6345a13c1eab921686d7ef594b6ac35e6e65839ac297795031014fbd9717508a

Analysis

max time kernel
899s
max time network
899s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-12-2024 17:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SWASetup.exe
Size

14KB
MD5

cd1436d99f11bc0382d6776f23c74831
SHA1

accc8e49ba85581de25288b9a461ae14b5554d91
SHA256

6345a13c1eab921686d7ef594b6ac35e6e65839ac297795031014fbd9717508a
SHA512

00374fa8dce13ce885714ab23b2d9111a8bb2194c17b5ccc6bd859aead6df36398fc2abed9d2840333e8a8dfa9f5da112e3a67a1141465300caad5b12c005493
SSDEEP

192:jgYX92TJJTcolI9FVigA6KtuY5AlF0o4Awh/b3B0OZnnWYlA8W2FCT1vT:Ls/aKu0AlFqAwFzSSWMQRt

Score

8^/10

steam discovery persistence phishing

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 6 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	SWASetup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	SWA V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe

Executes dropped EXE 19 IoCs

pid	Process
4684	SWA V2.exe
5648	SteamSetup.exe
456	steamservice.exe
5928	steam.exe
8368	steam.exe
8420	steamwebhelper.exe
8452	steamwebhelper.exe
8588	steamwebhelper.exe
8740	steamwebhelper.exe
8928	gldriverquery64.exe
9012	steamwebhelper.exe
9104	steamwebhelper.exe
9384	gldriverquery.exe
9440	vulkandriverquery64.exe
9480	vulkandriverquery.exe
10824	steamwebhelper.exe
11436	steamwebhelper.exe
11592	steamwebhelper.exe
3716	steamwebhelper.exe

Loads dropped DLL 64 IoCs

pid	Process
5648	SteamSetup.exe
5648	SteamSetup.exe
5648	SteamSetup.exe
5648	SteamSetup.exe
5648	SteamSetup.exe
5648	SteamSetup.exe
5648	SteamSetup.exe
5648	SteamSetup.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8420	steamwebhelper.exe
8420	steamwebhelper.exe
8420	steamwebhelper.exe
8420	steamwebhelper.exe
8452	steamwebhelper.exe
8452	steamwebhelper.exe
8452	steamwebhelper.exe
8368	steam.exe
8588	steamwebhelper.exe
8588	steamwebhelper.exe
8588	steamwebhelper.exe
8588	steamwebhelper.exe
8588	steamwebhelper.exe
8588	steamwebhelper.exe
8588	steamwebhelper.exe
8588	steamwebhelper.exe
8588	steamwebhelper.exe
8368	steam.exe
8740	steamwebhelper.exe
8740	steamwebhelper.exe
8740	steamwebhelper.exe
8368	steam.exe
9012	steamwebhelper.exe
9012	steamwebhelper.exe
9012	steamwebhelper.exe
9104	steamwebhelper.exe
9104	steamwebhelper.exe
9104	steamwebhelper.exe
9104	steamwebhelper.exe
10824	steamwebhelper.exe
10824	steamwebhelper.exe
10824	steamwebhelper.exe
10824	steamwebhelper.exe
11436	steamwebhelper.exe
11436	steamwebhelper.exe
11436	steamwebhelper.exe
11436	steamwebhelper.exe
11592	steamwebhelper.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
14	pastebin.com
16	pastebin.com

Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_lstick_click_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\chkSelStd.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\cloud_icon_up.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_lfn.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_ltrackpad_ring_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_l5.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_outlined_button_x_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\mnuSepCenter.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steamui_french.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\cmnd_camera_horizon_reset.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_dpad_swipe.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_rg_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\logs\transport_client.txt	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_l_touch_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_rtrackpad_click.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_rb_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_dpad_swipe_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_r_touch_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_l2_soft_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\pl.pak_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam.exe_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0030.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\listview_placeholder1.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_l_ring_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_buttons_w_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_rt_click.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_ltrackpad_click_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_r2_soft_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_up_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_button_mute_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_touch_doubletap_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_l_right_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_button_l_arrow_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_spanish-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_gridl_disabled.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steamui_czech.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_touchpad_edge_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_dpad_down_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_r2_soft_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_ring.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_dpad_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_latam.txt.gz_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_security_good.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_r1_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\templates\controller_mobile_touch_gamepad_joystick.vdf_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_button_options_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_button_mute_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_gyro_pitch_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\hp_m1_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0424.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\controller_config_controller_generic.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_030_inv_0318.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\overlay_thai.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_rt-1.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_l_left.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_r_touch_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\layout\setcustomimagedialog.layout_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_p2_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_dpad_up_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\sr.pak_	steam.exe
File created	C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt	SteamSetup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	SWA V2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	SWA V2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	SWA V2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133794480556743533"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 60 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam\Shell\Open	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	SWA V2.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	SWA V2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	SWA V2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	SWA V2.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	SWA V2.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	SWA V2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink\URL Protocol	steamservice.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	SWA V2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink\Shell\Open	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	SWA V2.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam\Shell	steamservice.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	SWA V2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	SWA V2.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	SWA V2.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	SWA V2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	SWA V2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam\DefaultIcon	steamservice.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	SWA V2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	SWA V2.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	SWA V2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	SWA V2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	SWA V2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	SWA V2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	SWA V2.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steamservice.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	steam.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4716	SWASetup.exe
2260	msedge.exe
2260	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
1388	chrome.exe
1388	chrome.exe
5648	SteamSetup.exe
5648	SteamSetup.exe
5648	SteamSetup.exe
5648	SteamSetup.exe
5648	SteamSetup.exe
5648	SteamSetup.exe
5648	SteamSetup.exe
5648	SteamSetup.exe
5648	SteamSetup.exe
5648	SteamSetup.exe
5648	SteamSetup.exe
5648	SteamSetup.exe
5648	SteamSetup.exe
5648	SteamSetup.exe
5648	SteamSetup.exe
5648	SteamSetup.exe
5648	SteamSetup.exe
5648	SteamSetup.exe
5648	SteamSetup.exe
5648	SteamSetup.exe
10984	chrome.exe
10984	chrome.exe
10984	chrome.exe
10984	chrome.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe
8368	steam.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
8368	steam.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
12576	msedge.exe
12576	msedge.exe
12576	msedge.exe
12576	msedge.exe
12576	msedge.exe
12576	msedge.exe
12576	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4716	SWASetup.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
8420	steamwebhelper.exe
8420	steamwebhelper.exe
8420	steamwebhelper.exe
8420	steamwebhelper.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
8420	steamwebhelper.exe
8420	steamwebhelper.exe
8420	steamwebhelper.exe
8420	steamwebhelper.exe
8420	steamwebhelper.exe
8420	steamwebhelper.exe
8420	steamwebhelper.exe
8420	steamwebhelper.exe
8420	steamwebhelper.exe
8420	steamwebhelper.exe
8420	steamwebhelper.exe
8420	steamwebhelper.exe
8420	steamwebhelper.exe
8420	steamwebhelper.exe
8420	steamwebhelper.exe
8420	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4684	SWA V2.exe
8368	steam.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4716 wrote to memory of 4684	4716	SWASetup.exe	83
PID 4716 wrote to memory of 4684	4716	SWASetup.exe	83
PID 4824 wrote to memory of 1704	4824	msedge.exe	88
PID 4824 wrote to memory of 1704	4824	msedge.exe	88
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 3424	4824	msedge.exe	89
PID 4824 wrote to memory of 2260	4824	msedge.exe	90
PID 4824 wrote to memory of 2260	4824	msedge.exe	90
PID 4824 wrote to memory of 1972	4824	msedge.exe	91
PID 4824 wrote to memory of 1972	4824	msedge.exe	91
PID 4824 wrote to memory of 1972	4824	msedge.exe	91
PID 4824 wrote to memory of 1972	4824	msedge.exe	91
PID 4824 wrote to memory of 1972	4824	msedge.exe	91
PID 4824 wrote to memory of 1972	4824	msedge.exe	91
PID 4824 wrote to memory of 1972	4824	msedge.exe	91
PID 4824 wrote to memory of 1972	4824	msedge.exe	91
PID 4824 wrote to memory of 1972	4824	msedge.exe	91
PID 4824 wrote to memory of 1972	4824	msedge.exe	91
PID 4824 wrote to memory of 1972	4824	msedge.exe	91
PID 4824 wrote to memory of 1972	4824	msedge.exe	91
PID 4824 wrote to memory of 1972	4824	msedge.exe	91
PID 4824 wrote to memory of 1972	4824	msedge.exe	91
PID 4824 wrote to memory of 1972	4824	msedge.exe	91
PID 4824 wrote to memory of 1972	4824	msedge.exe	91
PID 4824 wrote to memory of 1972	4824	msedge.exe	91
PID 4824 wrote to memory of 1972	4824	msedge.exe	91

