a696176c86cf8d3569b946fb4bf88af09

SHA512
ac9f49f03f0420c172b7d7b1841bdd2e0b6249159b530db7d310c726c7e232fab0ea4f057018dc159990b9c0b2a1340c654d34ffc88dff74c1d08e4b18b1d4b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4f88615260ea9d7a9faef7f9a3ee07d9

SHA1
0a7a25f8f496666dd583c83b423b0ea32ede5935

SHA256
ba7c0a71ac1f5d19abdf7f86bdf005fbf1d671247590f4a36083ab3693e42471

SHA512
aa23a2b2ff5f20092e64478fafb9e9d40ce84cf9e6b568778c5da98a002cfab267346514d1801bf821c666cc37754f66dc6ac04023ff282ad1b79881967781bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
14722a32b14fc420182ae504c51283a8

SHA1
76e913e27aa16c9561bb3c21ed16f9e9f2f4d30c

SHA256
2292762f27aaaebbcedc0f46e82e6a6f014d7d2cbe3d65679e7e1711bcf131f6

SHA512
ff785874dacffd58dae360fd7a2d3ffb2d3370c898ef182b87eed9bb904cb74c0cbada23aa2830ac675d81e3f95809fcee818d2c1ffdc5181eac82f60197821d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c0a06c1024a69b0e926271b49aac1d35

SHA1
2ace3cc371f01f22a65e7580986b8d9ccf0218fb

SHA256
12e92617325962ab0ecdb6f85a2b9bcb8fcf3b29f94564efe1bf10082321cfaf

SHA512
cdb3b0df6e31d5ecd0f65f18134004b10e56d206a4a6140df7b0da5db17340dcb7cc08dcf954269200b38b0f34a399f5c45dfcf6738bf24ebe3abc044bf630c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b3ed2a48a1f75b0c109faf4da409f847

SHA1
76b02226a0aa59ff6943e8a8232a9fef4b1eed6b

SHA256
f26ce3034eb8eb5a875bdbedf8062a723b734feccff66011793ce79ea91e1666

SHA512
caf25dba3eea7b226748c3d08a9bae6d43a92acbbbe59f0e5a6d7144fc501f4567a81d59b36d033e066a265284226d5af0c0e17c793ef372730761cebcf45043

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
58c27f06bef3bc39db130ef8b4bd5470

SHA1
adb3b6aee5ecb7b5c458ac022fe0537a301fad70

SHA256
bfbde9fce6f1efd3c3ea5112355408a85ae8b65cee3b03e0dbdcaaf2083fcb8e

SHA512
b485255f27c29fac7f17abca4ba8b361287cb0a9f766d8c06947fa3c51d8e34041743d60358191b2b1dacb7dd24c2fbd33a4fb1119a67e2e8c2f1a38f3acee5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a7f97bde3fdaa45a1284f4f8c034ae3c

SHA1
549e3e3d470bffec15908e9fafa9a66e246fd6fe

SHA256
3b7a627413e0a2c63d2c13a01b1be27497eeedea63d6c02a0b2ca8d5d822f53e

SHA512
f42109f9cc338538b31807b9f9042a66df6e9a8a1c2129b613456a280f38477a03741ac43f41dc57a43bf6a623118dfb280c3064096ace2c0f6222ae81c70148

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6252bf3ca7f8da5e77ae05c2f3350ba5

SHA1
0eca1f40dafccb520fd1f5890f325d3fc20d9c54

SHA256
dee6c85c56c74c796af2ca9c810ee96ce3184837d64742847d12a1d1c1f94f25

SHA512
3dc9d3e4d81a9079973f4ebc2b30362ad7bb3de226b1dbf237f45d1992451bee5d3ec9dff83d20c09a01ef16c71e3e91731d559191664e325924d535d79adb99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
510b4de8d53e52a9bc70377b5c5672c0

