7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

Analysis

max time kernel
669s
max time network
670s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
27/03/2025, 10:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SteamSetup.exe
Size

2.3MB
MD5

1b54b70beef8eb240db31718e8f7eb5d
SHA1

da5995070737ec655824c92622333c489eb6bce4
SHA256

7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
SHA512

fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb
SSDEEP

49152:UDP/q9MIX/crfcNVBaXp1m0zyVCMwBHgFzoZhRP8:kC9MI8Hm0GCjgFc3Rk

Score

7^/10

steam defense_evasion discovery motw persistence phishing

Malware Config

Signatures

Modifies file permissions 1 TTPs 2 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
19304	icacls.exe
19244	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Downloads MZ/PE file 1 IoCs

flow	pid	Process
251	16428	firefox.exe

Drops desktop.ini file(s) 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Documents\desktop.ini	firefox.exe
File opened for modification	C:\Users\Public\desktop.ini	firefox.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	firefox.exe

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc	pid	Process
1597	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html	16428	firefox.exe

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
398	20932	msedge.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Steam\appcache\librarycache\294420\d43a8a02c05cda3848acac7bae6d3f9282a572e2.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0421.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\chkUnselDis.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_gyro_pitch_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\17515\c13110cfe96f0157c2ebd2e5b57a1aee6895dc95.jpg	steam.exe
File opened for modification	C:\Program Files\SteamTools\SteamTools.exe	st-setup-1.8.16.exe
File created	C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt	SteamSetup.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_info_sm.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\accepted_cards.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_button_l_arrow_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_touchpad_click_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_touchpad_touch.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\sounds\deck_ui_toast.wav_	steam.exe
File opened for modification	C:\program files (x86)\steam\resource\filter_profanity_english_cached_timestamp.txt	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_030_inv_0311.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0308.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\FriendsPanelLeftBG_Down.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\simBottom.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_lt_click.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_dpad_down_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\minithrobber09.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_l2_half_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_rt_click_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\layout\subpaneloptionscontroller.layout_	steam.exe
File opened for modification	C:\program files (x86)\steam\config\loginusers.vdf	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_ltrackpad_swipe.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_button_x.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_button_a_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_portuguese.txt.gz_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\libcef.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0060.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0205.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\stream_disconnect_notification.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_r2_soft_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_touchpad_left_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_color_button_b_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_l_down.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\layout\gamespage_grid.layout_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\bump_paper_s.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\chkunselstd_sm.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\icon_folderup.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\gridview_placeholder_3.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_left.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_outlined_button_x_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\fa.pak_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\SteamUI.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steampops_schinese-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_mouse_l_click_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_rstick_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_buttons_e_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_l2_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_ltrackpad_ring.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\convertcontentdialog.res_	steam.exe
File created	C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt	SteamSetup.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\btnOvrOffBottomLeft.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_button_b_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_r_down_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_button_plus_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\btnSelBottom.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_dpad_up_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_r2_soft_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_button_r_arrow.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\templates\controller_neptune_mouse.vdf_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0220.png_	steam.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_2100731420\shopping.html	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\json\i18n-ec\th\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\json\i18n-hub\ja\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\json\i18n-notification-shared\sv\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\json\i18n-shared-components\fi\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_25850905\_locales\da\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\json\i18n-notification\fi\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\json\i18n-notification-shared\zh-Hans\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\json\i18n-shared-components\pt-PT\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\json\wallet\wallet-checkout-eligible-sites.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_25850905\_locales\af\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\json\i18n-mobile-hub\fr-CA\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_25850905\dasherSettingSchema.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_25850905\_locales\ms\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\json\i18n-ec\cs\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\Wallet-Checkout\wallet-drawer.bundle.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\json\i18n-hub\el\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\json\i18n-notification\it\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_2100731420\product_page.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_2100731420\shopping_fre.html	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\json\i18n-shared-components\el\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\json\i18n-shared-components\ko\strings.json	msedge.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_25850905\_locales\km\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\bnpl\bnpl.bundle.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\json\i18n-hub\nl\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\json\wallet\super_coupon.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_25850905\_locales\ro\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_1329840831\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\json\i18n-hub\en-GB\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\json\i18n-tokenized-card\pt-PT\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\Notification\notification_fast.bundle.js.LICENSE.txt	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_25850905\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_25850905\_locales\te\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_25850905\_locales\sr\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_25850905\_locales\hi\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\json\i18n-ec\pt-BR\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\json\i18n-tokenized-card\fr-CA\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\Wallet-Checkout\load-ec-deps.bundle.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\wallet_checkout_autofill_driver.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_25850905\_locales\en_GB\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_2100731420\shopping_iframe_driver.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\json\i18n-hub\fr-CA\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_25850905\_locales\ml\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_25850905\_locales\ru\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_2100731420\shoppingfre.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\json\i18n-mobile-hub\zh-Hans\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\json\i18n-tokenized-card\zh-Hant\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\wallet-webui-227.bb2c3c84778e2589775f.chunk.js	msedge.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\json\i18n-shared-components\nl\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\json\i18n-tokenized-card\de\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\webui-setup.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_428088552\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_25850905\_metadata\verified_contents.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\json\i18n-notification\el\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_25850905\_locales\ar\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_358219125\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_2100731420\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\json\i18n-ec\el\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\json\i18n-notification-shared\pt-PT\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\runtime.bundle.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\Wallet-Checkout\app-setup.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\manifest.fingerprint	msedge.exe

Executes dropped EXE 64 IoCs

pid	Process
5436	steamservice.exe
2732	steam.exe
19748	steam.exe
912	steamsysinfo.exe
19896	steamwebhelper.exe
19924	steamwebhelper.exe
20060	steamwebhelper.exe
3824	steamwebhelper.exe
9352	gldriverquery64.exe
21932	steamwebhelper.exe
22052	steamwebhelper.exe
22604	gldriverquery.exe
22628	vulkandriverquery64.exe
22716	vulkandriverquery.exe
7728	steamwebhelper.exe
8388	steamwebhelper.exe
9152	steamwebhelper.exe
15564	steamwebhelper.exe
18440	steamwebhelper.exe
3720	steamwebhelper.exe
18860	st-setup-1.8.16.exe
19432	steamwebhelper.exe
20392	SteamTools.exe
20528	steam.exe
20548	steam.exe
20588	steam.exe
20620	steam.exe
16156	steam.exe
412	steamsysinfo.exe
17660	steamwebhelper.exe
17688	steamwebhelper.exe
18148	gldriverquery64.exe
18264	gldriverquery.exe
2012	vulkandriverquery64.exe
18304	vulkandriverquery.exe
18344	steamwebhelper.exe
12436	steamwebhelper.exe
2304	steamwebhelper.exe
18456	steamwebhelper.exe
5776	steamwebhelper.exe
18688	steamwebhelper.exe
19268	steamwebhelper.exe
19340	steamwebhelper.exe
4592	steamwebhelper.exe
21208	steamwebhelper.exe
21168	steamwebhelper.exe
5316	steamwebhelper.exe
3040	steamwebhelper.exe
5576	steamwebhelper.exe
5760	steamwebhelper.exe
5992	steam.exe
21048	steamsysinfo.exe
22228	steamwebhelper.exe
17060	steamwebhelper.exe
21088	steamwebhelper.exe
20804	steamwebhelper.exe
16776	gldriverquery64.exe
13496	steamwebhelper.exe
22356	steamwebhelper.exe
23728	gldriverquery.exe
23468	vulkandriverquery64.exe
23860	vulkandriverquery.exe
24484	steamwebhelper.exe
24492	steamwebhelper.exe

Loads dropped DLL 64 IoCs

pid	Process
1928	SteamSetup.exe
1928	SteamSetup.exe
1928	SteamSetup.exe
1928	SteamSetup.exe
1928	SteamSetup.exe
1928	SteamSetup.exe
1928	SteamSetup.exe
1928	SteamSetup.exe
19748	steam.exe
19748	steam.exe
19748	steam.exe
19748	steam.exe
19748	steam.exe
19748	steam.exe
19748	steam.exe
19748	steam.exe
19748	steam.exe
19748	steam.exe
19748	steam.exe
19748	steam.exe
19748	steam.exe
19748	steam.exe
19748	steam.exe
19748	steam.exe
912	steamsysinfo.exe
912	steamsysinfo.exe
912	steamsysinfo.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19924	steamwebhelper.exe
19924	steamwebhelper.exe
19924	steamwebhelper.exe
19748	steam.exe
20060	steamwebhelper.exe
20060	steamwebhelper.exe
20060	steamwebhelper.exe
20060	steamwebhelper.exe
20060	steamwebhelper.exe
20060	steamwebhelper.exe
20060	steamwebhelper.exe
19748	steam.exe
20060	steamwebhelper.exe
20060	steamwebhelper.exe
20060	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
3824	steamwebhelper.exe
19896	steamwebhelper.exe
3824	steamwebhelper.exe
19896	steamwebhelper.exe
3824	steamwebhelper.exe
3824	steamwebhelper.exe
19748	steam.exe
21932	steamwebhelper.exe
21932	steamwebhelper.exe
21932	steamwebhelper.exe
21932	steamwebhelper.exe
22052	steamwebhelper.exe
22052	steamwebhelper.exe
22052	steamwebhelper.exe
22052	steamwebhelper.exe
22052	steamwebhelper.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\st-setup-1.8.16.exe:Zone.Identifier	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 15 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamsysinfo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamsysinfo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamsysinfo.exe

Checks processor information in registry 2 TTPs 64 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133875467324069042"	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\steam	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\steam\URL Protocol	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\steam\ = "URL:steam protocol"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\steam\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\program files (x86)\\steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\steam\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\steam	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\steam	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\steamlink\URL Protocol	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\steamlink\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\steamlink\URL Protocol	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\steam\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\steam\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\steamlink\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\steamlink\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\steam\ = "URL:steam protocol"	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\steam\Shell\Open\Command	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\steamlink\Shell\Open\Command	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\steamlink\DefaultIcon	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\steamlink	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steam.exe

Modifies system certificate store 2 TTPs 6 IoCs

defense_evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	steam.exe

NTFS ADS 4 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\st-setup-1.8.16.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\1222140.zip:Zone.Identifier	firefox.exe
File created	C:\Program Files (x86)\Steam\config\stplug-in\1222140.lua\:Zone.Identifier:$DATA	SteamTools.exe
File created	C:\Program Files (x86)\Steam\config\depotcache\1222141_7324084008489949045.manifest\:Zone.Identifier:$DATA	SteamTools.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
20392	SteamTools.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1928	SteamSetup.exe
1928	SteamSetup.exe
1928	SteamSetup.exe
1928	SteamSetup.exe
1928	SteamSetup.exe
1928	SteamSetup.exe
1928	SteamSetup.exe
1928	SteamSetup.exe
1928	SteamSetup.exe
1928	SteamSetup.exe
1928	SteamSetup.exe
1928	SteamSetup.exe
1928	SteamSetup.exe
1928	SteamSetup.exe
1928	SteamSetup.exe
1928	SteamSetup.exe
19748	steam.exe
19748	steam.exe
19748	steam.exe
19748	steam.exe
19748	steam.exe
19748	steam.exe
19748	steam.exe
19748	steam.exe
19748	steam.exe
19748	steam.exe
19748	steam.exe
19748	steam.exe
19432	steamwebhelper.exe
19432	steamwebhelper.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
19748	steam.exe
20392	SteamTools.exe
16156	steam.exe
5992	steam.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
20680	msedge.exe
20680	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	5436	steamservice.exe
Token: SeSecurityPrivilege	5436	steamservice.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe
Token: SeShutdownPrivilege	19896	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	19896	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
19748	steam.exe
19748	steam.exe
19748	steam.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19748	steam.exe
19748	steam.exe
19748	steam.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe
19896	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 57 IoCs

pid	Process
19748	steam.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
18860	st-setup-1.8.16.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
20392	SteamTools.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16428	firefox.exe
16156	steam.exe
5992	steam.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 5436	1928	SteamSetup.exe	82
PID 1928 wrote to memory of 5436	1928	SteamSetup.exe	82
PID 1928 wrote to memory of 5436	1928	SteamSetup.exe	82
PID 2732 wrote to memory of 19748	2732	steam.exe	96
PID 2732 wrote to memory of 19748	2732	steam.exe	96
PID 2732 wrote to memory of 19748	2732	steam.exe	96
PID 19748 wrote to memory of 912	19748	steam.exe	97
PID 19748 wrote to memory of 912	19748	steam.exe	97
PID 19748 wrote to memory of 912	19748	steam.exe	97
PID 19748 wrote to memory of 19896	19748	steam.exe	99
PID 19748 wrote to memory of 19896	19748	steam.exe	99
PID 19896 wrote to memory of 19924	19896	steamwebhelper.exe	100
PID 19896 wrote to memory of 19924	19896	steamwebhelper.exe	100
PID 19896 wrote to memory of 20060	19896	steamwebhelper.exe	101
PID 19896 wrote to memory of 20060	19896	steamwebhelper.exe	101
PID 19896 wrote to memory of 20060	19896	steamwebhelper.exe	101
PID 19896 wrote to memory of 20060	19896	steamwebhelper.exe	101
PID 19896 wrote to memory of 20060	19896	steamwebhelper.exe	101
PID 19896 wrote to memory of 20060	19896	steamwebhelper.exe	101
PID 19896 wrote to memory of 20060	19896	steamwebhelper.exe	101
PID 19896 wrote to memory of 20060	19896	steamwebhelper.exe	101
PID 19896 wrote to memory of 20060	19896	steamwebhelper.exe	101
PID 19896 wrote to memory of 20060	19896	steamwebhelper.exe	101
PID 19896 wrote to memory of 20060	19896	steamwebhelper.exe	101
PID 19896 wrote to memory of 20060	19896	steamwebhelper.exe	101
PID 19896 wrote to memory of 20060	19896	steamwebhelper.exe	101
PID 19896 wrote to memory of 20060	19896	steamwebhelper.exe	101
PID 19896 wrote to memory of 20060	19896	steamwebhelper.exe	101
PID 19896 wrote to memory of 20060	19896	steamwebhelper.exe	101
PID 19896 wrote to memory of 20060	19896	steamwebhelper.exe	101
PID 19896 wrote to memory of 20060	19896	steamwebhelper.exe	101
PID 19896 wrote to memory of 20060	19896	steamwebhelper.exe	101
PID 19896 wrote to memory of 20060	19896	steamwebhelper.exe	101
PID 19896 wrote to memory of 20060	19896	steamwebhelper.exe	101
PID 19896 wrote to memory of 20060	19896	steamwebhelper.exe	101
PID 19896 wrote to memory of 20060	19896	steamwebhelper.exe	101
PID 19896 wrote to memory of 20060	19896	steamwebhelper.exe	101
PID 19896 wrote to memory of 20060	19896	steamwebhelper.exe	101
PID 19896 wrote to memory of 20060	19896	steamwebhelper.exe	101
PID 19896 wrote to memory of 20060	19896	steamwebhelper.exe	101
PID 19896 wrote to memory of 20060	19896	steamwebhelper.exe	101
PID 19896 wrote to memory of 20060	19896	steamwebhelper.exe	101
PID 19896 wrote to memory of 20060	19896	steamwebhelper.exe	101
PID 19896 wrote to memory of 3824	19896	steamwebhelper.exe	102
PID 19896 wrote to memory of 3824	19896	steamwebhelper.exe	102
PID 19748 wrote to memory of 9352	19748	steam.exe	105
PID 19748 wrote to memory of 9352	19748	steam.exe	105
PID 19896 wrote to memory of 21932	19896	steamwebhelper.exe	106
PID 19896 wrote to memory of 21932	19896	steamwebhelper.exe	106
PID 19896 wrote to memory of 21932	19896	steamwebhelper.exe	106
PID 19896 wrote to memory of 21932	19896	steamwebhelper.exe	106
PID 19896 wrote to memory of 21932	19896	steamwebhelper.exe	106
PID 19896 wrote to memory of 21932	19896	steamwebhelper.exe	106
PID 19896 wrote to memory of 21932	19896	steamwebhelper.exe	106
PID 19896 wrote to memory of 21932	19896	steamwebhelper.exe	106
PID 19896 wrote to memory of 21932	19896	steamwebhelper.exe	106
PID 19896 wrote to memory of 21932	19896	steamwebhelper.exe	106
PID 19896 wrote to memory of 21932	19896	steamwebhelper.exe	106
PID 19896 wrote to memory of 21932	19896	steamwebhelper.exe	106
PID 19896 wrote to memory of 21932	19896	steamwebhelper.exe	106
PID 19896 wrote to memory of 21932	19896	steamwebhelper.exe	106
PID 19896 wrote to memory of 21932	19896	steamwebhelper.exe	106
PID 19896 wrote to memory of 21932	19896	steamwebhelper.exe	106
PID 19896 wrote to memory of 21932	19896	steamwebhelper.exe	106

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe
"C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe"
1⤵
- Adds Run key to start application
- Drops file in Program Files directory
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Program Files (x86)\Steam\bin\steamservice.exe
  "C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  PID:5436

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Drops file in Program Files directory
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Program Files (x86)\Steam\steam.exe
  "C:\Program Files (x86)\Steam\steam.exe"
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies registry class
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:19748
- - C:\Program Files (x86)\Steam\steamsysinfo.exe
    "C:\Program Files (x86)\Steam\steamsysinfo.exe" -steamid 0 -buildid 1741737356 -logdir "C:\Program Files (x86)\Steam\logs" -query 1 -out-file C:\Users\Admin\AppData\Local\Temp\BCF2.tmp
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:912
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" -nocrashdialog "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=19748" "-buildid=1741737356" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Drops file in Windows directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:19896
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1741737356 --initial-client-data=0x298,0x29c,0x2a0,0x294,0x2a4,0x7ffa1a39af00,0x7ffa1a39af0c,0x7ffa1a39af18
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:19924
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1576,i,14130003295166366753,3233900936369749619,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1580 --mojo-platform-channel-handle=1568 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:20060
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --field-trial-handle=2152,i,14130003295166366753,3233900936369749619,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2156 --mojo-platform-channel-handle=2148 /prefetch:11
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3824
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --field-trial-handle=2896,i,14130003295166366753,3233900936369749619,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2900 --mojo-platform-channel-handle=2892 /prefetch:13
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:21932
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3304,i,14130003295166366753,3233900936369749619,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3308 --mojo-platform-channel-handle=3300 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:22052
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3936,i,14130003295166366753,3233900936369749619,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3940 --mojo-platform-channel-handle=3932 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:7728
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4108,i,14130003295166366753,3233900936369749619,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4112 --mojo-platform-channel-handle=4104 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:8388
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4500,i,14130003295166366753,3233900936369749619,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4236 --mojo-platform-channel-handle=4608 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:9152
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --field-trial-handle=4856,i,14130003295166366753,3233900936369749619,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3860 --mojo-platform-channel-handle=4128 /prefetch:14
      4⤵
      Executes dropped EXE
      PID:15564
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=1128,i,14130003295166366753,3233900936369749619,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2012 --mojo-platform-channel-handle=3956 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:3720
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4444,i,14130003295166366753,3233900936369749619,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4840 --mojo-platform-channel-handle=4692 /prefetch:1
      4⤵
      Executes dropped EXE
      PID:18440
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4008,i,14130003295166366753,3233900936369749619,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3996 --mojo-platform-channel-handle=3972 /prefetch:10
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:19432
- - C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:9352
- - C:\Program Files (x86)\Steam\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:22604
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:22628
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:22716