C:\Users\Admin\AppData\Local\Temp\SWASetup.exe
"C:\Users\Admin\AppData\Local\Temp\SWASetup.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4716
- C:\GFK\SWAv2\SWA V2.exe
  "C:\GFK\SWAv2\SWA V2.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8bee146f8,0x7ff8bee14708,0x7ff8bee14718
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,10429423911417288895,8981111045688063665,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,10429423911417288895,8981111045688063665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,10429423911417288895,8981111045688063665,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,10429423911417288895,8981111045688063665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,10429423911417288895,8981111045688063665,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,10429423911417288895,8981111045688063665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,10429423911417288895,8981111045688063665,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
  2⤵
  PID:4428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8be62cc40,0x7ff8be62cc4c,0x7ff8be62cc58
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,14760902456318114415,14734092702849327293,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2184,i,14760902456318114415,14734092702849327293,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,14760902456318114415,14734092702849327293,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2412 /prefetch:8
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,14760902456318114415,14734092702849327293,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3280,i,14760902456318114415,14734092702849327293,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3740,i,14760902456318114415,14734092702849327293,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4768,i,14760902456318114415,14734092702849327293,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3220,i,14760902456318114415,14734092702849327293,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4480 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3396,i,14760902456318114415,14734092702849327293,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4788,i,14760902456318114415,14734092702849327293,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4496 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3352,i,14760902456318114415,14734092702849327293,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3372,i,14760902456318114415,14734092702849327293,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4424 /prefetch:8
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,14760902456318114415,14734092702849327293,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5096,i,14760902456318114415,14734092702849327293,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4564 /prefetch:2
  2⤵
  PID:5516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5240,i,14760902456318114415,14734092702849327293,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5112,i,14760902456318114415,14734092702849327293,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=860 /prefetch:8
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5556,i,14760902456318114415,14734092702849327293,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6020,i,14760902456318114415,14734092702849327293,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  PID:5392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6048,i,14760902456318114415,14734092702849327293,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5104,i,14760902456318114415,14734092702849327293,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:776
- C:\Users\Admin\Downloads\SteamSetup.exe
  "C:\Users\Admin\Downloads\SteamSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:5648
- - C:\Program Files (x86)\Steam\bin\steamservice.exe
    "C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3380,i,14760902456318114415,14734092702849327293,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4576 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:10984