SHA1
b343c0cc4bc8b2f76909759e3cbcbf9cecedd1ea

SHA256
8dc07e140613f4a80db054c21771ca36a50ae1ed0e3f639fde1ad38feb8f57ca

SHA512
51cd0afc34d7aafeba9eeb97c477c9f4f47bc263b953cf37d21f2dd9fd0ae6f83cede529e6823f5d4a84c11ab5c0f0b6755a8af0dd4d2fb597ad83be656909b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
2ab16bd80103c355fb9061dfef6d8166

SHA1
e5cd3e21c9db0103a50946bfd2a11bdd158c88e3

SHA256
d9baba7a2570900768964fd4e697ddf3db0adffe817615fc8c68b1d32db29661

SHA512
e32412ff8f699e018ee4f37da4a9d5a334de34263b942316a24f99f394a938445fd7ea0dc48b780662bbf443ad5d8140bc32163983b2b7e743626aae2825f5b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e1fbf0ed640e266417e09a16b040442d

SHA1
f68fccea280f17042dfcd5f1fe6e9bc16a4d4099

SHA256
bc5d54a071e8872313533a7fd1b87b5fcdd7af507387ace6f04c8f6405b29ef4

SHA512
187b4b7bfc99b48f7b32492bb06f6b6818a15f92d9cc84eefac7adea8c9b7752121d35cca5ab02e100c0257a7b2e7b261ae4250ecede7b9fdad807ff036741de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
430668bf147dfa0d13deff798a75b58e

SHA1
c94cedaca7fe5b413c2e796253fc3d288d0e06de

SHA256
6c48ebe9915c7bbb9cd1d1b585742c395d90babb6f3585103063d4db3c77a8b4

SHA512
08c5d02e94b2ffbbb23f5a9e96060add272bf7b300487f7f029a40ae4c534cdbce4a368ffc8919d544c14e05d8bb23fefbbf9036233645391cae5c6b06f6df5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4def1949a2b7051494f069eb7ead27de

SHA1
f50748e6df8382d761170bb069c99d452108e9b2

SHA256
0fd19339c9ba56c892f87e3ea3de1cfa8e4da345f0f280b1299b1de394d645e7

SHA512
9ccd65e7170d41d5c122bac034d589538e6b73681363100229ed9d2fe3de9bd5c203eab01a29e92a523690861d89e90df312000a2fdcf641169841aaa453dc54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
276b0281bce060876781903337be3064

SHA1
a70e994185ce80414ce6af7c8046cf0b7cbee0fe

SHA256
cd1ec94f4285e4f51df06956a98f8892ecace7430269acceca3957cedca6b0c7

SHA512
bd6d73efbf38bfc0f6a527476d136bad6150e05939b6ee9f69da8067a8c22ed5b988a88bf30344f9d762c4182f7289d1db95fc07e956561b7cf9e4af08c17a3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7ba1a937ad23012fc9a9927859df0834

SHA1
435340a8862330737e0c5ed5789c1fcaa359181c

SHA256
575635d87a53fdd120271a5d9f61ab760674bd220434bfba553f4ab0e9940894

SHA512
0d590d66c620273303ad60086c41629b748081e4ef329f7c9dc0db79ef9d11853d490289e70d2ec2971b0495e87c6feb77a5443c1b3206063d766d447e02b212

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
11d25eeadd8bd7b9ccf674fb02d6542d

SHA1
a81f970d1b929fbfae0b441f115e569b6e16c51b

SHA256
9c583eb3088f3ca0ca789c104d28c13422a2334625fd74fc83baf37840a52726

SHA512
7bfe68de613a3dfcbad3ec3a280371a03284390e77158c92690d82e680e5cbe9435a70a33bd86122ce13cb13c7ee8b24be2275a44548264331d4471890a1ab07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ec3031211709bf13e697464ade01b6d7

SHA1
b081e93112df77c3222dfbc650d220081a9c28b7

SHA256
5382303a802949091b3de96a10da328929afa3176ed41a5806f639aaaa300474

SHA512
abc4f2416d42bd23ead6a2bcfa3d3a4287bdff65ad9c4cd0065472ac2e5b7b2a581dd97464fae8412383fd78deba4f897e99a179df5d3f30c05edd5beca43023