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004EC
1⤵
PID:3524

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:13752
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Downloads MZ/PE file
  - Drops desktop.ini file(s)
  - Mark of the Web detected: This indicates that the page was originally saved or cloned.
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - NTFS ADS
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:16428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 1960 -prefsLen 27097 -prefMapHandle 1964 -prefMapSize 270279 -ipcHandle 2040 -initialChannelId {003cd72e-9d31-422b-aff7-7ec5af47ac0a} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
    3⤵
    PID:5220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2408 -prefsLen 27133 -prefMapHandle 2412 -prefMapSize 270279 -ipcHandle 2420 -initialChannelId {55ed4937-e0df-4a1d-8b0b-78750a1c49d8} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
    3⤵
    PID:2240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3932 -prefsLen 27323 -prefMapHandle 3936 -prefMapSize 270279 -jsInitHandle 3940 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3948 -initialChannelId {0d451154-688d-4e38-9e71-5dde8f9daadd} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
    3⤵
    - Checks processor information in registry
    PID:4176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 4084 -prefsLen 27323 -prefMapHandle 4088 -prefMapSize 270279 -ipcHandle 4108 -initialChannelId {c688e60f-928f-480b-8fe7-9f2a15ed599a} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
    3⤵
    PID:2032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3260 -prefsLen 34822 -prefMapHandle 3264 -prefMapSize 270279 -jsInitHandle 2648 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 4564 -initialChannelId {a9b15eda-d25b-40f2-bd62-faa2e64a0e0f} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
    3⤵
    - Checks processor information in registry
    PID:4916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 1204 -prefsLen 35010 -prefMapHandle 1208 -prefMapSize 270279 -ipcHandle 5040 -initialChannelId {1a9abb05-6025-4f70-b51c-da902d3caf43} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
    3⤵
    - Checks processor information in registry
    PID:7104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5468 -prefsLen 32952 -prefMapHandle 3192 -prefMapSize 270279 -jsInitHandle 3036 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3100 -initialChannelId {64c02f22-2560-44a5-8e88-26e1fec9cc95} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
    3⤵
    - Checks processor information in registry
    PID:7504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5600 -prefsLen 32952 -prefMapHandle 5604 -prefMapSize 270279 -jsInitHandle 5608 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5612 -initialChannelId {f9965130-2a09-41a3-87b1-008405ac9d54} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
    3⤵
    - Checks processor information in registry
    PID:7516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5784 -prefsLen 32952 -prefMapHandle 5788 -prefMapSize 270279 -jsInitHandle 5792 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5800 -initialChannelId {3aef132e-75d1-4554-a486-66da9d3851a4} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
    3⤵
    PID:7528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6288 -prefsLen 33071 -prefMapHandle 6292 -prefMapSize 270279 -jsInitHandle 6604 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6396 -initialChannelId {337f18d0-6d98-4264-88a6-c92b4dff537d} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 10 tab
    3⤵
    - Checks processor information in registry
    PID:12088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6988 -prefsLen 36543 -prefMapHandle 6996 -prefMapSize 270279 -jsInitHandle 7000 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 7008 -initialChannelId {6df05133-5089-4071-999e-1a3d583538c8} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 11 tab
    3⤵
    PID:16548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 7036 -prefsLen 36543 -prefMapHandle 4768 -prefMapSize 270279 -jsInitHandle 5920 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6936 -initialChannelId {b03a2c3e-35e7-4af9-8f37-ff3e7546bdcb} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 12 tab
    3⤵
    PID:17232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6416 -prefsLen 36543 -prefMapHandle 6232 -prefMapSize 270279 -jsInitHandle 6392 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3444 -initialChannelId {3d8c23f8-b5f6-499a-9bdc-6e7856cede1a} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 13 tab
    3⤵
    PID:17248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6364 -prefsLen 36647 -prefMapHandle 6828 -prefMapSize 270279 -jsInitHandle 6764 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 4700 -initialChannelId {7446dff6-d3a5-41ea-8665-568ad94aa42a} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 14 tab
    3⤵
    - Checks processor information in registry
    PID:18004
- - C:\Users\Admin\Downloads\st-setup-1.8.16.exe
    "C:\Users\Admin\Downloads\st-setup-1.8.16.exe"
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:18860
  - - C:\Windows\SYSTEM32\icacls.exe
      icacls "C:\Program Files\SteamTools" /grant:r "*S-1-5-32-545:(OI)(CI)F" /T
      4⤵
      Modifies file permissions
      PID:19244
  - - C:\Windows\SYSTEM32\icacls.exe
      icacls "C:\Program Files\SteamTools\*.*" /grant:r "*S-1-5-32-545:(OI)(CI)F"
      4⤵
      Modifies file permissions
      PID:19304
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe" "C:\Users\Admin\AppData\Local\Temp\SteamTools_launcher.bat"
      4⤵
      PID:20204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 2784 -prefsLen 36863 -prefMapHandle 3000 -prefMapSize 270279 -jsInitHandle 6960 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 7072 -initialChannelId {5d3ac276-b42e-49f5-a560-cf46e09ff2e9} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 15 tab
    3⤵
    - Checks processor information in registry
    PID:17616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6868 -prefsLen 36863 -prefMapHandle 4876 -prefMapSize 270279 -jsInitHandle 4880 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 7072 -initialChannelId {6e4152a5-2869-4b0e-9a3e-b5dcabe8f85e} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 16 tab
    3⤵
    PID:4612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 8580 -prefsLen 36863 -prefMapHandle 8584 -prefMapSize 270279 -jsInitHandle 8588 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 8596 -initialChannelId {a4d8cb6a-7474-4d68-997d-9c5b62f49e2e} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 17 tab
    3⤵
    PID:19824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 7348 -prefsLen 36863 -prefMapHandle 7380 -prefMapSize 270279 -jsInitHandle 7112 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 7392 -initialChannelId {e407e591-955b-4ada-aa4a-437a886da556} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 18 tab
    3⤵
    - Checks processor information in registry
    PID:23072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4484 -prefsLen 36863 -prefMapHandle 7224 -prefMapSize 270279 -jsInitHandle 7284 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6428 -initialChannelId {96c82a88-579f-4996-8a9e-9cd86cc55a0f} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 19 tab
    3⤵
    PID:2960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 7384 -prefsLen 36863 -prefMapHandle 7132 -prefMapSize 270279 -jsInitHandle 7256 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3960 -initialChannelId {0e365941-8868-40e4-a878-1082740e83b5} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 20 tab
    3⤵
    PID:6292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9024 -prefsLen 36863 -prefMapHandle 9028 -prefMapSize 270279 -jsInitHandle 9032 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9040 -initialChannelId {bae2a4dc-7944-4bcc-9d58-f74f0e29b5df} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 21 tab
    3⤵
    - Checks processor information in registry
    PID:6712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9212 -prefsLen 36863 -prefMapHandle 9220 -prefMapSize 270279 -jsInitHandle 9224 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9232 -initialChannelId {9665d3c2-5ae5-4803-8f32-548c5c805394} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 22 tab
    3⤵
    - Checks processor information in registry
    PID:6720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 8996 -prefsLen 36863 -prefMapHandle 8924 -prefMapSize 270279 -jsInitHandle 7384 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9016 -initialChannelId {bbb5f876-b737-40f1-9e5d-6ac21099db59} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 23 tab
    3⤵
    - Checks processor information in registry
    PID:7612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9668 -prefsLen 36863 -prefMapHandle 9672 -prefMapSize 270279 -jsInitHandle 9676 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9652 -initialChannelId {13aa4a81-86b3-4781-be5f-8be0832a93c0} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 24 tab
    3⤵
    PID:1748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9896 -prefsLen 36863 -prefMapHandle 10072 -prefMapSize 270279 -jsInitHandle 9992 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9928 -initialChannelId {100c9e12-ac36-42af-bc38-10d3523f669c} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 25 tab
    3⤵
    - Checks processor information in registry
    PID:8664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 10276 -prefsLen 36863 -prefMapHandle 10280 -prefMapSize 270279 -jsInitHandle 10284 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 10220 -initialChannelId {4a1cf3a3-06cb-4125-a795-93e4ab3f3ce5} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 26 tab
    3⤵
    - Checks processor information in registry
    PID:8676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 10456 -prefsLen 36863 -prefMapHandle 10452 -prefMapSize 270279 -jsInitHandle 10448 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 10488 -initialChannelId {d18b0bc8-85a8-402f-a3f3-d09d4ae75ca4} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 27 tab
    3⤵
    PID:8688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9364 -prefsLen 36863 -prefMapHandle 9352 -prefMapSize 270279 -jsInitHandle 9340 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9452 -initialChannelId {e37806df-47e6-4451-89e6-cad212f0165b} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 28 tab
    3⤵
    - Checks processor information in registry
    PID:9996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 10408 -prefsLen 36863 -prefMapHandle 9440 -prefMapSize 270279 -jsInitHandle 9392 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9976 -initialChannelId {5a954471-6dde-489d-aec6-6a88c2a806a6} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 29 tab
    3⤵
    PID:10028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9444 -prefsLen 36863 -prefMapHandle 9308 -prefMapSize 270279 -jsInitHandle 9156 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9552 -initialChannelId {3d484ba1-730f-493c-b32a-9673c5ee06f3} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 30 tab
    3⤵
    PID:12340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9956 -prefsLen 36863 -prefMapHandle 9896 -prefMapSize 270279 -jsInitHandle 10460 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9804 -initialChannelId {c07755c1-85cd-40cc-aa65-3cb142162e6e} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 31 tab
    3⤵
    - Checks processor information in registry
    PID:12496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 2552 -prefsLen 36863 -prefMapHandle 8500 -prefMapSize 270279 -jsInitHandle 8688 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9936 -initialChannelId {95309d23-ad6e-4dab-b17b-ac007b569444} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 32 tab
    3⤵
    - Checks processor information in registry
    PID:12484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9348 -prefsLen 36863 -prefMapHandle 6328 -prefMapSize 270279 -jsInitHandle 10028 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 10732 -initialChannelId {17756527-9625-4ff8-a881-aa8e69cf8351} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 33 tab
    3⤵
    PID:12468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 10616 -prefsLen 36863 -prefMapHandle 10604 -prefMapSize 270279 -jsInitHandle 10592 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 10304 -initialChannelId {084f58de-c8ee-4482-afbd-3bf187519366} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 34 tab
    3⤵
    PID:13428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9652 -prefsLen 36863 -prefMapHandle 8900 -prefMapSize 270279 -jsInitHandle 8448 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9764 -initialChannelId {836bb822-e648-498c-a020-6c6967f82ba9} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 35 tab
    3⤵
    PID:16156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 10636 -prefsLen 36863 -prefMapHandle 10772 -prefMapSize 270279 -jsInitHandle 9820 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9692 -initialChannelId {3b0a6877-d428-4f09-b0e7-1ed7d7d2f8e5} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 36 tab
    3⤵
    - Checks processor information in registry
    PID:16168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9392 -prefsLen 36863 -prefMapHandle 10008 -prefMapSize 270279 -jsInitHandle 10004 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 10636 -initialChannelId {e1cb695c-91a0-4782-9de0-55407239d20a} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 37 tab
    3⤵
    - Checks processor information in registry
    PID:16872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9892 -prefsLen 36863 -prefMapHandle 10532 -prefMapSize 270279 -jsInitHandle 10396 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 10324 -initialChannelId {d1f090cd-6065-41ef-8d4e-5546f3ff995f} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 38 tab
    3⤵
    - Checks processor information in registry
    PID:16920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 10652 -prefsLen 36863 -prefMapHandle 8980 -prefMapSize 270279 -jsInitHandle 9724 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9872 -initialChannelId {8026040a-8392-4868-a4f1-d8ea3227e175} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 39 tab
    3⤵
    PID:16924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9768 -prefsLen 36863 -prefMapHandle 10008 -prefMapSize 270279 -jsInitHandle 9504 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 10180 -initialChannelId {35b1a709-a521-46f3-ae44-35b238bdf748} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 40 tab
    3⤵
    PID:21400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9276 -prefsLen 36863 -prefMapHandle 10796 -prefMapSize 270279 -jsInitHandle 10808 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 10832 -initialChannelId {67df6bfc-cebc-4783-88ea-a6ca2e79741f} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 41 tab
    3⤵
    - Checks processor information in registry
    PID:20784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9772 -prefsLen 36863 -prefMapHandle 9464 -prefMapSize 270279 -jsInitHandle 9532 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9564 -initialChannelId {752df64b-6d59-47d9-8546-41bf5aedeb8e} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 42 tab
    3⤵
    - Checks processor information in registry
    PID:25164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 10120 -prefsLen 36863 -prefMapHandle 10108 -prefMapSize 270279 -jsInitHandle 9856 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 10784 -initialChannelId {fe01ebbb-7b29-4b1a-86d2-c4d66d754510} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 43 tab
    3⤵
    PID:23876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9044 -prefsLen 36863 -prefMapHandle 8676 -prefMapSize 270279 -jsInitHandle 6296 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 8992 -initialChannelId {482f2cfc-d2c6-4975-bc7f-7f964d4c0058} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 44 tab
    3⤵
    - Checks processor information in registry
    PID:25596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 10588 -prefsLen 36863 -prefMapHandle 10596 -prefMapSize 270279 -jsInitHandle 10220 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 11408 -initialChannelId {c0480b63-e93e-4e73-8b82-5a48ad491cc0} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 45 tab
    3⤵
    PID:10772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 10948 -prefsLen 36863 -prefMapHandle 10932 -prefMapSize 270279 -jsInitHandle 10936 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 11400 -initialChannelId {7fc619da-fa2d-4cd0-b276-01c90d3ba47e} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 46 tab
    3⤵
    - Checks processor information in registry
    PID:13744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9384 -prefsLen 36863 -prefMapHandle 6872 -prefMapSize 270279 -jsInitHandle 6672 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 10864 -initialChannelId {0c4c97d2-fb4c-4b9c-9c30-4b90f581e860} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 47 tab
    3⤵
    - Checks processor information in registry
    PID:11140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6728 -prefsLen 36863 -prefMapHandle 6724 -prefMapSize 270279 -jsInitHandle 6220 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 10760 -initialChannelId {22539ad6-a3f8-414f-becc-4831452e7ba4} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 48 tab
    3⤵
    - Checks processor information in registry
    PID:5152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 11796 -prefsLen 36863 -prefMapHandle 11800 -prefMapSize 270279 -jsInitHandle 11804 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 11772 -initialChannelId {fa3e8976-c2c5-44a9-9188-9e1ea8b8a5e7} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 49 tab
    3⤵
    - Checks processor information in registry
    PID:11200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 10152 -prefsLen 36863 -prefMapHandle 10148 -prefMapSize 270279 -jsInitHandle 9612 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 11604 -initialChannelId {2cb36751-1e8d-4219-b10a-9c0bfd39ac11} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 50 tab
    3⤵
    - Checks processor information in registry
    PID:15948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 10712 -prefsLen 36863 -prefMapHandle 8632 -prefMapSize 270279 -jsInitHandle 4880 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6872 -initialChannelId {d603b017-0baa-4e6c-a9cf-94bcee452528} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 51 tab
    3⤵
    - Checks processor information in registry
    PID:20108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 12548 -prefsLen 36863 -prefMapHandle 12552 -prefMapSize 270279 -jsInitHandle 12556 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 12588 -initialChannelId {9952fc33-145a-4c8f-9d31-cc9475842ef9} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 52 tab
    3⤵
    - Checks processor information in registry
    PID:15056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 12572 -prefsLen 36863 -prefMapHandle 12576 -prefMapSize 270279 -jsInitHandle 12580 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 12596 -initialChannelId {1535b594-d117-478f-8226-470c44e15696} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 53 tab
    3⤵
    PID:15064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 12968 -prefsLen 36863 -prefMapHandle 12860 -prefMapSize 270279 -jsInitHandle 12856 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 13012 -initialChannelId {d860e1ec-2e94-421f-8d10-1f8b942368e9} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 54 tab
    3⤵
    - Checks processor information in registry
    PID:15088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 13184 -prefsLen 36863 -prefMapHandle 13180 -prefMapSize 270279 -jsInitHandle 13176 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 13220 -initialChannelId {df7cfd05-0d68-4418-928d-243ab866d731} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 55 tab
    3⤵
    - Checks processor information in registry
    PID:5228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 12836 -prefsLen 36863 -prefMapHandle 12832 -prefMapSize 270279 -jsInitHandle 12828 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 12820 -initialChannelId {b185cada-ba35-428d-b802-08f50cfc303a} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 56 tab
    3⤵
    PID:16280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 13596 -prefsLen 36863 -prefMapHandle 13592 -prefMapSize 270279 -jsInitHandle 13640 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 12900 -initialChannelId {9488d854-4fc2-47aa-91f6-26533403895b} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 57 tab
    3⤵
    - Checks processor information in registry
    PID:16372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 13856 -prefsLen 36863 -prefMapHandle 13860 -prefMapSize 270279 -jsInitHandle 13864 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 13812 -initialChannelId {02c351d1-c4e4-4855-b243-0cff62c08d18} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 58 tab
    3⤵
    PID:16400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 13572 -prefsLen 36863 -prefMapHandle 13568 -prefMapSize 270279 -jsInitHandle 13564 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 13468 -initialChannelId {1d15e5f2-b75c-4e5c-b7f3-73e9f1643b91} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 59 tab
    3⤵
    - Checks processor information in registry
    PID:17608
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 13856 -prefsLen 36863 -prefMapHandle 13860 -prefMapSize 270279 -jsInitHandle 13864 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 14188 -initialChannelId {2ecd6aed-6f4a-4604-91e5-7d1c45ad5ed7} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 60 tab
    3⤵
    - Checks processor information in registry
    PID:22740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 14456 -prefsLen 36863 -prefMapHandle 14460 -prefMapSize 270279 -jsInitHandle 14464 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 14424 -initialChannelId {b00c31c5-8bc2-412f-9fc5-b7d11a4137cc} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 61 tab
    3⤵
    PID:10976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 14212 -prefsLen 36863 -prefMapHandle 13972 -prefMapSize 270279 -jsInitHandle 14188 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 14404 -initialChannelId {48d56907-1d83-43fc-9500-ee001513d7b0} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 62 tab
    3⤵
    - Checks processor information in registry
    PID:11752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 14584 -prefsLen 36863 -prefMapHandle 14480 -prefMapSize 270279 -jsInitHandle 14492 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 14412 -initialChannelId {1a9411c8-4b91-40c0-b5de-a33afb18cff4} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 63 tab
    3⤵
    - Checks processor information in registry
    PID:2292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 14448 -prefsLen 36863 -prefMapHandle 14452 -prefMapSize 270279 -jsInitHandle 14388 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9736 -initialChannelId {862440c2-07e3-48cb-a51c-1cc1a05d8bd6} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 64 tab
    3⤵
    - Checks processor information in registry
    PID:13688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 10144 -prefsLen 36863 -prefMapHandle 15252 -prefMapSize 270279 -jsInitHandle 15244 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 15216 -initialChannelId {bc63aba2-022f-4295-bb37-0531e039c4d4} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 65 tab
    3⤵
    - Checks processor information in registry
    PID:6536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 15296 -prefsLen 36863 -prefMapHandle 15292 -prefMapSize 270279 -jsInitHandle 13984 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 15208 -initialChannelId {3fa14dfa-3e44-4287-a528-96a65d2a82ea} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 66 tab
    3⤵
    PID:6548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6352 -prefsLen 36863 -prefMapHandle 13980 -prefMapSize 270279 -jsInitHandle 12520 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 11832 -initialChannelId {0662c53e-f670-4c24-9444-78b628c09c1b} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 67 tab
    3⤵
    - Checks processor information in registry
    PID:9492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9040 -prefsLen 36863 -prefMapHandle 9904 -prefMapSize 270279 -jsInitHandle 15268 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 15380 -initialChannelId {6098329d-874c-4404-8a07-87841eceb7d3} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 68 tab
    3⤵
    PID:11076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 15420 -prefsLen 36863 -prefMapHandle 15416 -prefMapSize 270279 -jsInitHandle 12496 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 13972 -initialChannelId {592048a9-0fe2-4e27-be19-a6a3b703853d} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 69 tab
    3⤵
    - Checks processor information in registry
    PID:11560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 11560 -prefsLen 36863 -prefMapHandle 10224 -prefMapSize 270279 -jsInitHandle 6440 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 14212 -initialChannelId {e02a64ab-600b-4de1-9619-82505acb0b42} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 70 tab
    3⤵
    - Checks processor information in registry
    PID:12052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9380 -prefsLen 36863 -prefMapHandle 14620 -prefMapSize 270279 -jsInitHandle 14684 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 10260 -initialChannelId {fb078a66-5d6d-463e-afbe-81d70fc9dafe} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 71 tab
    3⤵
    PID:12196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 10032 -prefsLen 36903 -prefMapHandle 12272 -prefMapSize 270279 -jsInitHandle 9984 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6700 -initialChannelId {f0245b09-194d-4950-ba43-1ebb25c70321} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 72 tab
    3⤵
    - Checks processor information in registry
    PID:14132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 15392 -prefsLen 36903 -prefMapHandle 15000 -prefMapSize 270279 -jsInitHandle 14976 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 15068 -initialChannelId {debb1fb1-447e-4f78-acdc-e9343d0ea767} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 73 tab
    3⤵
    PID:14140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 8512 -prefsLen 36903 -prefMapHandle 6728 -prefMapSize 270279 -jsInitHandle 10768 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 13572 -initialChannelId {5bacd141-b4ed-40a6-adc4-9158df7493f8} -parentPid 16428 -crashReporter "\\.\pipe\gecko-crash-server-pipe.16428" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 74 tab
    3⤵
    - Checks processor information in registry
    PID:15512

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:20280
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SteamTools_launcher.bat" "
  2⤵
  PID:20340
- - C:\Program Files\SteamTools\SteamTools.exe
    "C:\Program Files\SteamTools\SteamTools.exe"
    3⤵
    - Executes dropped EXE
    - NTFS ADS
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:20392
  - - C:\program files (x86)\steam\steam.exe
      "C:\program files (x86)\steam\steam.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:20528
  - - C:\program files (x86)\steam\steam.exe
      "C:\program files (x86)\steam\steam.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:20548
  - - C:\program files (x86)\steam\steam.exe
      "C:\program files (x86)\steam\steam.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:20588
  - - C:\program files (x86)\steam\steam.exe
      "C:\program files (x86)\steam\steam.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:20620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:20680
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2c0,0x30c,0x7ff9ffb9f208,0x7ff9ffb9f214,0x7ff9ffb9f220
        5⤵
        
        PID:20712
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1912,i,17569465871712088341,13757285147992151455,262144 --variations-seed-version --mojo-platform-channel-handle=1908 /prefetch:2
        5⤵
        
        PID:20916
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=2096,i,17569465871712088341,13757285147992151455,262144 --variations-seed-version --mojo-platform-channel-handle=2220 /prefetch:11
        5⤵
        Detected potential entity reuse from brand STEAM.
        