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2376

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2880

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2d0 0x408
1⤵
PID:1876

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies system certificate store
PID:5928
- C:\Program Files (x86)\Steam\steam.exe
  "C:\Program Files (x86)\Steam\steam.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:8368
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=8368" "-buildid=1733265492" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:8420
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1733265492 --initial-client-data=0x280,0x284,0x288,0x27c,0x28c,0x7ff8c0cfaf00,0x7ff8c0cfaf0c,0x7ff8c0cfaf18
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:8452
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1584,i,16248902605263781776,13820862898424661618,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1596 --mojo-platform-channel-handle=1572 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:8588
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2220,i,16248902605263781776,13820862898424661618,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2224 --mojo-platform-channel-handle=2216 /prefetch:3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:8740
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2760,i,16248902605263781776,13820862898424661618,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2764 --mojo-platform-channel-handle=2756 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:9012
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,16248902605263781776,13820862898424661618,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3152 --mojo-platform-channel-handle=3144 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:9104
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=1168,i,16248902605263781776,13820862898424661618,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2932 --mojo-platform-channel-handle=1120 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:10824
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=632,i,16248902605263781776,13820862898424661618,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3964 --mojo-platform-channel-handle=4004 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:11436
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=4672,i,16248902605263781776,13820862898424661618,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4676 --mojo-platform-channel-handle=4668 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:11592
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4348,i,16248902605263781776,13820862898424661618,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4408 --mojo-platform-channel-handle=4372 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:3716
- - C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:8928
- - C:\Program Files (x86)\Steam\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:9384
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:9440
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:9480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.steampowered.com/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:12576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bee146f8,0x7ff8bee14708,0x7ff8bee14718
      4⤵
      PID:12592
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,13120395975134328887,3738560540309040607,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
      4⤵
      PID:12836
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,13120395975134328887,3738560540309040607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
      4⤵
      PID:12844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,13120395975134328887,3738560540309040607,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
      4⤵
      PID:12900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13120395975134328887,3738560540309040607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
      4⤵
      PID:13180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13120395975134328887,3738560540309040607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
      4⤵
      PID:13184
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13120395975134328887,3738560540309040607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
      4⤵
      PID:13728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,13120395975134328887,3738560540309040607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
      4⤵
      PID:15616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,13120395975134328887,3738560540309040607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
      4⤵
      PID:15828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13120395975134328887,3738560540309040607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
      4⤵
      PID:15844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13120395975134328887,3738560540309040607,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
      4⤵
      PID:15864
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13120395975134328887,3738560540309040607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
      4⤵
      PID:16196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13120395975134328887,3738560540309040607,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
      4⤵
      PID:16204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:13228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\GFK\SWAv2\Guna.UI2.dll

Filesize
2.1MB

MD5
b429ae86c5be521bc8ca3b164cec3acb

SHA1
387560073ff5a1f2191abc6f75fc34532bbb6dd2

SHA256
3ac70532408b89159bfe235d4ed228faa03ae3fbd63ec6a82d895f287a3b0579

SHA512
eae65de53da50708983ed8ebf9e1e3dd5f9aea95a354d272e199bb59517f62bfe35f0df7a37d81ab0423d0d6d29304fa70284c731bd54023e446b2c19bacafb1

Download Submit
C:\GFK\SWAv2\Newtonsoft.Json.dll

Filesize
695KB

MD5
adf3e3eecde20b7c9661e9c47106a14a

SHA1
f3130f7fd4b414b5aec04eb87ed800eb84dd2154

SHA256
22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07

SHA512
6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b

Download Submit
C:\GFK\SWAv2\SWA V2.dll

Filesize
808KB

MD5
c3e192a2ff49b948c4066ca3933d2de5

SHA1
7a2fb8db982bd21c06d663b3d1a4ec074f773c37

SHA256
2424295814e9acaf28325608940f69c854d27a372f0f50f5675f3f2b1ad12289

SHA512
ae304f89a0da518acf2051c7be2fccc6b650197f549aef4344ba0020c7bf8466f0c011ed6b6f5f3ac6e529d2b8fafdff77baacc9f78a4cb02918bb9600a32ee9

Download Submit
C:\GFK\SWAv2\SWA V2.exe

Filesize
396KB

MD5
8f59bec096bbf55c0934f97475394cca

SHA1
2f0a0fd2408c388ff740df2e6eb0a4ae3589ef33

SHA256
4c3e50b52c48e6e3a6caaf490c84e7e811ecea7b39e63834ea3906c89efebae4

SHA512
6364c0c820e7dd3782aa662b138093ab47c9525b19fe81527d12b2ed9f790ca4922610d22ea50a75022cfe2e07b4859576c5dad6205b8d27cec4118b2141607d

Download Submit
C:\GFK\SWAv2\SWA V2.runtimeconfig.json

Filesize
386B

MD5
186a65581e2f29258f54d396660409fa

SHA1
6f998d3be2e85cb5419205f867135874f27c0a3a

SHA256
e1e0974d0e8833375024eb7c78521b3b5cad4228aad22b23d506cbe702445844

SHA512
7dea87b523aab01ea3c794779b71bc0b52179e1d5e7b9a45539ddd39c775969ef22853c4c193699aec1e3fa3cbe26e90e3a4881226c52a3aacae1eac260ff896

Download Submit
C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\bin\SteamService.exe