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
cdc2793c7e0b35448ddcdffa771f7be3

SHA1
f4f86b5b308dcf8f60da89f3cdafa2803966ff89

SHA256
85e9dd2c4b08831df3619722fd410cb0c29983949ce270cdb4eb3fbd6f24c4b7

SHA512
24d5197171b4021ef8838686bc447ebdf5b62619594a2e4a6fd2becae150bcbc7ed9a71ae6a73ae5851b92c849b7dff2c0cb5e04ad455a21faed943d5ef3690f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
8a8ac092b00a59eaba01ff77d13cdb7d

SHA1
33cdf15f3a50607b72b933b019488587e3b0d12f

SHA256
740860ef07d12f34936edfc77e4dd685f397bfa0340808fd715fdce4e3db6b7e

SHA512
1601afe5f73e5b674fcc2a21cd96260d0020ee7eb913dd490affd94e742cedde5cc44f2197499a772622cf5dd1d5b7a16daeee02aa57dbaebe1fa98f55d1be99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fffc556170e8f51acb42b1a53bb8568c

SHA1
cca0131f8e74bea51811fda26d1e25142d4734f3

SHA256
53f937c3557852982a43f5b6d261b9bfd4104c9092ef7046ebfaa83708c53fd7

SHA512
14b85249833aea16f202a0cb677ccb22a138167865286a3ca86d0bb55897be4ef3580b6c76cdc315da508412ab032111e0185c65a90a409a69b7d88ea9c76b0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0d76c3278da20c41d4826eeb3d6a9588

SHA1
817a9972376fbffe476f410107faf424465741e1

SHA256
98f3e358f6a4b6166cd1cc3e07c1d3e1c69cb4993f59a93f06d17cf079bdc4ac

SHA512
e2b7486e3d0b3aa8d2b6b9e36b6810c8985b087b39ca49f6d5d41b51bcb02ef43fb2236ad697bc39e58d5c3bc35ec495ee630834405a408a1c2c5a658621be1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e2f2d590ddb52cddde3dd2e75377e69a

SHA1
6f8b88ffee42e2c8d60cd26f02c375106ddee63e

SHA256
9d30f6aa87e18765b7332c7e31a0ec4277ab3123cce78953c60ba1af92a93d3b

SHA512
e9efe3e93eec560ae09ff37c48e657b009db57792c8c950ceeda3f0e91e0920b1f2ef29651e80c2757bb5acb5756263b25efd5bc77c675b23d49c169f8f2ac61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
263b246ce08c7f240d92cba4a535e6e9

SHA1
ff06cda70d342ec1815e81598b85a5d33d699dd6

SHA256
c54596c356045f62e30d4b7fa726d2ee666cdc9a40fd9fe98ee31a9812fe04d5

SHA512
91a5a794a014e0f54d2b9bb3ce1681f3381bb9a0fa4004c48c2e26ee37b512a5d948a0b411baf468cd5fd52599b46a4c243c14c2c4841ee1fa28b2b1bb651106

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9e18b0e2045c4f8c0f538252e5d976ab

SHA1
744c5851aa92bec9a6d7469aacd2a13bfb3710d1

SHA256
702de3b28843a1eefa569ab162b9dcfcd595c09ca813b4c7b39b0f5b5010dd4b

SHA512
c9bbaba96824aa65a6fef76533fd629491277352201dec65230c8c752f5c72786f08193e1b82abf58a3fb0ecbc0644ced3d66dbe83c3a523fcd89f4f0cca6d7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b9a56fc61e2464c55e3e5cecca3fb747

SHA1
bd4abc4c863e7fc40987068d2f14c2da9f819347

SHA256
5c7531e768bd23bc18127aeb0568bd00f5d9a1dd70e0acd1a95139699430e109

SHA512
975635385b806ddd83d5b04799e4a9a69ca3941e41373c8525a45fb5affd357f32aa9ba220549ab2214b79fd471c750b076cb2fd85b7afd42d36c42974523f61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6c224ec118f811b9c7df65a9ca019617