        PID:20932
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1900,i,17569465871712088341,13757285147992151455,262144 --variations-seed-version --mojo-platform-channel-handle=2552 /prefetch:13
        5⤵
        
        PID:21096
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3444,i,17569465871712088341,13757285147992151455,262144 --variations-seed-version --mojo-platform-channel-handle=3516 /prefetch:1
        5⤵
        
        PID:21260
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3436,i,17569465871712088341,13757285147992151455,262144 --variations-seed-version --mojo-platform-channel-handle=3432 /prefetch:1
        5⤵
        
        PID:21272
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
        5⤵
        Drops file in Windows directory
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        
        PID:22324
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x250,0x7ff9ffb9f208,0x7ff9ffb9f214,0x7ff9ffb9f220
        6⤵
        
        PID:22364
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1776,i,3397892180976367536,17459131620682204273,262144 --variations-seed-version --mojo-platform-channel-handle=2216 /prefetch:11
        6⤵
        
        PID:23364
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2172,i,3397892180976367536,17459131620682204273,262144 --variations-seed-version --mojo-platform-channel-handle=2168 /prefetch:2
        6⤵
        
        PID:23372
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2424,i,3397892180976367536,17459131620682204273,262144 --variations-seed-version --mojo-platform-channel-handle=2912 /prefetch:13
        6⤵
        
        PID:23408
      - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4368,i,3397892180976367536,17459131620682204273,262144 --variations-seed-version --mojo-platform-channel-handle=4352 /prefetch:14
        6⤵
        
        PID:23788
      - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4368,i,3397892180976367536,17459131620682204273,262144 --variations-seed-version --mojo-platform-channel-handle=4352 /prefetch:14
        6⤵
        
        PID:23820
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4388,i,3397892180976367536,17459131620682204273,262144 --variations-seed-version --mojo-platform-channel-handle=4460 /prefetch:14
        6⤵
        
        PID:23852
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4504,i,3397892180976367536,17459131620682204273,262144 --variations-seed-version --mojo-platform-channel-handle=4592 /prefetch:14
        6⤵
        
        PID:24128
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4592,i,3397892180976367536,17459131620682204273,262144 --variations-seed-version --mojo-platform-channel-handle=4740 /prefetch:14
        6⤵
        
        PID:24552
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4596,i,3397892180976367536,17459131620682204273,262144 --variations-seed-version --mojo-platform-channel-handle=4776 /prefetch:14
        6⤵
        
        PID:11084
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4412,i,3397892180976367536,17459131620682204273,262144 --variations-seed-version --mojo-platform-channel-handle=4800 /prefetch:14
        6⤵
        
        PID:11104
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4432,i,3397892180976367536,17459131620682204273,262144 --variations-seed-version --mojo-platform-channel-handle=4484 /prefetch:14
        6⤵
        
        PID:11112
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4972,i,3397892180976367536,17459131620682204273,262144 --variations-seed-version --mojo-platform-channel-handle=4984 /prefetch:14
        6⤵
        
        PID:13876
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5008,i,3397892180976367536,17459131620682204273,262144 --variations-seed-version --mojo-platform-channel-handle=5144 /prefetch:14
        6⤵
        
        PID:15156
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2848,i,3397892180976367536,17459131620682204273,262144 --variations-seed-version --mojo-platform-channel-handle=4988 /prefetch:14
        6⤵
        
        PID:248
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2016,i,3397892180976367536,17459131620682204273,262144 --variations-seed-version --mojo-platform-channel-handle=5304 /prefetch:14
        6⤵
        
        PID:2716
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4988,i,3397892180976367536,17459131620682204273,262144 --variations-seed-version --mojo-platform-channel-handle=5296 /prefetch:10
        6⤵
        
        PID:10980
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3592,i,3397892180976367536,17459131620682204273,262144 --variations-seed-version --mojo-platform-channel-handle=3724 /prefetch:14
        6⤵
        
        PID:4220
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3760,i,3397892180976367536,17459131620682204273,262144 --variations-seed-version --mojo-platform-channel-handle=5188 /prefetch:14
        6⤵
        
        PID:10884
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3564,i,3397892180976367536,17459131620682204273,262144 --variations-seed-version --mojo-platform-channel-handle=5136 /prefetch:14
        6⤵
        
        PID:11340
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4300,i,3397892180976367536,17459131620682204273,262144 --variations-seed-version --mojo-platform-channel-handle=4932 /prefetch:14
        6⤵
        
        PID:12028
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2652,i,3397892180976367536,17459131620682204273,262144 --variations-seed-version --mojo-platform-channel-handle=4000 /prefetch:14
        6⤵
        
        PID:8460
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5220,i,3397892180976367536,17459131620682204273,262144 --variations-seed-version --mojo-platform-channel-handle=1056 /prefetch:14
        6⤵
        
        PID:12060
  - - C:\program files (x86)\steam\steam.exe
      "C:\program files (x86)\steam\steam.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Checks processor information in registry
      Modifies registry class
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SetWindowsHookEx
      PID:16156
    - - C:\program files (x86)\steam\steamsysinfo.exe
        
        "C:\program files (x86)\steam\steamsysinfo.exe" -steamid 0 -buildid 1741737356 -logdir "C:\program files (x86)\steam\logs" -query 1 -out-file C:\Users\Admin\AppData\Local\Temp\9719.tmp
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:412
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" -nocrashdialog "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=16156" "-buildid=1741737356" "-steamid=0" "-logdir=C:\program files (x86)\steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\program files (x86)\steam\clientui" "-steampath=C:\program files (x86)\steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\program files (x86)\steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
        5⤵
        Executes dropped EXE
        Checks processor information in registry
        
        PID:17660
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\program files (x86)\steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1741737356 --initial-client-data=0x298,0x29c,0x2a0,0x294,0x2a4,0x7ffa1a39af00,0x7ffa1a39af0c,0x7ffa1a39af18
        6⤵
        Executes dropped EXE
        
        PID:17688
    - - C:\program files (x86)\steam\bin\gldriverquery64.exe
        
        .\bin\gldriverquery64.exe
        5⤵
        Executes dropped EXE
        
        PID:18148
    - - C:\program files (x86)\steam\bin\gldriverquery.exe
        
        .\bin\gldriverquery.exe
        5⤵
        Executes dropped EXE
        
        PID:18264
    - - C:\program files (x86)\steam\bin\vulkandriverquery64.exe
        
        .\bin\vulkandriverquery64.exe
        5⤵
        Executes dropped EXE
        
        PID:2012
    - - C:\program files (x86)\steam\bin\vulkandriverquery.exe
        
        .\bin\vulkandriverquery.exe
        5⤵
        Executes dropped EXE
        
        PID:18304
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" -nocrashdialog "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=16156" "-buildid=1741737356" "-steamid=0" "-logdir=C:\program files (x86)\steam\logs" "-uimode=7" "-startcount=1" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\program files (x86)\steam\clientui" "-steampath=C:\program files (x86)\steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
        5⤵
        Executes dropped EXE
        
        PID:18344
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\program files (x86)\steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1741737356 --initial-client-data=0x298,0x29c,0x2a0,0x294,0x2a4,0x7ffa1a39af00,0x7ffa1a39af0c,0x7ffa1a39af18
        6⤵
        Executes dropped EXE
        
        PID:12436
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1580,i,4616523620627667636,11728275061812712049,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1584 --mojo-platform-channel-handle=1564 /prefetch:2
        6⤵
        Executes dropped EXE
        
        PID:2304
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --field-trial-handle=2176,i,4616523620627667636,11728275061812712049,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2180 --mojo-platform-channel-handle=2172 /prefetch:11
        6⤵
        Executes dropped EXE
        
        PID:18456
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --field-trial-handle=2904,i,4616523620627667636,11728275061812712049,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2912 --mojo-platform-channel-handle=2900 /prefetch:13
        6⤵
        Executes dropped EXE
        
        PID:5776
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3288,i,4616523620627667636,11728275061812712049,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3292 --mojo-platform-channel-handle=3284 /prefetch:1
        6⤵
        Executes dropped EXE
        
        PID:18688
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3968,i,4616523620627667636,11728275061812712049,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3972 --mojo-platform-channel-handle=3964 /prefetch:1
        6⤵
        Executes dropped EXE
        
        PID:19268
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4136,i,4616523620627667636,11728275061812712049,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4140 --mojo-platform-channel-handle=4132 /prefetch:1
        6⤵
        Executes dropped EXE
        
        PID:19340
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4720,i,4616523620627667636,11728275061812712049,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4124 --mojo-platform-channel-handle=4660 /prefetch:1
        6⤵
        Executes dropped EXE
        
        PID:4592
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4596,i,4616523620627667636,11728275061812712049,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4668 --mojo-platform-channel-handle=4604 /prefetch:1
        6⤵
        Executes dropped EXE
        
        PID:21168
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4376,i,4616523620627667636,11728275061812712049,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4636 --mojo-platform-channel-handle=4564 /prefetch:1
        6⤵
        Executes dropped EXE
        
        PID:21208
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4712,i,4616523620627667636,11728275061812712049,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4140 --mojo-platform-channel-handle=4684 /prefetch:1
        6⤵
        Executes dropped EXE
        
        PID:3040
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4288,i,4616523620627667636,11728275061812712049,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4728 --mojo-platform-channel-handle=4576 /prefetch:1
        6⤵
        Executes dropped EXE
        
        PID:5316
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4552,i,4616523620627667636,11728275061812712049,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4764 --mojo-platform-channel-handle=4488 /prefetch:1
        6⤵
        Executes dropped EXE
        
        PID:5760
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4496,i,4616523620627667636,11728275061812712049,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4400 --mojo-platform-channel-handle=4372 /prefetch:1
        6⤵
        Executes dropped EXE
        
        PID:5576
  - - C:\program files (x86)\steam\steam.exe
      "C:\program files (x86)\steam\steam.exe"
      4⤵
      Drops file in Program Files directory
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SetWindowsHookEx
      PID:5992
    - - C:\program files (x86)\steam\steamsysinfo.exe
        
        "C:\program files (x86)\steam\steamsysinfo.exe" -steamid 0 -buildid 1741737356 -logdir "C:\program files (x86)\steam\logs" -query 1 -out-file C:\Users\Admin\AppData\Local\Temp\F977.tmp
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:21048
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" -nocrashdialog "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=5992" "-buildid=1741737356" "-steamid=0" "-logdir=C:\program files (x86)\steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\program files (x86)\steam\clientui" "-steampath=C:\program files (x86)\steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
        5⤵
        Drops file in Windows directory
        Executes dropped EXE
        
        PID:22228
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\program files (x86)\steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1741737356 --initial-client-data=0x288,0x28c,0x290,0x284,0x294,0x7ffa1a39af00,0x7ffa1a39af0c,0x7ffa1a39af18
        6⤵
        Executes dropped EXE
        
        PID:17060
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1564,i,12424498761484256158,13664293980784481203,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1568 --mojo-platform-channel-handle=1556 /prefetch:2
        6⤵
        Executes dropped EXE
        
        PID:21088
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --field-trial-handle=2216,i,12424498761484256158,13664293980784481203,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2220 --mojo-platform-channel-handle=2212 /prefetch:11
        6⤵
        Executes dropped EXE
        
        PID:20804
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --field-trial-handle=2976,i,12424498761484256158,13664293980784481203,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2980 --mojo-platform-channel-handle=2972 /prefetch:13
        6⤵
        Executes dropped EXE
        
        PID:13496
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3316,i,12424498761484256158,13664293980784481203,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3320 --mojo-platform-channel-handle=3312 /prefetch:1
        6⤵
        Executes dropped EXE
        
        PID:22356
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3992,i,12424498761484256158,13664293980784481203,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3996 --mojo-platform-channel-handle=3964 /prefetch:1
        6⤵
        Executes dropped EXE
        
        PID:24484
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4184,i,12424498761484256158,13664293980784481203,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4188 --mojo-platform-channel-handle=4156 /prefetch:1
        6⤵
        Executes dropped EXE
        
        PID:24492
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4696,i,12424498761484256158,13664293980784481203,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4588 --mojo-platform-channel-handle=4628 /prefetch:1
        6⤵
        
        PID:24588
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3780,i,12424498761484256158,13664293980784481203,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3740 --mojo-platform-channel-handle=3956 /prefetch:1
        6⤵
        
        PID:24676
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4656,i,12424498761484256158,13664293980784481203,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4152 --mojo-platform-channel-handle=4664 /prefetch:1
        6⤵
        
        PID:25088
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4772,i,12424498761484256158,13664293980784481203,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4804 --mojo-platform-channel-handle=4456 /prefetch:1
        6⤵
        
        PID:25100
    - - C:\program files (x86)\steam\bin\gldriverquery64.exe
        
        .\bin\gldriverquery64.exe
        5⤵
        Executes dropped EXE
        
        PID:16776
    - - C:\program files (x86)\steam\bin\gldriverquery.exe
        
        .\bin\gldriverquery.exe
        5⤵
        Executes dropped EXE
        
        PID:23728
    - - C:\program files (x86)\steam\bin\vulkandriverquery64.exe
        
        .\bin\vulkandriverquery64.exe
        5⤵
        Executes dropped EXE
        
        PID:23468
    - - C:\program files (x86)\steam\bin\vulkandriverquery.exe
        
        .\bin\vulkandriverquery.exe
        5⤵
        Executes dropped EXE
        
        PID:23860

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:20996

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:23384

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:15048

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:22084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\SDL3.dll

Filesize
2.1MB

MD5
9af79dbd72239de84ef1ebd6a2cc0de0

SHA1
cb44a8d6086cdb4ae46a1513879135b3c5a3773a

SHA256
78363a2b9645eb0e8c02fea4c0586d16937f934e7780982a348714a47bbd5b53

SHA512
4501fbfd6f9fa6e4a4a2ddf2d50de780ce25a22bc4775640ddd96265f21707cc634423b235d40eb7cc6f74c4126f1b9a8f289c2ef3e175f1eea097fb9b826e1f

Download Submit
C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\SteamUI.dll

Filesize
13.6MB

MD5
889da285d6f1d0de04887eb1790c94e0

SHA1
643f32c5eb9803719d88b1ca57543a67b96fa15a

SHA256
aa956d1c2f0695e2552439cf59f604d713781d6e267fce4e4f58e3e7e2c35c76

SHA512
0f6039366e2324a22ca4f54f40d2e4acc980c1b157830e77a6da69e2874eec21f03d692ea10de917fdbe73a250f804ae3074f03dd8c7895d01d9fde4bcf20af6

Download Submit
C:\Program Files (x86)\Steam\appcache\appinfo.vdf

Filesize
250KB

MD5
88936c87f7690d5cea4cd290e00ec3ea

SHA1
2eaaa9b52de45edca7903aa13843d45261da9007

SHA256
0b6a9bae39b35edc6cc705ebf2a706cd8876f6500184afdcc2c1c916c42c4f65

SHA512
5137311c1255e3dc7d7f345e507c8c45ce7faa8085475fd0fba37fc87d5ec477bbf2a8de549829992f770629c0d301d97bf086e6ec0f84984361e894153cc74b

Download Submit
C:\Program Files (x86)\Steam\appcache\librarycache\1161040\bd2b709a08caf7286f73c51d3b3937667f7aa053.jpg

Filesize
638B

MD5
7ecdaf8a54ec52b20640a88527512903

SHA1
3133a4d748ad3be61fe9db759339cd5de73339b5

SHA256
7bd8b75aec0a4d4a377f3ca3a023fd8b7c5fc7dc6a2a66d17f8cdfe5b731ab0c

SHA512
60ae2031eed0c38264f0d8db22a9b6efeb3f80c791e916e15a1730853162d56e0da014dbd93a5479bae4f3bdd5705ca89be70c90574a524abd1c276ed5c55a2d

Download Submit
C:\Program Files (x86)\Steam\appcache\packageinfo.vdf.async5992.tmp

Filesize
9KB

MD5
5ac915739045d62e990c8702da519798

SHA1
f59b130aa97223f6d8919651b832939d6ea47cb1

SHA256
7f1e361f181ef0a5175722b32e595c8b565067fd2ab36d6b3878fc2bdae9930b

SHA512
f79583009544cff6637fb81839ed8355c532eb1e5af84a691d6d944872fd04113300b5b87de7fe6e8508a933f41af050689f10748fa79dd645c2f2a0afbc7060

Download Submit
C:\Program Files (x86)\Steam\bin\SteamService.exe

Filesize
2.5MB

MD5
ba0ea9249da4ab8f62432617489ae5a6

SHA1
d8873c5dcb6e128c39cf0c423b502821343659a7

SHA256
ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d

SHA512
52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
15KB

MD5
d11bccf47f4764fb36c84bd5bbf6b6b9

SHA1
042ee8987092717ca39870f5518b92706a96eec9

SHA256
3ee421a5f4d215e3dbd98b0cc1927cfdb4d11bc7fa023bb1d8adcb2716a82f42

SHA512
8ddd494e5e57fe2451fb7dbc1d23a5e3e933486f2e92e6a6ec66fd8238c41583dda8ba7ec07eb286ed66231147ff6004a2c9333fa2c1cbfa5998763c99b62193

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
15KB

MD5
83e644be955b118667ab3d5c98c160de

SHA1
5806ecd91bd949c9fa9947ecb96cd187df452b7c

SHA256
25f28b27300fbb121e994f6da5982174b4d5ec948517c252ae16cb4e10289484

SHA512
235000f3258be4ba141b204a0ad9c3be043c1db2935888764977d9f12059cef0862c2c106a5a8311ab51c483e34cb9c74509c829ffe1bbca0190594efea5a5bd

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
15KB

MD5
d51fc78ab4d73bf648a036c838c2ad12

SHA1
c0924afd8929f5a7668714a150ac48a05a6d1eee

SHA256
3a083a64a515a0df6a8a5df191d10cf4447285c3e2f06a733c8e94057945ac0b

SHA512
102dd0e6934b502cec2b00897e49a06c3e517b599aa4e347400ddea04a352a832e406d989e368832adccb9906932ce9795655ef0bc3020b72e91e5afafa8a99e

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf~RFe58ca9e.TMP

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Program Files (x86)\Steam\crashhandler.dll

Filesize
362KB

MD5
18c70c5b8ed1c928dfbeff58babf8432

SHA1
a0f8a3247d05c375444feb7ab9c62989c9b28cb4

SHA256
5c6cfdc5d514856e5f2c830007988dd2486cf4b8997f2b0ef2869a648f960d61

SHA512
493e580e5aeb23a896259200dd3123c247febc2de0f33c4e76e6fdf0dfcef99ce4703030a37aabb717e1d1d632c08ffab037bd6cbd198f2c8e4a5391770a6dec

Download Submit
C:\Program Files (x86)\Steam\dumps\settings.dat

Filesize
56B

MD5
f05dabb686756b282d11de609acf3d3b

SHA1
a86f217c7ac6649adf318e5904947ab05ae86afe

SHA256
0212a58e6a79a299661b364a1f69dcf4d65fe0a53360e18835d5f28f08bcbdae

SHA512
7a4f42e962368218c75d86f1ac034dcaca2ec114a914f5fc2c57e5d3986ba0dd6b557a6ece57990406bc0bd975edc6a428adea801bbac9b3ff346ec6389e077b

Download Submit
C:\Program Files (x86)\Steam\libavcodec-61.dll

Filesize
5.1MB

MD5
567fbbd3a1b0a9b1400806eb1451e479

SHA1
7aa2d284be74f90ab4281070c63068a3a5ecd55e

SHA256
6f7fd80cd9ff14e8384f2c3c18bd7032be0d03c1f7b3d373081fc317c5e9e9a6

SHA512
65a55a40747b3eb699b9fc4811ed7163afbed1d7bc9c242c1e9f45ec87f2c7767f8001de294b67e63fc2c1de1585a52b7c70e6f23d4c503e7992ae20c89651d5

Download Submit
C:\Program Files (x86)\Steam\libavutil-59.dll

Filesize
1.6MB

MD5
49d6d80897b14798e0231d6b4b106ef2

SHA1
9aa670938ed421c1aa7c9add5bea872d04d1e83f

SHA256
1c981bce42e5058c7c9e5a593ec44bba3e0b39f6378781950c32d982c648b914

SHA512
ca0b78b9eb17cc15cad289b281f8efb118c9d9135cbb25a6b77a200fc5c4df9eff9a50d3a664624013e597c98223af3ce650f7b1df6fa607f64c702a732c51d7

Download Submit
C:\Program Files (x86)\Steam\logs\bootstrap_log.txt

Filesize
25KB

MD5
2e081fc9f43bf7d870aab6e4bfb5fb6c

SHA1
fba5f673e79c7b564047652056dc943d13911506

SHA256
04cf718b073fa1391d99ebafc8255b42c56506605a4088646aace2520e229654

SHA512
1f1bc6110f1c356995f08a6fb5c6970e845bf418dc852d139056bc42dbb0b60a356b1463974983324e5d7912fa13a05e32d2b24e2866ce12888cae5c4e651890

Download Submit
C:\Program Files (x86)\Steam\logs\cef_log.txt

Filesize
5KB

MD5
a01a3fa30dc6b64841dd4f8ab160ac17

SHA1
7ea1dd193b3574d9a8fc3dc959da9f4d14e43966

SHA256
25d5ad84ab785bb6427e1c78e18708d6d95733cd02885c648a42bdaf3e97735f

SHA512
4fab67c743d27e543e9607d50477e7c10bef3446f64cf7e986f8989a7bdb7532bab60218ab4da38210721cb56f767a143add4c23ab4a1784945a19531355eb0e

Download Submit
C:\Program Files (x86)\Steam\package\steam_client_metrics.bin

Filesize
2KB

MD5
9d5b5c4653b07e77e0e8de670d294b1a

SHA1
f351651cbd1e8e320388de73d15ef9fa26d3edd3

SHA256
7bb75cbd94b9d76b40859ab022c9828964bce6889555e2d37096087c7b6d1c05

SHA512
b1c6fdfdbcaea05f14daadb8ae791fbf1b5c38a0ea186522f22e8146cf4f7ff64609320656e0cde08d6788f4a95f42b1e58c8126692295ead4c755c067d1b8f1

Download Submit
C:\Program Files (x86)\Steam\package\steam_client_win32.installed

Filesize
462KB

MD5
5f63be1e0c84f92d4f6606c9474a71b9

SHA1
a8fdff6e0179584ee1c5ad478f17e7f3e8307bef

SHA256
84b652b945c88971e5b2b2c704ebe866dbb751b29593a95b215dde5f55a7b97c

SHA512
6cf8dfcde2fff15885336089ef7ea1f128be10f6dc38701cfe03153089066fd40e2972ae2c9e1e216d4644f2961281b15dfbbb06b9bc1cb7aed6829c507b5081

Download Submit
C:\Program Files (x86)\Steam\package\steam_client_win32.manifest

Filesize
8KB

MD5
772711e8958b5e8ca19fb178f606c116

SHA1
872923ccf52941484a9562be13dbdacc8e20d3f5

SHA256
23167066211990a67e2efe6e710e06d88e9a7dcd5c0c7d0b68cf271c9e5edc7e

SHA512
679db527ce29066779c82ab7e653d1321ba2b845076b1d2b78c08e310da2048ee4dc468bf210296c6c42c118f694b2d6112729ab939deb461d77a173bbc67ed8