Filesize
2.5MB

MD5
ba0ea9249da4ab8f62432617489ae5a6

SHA1
d8873c5dcb6e128c39cf0c423b502821343659a7

SHA256
ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d

SHA512
52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
24KB

MD5
d5cbe7cd2bb8705254d6fbe8cec8633b

SHA1
8b68270b00fecd9a3ba8a60ca89a4b9e27415b3d

SHA256
70eb7ff39e86a470a1bd5d347ea16194a930954089d81b54413be948068fe4d6

SHA512
e635cf3b6f853a95fc3eb2a433ae9025cfb289a9e5bf6cdd3c3e8989ce2d1d2019749727fafb347612a5768a23bb627e8ad0c336e9ef3ab1e3be7b27a2c9fbb6

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
21KB

MD5
5a087e4a23b1b5ffa22296d526686046

SHA1
98243520a339f77b5239e182914f16ee82f046f9

SHA256
d1f909ee900e5224eaeddf451fb398f11a39a5fd499db09c0cb955c1b281e5ad

SHA512
d152382f383cf17d69c546d34985ba7b39c1d9157654e529344b1e387c83eed9c5f6141ee0dd9ce864993286f24d123cd2112d5d721efab48900ddf830b84aed

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
15KB

MD5
62f15fcf849cdacbad7203f50f706115

SHA1
ad0e60c3d918f5ed0cd13d82cfa7470a8e0851b9

SHA256
9a5a601872679c6492e1866e1d5eb01631edf12498b4b29fc0014df1f82788ca

SHA512
3fa723d475128afaccaadb22ed815d0956576d7dad7fe0c57c6843355df8e1d17b759d9d59ea5acfc5445f55a4f7640c2603ffa2303b9445dc88988df80ee87c

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
15KB

MD5
3e16c7e2a92b7c0b93ed12db42885b34

SHA1
411c358b88987dab76d9681af6542e2078c80468

SHA256
ae578924e90abbe5c5d38f70f87f84bb18abe9032da973fc3b0781a47b94ce65

SHA512
829f95bc6d717628f142aca13070e6cdadd1bfb7e6557c9f1fc73125927f4d88db25c340f0c7bdbe897019bb2fc51a1a5f9f8a77f865b5f0b6ab267be195cce7

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
14KB

MD5
37f1c86e3941151782a2d2455b45ab1c

SHA1
b33f138f90c2f6cb7be17f33b1b9421d743ef260

SHA256
3665663b96508b432a84dfe0611414451aa47152fd614f689ae9f27e82bd69c9

SHA512
8ccfcda62bad2ece830de569e8d22a4d64cecc20e5d315b781d0b87e70ae052057c503a57e5a2e6d1c15477853df2cf0a75d541262ddb8327d11cb52d6f43f26

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
20KB

MD5
d10ee27d04c3701dc05253ed23aa880f

SHA1
3acd5b1cbf5befb8c4d95dec79c0b612f471baca

SHA256
a1f842c8d291eb68bcfc312265e539c444138f8a834c0168f17f1be17e23de96

SHA512
26951ef9cccc9ebbfadcad72a59718c53e40f4f1174e9bb0931fe116a7196ffa09f7b9eeee696c1e88dd35d2331358c40e3fc4aeb5e7f70a6b34d136eb5e63bd

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
23KB

MD5
89d7c5830cbacfb101044ad63464f8f7

SHA1
0a974f8cb5704bbbeedaace0e069f8b5b15518e7

SHA256
914ea9cb6555fda27a65fdd7ae1f85988a1eb030d1760f4b39fd646f8eb9f493

SHA512
fcc714c6308335b713dbafe0b207ee3829597bd64f2e4bd8c911dc6ecd47292121d537a8b62c0fc8fb88ad8bd7bf9dbd1421be3152bd6f8dc6ac8565b0080895

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
21KB

MD5
95a39104ecb768550797d44cc10524e0

SHA1
1552c08d8b34e0c78eb2eb547a4649a01eb745c2

SHA256
f8964bb80c76eee0e6ebacd2ba424cfa64d2f30bbe594fb5b228f441c46e395b

SHA512
48fd20eaf4ffab5064bae603e0e002787bb13ea51abdeb382faf19e5a27697d3029f94cd1456863659d8690e8c03564fe42d0769a927b940fa7884481ba811eb