SHA1
238fbf1837dcbcd710014898679e497643e8419f

SHA256
877a5dfbc40e22a3d80c9f1ef680b898c095f8a4eb4ca9639740f2a0652362fa

SHA512
e7bc7d080937fc89a17eb1179b2c383a31d1eade81fdbea8ba813d35c159538275a643c0891d382743d91e6dc25e568f8546f3e80f5a2fbcfd973899c2f00e31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
6315f609a37ce37d88e474852249f10a

SHA1
8d3ac13a0d9c0baa332ddf2ad48712c06e1f75ed

SHA256
3a708162651d87e401e05e84590b5d19afa409c069dd5b2528b83c629c7eb42c

SHA512
5dd98b2ee76302d22dfcf42b87836d8ade214acfb98f38f8a02a625453415b8f0abd79b147e9d916430102fe4968478d3d93556ec00f86674271a8a6474bf45f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
64b34e629e9db7403cb811cbdc91172b

SHA1
0cb462c1fa2aacd9a32f1ceba5432c9ed0d06677

SHA256
77106f4936bdfed71c6ae88ab2055cfa741fc9f0a5c26b9e341a6c30d84989d1

SHA512
66478470707dd9bd129cfaf41532ebd5861dec1bee5d59511b7a0818068b3d8cf5bdf2f5269db31fa7f292bf3ef59988e04a6436f4ca4a73a88446a0e48ee405

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
f8cf3dece641351e6e8b3b017e8924dc

SHA1
7f51e06656e4291858c960ef508828e0191adf3e

SHA256
00410d4005c61535a8598d3ebeaef1e1153a135cef776afdd33e933ee84cc3cf

SHA512
3cac111d0017d29f922554c32a0e49b016235dc62bea86331d0d604fd5762572564c31d602be774859685120292c0f74531cc2f4dcf8bc21b7279c82aa4692b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
1c167f4f9489e206b1aab33008737bbb

SHA1
52488e591221a9fd3a99557adda1a5fa4487d70a

SHA256
a7472b78b8b3efc5587144dc9bd2c4a21f3add25216aa56ed075a2291061a08f

SHA512
ff3d4218b8582891662f158fc9413683b43ca8276be0e5b625cc5e5a11cfad92d8e7147fb332950665ba318188a813fa95ac47b2bdb7758d1ecd8415206379b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
640b3c5664cbda90093080f44524292a

SHA1
e614c408bcdcab1d5810db8f69ec5090ec3f2307

SHA256
ae3d89db020b8ae8f5e31051f17a30851e547064863071d35348664ecffeeef1

SHA512
727b8c61acb8c8bb10443a992c88bb8fdfa1efdd2384f3182a652f689273afee152b8595da5662fd027c680658ef2fcc5da120e54a497b166f7dcc798e010ef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
9d7545e4caadaeec7cd778a68c43cf3e

SHA1
cd52068031ea674f05e0fe739bb6ae0bb5878304

SHA256
aad576aeb59ad6b45f307a9545857614057ef66f40c6bc5fa20342730ec2a6fc

SHA512
eda18b68e19927b9e5f4ba7ddfaa610f4e34b14a7d62f4e90e5b96b8bb68d0226c1803e3684120daedf6621e20bc732c1745a9ba6d6c6e6a1da0733a3d6f9719

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
74b77c426fc74c075ad71421b6a302b0

SHA1
763b6a498fcd90fbd4bd32db30532d1f4e7c19a8

SHA256
595f3e5ef9f2c24361d8d70b3f046678fd1e5f4c0e1e4edaf2c57af43c0573a4

SHA512
2453db377af03c440d193366af638c938dd6f8306a37b361c44965a430870d4fdbf63dcae91484579148f5bc278f88ffb40c4e7a06106820973b7d6d410cddb3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
710B

MD5
aad01def40ac57d0ab99897a101f54b6

SHA1
9c6919c7d0a46b2f843c27425a55f0ea94dbad95

SHA256
19f5fd5786b702a66cb07824b1e1c3f3d18edbd39f8523291247f10aaa15c28a

SHA512
d6ffdb8643189837f8b301000a6803ddd3b185a5c8522de3871bc4966ef4afd1e1b7c63f8c19d9342116c98ab312f8bf20620f63086d4c55ea8e52b716cad807