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

Filesize
4KB

MD5
0340d1a0bbdb8f3017d2326f4e351e0a

SHA1
90d078e9f732794db5b0ffeb781a1f2ed2966139

SHA256
0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544

SHA512
9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

Filesize
6KB

MD5
4c81277a127e3d65fb5065f518ffe9c2

SHA1
253264b9b56e5bac0714d5be6cade09ae74c2a3a

SHA256
76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9

SHA512
be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

Filesize
4KB

MD5
2158881817b9163bf0fd4724d549aed4

SHA1
c500f2e8f47a11129114ee4f19524aee8fecc502

SHA256
650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7

SHA512
f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

Filesize
4KB

MD5
03b664bd98485425c21cdf83bc358703

SHA1
0a31dcfeb1957e0b00b87c2305400d004a9a5bdb

SHA256
fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115

SHA512
4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

Filesize
4KB

MD5
31a29061e51e245f74bb26d103c666ad

SHA1
271e26240db3ba0dcffc10866ccfcfa1c33cf1cc

SHA256
56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192

SHA512
f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

Filesize
4KB

MD5
27993eb75894ca4894db266ad9b5e61b

SHA1
4def653ee04b0514822b690052598435ec25e686

SHA256
fbc09c1b9a55d04b57be8fb2ad5ab58b38f76054ecd3d1b70440a2d08191b05b

SHA512
eaebeee5b1a7dfb9bdf661623554793d7ef7e15d9f9cf01f94da1eb0b84b88c8f24176463d15c407ebf670c5b7fd4052daea33ba43e75c1de2979487c4987bab

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

Filesize
4KB

MD5
da6cd2483ad8a21e8356e63d036df55b

SHA1
0e808a400facec559e6fbab960a7bdfaab4c6b04

SHA256
ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6

SHA512
06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

Filesize
4KB

MD5
9e62fc923c65bfc3f40aaf6ec4fd1010

SHA1
8f76faff18bd64696683c2a7a04d16aac1ef7e61

SHA256
8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7

SHA512
c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

Filesize
4KB

MD5
10c429eb58b4274af6b6ef08f376d46c

SHA1
af1e049ddb9f875c609b0f9a38651fc1867b50d3

SHA256
a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13

SHA512
d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

Filesize
4KB

MD5
5c026fd6072a7c5cf31c75818cddedec

SHA1
341aa1df1d034e6f0a7dff88d37c9f11a716cae6

SHA256
0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382

SHA512
f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

Filesize
6KB

MD5
189ba063d1481528cbd6e0c4afc3abaa

SHA1
40bdd169fcc59928c69eea74fd7e057096b33092

SHA256
c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695

SHA512
ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

Filesize
4KB

MD5
18aaaf5ffcdd21b1b34291e812d83063

SHA1
aa9c7ae8d51e947582db493f0fd1d9941880429f

SHA256
1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5

SHA512
4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

Filesize
4KB

MD5
1514d082b672b372cdfb8dd85c3437f1

SHA1
336a01192edb76ae6501d6974b3b6f0c05ea223a

SHA256
3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4

SHA512
4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

Filesize
4KB

MD5
8958371646901eac40807eeb2f346382

SHA1
55fb07b48a3e354f7556d7edb75144635a850903

SHA256
b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585

SHA512
14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

Filesize
5KB

MD5
7e1d15fc9ba66a868c5c6cb1c2822f83

SHA1
bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7

SHA256
fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265

SHA512
0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

Filesize
4KB

MD5
202b825d0ef72096b82db255c4e747fa

SHA1
3a3265e5bbaa1d1b774195a3858f29cea75c9e75

SHA256
3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314

SHA512
e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

Filesize
4KB

MD5
7913f3f33839e3af9e10455df69866c2

SHA1
15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25

SHA256
05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c

SHA512
534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

Filesize
4KB

MD5
58e0fcbee3cca4ef61b97928cfe89535

SHA1
1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b

SHA256
c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425

SHA512
99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

Filesize
4KB

MD5
9b0b0e82f753cc115d87c7199885ad1b

SHA1
5743a4ab58684c1f154f84895d87f000b4e98021

SHA256
0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32

SHA512
b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt

Filesize
4KB

MD5
eb8926608c5933f05a3f0090e551b15d

SHA1
a1012904d440c0e74dad336eac8793ac110f78f8

SHA256
2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04

SHA512
9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt

Filesize
4KB

MD5
6367f43ea3780c4ee166454f5936b1a8

SHA1
027a2c24c8320458c49cd78053f586cb4d94ee6f

SHA256
f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998

SHA512
31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt

Filesize
6KB

MD5
e04ad6c236b6c61fc53e2cb57ced87e8

SHA1
e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4

SHA256
08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e

SHA512
0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt

Filesize
4KB

MD5
56dcf7b68f70826262a6ffaffe6b1c49

SHA1
12e4272ba0e4eabc610670cdc6941f942da1eb6a

SHA256
948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f

SHA512
c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt

Filesize
4KB

MD5
66456d2b1085446a9f2dbd9e4632754b

SHA1
8da6248b57e5c2970d853b8d21373772a34b1c28

SHA256
c4f821a4903c4e7faea2931c7fb1cf261eba06a9840c78fdca689f5c784c06c4

SHA512
196c2282ba13715709ece706c9219fe70c05dd295840082e7d901b9e5592e74b1bb556782181cdbe35bd1ab0d6197fef67258b09491fabc6f27606dbed667d49

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt

Filesize
4KB

MD5
b2248784049e1af0c690be2af13a4ef3

SHA1
aec7461fa46b7f6d00ff308aa9d19c39b934c595

SHA256
4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690

SHA512
f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt

Filesize
4KB

MD5
194a73f900a3283da4caa6c09fefcb08

SHA1
a7a8005ca77b9f5d9791cb66fcdf6579763b2abb

SHA256
5e4f2de5ee98d5d76f5d76fb925417d6668fba08e89f7240f923f3378e3e66f6

SHA512
25842535c165d48f4cf4fa7fd06818ec5585cc3719eff933f5776a842713d7adb5667c3b9b1a122a1152450e797535fc7a8e97ebdd31c14b4d4900a33ede01f3

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt

Filesize
7KB

MD5
53f7e8ac1affb04bf132c2ca818eb01e

SHA1
bffc3e111761e4dc514c6398a07ffce8555697f6

SHA256
488294b7faff720dc3ab5a72e0607761484c678b96d6bcd6aad9ee2388356a83

SHA512
c2e79c2505a6fd075df113ffce92ad42c146424ca39087601daa4ed15a2b5528d478a093921d9d8a738c7b6b963275a0693ebe526b6e2135d14ced03639d0e70

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_turkish.txt

Filesize
4KB

MD5
29f9a5ab4adfae371bf980b82de2cb57

SHA1
6f7ef52a09b99868dd7230f513630ffe473eddf8

SHA256
711675edb20b3cb70acf6cf75f2eea8e0d87c8ace3e11c8df362b4517427a34f

SHA512
543fe63f791250e05e8fda24fd2ceadebb4c8925e8927de49ae490895c87eed3e61a9ad50237532649f99fe3165836261de215ee3f66ffbfc6d677ddeea7732a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_ukrainian.txt

Filesize
6KB

MD5
cadd7a2f359b22580bdd6281ea23744d

SHA1
e82e790a7561d0908aee8e3b1af97823e147f88b

SHA256
3dd0edfbe68236e668fb308f92fe7c6493dbb05bfca85a48de93588f479ccc99

SHA512
53672dd13e6ccbe96f6d4a61297c595b6d6cba8de92caa51ccf8ab1d8a82eea5a425eab348f295b9ec27de0026ef849d9230f751a46e040be8863923f91b8519

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_vietnamese.txt

Filesize
4KB

MD5
f350c8747d77777f456037184af9212c

SHA1
753d8c260b852a299df76c4f215b0d2215f6a723

SHA256
15b6a564e05857a3d2fd6eec85a5a30c491a7553d15ffc025156b3665b919185

SHA512
efb86809a0b357b4fcd3ba2770c97d225d0f4d9fb7430c515e847c3dd77ee109def4bef11b650b9773c17050e618008fc03377638c1db3393ac780b5b0bc31b2

Download Submit
C:\Program Files (x86)\Steam\resource\filter_banned_english_cached.txt

Filesize
994B

MD5
a0237a8193b3397761307e787e2bf5c6

SHA1
a71ec2bb080d5b9b711b163cf38ea9ecfd886bfa

SHA256
e6f060b134014808d0e743671fc6d58856e44765ce228c2e646d9c13aa359c82

SHA512
9690a97d79ff390cb798b4432186765562dd5d74a2c7a57f53540419db9cc8efd7b193275f64ca50147b858d93773d549ca4ca434942ed2aac868bd0aa2a3776

Download Submit
C:\Program Files (x86)\Steam\resource\filter_banned_english_cached_timestamp.txt

Filesize
29B

MD5
24fc322e7988c48173bf8628964891ab

SHA1
548d864f7fe80b95b4caa8515785cfd10e18d5b7

SHA256
72d7a3dc2e92bcae5c380ae98d348fa87805835363fd25c78d17330cadec1fe0

SHA512
cc23491113e99d1fcf3c61e24c70cc9d2b1cf222939a3a64a86ae68b0afd1a1fdec4ff327aa747c9c9120d43f348eaec56beb8e25282f0df3633a7ffa96b9a07

Download Submit
C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached.txt

Filesize
2KB

MD5
bd9cb2a772e6dd9dac8013f0ec6070f4

SHA1
4756df9d8c0d29675318514f0840fc9d9dcab0e3

SHA256
3f034c7b0dc84476fa1f5a2d1b6b814f6fa1333a1dc13da93c68c670da72f664

SHA512
d348c17535ebdaf25a33dae8bf7c7eaec463c3427532d26326cd4f8b340702e419759e469ced472fd1f87e86be2e2406b24a146acf47e6923727a377d6cb0ee3

Download Submit
C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached_timestamp.txt

Filesize
29B

MD5
b4f46e4fc1f2fac934aaff36e631a76a

SHA1
01af41090770baacfbeab6bfd6ddeeda0697e3cf

SHA256
f8e1c5eda06c622134c140e7149bed760b15310d5e8970136c18a46915cc20ea

SHA512
10a2711c52a7af415be4dfff2dee7253dc0ebc0f6341e6618373e9fadf77cd5075c97e8c8867a482fa8a13f673608b592fd2a1c554641c9b7b1f4134a23f6737

Download Submit
C:\Program Files (x86)\Steam\steam.exe

Filesize
4.5MB

MD5
ba585333a881a59117edb7442425bce3

SHA1
3f98297c790b9d1551f1084105ed25d0a12601dc

SHA256
7f4902d1a881665576cf9e7a76695d73e8b4f76f17c8a7a38fdeae921cae1cfb

SHA512
2f2d8045d4108dba40107b7e8f0ca5adb287359a6e4358f2dde3b2d1104b25e8b42c837766700c0f8a5332022b49ca252f912775d74adec7b163e50023c5fa31

Download Submit
C:\Program Files (x86)\Steam\steamapps\libraryfolders.vdf

Filesize
231B

MD5
c0c0e5ed03c1b931e67b8a823425779a

SHA1
a61522ee5b2af6e1423f8a0967f280e5a602adde

SHA256
81b27e9f0a098c44fee39c44aaa3395e7754b35c4ab2e0cd66bc594e91dcf2d2

SHA512
123f050c850ed03470e607d41a0c5de38ae7242e07997e0b1d1c101cc11fb6691d439d7aa70895610982cc5ed1dfc02723e746613497ad5d1e5f05c9d9ae9586

Download Submit
C:\Program Files (x86)\Steam\tier0_s.dll

Filesize
351KB

MD5
a70d4acb2d9cd5e1aeb27682c6eb0acb

SHA1
a474fec49bc6f8cf28a409d1c2bb51557d424b61

SHA256
cdda33a2e1b6bffa1d9442481ee107dbb4f675a7203485e6788372afea99a11c

SHA512
fc3cd47c8d6983ed959d4fa458cbdde5a35a663b2afa2ba346b3a5fe2bf2222064b1b54b233c64d1d0d15ce523a3e3cb4aeb0d9ecb7e32545b29c3089d64eab1

Download Submit
C:\Program Files (x86)\Steam\userdata\1879387738\7\remote\sharedconfig.vdf

Filesize
164B

MD5
078b267846fdf5c9b22e38cfd2d91788

SHA1
47073f7d1ead17c2d4fd1171e907da5d31fa5b90

SHA256
ce5c636c3e424880742b7b37047146ecee29498d5d799dfbe7744ddffa985585

SHA512
af60729775b8f2283a89c62cb067ff598edf609c0fd8dd8e7a0f3d7f0169f881c71476374fd00b1eccdeb1dd454c93a1efa4505b84f45aebb774fd938d38ba77

Download Submit
C:\Program Files (x86)\Steam\userdata\1879387738\7\remotecache.vdf

Filesize
300B

MD5
0515a33181880116d3868dee6bbeceb9

SHA1
f03c0dda72b9ea755a2fee7bb7fa4061066fe7e1

SHA256
5b129e4b19ac6778129210aeb78ae731ac758a6f0fe6ea3bd0f33e0e219bdd43

SHA512
c43aa8bb8e5d888261532f4c27ac51ecad4140aace01ab0fe7294aee4462d0e5fd9298b295b070ec9ede4211752374a837efaaefbf1c6cac6c58d48a2032d3b9

Download Submit
C:\Program Files (x86)\Steam\userdata\1879387738\config\librarycache\1222140.json

Filesize
5KB

MD5
5dc16f09c867e3ff660aa238d882dc7a

SHA1
96de040c6b6c11c054fcf30448c6d8fe7a623451

SHA256
4f06e828d93030083aeb8da1f0038f86a822fac8c102ee0586a11264a68f7bb9

SHA512
f7d288d128947c47a4d1404aed838aa5b5bd771714c8b20ba7628e00a99b1a8fcab43e81f464900889a40ff1d3e61637f60fa549f16e1715a439ba1d3f3d558b

Download Submit
C:\Program Files (x86)\Steam\userdata\1879387738\config\licensecache

Filesize
118B

MD5
2a798fa5156056a60fcbf77441aabdd0

SHA1
e37e924303ed340eb426bbc510170c027c79f00a

SHA256
31061f4141300e31533600a0cc30aac9299fc9c6de370fcefb236a053cc68509

SHA512
4423317e9d87f907188ac755551cbaa9a9d62a8873ebf9fd7da90ee3ca998ceb1cb89d5c9d8ada5047e5ae0b8352a064816e0eeff8e004b93a30a2d35e338b4c

Download Submit
C:\Program Files (x86)\Steam\userdata\1879387738\config\licensecache.async16156.tmp

Filesize
67B

MD5
fe4b574d6ef419ffa2676151cc1c8f40

SHA1
61db6e510ed6739154dfc6f72f16d1f6d22fa2d8

SHA256
6efd4e8222b83c46b734d629f8f0cb8171239acbebb66e20b4585b595595007c

SHA512
f194372a6aee5a8c9dc924bc37d3d8cbe4562a39412af8895ef5b4f726e572563cda8f4f1a6961cc0b1325f3311be3ef8472f4bb7769780d3ce7b5c95cf4dff5

Download Submit
C:\Program Files (x86)\Steam\userdata\1879387738\config\localconfig.vdf

Filesize
3KB

MD5
36a25bbdfcfb45391f07eafd2966b2b6

SHA1
29d4cc25f4ef5d1d57329eb4a09878334a84bc05

SHA256
21d0fa28b5ee98ad3c99afb0d9daedfe2d4f4225d76b6b954ae156de08e035f3

SHA512
2f0957e3dfc5cb56ff509351a82432190aa2bdaf792fd694cf1e1fa7269b2dccb96e1f8978154d5bd6d0791092bc45d65f0f48b0b52bf3687c222c6085e7a7e5

Download Submit
C:\Program Files (x86)\Steam\userdata\1879387738\config\localconfig.vdf

Filesize
4KB

MD5
31f9934641c10fd8a6c1b2113b481aea

SHA1
876c13c1d597e05601cbb63c8d18d9e4d7747fb9

SHA256
76d6098c26f93e85825fb6832a3dad0cf4e2e1b19bcb87ef8276dd1ad663b50e

SHA512
38b023808c15e8128a9a214a68ca2eb15d4a33f1662f06c67e775aa4441659488d8352e9c28bfdb1a5eee853b308eca4537d75cfada5109ace20c7c558b8a90e

Download Submit
C:\Program Files (x86)\Steam\userdata\1879387738\config\localconfig.vdf

Filesize
3KB

MD5
6d9fd33b5e5bb19d8642b986f10424e9

SHA1
816be755cb32315cb9eb14236e842822fa2204a8

SHA256
5e24317d41855cd458098ef16a087feda541d43f649910b2e458ae1b5b41e4ef

SHA512
4e07fc9628efbbe996f8819617c72a8f7b3c83b121e7bc1415f126fbcbddb7a914df436e6157b38ef655ac74a5a035fc44a1c1931b3ceb0b9fd768bd019c182f

Download Submit
C:\Program Files (x86)\Steam\userdata\1879387738\config\localconfig.vdf

Filesize
30KB

MD5
eccffe829bae86c58056cc3689ffd97e

SHA1
d724fcfde4bfe9e83b29c63eda9a1d893b64bbee

SHA256
9e0000a20aea4628937a07c21267a5c626acf716a0b8168448ed7504dbaafdef

SHA512
2094b5c4da6a4feceeeb5019b3b160b9956be1a6a65d09fc21a0ccd9f6b8670238a0048a39c7f01328e75131f37afcd96b647f5cc1f54f05c72ab022e3c0fc1e

Download Submit
C:\Program Files (x86)\Steam\userdata\1879387738\config\localconfig.vdf

Filesize
3KB

MD5
b17a56fc20c002ed4440e1c8af54f642

SHA1
3234a58c80b68612aa9005c2edb690786646d368

SHA256
5f125c1957538f1e9344e48c4c44c6173cf2cd088cb6ba6f4579390620a04fcc

SHA512
cb50367642969035bb5861d3b8f0a3aa53908d9cf983702febb6fd656c5241e66f0b31ea020ed9b7872756391086f05f471a4f7ac12df14c0346e620f6afbd68

Download Submit
C:\Program Files (x86)\Steam\userdata\1879387738\config\localconfig.vdf

Filesize
47KB

MD5
f51161125cfac82034ae4494ec8ba2fd

SHA1
011c07d8deb03a43e419c4eeebfb407319b5d085

SHA256
79bac9b620375360ef27006835ba8a54bd84bc5c7c24b579d62a7f294a7b94f8

SHA512
7f3eeb4554ebb2f197d2237b5475c6bf070d5fb33f53f48297173438b6278abf16bc489db503a9dffce8af7d54521ba678728a6bb2518ea9761682d00b30f719

Download Submit
C:\Program Files (x86)\Steam\userdata\1879387738\config\localconfig.vdf

Filesize
30KB

MD5
96caf570feffb62213a0bd749bfb2b14

SHA1
70d47ef397aae4b84e976ce6601b8d61bb7ac203

SHA256
9068d715e3a4b9f0b248f7de6b22fbc9f4854dab121475936f4cae273d0120d8

SHA512
f8e74f310fb8ecacec8f9501241856bdfe49559e7b8ff487beb74525082cd36dd910f7a995e50781b0e7af790da36c63e2b0d5dffb703afd67859e05058e29a1

Download Submit
C:\Program Files (x86)\Steam\userdata\1879387738\config\localconfig.vdf

Filesize
30KB

MD5
c3b2cdd459476ac0e003e10be74aeeb2

SHA1
c3fa36f5117a43ad07208711fc7c2996d560c567

SHA256
0e904a84f1faf47792baef77b7a6a8eb089f82e880029ec6ae0b09ff425137bc

SHA512
b838466bba9547c6ab9581d7849fcfe2906097e472b0d89586f03e2caee22868a4ce8c9e0a657c10556eb354c68b583615ca822fa8e9dfcee852a53974cb1767

Download Submit
C:\Program Files (x86)\Steam\userdata\1879387738\config\localconfig.vdf

Filesize
30KB

MD5
cf343f08a4fae279b594f49b784ae9e1

SHA1
6118df45189494f29bd1248655a0d066e1f63e7b

SHA256
9e38923bb255259fb01bcdf26ec3f705afefa329dc213984c73a80b351dacf37

SHA512
2085bfc9b795a98e02b59b540392e8c03c244bac99e971159695781a305a465a46cd1bcc236c84aa1a7eba659ba9837638a61d4ef6d0d4646d600770033f4488

Download Submit
C:\Program Files (x86)\Steam\userdata\1879387738\config\localconfig.vdf

Filesize
47KB

MD5
56e0db7c2b98979d75bc6d74e2ef7b0d

SHA1
e634e706925d66d556dd0923099e11f8c0becc2f

SHA256
437d5acedada6b0d937fa4a6232fbe0721d85dc740dec881d3175239198e57de

SHA512
d6b1d73a177fd5f017957556dc26c4895c0c5222622114e60762bf4a6ce1ea982a4146ec41743ad3a591cddb1475307e129ba33fde46b4fc6627c12c52b8ad37

Download Submit
C:\Program Files (x86)\Steam\userdata\1879387738\config\localconfig.vdf~RFe59964b.TMP

Filesize
253B

MD5
d29cb4718c1431ec8bb05b40a710e2d5

SHA1
ec6f162656e8dc33cf4f7412949b27398ad0ca6e

SHA256
226dc7c50602689ce5a96c20e0ed24da6759f38db9d38b9d45c755cec7c312d9

SHA512
0af8542b1dc71fff52847de9b93a6a05b09522d0ae02213685561f70affd8dbc83a43ac6a123afe5ff12fde0d07d11839d2b8cfd58d863f0c2c37916dbe677d4

Download Submit
C:\Program Files (x86)\Steam\video.dll

Filesize
4.0MB

MD5
2f396e5051c4fba837d2c65c8908a6d3

SHA1
0be2723f57cd2d64804c0934db514713dedaf6a0

SHA256
bd9cbeefdb025af278802bbe107a864c5c8934b40394b0a0dbd2dae6c9d17285

SHA512
8bc5f9ab38a3618ea8803f5771a795feb68f6e904a939f818161d609346ddd5a04555db30894751e64dafd903f02b79639a2365e49de6063725813c77eb368bb

Download Submit
C:\Program Files (x86)\Steam\vstdlib_s.dll

Filesize
565KB

MD5
f2c496a5ecc63ee30b43aa861f083f2e

SHA1
651f48ad88714fced0ac24d888fc2b7ab780113c

SHA256
a5041753aed5be1c512c7f31843fd73d83f4a2ad873a7aee74109ad49a1a4594

SHA512
30de10e92e6240e9af81f8b75aa9173ba2d2c09383946c94959d65fd6bec7043a848596e29060e02e2b45cbf089f837ece560cf1753aca943c7342740d971c9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
8272581d8cb38484cc8cb6afbdd0d37e

SHA1
2baa96a0439003aabaad1ce5619ea0a581cf261a

SHA256
025356bf819ea8a5da44ac2c4510bc380a9448247a30665577430ca7a44ca297

SHA512
60574186c595b0018d9223afd38e59378b1b00ef4f39be17ef2d7613cdac5b8f9e6dc3f2efefd559a0e4e8d64884d6ea155e874df13f170bb6dfbb41a0104959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
6568f52d162b46f234c2f27c04ca8575

SHA1
f7fb8303f320e60216fa1c6c0089fcbd5fed6624

SHA256
70ea0c8dbf4dda02614ca4897662f825de51175ffe84950f2d66b5b349f28ed6

SHA512
d42b5f18d8e84b3c96bfa3457e12310ca4598024524fcc20fd197a0ca7220e9668578f671ec70b94a2ced5f57c265fd845788c316d64d4713ee3dd7805364b73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

Filesize
24KB

MD5
644df470e63a02afb32a053a23d7502e

SHA1
d42d853675ba656fb9953071cf42f4da0a772b09

SHA256
547ba291bb16ebb655f2ff2c5ab046e08964e73c145ee417374ab975ddb5d190

SHA512
77e58c36322db5b60cc85443c52ce8a717848af215a00b555399cdb6da249eea987d77ac3100a35e8f38dec95ccf64012a75f96f95bd8188da735d2af62a5475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000079

Filesize
19KB

MD5
9554f25755d9cb6249900b71e91b7693

SHA1
64c1d5c34a37cfef01d4666bb33484333118326a

SHA256
cf15bff0f8ff136425f5dc2fe81e66574c3d7a3e3d8c492701efb6f703d53d34

SHA512
17552b530dc16c6272b02983f433241e73c14b2fd481a824c6fd45de7e350d1d10cc023b5136314aeda4e6a8a0309adce3514aaed60e40b9200517e87f409213

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007a

Filesize
32KB

MD5
31b05e57c066452d73ab005bb42865f7

SHA1
2a8efd5d7753dd756c539ad66831b01f603fb13c

SHA256
84d0be622ddeef6d0793df5d274965d6d13a756979b4b484185dc7a051eb4071

SHA512
f793863cec23493b58311d37720fe7d48e21c92da5cbc9c5d4562e47a046e33be4584d58a1c031513298c55a9c33f5e591fd5ce831c9c33af9c2594bb071c277

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007c

Filesize
19KB

MD5
1d063fc16643f4ac9425258ae8bbe4b4

SHA1
501c42c3ae6ac65134542dd3b305d982d9188621

SHA256
e9828fd5a0ccd6328d53d88748bef525756a267a22bc19bbb954dd3a999320a5

SHA512
a7daf31e1286c4bf0d53b027c9a5aa97811622bf95fa159cd6aa409d792f6bf85af8aaf14f38c0ea6b05306f4bcdaeb8251da7a039fa0d272319dea6388d78fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007d

Filesize
36KB

MD5
fa88a6b7d76d38dbcd1b3dfc8d8c192f

SHA1
fd6341788429d858a0ee8f466668cce580a3c0ad

SHA256
b14a017f4a21fae1d261b61e884ab1a22a2b7aa1aa038a85b176c73a601aa1e3

SHA512
53626b9cdcd08138391810af0cc7bb8990a0a3354bca05db6065930aee616f4b328a4cf4a3ff667461d319bccaf713d6e79f040bc5867ec1f503e2076f2bb49b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007e

Filesize
19KB

MD5
99af5da82ee74e7d9502225446604614

SHA1
7deff05853fbf1528875f9c358b8a6a31d6dee5e

SHA256
031fe7ea42e0a823949190f13ab143f1d9d26fb0b22d863b582593a37cbcda9d

SHA512
7d2cec0882df88edbb4789fc14c7721f6dca5681c85919ee1f033d5cb2324f9c1305707bbc4c534e0019a2b163291edf4bd65c374e843d75174589e7148aab07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007f

Filesize
40KB

MD5
4d8c859cd63f707f57ea39cdeb9f1582

SHA1
10910371046f15bb20b7f9590bc3ff0152f2bc58

SHA256
4c1917e987ed244ce25719bbb587869be769d0e7b20451b5604ea53d218677aa

SHA512
e7eba5fe45247f6cd8f4a2d4c01c97215d4e6a7cfbb64c44404d550f8812b2fc59bcfbf9070ee2efc53c90f08b2294e7613bc543f954744463488605d32eb19c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000080

Filesize
150KB

MD5
c45a56a4e95904691e24e3a7a67b8484

SHA1
511366ffc5944dd8fdb435ac8ba2fbabf71ac246

SHA256
cbb5049d0ea14c0cf2b8b84d0090e8fde218a3eeaded4fd01bdf8f42ec2e82dc

SHA512
06cd3685dc33bd386493e1a5fc7d8b2b20a0d641931851b36279e9bf3d881dcafa1e28234a774de06e5a355dd55deb882e1801990cd7a9fc665de4b50f4df578

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000082

Filesize
277KB

MD5
edc85b966351b381dceaf4b3b214b22d

SHA1
3c18d64dd64400255a9c5201ade77a23763a60d7

SHA256
32c957bfefdbf848d871658f66ca4a06fc4c348b91ad13ca6a449d06bfc262fe

SHA512
0d70c0ef5f34b9e0f07978eeab41920c820889cebc104cf75cb4dccec0927b5cac0d85560d27396b54ab8086969f684cbc0bb735bfb2d58d410348655fcfdf7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000088

Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000089

Filesize
221KB

MD5
6682ab2e586572cae96b35d4405398c6

SHA1
f77057464800aa9c06a3803b47bed9474af70b9a

SHA256
9418136e7797ef79b7a9e21105983e870bbcd4d17f0bbeea1ae0ff928acdb6e9

SHA512
44de9dce499adfde5dd14d5de3f99a8dff02d0b180edb6f94c62d93c3d451c5ce6f8a610d5d18c623cc87356ab62b2ae7fd9d07dd0855d4ad5cc8c26b560aa9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008b

Filesize
22KB

MD5
aceedd2a7ab5abbc29bda1fe8f34c2c0

SHA1
4e03a397fafc3357ed5f8a0b845642e39d23b928

SHA256
b5f635c07401c7206727fc329de50e9f7a7ec44de728341fc38ee1faac13448a

SHA512
1ee270b35bb7375111eacbb5820810632c2e69e8b808abf315cfcacd1f3d66f098c524ac67787cd127981718c74186dcc489ada8a2ed6992f89f1f023992e779

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008c

Filesize
17KB

MD5
23a89d071088d693dc6986a70d7dabd0

SHA1
ab029c4b1b305ed7e7d46d2dd075fa2865eeb9a3

SHA256
02d22ca041a9307542d622192556b631f47d9fcac20a5508cbbe897785238be6

SHA512
81549908f9306af745308760c11047142e6f02f0bfd86ed7d65c782b4a9718283fdff317e060a7a699e9f4eb7a530ac5ac851cf00c1e8ea11c42e8a6ae938e72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008d

Filesize
67KB

MD5
f8b9bdffb92c5b7b72fe3b4f783a79a7

SHA1
334cbf4d018320bea929ae107e567d0cfeb1510d

SHA256
3d98a93b9b87e0aa1aa0de1e6bba1434181baaba56f2230a8517dec270707eca

SHA512
c3002eff36d5788d01ea9dfe4aa4511b7708f06fba65e1ecd067fd8ac1bef551d72659a29ea9297e3479b18cf2382fb4a44617f02f7aee1d180fac0c71c5126d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9283b6bbe895ec78f36ae7a54c191bb1

SHA1
eed896fbbde74cd0269baea7c56d7dec4bb87fdc

SHA256
27222687f0e070c26ad14e581a9970693ba887634de489d87939db481a089788

SHA512
caf00a015ff39be3976d4e0cd9d6c9635ca21832581787a7ce9d4d499bbac920bae0bc30679a5ed53d3401b966e6e8cb6401258e51623fa9fc33662d5bf78dde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5af1a5.TMP

Filesize
3KB

MD5
10ba96b0070db76bd58347ee317f28d7

SHA1
a36a5a29201b1f76b456e6f112369d8590b0fa1e

SHA256
547718cca55ed3ce1eb0d3e144f43d8a0cf560d1aeb81de85babfcb50c39da49

SHA512
18d63fb3b336605b6a7dcedbec29a70a55e1ea5bcd6e1d019232eb57c9dd96529867624a317b4f465a851a90e899fd82ed117e19da79b06e12222983d47070d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\94b94818-6945-46de-a462-d13831e3b361.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
18026b2bddb56a98058a19d7ddcf0465

SHA1
65f1ada6c7d55a2b881d39c491613a8d7dc16dcb

SHA256
534b0261ebb69bfb11b9ac1a7bce59066f313916534312c2c10a9ff0ce725c54

SHA512
b44ecf7260d8f2bc622d80f336881aef02e4273ad192ffc3f18f932d8774c4c4dcd2402334887fbf1a1a607d16c8117f4a9550edaa1af9ce7ec5afda10877e6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c64d9856f27de1cf3e9f3d5e26f81a9a

SHA1
d6004c40a219b879e72444f54ceaa32ab1d3ad13

SHA256
a76f4a9a98e864ace75ea30cb14aa986cc72122d52acbea8f2ba6fdae26032d7

SHA512
dd7adc25305c030031e8eb373734f2b64fd1cd8a86b6f2f2c91bf6d70427e9fc4b073a1a701a082a4633149a8131e702d6ddf321f516d41d25d77ec2cfaa6874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
e89d9eb986cf66fa61622676b6d78cb5

SHA1
5daa0a933f0caf0663f5ef3954710c0f56746d2d

SHA256
b8e1e7375414cf94eeaa6e5f3afd51d5c2b0bbbc29e30292fa1c0c868cd6d167

SHA512
db8ef0b1db66c0a4378cfcabca7045524374472a22e729617ee75330f79d3a51ccec89b7f35b425c30e18c2d7a330faafc146d53c8f42fa8a3a7a15f3d4353ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
37KB

MD5
5c147c5f7b6eff6755800e21178f4e2b

SHA1
01be792c7a4ed817fa462c3133b515e2b8403bdd

SHA256
f88cc228c1dfbd494ce8e6953622baece91e4d909291cf9a2011842a4ec76c7f

SHA512
a05c2ff90d3ba5b0f05800adaaecaee228c362871b0c9998bbef70deaff372d3158279a57bfda2f22272c65064fa4be2ea0851f88051a274af26a431985d4e23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
125304b91150ceea75d5258af4d6223c

SHA1
5aec5f11c8560b7afff96b64ff657bd0802f790a

SHA256
d21a7e69142a46d0d6cecb2d489a2a5d7b6d8f4f8a1f5256785d3e62b501bce5

SHA512
3c712633ecadc5855509d75b79f20f54f5f3e9d38c5329b68847dc3cba6ad2b54e1be22ace918c344da62fff676844f258f8b7946358b184a453d067a09dd160

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
dbea48c6c24f9fcf4c2d91ee08a0e327

SHA1
f0b94bd2a3f84df222ac173479a7a99ad0fc9293

SHA256
d3cddc18a8921cc7f4fd20e5f61f3d058996d15b4606881928cd05a8ecdcefda

SHA512
11035b1bdf801c1d9fb8f46ebb67fbca8f1081c4474a97e5115c2751760961ddc38656cf8043527f71c9e2a9f095aded2bec8f76a94e8665be9833005ba458c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
b6ae2bf0b69ebde267e1a34570a65fa9

SHA1
83c49266530ec3226bee0e4477282af424cbeeb2

SHA256
cba1c5225db6096d02d1fe0b39e5f035362ac9fb0d4fe54a266ed733490d47f1

SHA512
5416fea65ad9d156631b4394e773bc3176554be6284cb1b6cdad7133b81d8ea8cef0524267f2a70b93775ff22ae0c9eb034378fec8bee4386971f49202d15dcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
4ea98f1a80c7e260cddeac9aad9bbe4d

SHA1
09f18f20d4a94e21320e23d5ac9d6ff88d240270

SHA256
e32a72ea3573f40eb8325f586e698deedb7542f38238944360b493aa8d9623e5

SHA512
778834db817cdd70635bc5076a6040f139af8391744904f168d61a2592e126464d24866355aa8a6107d0c47cd8ef5e5f461e1d90c588caafbe228fd0faad6156

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.31.0\edge_checkout_page_validator.js

Filesize
1.1MB

MD5
0e3ea2aa2bc4484c8aebb7e348d8e680

SHA1
55f802e1a00a6988236882ae02f455648ab54114

SHA256
25ffb085e470aa7214bf40777794de05bf2bb53254244a4c3a3025f40ce4cef7

SHA512
45b31d42be032766f5c275568723a170bb6bbf522f123a5fdc47e0c6f76933d2d3e14487668e772488847096c5e6a1f33920f1ee97bc586319a9005bacd65428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-checkout-eligible-sites.json

Filesize
23KB

MD5
16d41ebc643fd34addf3704a3be1acdd

SHA1
b7fadc8afa56fbf4026b8c176112632c63be58a0

SHA256
b962497993e2cd24039474bc84be430f8f6e6ab0f52010e90351dc3ff259336c

SHA512
8d58aa30613a2376ccc729278d166a9b3ec87eca95544b9dec1ee9300e7dd987326ea42d05dca3f1cc08186685f2fdaf53c24fd2b756c1ed9f2b46436689dc74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-notification-config.json

Filesize
804B

MD5
4cdefd9eb040c2755db20aa8ea5ee8f7

SHA1
f649fcd1c12c26fb90906c4c2ec0a9127af275f4

SHA256
bb26ce6fe9416918e9f92fcc4a6fe8a641eceea54985356637991cf6d768f9fd

SHA512
7e23b91eab88c472eec664f7254c5513fc5de78e2e0151b0bcc86c3cd0bf2cb5d8bb0345d27afdd9f8fcb10be96feaa753f09e301fa92b8d76f4300600577209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-stable.json

Filesize
81KB

MD5
2e7d07dadfdac9adcabe5600fe21e3be

SHA1
d4601f65c6aa995132f4fce7b3854add5e7996a7

SHA256
56090563e8867339f38c025eafb152ffe40b9cfa53f2560c6f8d455511a2346a

SHA512
5cd1c818253e75cc02fccec46aeb34aeff95ea202aa48d4de527f4558c00e69e4cfd74d5cacfcf1bcd705fe6ff5287a74612ee69b5cc75f9428acfbdb4010593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-tokenization-config.json

Filesize
34KB

MD5
ae3bd0f89f8a8cdeb1ea6eea1636cbdd

SHA1
1801bc211e260ba8f8099727ea820ecf636c684a

SHA256
0088d5ebd8360ad66bd7bcc80b9754939775d4118cb7605fc1f514c707f0e20d

SHA512
69aff97091813d9d400bb332426c36e6b133a4b571b521e8fb6ad1a2b8124a3c5da8f3a9c52b8840152cf7adbd2ac653102aa2210632aa64b129cf7704d5b4fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
8f3385cd03fed7b316c2c0f0c434f291

SHA1
7ffbe132fe1d2ffb4f51b354c9cd0f5fa70b31ac

SHA256
c8f746812f771b0b87df29b61c0a3885d27ea6fe725065a95eb166a2778233eb

SHA512
1fe68b0ae4b3e888ad1f22ffd5a49b9ba26fcbb46a2b3792b5fa4b41e0390a0b2e2272c0ea337da96e7493c756fea8cd26e9a0d171397faa25ce8744b81293c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
2090ab2379f642de61db6777d9da9ac2

SHA1
7b5b437c7739a5e479de7edb31211f8389b489ed

SHA256
b3c900da443883ace77f4ed7a9bd161a1e293bf5bb9e7eb846cb04a4fb906241

SHA512
ce3e1bc0430ed0a01282163eabf57134bd3342e20d38eeab2d3a032069c2e0c6f23139b8c630598f625e9bea78f6d04a9310ee810c031f36517885a9274d18cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
47KB

MD5
8758249b01970a7db4a748cadb146e76

SHA1
a97f2fa6109cae60b5f59c9d585baa5bf6ad3605

SHA256
ca8ad5f4befd15f6fe1fdbf82bc90da28805f03aff2956ce11fbd94abfb5c04b

SHA512
c4f6dc8a4e7d184941c363e3c452f2ecbe16f5527d6d492968240744c0daf5bd8913b3bfeba08c7aa21be0a8cb364d0f355f56995c500d367a12db5ccc0702db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
6899d56d262352d0d25ebfefefbcad18

SHA1
fa3a9edf333f05700aed62328b026063d51df00e

SHA256
e906a13c60f96e7b453114c85dec706ab91e05a17a7ead1af3f8776f76c30283

SHA512
b01782d8954d1845645ac68137c55f4a09044dcf59eadac21ea60057d570b7fe4faca0230ef5394ba772d3137dd59a6c86169ec66f485b7d11be0e39a2c01ee5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\activity-stream.contile.json

Filesize
5KB

MD5
c644e3d6c7661cdeb7d4a8ed15c56c81

SHA1
ef4d139d47366f8cd221ecdc5af1750f9479dd4e

SHA256
8ef699d8b9971aa8eec7545aa728e75278dad7e9f2b68b63a1f39ccdafb0b867

SHA512
53a9776c36ea563b83148e45989192f273383af98e6af529bd75b9095189d93190f0041e4855f541f7b1567ea9e8dd208382df6d557c2aa945421b7d910ef037

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
0ab338d440c764eb39637c6b5b8e7f9b

SHA1
e565ff78dde0763ed52222b3818aba43dfb05ec8

SHA256
154d054e9efd74fd7063b21e60724650ce4b31bf634172a83c64c7e628ba8a20

SHA512
3c292a6d43059b197f98b9155a30128920574f80d40dedc7d72b97981eb3f4764e9bdd9e43e7c779a6a4b8e7d13868d7ec165e7eef66910cbb037d0b2caaa132

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\cache2\doomed\11813

Filesize
93KB

MD5
cccdb5164dab920b50f1ced2b773fe24

SHA1
6895694485b47fa38d193290317f97e2bf47c8da

SHA256
cc2cedf3515ad838b1ecb5497ec1ec04f5ab0222bb095e2d2be6aee3ad521f61

SHA512
badd3e825c3a5c79f7282e1df34d0b6661a99d6be4670c03e25701ff63abfc8284b38180470ef605ffe8033ca28584f9a530db078c19454e5bf436244720cd31

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\cache2\entries\08C7BA07A83267290BF7EA290A90023274DBAB70

Filesize
58KB

MD5
b3f3984bd675ba066dd969bd77c178b4

SHA1
589e38c662447c525d4f6254202559bc85670ab3

SHA256
f7752d25cfd922e6068757cd4d47cad3c08f75a0e525f0cbf0d7072537cdd2a0

SHA512
0b41bfc57bc16808b7a83489ca2fd52ac28f329d6d824c7267ab8c001bf703decc6e4133f3bf0c50b7f44c1a8b924e58cd4730e19c9a65d5945a5034eda24984

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\cache2\entries\29865F805FF6506A9E9193A7CB48F563E5718B38

Filesize
16KB

MD5
77173c34d054b8a125220443b5f94862

SHA1
715195e95ba64ab4f4a0617b828bef82dc708a08

SHA256
0082d18982dc8a3b5fccfcb53e75e26ab372b0864a62a86c20601e3fce7b9fc2

SHA512
acc6bb2100bbc553f7d4cf146d69a350c1425510503a12b1248e579124e2836f297ea7bb26eb11901699df844f37c5b75b5d0d09b5a08de0261174a5f5ee9470

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\cache2\entries\377B608AEC14C1BC3E67E6D07242823F7187E013

Filesize
443KB

MD5
077f1da801d32ad91f04659509ddd96e

SHA1
fa24a61546e5267bceb95922cab67cbb2f4a7ab3

SHA256
653e44b1afa07c8cd67704af092aba5b479d1c689984dcb03d6ef0213c0caa1a

SHA512
e05feb5cce55a208e9a545633a29ae0779c710748ea27d3931c96cea4154fbe3208c168e8d0c58191406733c9e2b163bdad89227737e450d948d4fbff9b7eb02

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\cache2\entries\4C2E0855A82B71982B1FE170A59C92F41D32E5AC

Filesize
100KB

MD5
a40fad675003d5572c137152c2e5779b

SHA1
134082038aec58e0fb8bfdb6f50e750542a10adf

SHA256
0b6831d1654b6a36d20b20a791b1aaafff33f184ddc99420fc92a49ef897ad44

SHA512
d3218e7e26ef8351cd99d4a7796ac63ca0d0823b3de2f251ba9dab3477ddd500b08f0b15a176777079a1af760896acb031a8f0f2c9477f9644a60c0f2f47d17f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\cache2\entries\56B21C591220416117271888E4FE19F30BE790E4