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
822B

MD5
e1572f9202060457afbd77b8c9bfdf09

SHA1
92b7ad03732e8835b6fd5ee84206c57fd72f7936

SHA256
e36cf37ddf873b615524616812973591a2e677b914aaa8cdaf37120417874623

SHA512
9e4378728eedb2d4c63514c35fc50d780194b38770f9fa6496c5e3c500338c2d9c4fe627531449f32abbbcdb15e95772bd1aa090f54e3c2e10bcbc4afeff41fb

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5b4ac1.TMP

Filesize
529B

MD5
32a919f63236e9ab316ef6f8da326a59

SHA1
c959f266bc10a5693e99ed50ba56cc9ad1769a78

SHA256
50b4e5b65b5dffc561bdedb8afaa3f4a40e316b2b1b27dc73117ce4971db6248

SHA512
95d4b5c69e2221087591a300f29576cece9e649a94486148ef33f3108a5ccccb2e9d63f269e13b9590dc13bdff50572b738d81f75450583e83a3f3bd00b8ebac

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
300B

MD5
54d80e2abd3a80349d906e9fe44e369c

SHA1
91ede7cdd7c91129df6f02023eb2da6e31eba37a

SHA256
f513c7cc3006c89f6ced19634c19471a65073ed062bc81c13dc30ffc71291e76

SHA512
8136fb769c126c6582f0313626a0d100e1779ba8214e3f990c390686c3dfc1b74dd302ebae394b0891208d48abc202bd58079b12b7bbae05eb9a33de19e5fb18

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5b5e88.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Shared Dictionary\cache\index-dir\temp-index

Filesize
48B

MD5
8e4263dcf4e79f8b95eb067268386afd

SHA1
7fb094b2790ba9a8e44ed451013fc9a72474f317

SHA256
551e074c1b54f48b216bd7cfeaf32b3748d9686d7b8d018a3cc99fddd0d13eeb

SHA512
6af8bddfb9008b5850a095b69ce6a905fee601fcb8232b404f12804d3880c90ae0851cea0ee822f3eca47244472201397e71fea4474cb221ed2764ec4eaccc3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0CFD1A3F\setup.exe

Filesize
1.9MB

MD5
8f05ef744af912501761355e1042444a

SHA1
81aeee22101f6cbba15bc6141ef19cdc9d5a5275

SHA256
66db73dff8ee7357032eb125d7e377d68c1bd82f901b41d2b47ccf6108933157

SHA512
2ec42e6b53a996cbc25fc5c9d0227c767e5e8d583b305f3704800a8b7f352e36701be5aae4a74b66e4103e1a549e1595903ef8504d5ce0d0bf463dc656e20ae6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2501191820442285036.dll

Filesize
6.7MB

MD5
658d2d0360558b8b507ee5b3f45b7df7

SHA1
396f70c0c5edcadf807af9cd0eed0204fde6b00d

SHA256
04fddeb823dd6869360d2c9bd4a6c340ecf2f3178d4a7cd5293e5da631bf33da

SHA512
496ab07ade095af48ef91d60eef43a75aa39df77ef362fd2a68920bb9965dd70ebd762a1bc59a77eb5951e784b537639fbbb2915c9144fa793b9403ecfe1be66

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoE656.tmp\StdUtils.dll

Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoE656.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoE656.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoE656.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoE656.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoE656.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.exe

Filesize
3.8MB

MD5
4faec8a4ae7a2e1c03b210637de4f66e

SHA1
9aac4a923e15eefeb2abe9d257d2c5290ceff981

SHA256
5aeb826d8d48b757aeda22cb8a38614b88fad8eedc8db32b138a9709ea0e6254

SHA512
84fe7be1c918912a30c91fc902229cd43da27f88b5dd15a9ff2ce360ea8f22df9f10696d7a5f8cae27efa70ca1ba340065634f37a6b5670d99022de3789274d6