Filesize
23KB

MD5
7c0eb64304a24cc5f79536c31c7be995

SHA1
35cb5a98a8ac0a111aee4c519807a8b43c2392c9

SHA256
f9bd46418e60a8e5f8d6f835e2ed6139e859541d0810eb00064634703b6deeaa

SHA512
30d6d17bbf3e0042fc5392cfc636b1bfebf811825f58fd42f28e838d0972b9997a6d2e8d54cd1e1afc8fd8e8b3cfa3e68777b31eb9192545b711a2cdd68e55ed

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\cache2\entries\88D616DEB3A2D57E5907A07A1E98E7A45066E430

Filesize
187KB

MD5
40d7a05d118dd9a849ce44dab0d0944a

SHA1
9c840a83f640b83bf87da0fd66e580ecd28aadc2

SHA256
9bb74b4a15f25e1b9827a48bf39675b0ce26b72ed67c61238d6d3d700cfc010b

SHA512
f1bf621940a003afa1abc5f328afe6642a00c162218f905e5157a2576aee254e9f61833ef1d1ea8c2c640430f07af154962d40383730f3d93a51e9324c024b8c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\cache2\entries\8D3B3F344F71F7DFC7ADC6B8C64622B14B9DC6F0

Filesize
96KB

MD5
119f98ef52f403743653f22ebb69cbdd

SHA1
c4928dc0eeeb9809044863b01f344fba7c465d0e

SHA256
f7cbc9ad5828b22a1b6e0f22c5344bcd19ec8a866fe06fb42f2a86e45a5ca917

SHA512
38c18c76031853383785a19b254e52c87deb4b2079ffa62d5fe58a30f972c4f6fc6195d2844a0dad63f6215790273ba6b4f18c58f5dd0edbe6c42d689b5e87d4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\cache2\entries\989F4A0E68DE4591384D5B0028A21DDD3B532B07

Filesize
144KB

MD5
09834f8c2f3086c5316f2900bff7e338

SHA1
2c10e6336c50e1bef9313593334d5041e015f378

SHA256
fdff182add1c93f1f7f7965e813ee9bd304fa452b6a48d6b66163f92bd3695eb

SHA512
eed58fea0191a63e9aa6911cf82a51a86bd9019fa05714223e87ef2ead528aa6fb8a1cef228857d3fdbca073a7c0bfdb2bbd5b6c113c533046ad6796e5cedb50

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\cache2\entries\A585344A45AF937E3AB7D706291A9A3ED8D581D9

Filesize
13KB

MD5
e5816841603129d8c40a4e66eaf930e9

SHA1
b52d34858c780c19e6b1ff9f3fc50990570a1ed6

SHA256
31c06a2ad88e2cd8279f2268d3579b4032bb3ff6597ed62821f43db6c70f04d6

SHA512
3c5d0662b4a47705fee06859911d5836c0396b80ae24b8048f236ad770307393a824630421b21f3533baace31744e2dc265184f343ebc67bff85fb7bcf2c10f6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\cache2\entries\A85203E1AEAC32A744E07C4D86F460775283E271

Filesize
95KB

MD5
e182f522f2f7d4e8096a411ee7a3c860

SHA1
544f86058abdbdc52287b021843aea274e7deb08

SHA256
fa228a8a6b47cf129bbe71ed2db9ce9f1701e5955fa399a5e7f8d5af27ca1b3e

SHA512
1d7fa9a8ce480ed85630a311f5d96f20c20ba0ab6713e7990853d9abf6f5148324218cc8e0c250818e60af99686c2b29e376225befdaaf3fafd1a7801949a694

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\cache2\entries\AE50EF7A97995444DB618DAE423AB393BB7B947D

Filesize
370KB

MD5
f3dc07e512087069cc6710e82fb47962

SHA1
e1ec101972f1d1abc26a1a3b3a7cfc8630073dad

SHA256
1d02c9665c8964d5f953ae0da30d0c4cff7e70b767eb9c0ef5b724cf19f719e9

SHA512
1508070f463e7df7a90ede1b62260095349104c3f77a924d33ee586f9a9ba3bf24eaef9a7f1628d2e5a320014b4eea9f9899fc6aa5dab984cb150803842cab75

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\cache2\entries\C24389180C7E03F0D709C4D72C804207371DB846

Filesize
77KB

MD5
acf006a65152e577837abcfc8e516938

SHA1
faa7075baa54606ce40051ae105784bfb02ee7ef

SHA256
20809fd058bb0ff4d256a6be30af77a188198116fefdd76436a9479287f0b5c1

SHA512
3513c63f06004f2cfafa8526edd40e7082e4c066fd407148eb608d80f46864c5bb7d217cd9afdd4723873b7db80a7303afeb1bebfd31d28c1ebc53ea0935828c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\cache2\entries\E19316B1CDA62317F9DA2551F9B56E711FCC77AD

Filesize
13KB

MD5
7f0799eb8376955ec61b056ecf6072e6

SHA1
6226dae8fec5bb01c96d072a884ca8ed497f1d92

SHA256
e61672055f961ae3f7519afb550114c2379bfa4b36a27f0388206e717677a939

SHA512
87cf3e612339b323980a7b3a8b44d846960dd7b9343539b4731e2524cc666199232542d70b45556570188471265c3b047e066f345490f17589104b8066d84bd5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\cache2\entries\EA2AC8F172601F0B214BB84E94864C7F60507DB3

Filesize
59KB

MD5
8a20514558e4273302c2579b170eb796

SHA1
5d661ac316c816187fd3d93249014a7c7a7e2539

SHA256
705566d2740e79eeec3bfa02d62c07fcdb5bf353c0aa7960af9699e1f794f987

SHA512
f3347dfa85489a7bc40e8c306693ae423d12203cfbe5684016b140b31ccaaf75a9fe0ca075decb203f5d2d54ed038224c4437bee7d8911c440f0c891c5cf6fce

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
80125c0963c675a781116605dedd004d

SHA1
2a0b240141333295836e3d16e2eb29d6da2241b9

SHA256
cd534108f14816c96338b32b0670766c4e8a6cf6fe5fbe3d5918aba9876bf452

SHA512
e68362a4e61bf6b4ee0ae5ca67fb3b0d58cca108ddb78c017181075b7ab5a6cd05474fc5da54cadf73f1b4b79f4d5fd02d972b5102788486966c8410af40a16b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
aa90b3ce1634562f02eb169c2fdabfe7

SHA1
6c8f1cf05526faff1d89c80cadb6f84f9ffff0c9

SHA256
155ff11c3a548629d430f367e21dbd6a626b22b695492830eaabfed531bc53de

SHA512
9e6551295e77a74b155f4ad93aab9a8682170f34420e8190ef43896dba3644a43e587a73b3503df3910bca05126add14a02ae94000247f9b0e0cfe11887fb0ee

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a641c07b58577b829dbbe05df3c6ea3a

SHA1
d7fba1bca845c6663e94983761547c66397df9a0

SHA256
65b612a5336e10b11a2fc34163b8e564f714738aa0c60753404fa07237623fd2

SHA512
fce80264cf243e1bc909c3ca5a1c548d6e8f10fd9f28861b76deae2fc2f3d6bd329b343c56caedb07d90639552df2bcb74c96ce63b55fb64cce3dd8e4e5b4839

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0c8ac89b63c9f5e02c48dc54098b3b3a

SHA1
b4fedd1ea71c921f23de0ffdd16d57b753773ab3

SHA256
53fe6ad5076a1f700f058a69c8733d9c8fd18b9fea536c515a243ba81e7fa7b8

SHA512
1f978087522e4f64b9017f76def1430e688dad1bfa46d87e19a3f377ee9638efe05b4ea70d327e484881e9bcbdf1aeca4c080d03cf7c1edbfd9f98c26a60c385

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\wasm\index-dir\temp-index

Filesize
48B

MD5
c458c6aa0ba4e8e5ca7d0b993b639ee0

SHA1
da509e8bd3513d8c97b89298c615811e4882a363

SHA256
06871f1c80733ea25ab02311d9595f99733043cd297b038a16737fa6e4f64895

SHA512
b85f750b82a0c5da5fdaabd5e2727fa21e2224e9ebeb65b67de78c1f7bfe724ef5344efcb619811576b22b4ea9923b96dad515c8c790f5b198fc350bfc5dee50

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
710B

MD5
16db2b989afb57a4050b5ea128ed110e

SHA1
db0aae5960facaa70acbd41f8d85591ba5355338

SHA256
873dd9a749d2aefdd043aaa72bc28553350262ecc9b8a10d4a9d96cceadfe954

SHA512
f159018156a810f4aeb445014cb6c560c9ddbd9dd3155bcd1156223ae6fcdde8648185347158a8e328d90de6ac56a76ec9c9a0dc2b757ec1a9decd1c1f24a66a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
822B

MD5
42b5f2affa9c0cfdd7ab9bee27aa2984

SHA1
1fd0d0709ff3a7ce039c74dc3f0562095b62468e

SHA256
e667a92f70ceab412fc7c11385d409c52c690c400de260b6521f565b73bfa587

SHA512
2019079cc603142c80c71eaa7f50700717bac31192d669dbcc28fbec661a898f7171091602868366201baa00f9c0fba34660ba14c7adccadbaffa8c5d59cc79a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
822B

MD5
66bd2a7c8f471f57706d19996ae6ebb1

SHA1
c28174af4e69863b7af612a82f1032504041ca6c

SHA256
5fafab04215239be1bc1c3c44938eb57152b53b97a6e5434cf358b2cfcf5395a

SHA512
69dbab0054a7eb17619fcef147107330e25df73bcae307114efd2c17068d703f2078bb73fb2908091726cb2be4c5f00bf83211d0b1fb7952d8cbea61e42c08de

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe59d17f.TMP

Filesize
529B

MD5
175f0c8d60d6b981a7e744b6670f9f43

SHA1
d10614fb041d7d973302e99cb389cb666a03ced9

SHA256
2449a26fdf25a9b73468eccdc95d3260900f5bbabc8575a13436c0cb0abb863f

SHA512
a8467a67c3df183b5fd5329c5047c7ac873d60da4549d9b5cdfda60d3ae5b1560c83012f59cc340cfd3d78d8b2c0399025269fd28626b0840be39324daba0e68

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
714B

MD5
a742bdc32e8ccbf877688de2d685609d

SHA1
de22afb875325bc1d4f160d6b877e592203eaeaf

SHA256
949feaf5e0bb8202aa136d09bbde2851ef07b432554d33031ba86df2d851ec65

SHA512
eb7492f8fa0c5d83a768ca2a081290f64eb42b1ced80c415cfe3fa53cef454b1b6d98811cd4504d7e8f1d718e412dc464a89d4859897a1bb41b2216b19bbf692

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
827B

MD5
f4cd8ee2a8b224446371027ed4a35621

SHA1
59eaa0fc264f135039c96687b947cb9809ad5890

SHA256
e9a406f68bac56f8c0115d5064b5afa4d2decf0f8ef9e08d06a575968a6363fd

SHA512
46943b7c19995962d7112d97b0b1b82ce9fec7cae0478eb3bd7154e75145d05d7b15942c64d6cd4609ec1d2275f89117b6dd91b018f8d8d24bdf9074912ccd81

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
827B

MD5
4c5e29972cac5359dd53ca5546de0c09

SHA1
8232edf186ac5f3c4ed5da93dc796d3d539609b4

SHA256
53fa30c3e8885b93c24df3732a781996c4defa833bbccb75bd87e4aaf7cf1409

SHA512
6680be3e1cf2fb0fddf04b540084f9e98191d82c7ebc4c332f137c38326a3a24db6d7bda32a6bd18b0b8d8280988dbabdbd07e88f5cdeb7912de3bd341bbfe1c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe59e49a.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
8fa371d14506ed79c5bd658ed5e0a36e

SHA1
1022141ece068d3ed13742a970043626c1d5c5b2

SHA256
da68206f080f8da76b68f66e2bd1ccda740cf52258ea63b21629696084b1ec84

SHA512
b74de4dc6851703b19d722d431f773f51bfe5def3f5b00d3d3186a27236fb1f8010b9a50672712287e547efd509260139228f39b64755c1724807c9c84caeed2

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
24e27272081fcd2e1b3207fcc820a39c

SHA1
7bc775cc887e87d7de00c59397806babd84a0d0a

SHA256
8e3acc05c088a0f1c2d3b6174843e9658c74e57734d5e7a9ba6e73179c318421

SHA512
48e636dad8495c2855f2da0cd3d8168bea739a7f556f58b0f8880dc6eed4ae858423a4145b9b279119a64b04052839f3029f8947ccd1d8bb6eb544765b7ba281

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
f76e6f65653b5ced54299d9344d6f3ab

SHA1
fa18a8d14d9920deb4796cb391ba1fa3515461db

SHA256
deb56de1edd24e4c874bedc8919158eb27b310fd54a737612f717f611923e17d

SHA512
811ff06f6b1ec272850afb73a1e872ac4bf9d284915bcfc14fbee5127e5f0499bbf7e69b3327c8d1f77345de9e1f5b198a8d1911f81037621d77f21c95b77b76

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
4b6f3e4046f493233ba3823fa33d8888

SHA1
3d2a2a11dc61011b06e10392a05ed37bed69a61b

SHA256
1c02c954eaf8450c4d50d7349f48015ee0e03dc53817ff0c7135e323397308ef

SHA512
d9753574e8b83bd9f6ab758b790b4b7e22249f6fedebcc85fe390d8d2845318bc3894c1d027a24fea4208eb5144d35012f567143082cf64f6ccd26bc1343fb8c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
55be7418f93c48f26cedc0286095a7f3

SHA1
11097c708305cce3fb9e6bc8376ffc94e451acbc

SHA256
402a01f0c9c120bccc1c4dce1ebcce4d1b2e33d26fe2112cce38c50328637a6b

SHA512
aa948ebf45a35db38d4e035d33148b706af6c0e0ea5f5ee1c56077b009ac259a53c705bd02588c058706b1c56539dc5ce3aa86db0be9f9c96b143b14af8d510f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe59cc20.TMP

Filesize
188B

MD5
459126f8695947a584ad965275ea9a1c

SHA1
d76ab61b9769005e1148e2da726e1c9722720bc6

SHA256
bcaec3214d9e92ccf2e741c850c87b61c372b17c1db4b5d875a43febfd79d6b7

SHA512
3000c65a33f98b18ecb365375c29bb188fc3a59f283def5fadd893e2564a895fb651c63aa5c2c62d3b64d58aedb9600280e5ce71796f98371d657378daa4d8d1

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\XMD-000004.log

Filesize
28KB

MD5
68df4787b9ce0ccc5f0bc38fb62d5e9e

SHA1
964a582030a6a0e0ca8638c583e23062cd05b791

SHA256
8a45787773b182dcb16c21212f36a1853e1a3195418c27f6c9ffb779251e04ed

SHA512
c3a9ca74a814856230430589eb440805b02dbaf713c1950d11e607a0a3bf40ee22015a125ad108ea6562d1edffc57f76a76796b6b40766ddb26d6fc37524684d

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\XMD-000004.log

Filesize
28KB

MD5
4c76b0746b1b3d057e2f8f233dbf6321

SHA1
07eeb15553fbe8d9748b483366e106a984ccad0a

SHA256
def00f2bfeaa859ade636826b108bd1e774f8a92280c727f747f7ad6fa2ac260

SHA512
0de5cdc889d3be8d1aefe9ff1479f56207d3ae2c8b0c418a56a5a8de3f3e8cb1e0f4c194de8e8c73ab5244bb647950ba9005902ccf030a3822a21264ddf1963f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ca46c79a-3533-42a5-814d-bdd3b07eb572.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl82DF.tmp\System.dll

Filesize
37KB

MD5
e74573ce106dd95b148bb8b1ef8e3418

SHA1
e7c8a86adcd4c69d3aab40f3705626b3e9bfa2c3

SHA256
ddf81deda75e0d11107fe93c43896aae47ba9c8fe43ccad06250552890255818

SHA512
bebcf0ba9f8b7a2fd0300e4547961db696b4c829fea099adc3334c54d2d479c9931a8bf2b711373aec0cca7332562f9fd6c515f463570f982421012570a2d34e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl82DF.tmp\nsDialogs.dll

Filesize
26KB

MD5
9cbb2c67258df6cfc08e060bd8ab8309

SHA1
2737c9c05da63073759a8b3af3555c6d37a23ed6

SHA256
bed99bebd0b1fdadc4411a27d5ef3054e6287e32d81301761ed191ae8a799549

SHA512
b701998fe89d98a150328839f666d484131f031eb60e3e083a8ef7b81ffd48d1075b8d42dfb3a8333ba1f00a78eac5cc38a2443d1d7c28d22fde9124b63ce81b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl82DF.tmp\nsExec.dll

Filesize
22KB

MD5
dad419c254e3d26c6329061b8d404093

SHA1
a46856098c88fa04d3bb77dc748a301c8fffc9a1

SHA256
2397fcb767d4b5ce48df8c9d673614d82f6e5d030b241428f67e0a689b775f66

SHA512
598c88a578282f80319c3ce2fa2aa293c4b19e4e872ea9254a492be62b87c6c5c9c1bf0ff3998961372974fc830453eaabab670e79b3cbcc22f96d01afd11ae9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso43B2.tmp\StdUtils.dll

Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso43B2.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso43B2.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso43B2.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso43B2.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso43B2.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
11KB

MD5
25e8156b7f7ca8dad999ee2b93a32b71

SHA1
db587e9e9559b433cee57435cb97a83963659430

SHA256
ddf3ba4e25a622276755133e0cce5605b83719c7cab3546e09acbfed00d6a986

SHA512
1211b2fa997ba13ff926aec58b6b35a81d7fe108b0caa8f4d6369d0a37f8481373b78a4b201651243adde9e2b2699ce929482a46226ff6299b0a0e40fe2ddc56

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
502KB

MD5
e690f995973164fe425f76589b1be2d9

SHA1
e947c4dad203aab37a003194dddc7980c74fa712

SHA256
87862f4bc8559fbe578389a9501dc01c4c585edb4bb03b238493327296d60171

SHA512
77991110c1d195616e936d27151d02e4d957be6c20a4f3b3511567868b5ddffc6abbfdc668d17672f5d681f12b20237c7905f9b0daaa6d71dcdac4b38f2448b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
14.0MB

MD5
bcceccab13375513a6e8ab48e7b63496

SHA1
63d8a68cf562424d3fc3be1297d83f8247e24142

SHA256
a6af95a209b2e652ed6766804b9b8ad6b6a68f2c610b8f14713cd40df0d62bf9

SHA512
d94483deaae98bf9212699f1ab0bd913f6151a63e65ebc1ea644ab98d5e3ebd74ecaa08f70aca31e11a5d2c64d1504b723817af35bbe9d7b05c758dd6945d484

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
15KB

MD5
bebd11dd42cc7282d20f605499fd859c

SHA1
dc2229fd3f9b21ccf396a8a010dc0ddd89c9e8df

SHA256
4d0632dd7603594affdcb99611fa98bd4fd96762bdf7a5258d41888706611dd0

SHA512
421e5ee9d842b1f6cc9b03d9651009145de63b1b9241c56ac7d742fd8aa68136559cc268c54c68e46a1ca4460f68023ea8cb5b40aebc3ce816712b8944cd26b5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
18KB

MD5
2b72a9d263c0a074c8c6b56b9df57f20

SHA1
18c532928563b1bc9e003797f75fde6bec6ad283

SHA256
282e463488d5b6b0489e6daf8e6e4491bfc36a8d9bfebf4b82f93901ab428f9c

SHA512
48765ce2ded3444cbac4858854238db8f9a83ea4ff6d482034ac7d0e55f4ee85dc9ecee8ee2b0c78173622813f2b23ad9e5d75836df2974544666f3a365703d1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
22KB

MD5
5dd0114c56dd9ce871f5206566168957

SHA1
05e07180e64e6a5fcc0178790531ba1956098e81

SHA256
aef172ff6ceec782ad1b3b121a2cdcc98692a036fdceaa368abcb939cea17f25

SHA512
6dc5b90ec36f81a9d9cd5972acc2c8d2629df40f40d6dd5d6bd32a7a6867ad95cd8d5b5a840e8a4b1f7a76aca81cae120fc67a9803487668a2d8fe699126d724

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
22KB

MD5
facc66f78503cdd0dd440f56422ca138

SHA1
c5800801dcb09be645a08eaaf243c90679c096f6

SHA256
0c9d0296aa0c1313587b9a40c8d8b98868f53a3e78d9f4d7b55586ec39c82196

SHA512
dbc9c099dec2ba5563399c1cb3e7c3fb42a14ce1ecc665a9ad26780ea396340c82e73758fa0d77daad22df3b4b95cc14f6517a0c3548b3b19217146e8b6a86c5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
2b81000d93b8844efaa0a81381106d58

SHA1
15c4889e16b37f0e42db19a70592f4861e4f7183

SHA256
cf1bc07f5071c4d4d94f5dbac1796cbc654ff9a9959e71256143f4a716e1275c

SHA512
c186197fdfa98ecc57ef70fe2a424be6377558b409b2b1f43452f36ecfc2c28b41521cc2f1b0d41d22107d06f927f0d557d0c72338afe1fea17869eb260ca426

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
c98ebea37c1e3dc7a84ce94137a88aea

SHA1
fb8c44a214df6a52d06c2250f1d8da1151c5b664

SHA256
914cf2c5ed9aa809af753babfafe34c4bf37d2340a4fd791abe1b148f6ca1f11

SHA512
3bb69adbc65967783ac518e31ad1f37c3f889ce8c18fc5e6c42f7bccc02700052af282daf31dbae59f6a0637b704b9be55e1ad93816b119a44da4657941f4455

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
166ed4ddbd0948a7bc4dfc4bda8747ea

SHA1
59cd938aa4951b39e43cac9bc293e86f322b9154

SHA256
6849c3c374c603922b6ac1062a26f333f6018e8ce7b461b458bc5b27e13f7e6e

SHA512
1900fbe190790a53f53703b3aadfdedb9bb9956ff4f09f26a7cb8df23488ad1ae9e361c1c92caee16e877ca43ba8d3e1efbba40087ee44cd68ff1260e9eab5e0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
866de1263b913ae450df6627d4610edc

SHA1
c59d605049f719fbf7d2d1e55c28ee1074be61c8

SHA256
dd446892f4cda9f7ec8c95729b0adc22afcadda5bac178ddc87a1853423d18cd

SHA512
f363e673424ea93c472586a35f87512461692f7790d215da1b7e1a9d7bdfb4969b87ede8221f9e0c48a5a4629819bcab4aa21ade5232d7ef9ef7e539dfdcb8e4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
0e1d95f03cc15a85d40f6aa46880fc94

SHA1
64255a09c42eed993f9baa6f7d89eb6df01b12de

SHA256
d46643a4abf148d63a1ee41451efc3e571c28c59710afa71d2fb3ee8a5c4b99d

SHA512
27ac094056bd22d9c5be091e69299d6dc4cd20efe29589ca91769e23ebfdafe9d6fc4f0ba6ae995d0eb166b7fa0e2dc54b54f52a6d4916b11c5080a2b47371fc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
e11ca51b513c7295e9934114dfbe6017

SHA1
bf39b2a48128ea4125fa07c0cbb7b2e075981fc2

SHA256
03db10f385cc7b1fa44a0a9a2a789b92a7f12396cb391feb7b7e733afbfdaa4c

SHA512
878e2dfc635f8e942244d6428e5bed3034b05e7922ce1958f00d019b4f7b1c8cc7efe4268967947e6efbe302c9d45d834ae0f2b7398bb3dbe24e7fa6c4f720a1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
e9c73e768456262314214d1b287ecde4

SHA1
79e8d2bbcdf67119c04a2f169d4797b845ce0ff3

SHA256
f21210640dd8d3d30e3b352c8ed5596c31614779914033b8173f2d9637aec47b

SHA512
0ee406fe488e60c7ee0e30d574a08937871c2905c2a2140e84429118b0f09f304208b054c70226ec6fce7688ea5169a5aae35b9e1691735e4e5d40c01a134fd4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
550eed2eadb05016a4fd3c74a0e75b5c

SHA1
80fd13dd5cf8df5a0f70872406042db55a444f7a

SHA256
e3e1335e84688a68a3b33ce0f4f6a97c9c138de2ba92df0bcb6ac2b96f90efb8

SHA512
32c306fb4ca4bea1408082f28a7b350b627a47bedc3cd4990113dd3b4f70b83664da64219e19c58cd9891aafdc54feec867295754633d3d51860b512b004ff80

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
1c5e10ff1d90da4db87101aa36a78315

SHA1
4dad1ce505f777fb5e3a3d988298413d375c0678

SHA256
372e354c80c5d527cc25649e54156bfc880c5450ae8ceb2e8ab76fb763f4f2d4

SHA512
f7f07e0cb827ec107434496f5d850ee97f1fd264c605b82a7f5c1aad03139d11f044c6f1d92ee72f5eed72e5a82e837fcdf48b8214c1bf08bf1b0e892b101270

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
bd42389ef882bd9f0b33bc4376f82fc3

SHA1
669f5ac47a4486746ea2557e198a5eef6684bb81

SHA256
f6ea87b69154744bcab0e078ade2233bb6e47305919e3a113f578017a1443658

SHA512
0e4b2849d967608301f4cfdd5156a995d89036552c96426214404c576f10a633cf7ba188f57924b119d266ed3c14c546b1708741e7a008035b8cca010f1d5088

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
003c0056a814be467b73cfea198b4581

SHA1
dee23cbbd36e536afd35bee5233e31e23991e290

SHA256
6cec3ee8ba3a106e33bc2e98e023b4573490bff632cb8f92b803de213cdedd8f

SHA512
5790807ee3971d1cc923a4187bc3f8c3cd3fa59c691442d67749e5a08dd49f6017a8a53985aa2d4bcf0e5479b11a1abc15d336c0c0f7d71d16afcb2b4b8933dc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
b38d370628462ba4fe30df8c5aef2c65

SHA1
327299508bfb4097e93e5d5517b5c028271b5b89

SHA256
7f48b855200f5538a75be4c9fffa2e8df5e54399392e11f324288c10af376c41

SHA512
af9b18ce9c5f267f0b7ff5d1f7b1a753762d9274aba77952cef0d8fb227aed71f6886d3c8b3fbd1d105d5ddb5bc52cb134765595b9265376b38e2995aa1b10d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\AlternateServices.bin

Filesize
7KB

MD5
ffdd57821c38a6ef2c74d78da01009d1

SHA1
f2c777a6b4ca3ef4f2cf80696f19aea754b03afa

SHA256
5e8f3b9945a273e75e618b20d1926355dae9965ae811e06066f8500bc2908e72

SHA512
30ae2bf5fb08dc0dbe7621462151c70a35a82b3361bf03a711c48fb39a50ad0185dbb9ef84d0ef9a3da635cd016534b67ac90e20707819afc82babd7668f8422

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\AlternateServices.bin

Filesize
22KB

MD5
6dac4aa02b49a3d919c128c29e8ea963

SHA1
8e07cc230c45bd3643b6ce68d55584f17ed5cf2e

SHA256
7099e8e8eec0308525214838cac0cabafcf2e3832fdd3676ff4b3d0e04fc6944

SHA512
a704d3215cd0d6147b23e61badd70bcdf8362c6741f9268a977fd56959ded6fea46c3214ed43acdd6223ad52d9d37633ffe7d1c29e1ca6fc347f314aeb1d2cc3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\SiteSecurityServiceState.bin

Filesize
5KB

MD5
48ecdd7c37cffe8f2e21ead42c3884ce

SHA1
569ed2a9724a7231b11228efb5cff65336c23f1e

SHA256
3a0067b818d510de77af1caf99d32b9a2931cab151cf884598a5c28e7ce9f303

SHA512
40d5cba80f56204032a8ee8687cf963a9aea56d98e26c133aa478337114e683505ae3cf61a4c41a2a76ba5495e18c70392b9524ca49f2ed8c778751c028a004b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
e3773b3d0f2d069635e40007f7a8b273

SHA1
e1bc8a5abb25a86ad4a7a14e084f13432c5bd30d

SHA256
11687f1da48d84b38a8d8834331c307aac13ceb4460be821122fe02aa678e37e

SHA512
7d98b4c5282f26fb96a6257ffc6a2a0133cb32142a6a868c6e300f7cce91b31b67a574b0fdf129fd0cae865685b1d2d19cfc7a35c1392ab287047a0778b3da71

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\datareporting\glean\db\data.safe.tmp

Filesize
152KB

MD5
f34fe5f7f94349b39814ee7c0f205e5e

SHA1
c7fefc99dfe32273f0f1097d9374fcc5c1cb0a89

SHA256
fb14c452d1e82d5533c7d01d7baf8a1b8fb56946fdecb582a930fb1eff1c1505

SHA512
520da6c148c27a9bb932495bbbc5f999ba2c2626b7994e5d10d2bf3903f0dffae80a3642fbc9287a5bb5ba2abef090d91160c0a4d683b1561157ec23b98fec19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\datareporting\glean\db\data.safe.tmp

Filesize
152KB

MD5
5dea9680b152bdc8176d2943cce41684

SHA1
e4d2b4c6e31c0fbcb072aac127ee93b712dfebb5

SHA256
8bafffb5f46ff06fe5a49e85e2b6898cd621fafa634970461d8b44b6b8d1f230

SHA512
ad69d93ada34ac46ecebf9beeb8bfba28eeef6c45606bc78800f29f0ef9d9493aafe2e78417d406132b0922dee2546e74dbe42c57ac62cc096d24cf818108a39

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
b2b2449bcaf11c91f7c1658cef599184

SHA1
3afb2e46fa4e7ec1d2963b84f6cb1f5f18d39bdb

SHA256
ed92d8157b12c22482a5f9895f50c9de2b51f5c84ac57dc8d0d10e76f1d3e945

SHA512
c78fdd0ee1549f81a833afe90aae266a18c8fa19fd99f3ce89d6c748540cc7811ac79301a219d4fbe7e4750952107f6703cd2b265c190712583c8de48e102762

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
6fd37418961e015027b4a6db28ac9e45

SHA1
e308290f33e4fb1d99034f3579d6ffcafdd727f3

SHA256
95f5454f6769b7110af894e0f6b1b793c7ed40aeaa8466f2d30f748e4c77fd67

SHA512
f66c0f921dd901230e6492a24ce03fb45cd60a6838ec930088142a1534f9020ede19de651ee087482f14b2ca1ed8bb0517ce02fcd00338a4c5ffcb3015b63767

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\datareporting\glean\events\events

Filesize
5KB

MD5
d1e944ddb9217ef4621030dc6ded50b1

SHA1
ecd3048a98c0f31591b8030cc4d8741303d5fa74

SHA256
305d61e7bd5c05d003e917fd97a943c6c5f7673f797a90a59045b4a71dd042ae

SHA512
8d86846aa649aabb107068a20c1a801828cf4cdffa72659f0f105595e61237a5f445ed6a02dc72980c18f7ba406b7cfdd68a5357fcecfae0474e3292925546c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\datareporting\glean\events\pageload

Filesize
5KB

MD5
837108fa7a3f513cce790f99f393ea0e

SHA1
de1a58ac0b708c0c838bb780e6d7b46db69cbbb1

SHA256
f36487153907c613d4f5aabf3633cb1f0c3d3013ba1efb9786f880fdfdbab50f

SHA512
d481bef28080397ca189a4594cfcad3e9a62fe8f7091c41122f0acb83652b004d8543f4481aa167099ce6d35fcc4cecc62f93120c984933ae324f9953fa7735b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\datareporting\glean\pending_pings\0994dbc9-fa35-4084-a2c5-82d2700d0014

Filesize
235B

MD5
3b9a283dbb80f61bc7c952c32a459f15

SHA1
83802a0d219c515c8eb0532519c66fb10fb1c1bd

SHA256
866168b031e0c75fe9665fd3d7d73cb2139b5c682a179a36ebe621f7f9689c8c

SHA512
908f99082a6c59105663d89242857e17616185bce1f05314f598e74cfce173a5c23c201b30819af6c87850896ba3006f06e0f072a48e3ddb28ea7f40dc46b024

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\datareporting\glean\pending_pings\2343ef9c-7af6-4486-870a-47e1a7857729

Filesize
16KB

MD5
02b6e09ac024a841ec09c77095b34f0e

SHA1
c68b91ad68bb08ae797e2dda55fe2519630f2fe1

SHA256
af6b484fb5b542c6c52cb54cbdba647afb33f176960e91dfb1c4723a9540b71f

SHA512
31bad4709105d287afc399a4d534b91306011f51807d856421ed3d62dc0877e0b094e266ff7bfb6deead29c47bd630a4f910784da27d9bfb6334ab7f186e0b5b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\datareporting\glean\pending_pings\29f8e938-afdb-4903-b5c5-a913c9ed1e3b

Filesize
883B

MD5
2845e33d358063ef0feb01bec495e04d

SHA1
8ace53f3ca1b774489add0c134a9f6c475bf95ee

SHA256
d9562ef75de01a50479f70ea5496b8e90ff757ded66a917710d2dd7ece594e2c

SHA512
96469dd7fa720feee0c5967eff109709d3799a17183b6d0588f941206a7c1c681aedd73d7f490d95d517adf92903f7a9d6f957344ffd1ef3d26bd932eec74300

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\datareporting\glean\pending_pings\2ee97da5-a851-4add-8d30-9d8fecf3ab59

Filesize
886B

MD5
f2cf3c0e9060f3e0b4e20bdccb968492

SHA1
28bcff84dfa89729ad5bae258dc0902825ba56cb

SHA256
8bb996e4936cd828202b022598a67bed2d1e1a8611aeb186bfb8293205b2139a

SHA512
f9bb3477bde534006ece5e6bd2a8ea9731ec2f230ac22b011a0353d6b9e51b4e6d75f0200595a37e80b6016e2cc1043ab32067a619a8db7cdbb7187027aea7e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\datareporting\glean\pending_pings\6acfbe61-cca8-47c7-be5e-da5262e3c1cc

Filesize
11KB

MD5
4b947c8fe7d4a4e4146d6bb8ad338f88

SHA1
8279b41d9f71cb90e37d7b61d1b8961e7e3e8882

SHA256
804e3c559de7d9f5d63dee2a5efdeea7e4ec3f91ec30b64e4ac98fd4a9f58990

SHA512
526d465d32f40285d39eb8f8af4a257cd017020a17e0df3455f9f49b26e041e4938fdfa967ecf192aa85c616b2bb748dcbe43b2bf73f08f07dba95ad7220cdb3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\datareporting\glean\pending_pings\894744c8-b2e4-4950-ab52-1491e8290d0a

Filesize
2KB

MD5
0d4b78639bea86e97ff4693465c1ccd4

SHA1
c1d5882a2678c53ac981775e9948a5cc82b1d600

SHA256
2e24fb92cd18fc5a057f059061d5f6db843ff6b9b269ae64713e7e12f32803fb

SHA512
e5df13cfb516eacacd6bcd09b0c4c8f6947fdbb51b6c48c870ddee1bd8419dedfcaecc180ac4d97fe9ae499b143a9e05f8fe606a8a25ae81fe9ab27d4c156724

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\datareporting\glean\pending_pings\c0803e64-86c4-4998-a88c-141830091256

Filesize
281B

MD5
d2a10ff786585f4dd4970992fc368bbe

SHA1
d58a8cb89a8b6652923f508ea4ff7841e5b7e0ce

SHA256
4466819450b80f7a7821563d8c25a509d71c01dc1ec181ffe764eef6c6104c29

SHA512
16bb09d5f3f54d08da94b9166e157a71f2c0a5dafd8f1b8a6873148e027f230cce292c08d50bc9476e86d687376c8447e0ece09d9680c1ca6a526ea7a701a5ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\datareporting\glean\pending_pings\df4042bb-fa7f-4637-be1f-ea89776f3e5f

Filesize
235B

MD5
5cf6d5b906b5a58af9c1dbe9888cf061

SHA1
c90807b2afc512d4bddb3e7ebb184bff73fa2093

SHA256
1ae35a5777fc8954da73e70a63fbe62ae00808c0f3051c83547c52d95e60d7a5

SHA512
a0f06c19b34a7f77a7ce5068d5a101f53df5909c3d86b2b54f0ed2e1ee54a0dc25c1e4f0778557919885897dffd75c0e7eb3db194b03b68005ebeaf75be7b89a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\datareporting\glean\pending_pings\e1cc8747-0a35-4b93-9099-ee1dfddddfc8

Filesize
1008B

MD5
4faa5652a9ec36f37e084d9b2477a32c

SHA1
a2c606fbf3d58525a7c2d031481e816a9f136041

SHA256
4f0243913084958fdd57b9d17c294f1626433710cfec580a45f4b583fbafc4cb

SHA512
e23589984e69baff040817b98a85baa184b8078bd9d8a2c61c43b1dcddfb32e5c0c3e05779b9422376027be56c0231eedc3fdfaf3cafd5fa7506f97285742934

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\extensions.json

Filesize
16KB

MD5
4e65b0b205a0fef97242ead838c95d98

SHA1
1e77a820287c1ed03ec560a41e3ea5fdc7d58d55

SHA256
c6184cc22ce9e11e99f2d9c04a10a47d8b654144ea47b13e5779163d4884788a

SHA512
df57af1ee1bf84b1c6040a8e823dd72da5841e1782b0ccb1479f1fd7437e0853feb76f3435b40252233109321385dfeb350400354333f5f9b5f78dd47ef4fa21

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.dll

Filesize
1.1MB

MD5
626073e8dcf656ac4130e3283c51cbba

SHA1
7e3197e5792e34a67bfef9727ce1dd7dc151284c

SHA256
37c005a7789747b412d6c0a6a4c30d15732da3d857b4f94b744be1a67231b651

SHA512
eebdeef5e47aeadfeebdbab8625f4ec91e15c4c4e4db4be91ea41be4a3da1e1afeed305f6470e5d6b2a31c41cbfb5548b35a15fccd7896d3fde7cdf402d7a339

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.info

Filesize
116B

MD5
ae29912407dfadf0d683982d4fb57293

SHA1
0542053f5a6ce07dc206f69230109be4a5e25775

SHA256
fe7686a6281f0ab519c32c788ce0da0d01640425018dcffcfcb81105757f6fe6

SHA512
6f9083152c02f93a900cb69b1ce879e0c0d69453f1046280ca549a0301ae7925facdda6329f7ccb61726addee78ba2fffc5ba3491a185f139f3155716caf0a8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\gmp-widevinecdm\4.10.2891.0\manifest.json

Filesize
1001B

MD5
32aeacedce82bafbcba8d1ade9e88d5a

SHA1
a9b4858d2ae0b6595705634fd024f7e076426a24

SHA256
4ed3c6389f6f7cd94db5cd0f870c34a296fc0de3b1e707fccf01645b455790ce

SHA512
67dfe5632188714ec87f3c79dbe217a0ae4dfb784f3fac63affd20fef8b8ef1978c28b3bf7955f3daaf3004ac5316b1ffa964683b0676841bab4274c325c6e2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\gmp-widevinecdm\4.10.2891.0\widevinecdm.dll

Filesize
18.5MB

MD5
1b32d1ec35a7ead1671efc0782b7edf0

SHA1
8e3274b9f2938ff2252ed74779dd6322c601a0c8

SHA256
3ed0dec36754402707c2ae4fbfa887fe3089945f6f7c1a8a3e6c1e64ad1c2648

SHA512
ab452caa2a529b5bf3874c291f1ffb2a30d9ea43dae5df6a6995dde4bc3506648c749317f0d8e94c31214e62f18f855d933b6d0b6b44634b01e058d3c5fcb499

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\prefs-1.js

Filesize
12KB

MD5
f4b39db2dcbcbeff278528e890351e21

SHA1
d067e5338b7e2c960d6ae9b6443e50e139614d41

SHA256
5e765215246eecb61da7fc6d01495b84dddfed92748bc921ebdb622cf38723e3

SHA512
7153000bedd0aa827d5a94902a202d98e464b59f5acc751c51f58ad15b69bdc33f84f0c0f1f59ff5eb5f92bde6491c7d3646d525795236107e0722b3106aee0f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\prefs-1.js

Filesize
6KB

MD5
9eac8344b4f68657f53c78b6e64e4ce2

SHA1
00305921802037f8e338892e4f5db8c9a9f970da

SHA256
555aaa2866d227182c7cb8b816e3ff679f8b8b49ca84e34d33c77bec2b14884f

SHA512
408f43a26a175909ec40da21045c6549a61834c0974077d98879adf3bc71c221c3ccec58058be1e59e373cc3e676fe017192b4f2d6c5c378810ff619b52ae876

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\prefs-1.js

Filesize
8KB

MD5
75c774d4898df86b4a60263e266409b4

SHA1
1de3eb3469c692aff31ba12847bfe0f0b1698035

SHA256
5e2c2434cbe8d96b5069a5e119e3475ad5e20df378ef9fcfc7fdb6bcd2ecfba6

SHA512
eb7507f8701ee5619d495ad6c2062307aa81210732b0be38e740efbc63d5239110a26a8c236ef1d74676a77116787fc96562378509083202be968eab22e5d242

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\prefs.js

Filesize
6KB

MD5
cdba2e0845850f9c857190b85ac232b1

SHA1
bf2ab8ea38544853a47a7ad4bf2d5dc7e8429cf8

SHA256
7d6bc916a56b0b141fcc31944528451ef555945f0dc2d8c612b037a53936a9b4

SHA512
d386d63e47fbcbb21c1498fdcf187e84ab38c61f761fbeda05f3ec8c1a1b7b74927e0ee3e5eb6a1a922e73bcb3fda25bc5b8f389250355c3564bfac4daa80347

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\prefs.js

Filesize
12KB

MD5
3776e7272e10b71bc4b46831da692d73

SHA1
d27e1452cc8fdd1191a08595e6472c7a59d467af

SHA256
ee7b7d9ded0ed0623603c6ad768756cbd5b132bd02670b37d58350a6173a9cf0

SHA512
9a3e4dd65e674ecc005538650bfe5f60372637ee7ad820a05ff3c00cfa56f289d1cdf186550575c20e534296d1f4b7e41e0c4baeed8c9c3ed85c4b370ddca418

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\prefs.js

Filesize
11KB

MD5
4796b47ab22c4d8089422a620cb8287e

SHA1
839d5504d58f443f5a25c954b189cba1f448af03

SHA256
9a0dc15ce764620f580790be0b407f67e11addb2a169c429c2e1965234730521

SHA512
f46bb0e57cdd3f2fdd4dbff2014335efb02a3f14d97f1a63fd864730960299b1fbe4a51b410ca7dfed43045e259c9f87146f1f960604b3ba88b39f36739013f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\prefs.js

Filesize
11KB

MD5
61f07ca5eb5d266fe9a6ca9d4dd855bd

SHA1
4df045f22fbff62ac2cdb83b8b3aa491d7b3ea95

SHA256
fb9d5f8b69da27405209a8f4c92c8d61b748d512bb31d4cf603b4a2c728d6ce2

SHA512
41b504cc4ee2a7c13f82cd1642de8a913c651607b536d53372d93ad2ac3182f4f05ecb32eeded1e06c7d8db8022d620387a808e45fe6d916c9a8b631c751a74f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\prefs.js

Filesize
11KB

MD5
48c2ee58848b46e038cae20fad08c71a

SHA1
c1c87ab4a0e9aa8b61796b5e6c0fe45b1521328d

SHA256
088b58dee09e369fa8218c58debc03a458d734846db6877a1345328d7a37d5e9

SHA512
9fc95429a9bab79f0d7a3ab43b854c2b0ab6f37c92db9cb441c3f4bfecddbf1f963059516a2e55c19a11d667e6db0aa257dcec09aaeab41e1560d8780904350e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\sessionstore-backups\recovery.baklz4