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 319527.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit
memory/1456-13079-0x000001488BF00000-0x000001488C02A000-memory.dmp

Filesize
1.2MB

Download
memory/2504-12901-0x0000000000200000-0x00000000006B2000-memory.dmp

Filesize
4.7MB

Download
memory/3248-12946-0x00007FFF08060000-0x00007FFF08061000-memory.dmp

Filesize
4KB

Download
memory/3248-12947-0x00007FFF08AC0000-0x00007FFF08AC1000-memory.dmp

Filesize
4KB

Download
memory/3248-13078-0x000002C02B650000-0x000002C02B77A000-memory.dmp

Filesize
1.2MB

Download
memory/4628-13349-0x0000029307E70000-0x0000029307E71000-memory.dmp

Filesize
4KB

Download
memory/4628-13345-0x0000029307E70000-0x0000029307E71000-memory.dmp

Filesize
4KB

Download
memory/4628-13344-0x0000029307E70000-0x0000029307E71000-memory.dmp

Filesize
4KB

Download
memory/4628-13343-0x0000029307E70000-0x0000029307E71000-memory.dmp

Filesize
4KB

Download
memory/4628-13352-0x0000029307E70000-0x0000029307E71000-memory.dmp

Filesize
4KB

Download
memory/4628-13350-0x0000029307E70000-0x0000029307E71000-memory.dmp

Filesize
4KB

Download
memory/4628-13351-0x0000029307E70000-0x0000029307E71000-memory.dmp

Filesize
4KB

Download
memory/4628-13353-0x0000029307E70000-0x0000029307E71000-memory.dmp

Filesize
4KB

Download
memory/4628-13354-0x0000029307E70000-0x0000029307E71000-memory.dmp

Filesize
4KB

Download
memory/4628-13355-0x0000029307E70000-0x0000029307E71000-memory.dmp

Filesize
4KB

Download
memory/5068-13262-0x0000014AB94E0000-0x0000014AB960A000-memory.dmp

Filesize
1.2MB

Download
memory/5124-13369-0x000000006ED10000-0x0000000070051000-memory.dmp

Filesize
19.3MB

Download
memory/5124-13342-0x000000006ED10000-0x0000000070051000-memory.dmp

Filesize
19.3MB

Download
memory/5124-13062-0x000000006ED10000-0x0000000070051000-memory.dmp

Filesize
19.3MB

Download
memory/5124-13111-0x000000006ED10000-0x0000000070051000-memory.dmp

Filesize
19.3MB

Download
memory/5124-13383-0x000000006ED10000-0x0000000070051000-memory.dmp

Filesize
19.3MB

Download
memory/5124-13088-0x000000006ED10000-0x0000000070051000-memory.dmp

Filesize
19.3MB

Download
memory/5124-13406-0x000000006ED10000-0x0000000070051000-memory.dmp

Filesize
19.3MB

Download
memory/5124-13224-0x000000006ED10000-0x0000000070051000-memory.dmp

Filesize
19.3MB

Download
memory/5124-13134-0x000000006ED10000-0x0000000070051000-memory.dmp

Filesize
19.3MB

Download
memory/5124-13328-0x000000006ED10000-0x0000000070051000-memory.dmp

Filesize
19.3MB

Download
memory/5124-13148-0x000000006ED10000-0x0000000070051000-memory.dmp

Filesize
19.3MB

Download
memory/5124-13166-0x000000006ED10000-0x0000000070051000-memory.dmp

Filesize
19.3MB

Download
memory/5124-13305-0x000000006ED10000-0x0000000070051000-memory.dmp

Filesize
19.3MB

Download
memory/5124-13289-0x000000006ED10000-0x0000000070051000-memory.dmp

Filesize
19.3MB

Download
memory/5124-13172-0x000000006ED10000-0x0000000070051000-memory.dmp

Filesize
19.3MB

Download
memory/5124-13443-0x000000006ED10000-0x0000000070051000-memory.dmp

Filesize
19.3MB

Download