Filesize
71KB

MD5
6b176c44ad01f49df9709980722a68df

SHA1
11f8c60f195425d9ffeb674808f396e4ed5beaff

SHA256
720cfdfb7d7c2b53c3994659773957df503759387eb2ead44c6f300356297300

SHA512
82a1471fc527ef793a3501cbc74d7dd33812689cfc43ece6b15cad11ad54b2068bb2eeec17791bea4e6c53f03d0f837129f1548a7f1e8653570c79b84ea004d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\sessionstore-backups\recovery.baklz4

Filesize
77KB

MD5
a2ccaf8e547a51400dbd1378f128c0d1

SHA1
bb574bb4c149c7d6eba699341c991d1e3b6954c3

SHA256
5d0f709044759f2dbc4a36d74ef6e24868d72d094bdbe6b1e16365d53ebabd1b

SHA512
07fddddd647e1ee4d4d6387cf9f835162b01ff0e5b7f539f4b0af66d8bf0b2f654749a16c0919deda16ca5eb612e19aa2c1a0913409b7e063081d4e76f8b4514

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\sessionstore-backups\recovery.baklz4

Filesize
148KB

MD5
a15d2839a48bbe7be495b07e2f2a1dad

SHA1
c059dcbe972003934ffd81d80c5c919ccc241f6e

SHA256
44eaa9fd366d3a330a273d5d50ffb9d1fa3655abe89a1c2d11b6abf516f0dbef

SHA512
ce007249610ca6a0e8af58f0b7126dca146e866b9275121e04e1a925479f514fa85dd560fd6768ff5a50e5c1dd4b68b9127d4371aaf5366119a51908d952bade

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
6e9f52753ebc3ab0826ef91067cc8956

SHA1
4a01f8dfc577ccb788a1932436027cbda1606f63

SHA256
20641e683ee2637ca2aa91c2f317db812a541e8a26ff546e789c4b960620b9f9

SHA512
9f19a715c0a32873a46813ed9b0802f5b0a963b2de6a22213454bf0928d8e83b5060768b24a2c3966f547f879f352575f39e49b61e79176a0edcd519ad41b893

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
c640bd6c65d097f8f99bd08bbacc993b

SHA1
06ca9aa265f298e8f8297d5abaa7c3769ebd7aa3

SHA256
fe112296788034bb7e2059ff8ea1d59a688f938ac38ae56b8b6378a87643e5cd

SHA512
181b8c7e7f4817c504d8c141a5278fe471c38d0d5ef831b82f29f49ed8dacb566cffe16f3ea30c7c6de4b6291e249403e1af2650fc3168cf6ca4a3cc9a2f90b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\sessionstore-backups\recovery.baklz4

Filesize
72KB

MD5
655687a986c3ae966222914b7c3772d7

SHA1
3f5fd40f373cfd2754897102b69068fe5817ec63

SHA256
daf7da4a94ee852462a1413ace416abdab52fe0e0b42379a8d2620459252daae

SHA512
0f58efb9e9e916d57c92f2392af2281a1ffb334c464f91961d08d54e4a692680e2c317913d2cabd0488b9e6f497a9ff8def0345a62f18dc5c0539f4bffe39f30

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\sessionstore-backups\recovery.baklz4

Filesize
184KB

MD5
c3cb32b7ae0b986b92e9d61280ac63cf

SHA1
7d69e1f671dc5c58993aceece000fd2a04ac5ab1

SHA256
36e6b0dd0dbd3954816098615fd6bb85b482e5daef0d1d19dbb70f2341e47372

SHA512
8eb3505eef4b872be8576164bf03234aa0a56e4c28ab18e94f0639e14ec04e94f23341a10bbe85024879851d6088748d660a09d14c3ee193efd943f60ed0054c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\sessionstore-backups\recovery.baklz4

Filesize
71KB

MD5
ca7121d982c5026462869ad7df958b0e

SHA1
c8fc0f1d78a29bfa857acef7065fc1f13403255b

SHA256
ad41cd2f58e202d6609ca510065cb1eae28fc1d6507d4b78325a4f09de38d382

SHA512
bb0a59112924213ba24c5e82c4ab16bba00f4a4c6469892dc94f96070a93019aaf5640658b39da264f0950e25f4020897ab7ee618634d799e8734ee93878f261

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\sessionstore-backups\recovery.baklz4

Filesize
75KB

MD5
66a4a1797cb3628f74fb000a2fa237a4

SHA1
69da0ae070f10759659bee208ad539913747b81a

SHA256
ea49f8099519a1cb74e2061e8058bde93b41caf52a14f1df99924975c9ddb774

SHA512
cea3b430a47eb0f7c7cbe81cd637b534c6425c86e80cf55435cc7a723b4d25c441e86e1f11251363f168043e5efd7303ea72d195184eb9603eadf187ec121838

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\sessionstore-backups\recovery.baklz4

Filesize
153KB

MD5
b7ff7ced7abbba77056a71fe2ad359ea

SHA1
3693a400747d0cab10a9184c4eca7e11a21d71a5

SHA256
80a80e0751a0885d2cd4890cbf7c9f2449250007486d20f0ceb17955dbe1ec8a

SHA512
36d7b51e1f280275284ac8d05b1ba7e0a5d8700b7788724f2e85237cb9e6bb25db53de8e58cf6fe1134bd4bc34bbcaa86c972f0b54c3cf5572ae94aaf03b9151

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\sessionstore-backups\recovery.baklz4

Filesize
78KB

MD5
a31b769618b890e05171c3cd1ac7875a

SHA1
791135149b148a5bca317c16754944bd3670fdb8

SHA256
c0dd40920a9d403bcab76654c5082cd994bea73b1cc0652845064847d676e94a

SHA512
9ae3f330f2752046c76884908d64eea845e5d403a5a648f7fdea3ebbef5045ce15b3a0326b330bd1b33efd99c2dd6a14a2c8e0f3e62d2b1f83132a2c96b6d835

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\sessionstore-backups\recovery.baklz4

Filesize
155KB

MD5
6f9e6581bd38a7b9807a37999be9e03a

SHA1
23e07eb191f10d9609ad9d0cf3571a658422a547

SHA256
d4948a09c03b581112c8f8fecb1c8f1d91f87d3deca28d8eb197e7ad72f3dec5

SHA512
a0b2412527b7fbd09a7814a2397fc0585639230653e255e19c0eaa50d20671e44ca5689beb6576edb6eac1b4c99ebe8a90a5b3e43701b8d5b5a128f49c321bf3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\sessionstore-backups\recovery.baklz4

Filesize
148KB

MD5
132457b510303904b30f7557e10f0d6f

SHA1
0e9b6646bcf8e57107462adbb92a37abc3669d39

SHA256
1b8af7ed0b74d6365761e89d609d6accbcdf42653768be880efc32a79fe55a59

SHA512
1ca613d9557e2f8dd9e3131ac72db23ee26076ec7bc84b3b2645296fd36eccf8d216d9e39f704d32118f662e8099d6b6dbea45f513fa6f4d61dafc5a8e311a23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\sessionstore-backups\recovery.baklz4

Filesize
158KB

MD5
8f276789394e1ad25ca68010cd324849

SHA1
c2e93c394953f0faba5b80ff456ba55c6d76978a

SHA256
2cb430d263ab2e2bfa01da817a237e95c9499e73a5e8df8c69bacf6b8b4e2223

SHA512
6607291fa8812e5b50373bd3ca0c7b03dc44a9f9317d9690ead7e592bd55b92b7e8278e007294c490519907ae14cf568beb6e55ce99dc340bc230108177ec079

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\sessionstore-backups\recovery.baklz4

Filesize
184KB

MD5
d4be3c830d524f806b5266e236e0be67

SHA1
593ef1cca74b050d5076c1b02a360366ab806c01

SHA256
2ed5f40d56917f7bb468b6f41d85163b9c2b3152183ea16401e3bfe433f5c569

SHA512
7f08cf93cf45a685c87d724a5a25f7eb29c1f0b9aec0edb27235a7ee0e43b9b16961b519f67de5c0406a9583eb95ee74e7810eef5504f70b6ac164e6d857b625

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\sessionstore-backups\recovery.baklz4

Filesize
155KB

MD5
b5f7b27bb967609072da4a898936d05a

SHA1
ee1e535a3a067500f14a6a80d758fb07f2712700

SHA256
0fcc9b8dc353ef9499310b366de20563a5b106ee5f891eff667857929829aec9

SHA512
b05be5cf21e393fe04e02db8d9e23f69ec79a46cf33fa5f1e6c15ae01ea31c6b427511c440ff40d1fe950bd082ea5ad7bcae9549d64dcbceffaeb8c2b098e417

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\sessionstore-backups\recovery.baklz4

Filesize
157KB

MD5
8abc5b5a9446f756a99f35bddb077c7f

SHA1
ad52c8f1072448609347f19a187bad9264b66c32

SHA256
ebf051de76817b770dfd2cb4931b6e65dae175a831848151adcabe2ef9bfc4ec

SHA512
920051083a18ef666b7f089991b59af025857ed28d15c268530229ba466fb9f85b47ae7c9e351ef351745c909a995ede06582333173f6edbbee907d3844f339e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
f7a7ab1df82668b9f1babafc8e1e6c62

SHA1
9a69c23e3f866201e537b7dc1a776be6958b3af8

SHA256
c7d0bae11e16585e48f7fef70edef6e22ef64ee1fccbbb710eba5729650efe0b

SHA512
f7640d9db541c5e32d8816ee827b23345923e9711851afa2c6d7bfd5513c9d3f9241451e3a54d2ff013a4abd2ece8ccf03135b17f81f2f602eeaad56f57d2973

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
71KB

MD5
536078cf3f6b236f55c147509b64b770

SHA1
b02f74fb1899871b5da25ff0acd6f7afb427e8f6

SHA256
a3a1cc1b487bec673a2a78cb663fa3fcef14e7a4f869bbbba8f6c7883ca2e5d9

SHA512
04878ba39a9396c59bc575d651055f641d2642949c2ba92b7835b626b02b1492b2ba8b1f3598608c94aebd1934d6f5eaf9c88d1bb3865db2188002c80a87a4e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\storage\default\https+++en.mrproblogger.com\idb\301792106ttes.sqlite

Filesize
48KB

MD5
7a005570d7393f7f2f606aa983721032

SHA1
4fcd0e837fc39928e7397d45e280c3ae51cffdbb

SHA256
72bd8033a390f38bcfc42868cafa2deb4a709e2692e2fe65b7e71f5cf25a2f76

SHA512
68d1cddd96af8428931a81de0f7443b05b5d3d2a05f976beff0c8383b4646f8b13b97ab9359bac382033053bd3223ac9d4c13bf5daef0ac03fb029bda37bf6e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\storage\default\https+++steamdb.info\cache\morgue\184\{349e00a8-cb9e-4a41-aaf9-6fb0120aa2b8}.final

Filesize
83B

MD5
4a5c6bb5a15963c8253cfa74811dd0cf

SHA1
5fd4a8ba1144ac7e8ae328f0f377984068d82cb7

SHA256
3bdf4ab75046c708b88c4dc9092dadd087345dbd26c02ecc9e6da6fe543f60cb

SHA512
96f92a8246e009a75430e6f44f57f1b9b83e45c76db0a23e39edf2f39aba54e3c09e5b2051387a490e0a9722fee7efea760e3d810debf989e3deaee5f8f4924e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\storage\default\https+++www.googletagmanager.com^partitionKey=%28https%2Cdreamytabs.com%29\cache\morgue\159\{b7ad771f-a116-44ba-a30a-c04cdc0c309f}.final

Filesize
10KB

MD5
be4b8d06204faba090b711ee174418e4

SHA1
8b60f0834f1576a131c10514e10f7508db287153

SHA256
1f38853b4f515c0aa982835b112cd20e62e9ced63ee6d3ac80bb0a6b08c24cc6

SHA512
745f17334e1b89d6227068f926cc7f2ad518a84460575029fa3314fbee86bdd77a3fdec81475f3a5b6f52a7fedb516e0d3ccdd72fd8a30357ff22b759328ef0d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k4tz2e8p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
3.5MB

MD5
8610a58ef13e1c24b05d9e9ed060bd41

SHA1
65e90bd8db908b109a51ce67a204793d52670382

SHA256
ada8a4c34d2c0ba1524d353a0d073b5d51cc80303443ec7297688c9ecb1b9c14

SHA512
6fa465cd2c69c37e01aba4dae3d219c4fd5430710985327942d849833be1378910066c071f3eab1e4696e11b7c8c543c2061f0d64257e356bc8d3b1c407c1075

Download Submit
C:\Users\Admin\Downloads\1222140.rQzYIjME.zip.part

Filesize
2.1MB

MD5
b30f0e36552f61061b1ef354656f1f4c

SHA1
d2bbf2ad34586b1b7faced7109e81365e7bc3490

SHA256
61a8b8aeb2d299eb861a617995faa4b6e54b07e731a65cdc77e35cd0f784a622

SHA512
d4bf967c47d8fa46471880110978ea56ef91d26c8c1a3ea7b3a287e2705277f8aeae55bfc046a395368c12dd8b87b1fc29c457eba7b9bd3563cb77c552af1e4e

Download Submit
C:\Users\Admin\Downloads\st-setup-1.8.16.exe

Filesize
8.2MB

MD5
9c42f5ccae30afc9c70c924d543924f8

SHA1
4e3c555cfee82d23acfdda4754c0870f455156e8

SHA256
80b6573208f2179c97ce64ff731269e349a07a3969c1198bf5a9092c5a01555c

SHA512
51d5c449ce3070a2c080a81d14af74e1c5621e41057fd4c311aee1888322879b6fadef1bbdbd370bfaa00dd50a87df2d73943f96aff3ae5b1d4708505d8a6707

Download Submit
C:\Users\Admin\Downloads\st-setup-1.8.16.exe:Zone.Identifier

Filesize
140B

MD5
2331c081fee5fffa3ab8ad556c071c6c

SHA1
9ea89daf709c3577581ab31afe29ff17ecc3ad2b

SHA256
92d21c6618a90c2bd6e87b9a642e88c19671a5dda053696e7c9201c5a1665c0d

SHA512
7b731ad28ead94a8219ffb31df202273c349896dd457c5aa9525daddff7773d2ea6b46f5b5e5e3610cb94ecf3dc93974ab2fbed08ff8718cb2cdda5e9682b506

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping19896_1525169183\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping19896_1525169183\_platform_specific\win_x64\widevinecdm.dll.sig

Filesize
1KB

MD5
bf85030725211b1d56494b40fb88c6f9

SHA1
2d9c4586c0647bec18291b87bc21dc4f89b4a47c

SHA256
bdae7b6c2de3587282809f2ee1b07db0b29769de2ce9aec06f4399685c7729b7

SHA512
d4389470b17dd421f219b84ebf3f91a26c655f6d3827d8041ff067ef9c7ecb3b17c1de0dd977bfe840faab169f99eb9f4f5329f32dba3852746a5b27015abfaf

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_1329840831\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_1329840831\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_1329840831\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_2100731420\manifest.json

Filesize
145B

MD5
465cc76a28cc5543a0d845a8e8dd58fa

SHA1
adbe272f254fd8b218fcc7c8da716072ea29d8ba

SHA256
e75fb1fa1692e9720166872afe6d015e4f99d4e8725463e950889a55c4c35bb9

SHA512
a00286cd50d908883a48f675d6291881ad8809dcae5aca55d5d581e6d93a66058e1fe9e626852bf16e5bb0c693a088a69d9876ccac288181b1f74254bf1da1a2

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_358219125\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_428088552\_metadata\verified_contents.json

Filesize
1KB

MD5
e88d7cbb64f8ad6eb60e61c46a67840e

SHA1
32f5919ca1466ec636104c7545e8ba9a3b956fc3

SHA256
9b791c9f3350a7b4ef88f1837fcd7a1df7c51e0d0af13dffed00b5e9817c4cda

SHA512
19ab9478c7b9654612076d61af00072916cde832be5ce3d729664e3912d1e205a6abeaef1f835165f7979f2e08f0364f1cd1579de5f3180c24dedbd9558ce902

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_428088552\manifest.json

Filesize
1003B

MD5
578c9dbc62724b9d481ec9484a347b37

SHA1
a6f5a3884fd37b7f04f93147f9498c11ed5c2c2d

SHA256
005a2386e5da2e6a5975f1180fe9b325da57c61c0b4f1b853b8bcf66ec98f0a0

SHA512
2060eb35fb0015926915f603c8e1742b448a21c5a794f9ec2bebd04e170184c60a31cee0682f4fd48b65cff6ade70befd77ba0446cc42d6fe1de68d93b8ea640

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\Notification\notification_fast.bundle.js.LICENSE.txt

Filesize
551B

MD5
7bf61e84e614585030a26b0b148f4d79

SHA1
c4ffbc5c6aa599e578d3f5524a59a99228eea400

SHA256
38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179

SHA512
ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt

Filesize
1KB

MD5
8595bdd96ab7d24cc60eb749ce1b8b82

SHA1
3b612cc3d05e372c5ac91124f3756bbf099b378d

SHA256
363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831

SHA512
555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\json\i18n-tokenized-card\fr-CA\strings.json

Filesize
2KB

MD5
cd247582beb274ca64f720aa588ffbc0

SHA1
4aaeef0905e67b490d4a9508ed5d4a406263ed9c

SHA256
c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5

SHA512
bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping22324_943038312\manifest.json

Filesize
121B

MD5
16f004af39a3675a73f5c15f6182a293

SHA1
e7027edbadfd881e03d8a592ae661a985fd89cd7

SHA256
4e5ef1851bc910ceeb59a63bb53725cf5d8149feff9483e960b54cc26fdc419b

SHA512
8ef0d80259b5a38424676918f07238a76c527b643267008999dc3b2cff5c93e29ae85cbf0605f0d0b4f880fd6ae96254ebd30e5b80097eea95f5d27b5d461ff6

Download Submit
memory/2732-12151-0x0000000000F70000-0x0000000001422000-memory.dmp

Filesize
4.7MB

Download
memory/7728-13367-0x000001DD635A0000-0x000001DD6364F000-memory.dmp

Filesize
700KB

Download
memory/8388-13248-0x0000025BF0790000-0x0000025BF083F000-memory.dmp

Filesize
700KB

Download
memory/9152-13461-0x0000018D50610000-0x0000018D506BF000-memory.dmp

Filesize
700KB

Download
memory/18440-14548-0x000001F949FF0000-0x000001F94A09F000-memory.dmp

Filesize
700KB

Download
memory/18860-14574-0x0000000140000000-0x0000000140105000-memory.dmp

Filesize
1.0MB

Download
memory/19432-14559-0x00000243E30C0000-0x00000243E30C1000-memory.dmp

Filesize
4KB

Download
memory/19432-14549-0x00000243E30C0000-0x00000243E30C1000-memory.dmp

Filesize
4KB

Download
memory/19432-14556-0x00000243E30C0000-0x00000243E30C1000-memory.dmp

Filesize
4KB

Download
memory/19432-14562-0x00000243E30C0000-0x00000243E30C1000-memory.dmp

Filesize
4KB

Download
memory/19432-14560-0x00000243E30C0000-0x00000243E30C1000-memory.dmp

Filesize
4KB

Download
memory/19432-14561-0x00000243E30C0000-0x00000243E30C1000-memory.dmp

Filesize
4KB

Download
memory/19432-14558-0x00000243E30C0000-0x00000243E30C1000-memory.dmp

Filesize
4KB

Download
memory/19432-14550-0x00000243E30C0000-0x00000243E30C1000-memory.dmp

Filesize
4KB

Download
memory/19432-14551-0x00000243E30C0000-0x00000243E30C1000-memory.dmp

Filesize
4KB

Download
memory/19432-14557-0x00000243E30C0000-0x00000243E30C1000-memory.dmp

Filesize
4KB

Download
memory/19748-14522-0x000000006E940000-0x000000006FD0A000-memory.dmp

Filesize
19.8MB

Download
memory/19748-12333-0x000000006E940000-0x000000006FD0A000-memory.dmp

Filesize
19.8MB

Download
memory/19748-13637-0x000000006E940000-0x000000006FD0A000-memory.dmp

Filesize
19.8MB

Download
memory/19748-14588-0x000000006E940000-0x000000006FD0A000-memory.dmp

Filesize
19.8MB

Download
memory/19748-14206-0x000000006E940000-0x000000006FD0A000-memory.dmp

Filesize
19.8MB

Download
memory/19748-13338-0x000000006E940000-0x000000006FD0A000-memory.dmp

Filesize
19.8MB

Download
memory/19748-14394-0x000000006E940000-0x000000006FD0A000-memory.dmp

Filesize
19.8MB

Download
memory/19748-12790-0x000000006E940000-0x000000006FD0A000-memory.dmp

Filesize
19.8MB

Download
memory/19748-12335-0x000000006E940000-0x000000006FD0A000-memory.dmp

Filesize
19.8MB

Download
memory/19748-13808-0x000000006E940000-0x000000006FD0A000-memory.dmp

Filesize
19.8MB

Download
memory/19748-12331-0x000000006E940000-0x000000006FD0A000-memory.dmp

Filesize
19.8MB

Download
memory/19748-12320-0x000000006E940000-0x000000006FD0A000-memory.dmp

Filesize
19.8MB

Download
memory/19748-12310-0x000000006E940000-0x000000006FD0A000-memory.dmp

Filesize
19.8MB

Download
memory/20392-14577-0x00007FFA002A0000-0x00007FFA007E1000-memory.dmp

Filesize
5.3MB

Download
memory/21932-12214-0x00007FFA36DA0000-0x00007FFA36DA1000-memory.dmp

Filesize
4KB

Download
memory/21932-12215-0x00007FFA35D30000-0x00007FFA35D31000-memory.dmp

Filesize
4KB

Download
memory/22052-12317-0x000002613EF70000-0x000002613F01F000-memory.dmp

Filesize
700KB

Download