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
24KB

MD5
a312f7c9ab5cbb2fe8318656e2826df8

SHA1
c1a898ed9977160ca4b9080273589d6c7b4696b0

SHA256
d5b583da07dd562e8409b3bb0c809da1f01b23670c0c89ab1ec23d1bb6da2066

SHA512
d9872401ec5d8b9956f20e74aa912d293d029fdcfd191646d100f2b3de7403609b25f4680df842a4453950d9802ddd70b6d80c21b35228b631c09a499460881b

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
20KB

MD5
247d315fa7a01d1fee560907516c5ca9

SHA1
d63b2b36ff0719efa7e249d12e67d6502aef441d

SHA256
867425880517ca2e291e7ba653c4716de05e9c7d12ee3047478835e9fb20b1ff

SHA512
b2c9003953bcb85d221b6ed7017370eb43a919eec6b216af38e2835aeaad36bc5f2aa0f06cd731408aa1abb3da214006422bece20a9bf298c3bc473c293db4b5

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
22KB

MD5
cee416c435ae902b15810771714bda52

SHA1
44039f11c40497a9c00c35bb62ffcfcfe70ada8b

SHA256
b7d0e6f02ba72663d6f45afd02f991a6918d06d8631befbc5adb725ea81956ed

SHA512
bedd5d80eea11e20455fee74551b0aead2b0b169275668c453a3df4d20d9d457cb16ae2c7f642be58ff2121f32ae4ee305b730aebb119e869c54801dec29f38d

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf~RFe59df89.TMP

Filesize
184B

MD5
3cdebc58a05cdd75f14e64fb0d971370

SHA1
edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe

SHA256
661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7

SHA512
289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

Filesize
4KB

MD5
0340d1a0bbdb8f3017d2326f4e351e0a

SHA1
90d078e9f732794db5b0ffeb781a1f2ed2966139

SHA256
0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544

SHA512
9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

Filesize
6KB

MD5
4c81277a127e3d65fb5065f518ffe9c2

SHA1
253264b9b56e5bac0714d5be6cade09ae74c2a3a

SHA256
76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9

SHA512
be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

Filesize
4KB

MD5
2158881817b9163bf0fd4724d549aed4

SHA1
c500f2e8f47a11129114ee4f19524aee8fecc502

SHA256
650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7

SHA512
f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

Filesize
4KB

MD5
03b664bd98485425c21cdf83bc358703

SHA1
0a31dcfeb1957e0b00b87c2305400d004a9a5bdb

SHA256
fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115

SHA512
4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

Filesize
4KB

MD5
31a29061e51e245f74bb26d103c666ad

SHA1
271e26240db3ba0dcffc10866ccfcfa1c33cf1cc

SHA256
56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192

SHA512
f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

Filesize
4KB

MD5
da6cd2483ad8a21e8356e63d036df55b

SHA1
0e808a400facec559e6fbab960a7bdfaab4c6b04

SHA256
ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6

SHA512
06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

Filesize
4KB

MD5
9e62fc923c65bfc3f40aaf6ec4fd1010

SHA1
8f76faff18bd64696683c2a7a04d16aac1ef7e61

SHA256
8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7

SHA512
c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

Filesize
4KB

MD5
10c429eb58b4274af6b6ef08f376d46c

SHA1
af1e049ddb9f875c609b0f9a38651fc1867b50d3

SHA256
a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13

SHA512
d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

Filesize
4KB

MD5
5c026fd6072a7c5cf31c75818cddedec

SHA1
341aa1df1d034e6f0a7dff88d37c9f11a716cae6

SHA256
0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382

SHA512
f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

Filesize
6KB

MD5
189ba063d1481528cbd6e0c4afc3abaa

SHA1
40bdd169fcc59928c69eea74fd7e057096b33092

SHA256
c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695

SHA512
ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

Filesize
4KB

MD5
18aaaf5ffcdd21b1b34291e812d83063

SHA1
aa9c7ae8d51e947582db493f0fd1d9941880429f

SHA256
1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5

SHA512
4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

Filesize
4KB

MD5
1514d082b672b372cdfb8dd85c3437f1

SHA1
336a01192edb76ae6501d6974b3b6f0c05ea223a

SHA256
3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4

SHA512
4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

Filesize
4KB

MD5
8958371646901eac40807eeb2f346382

SHA1
55fb07b48a3e354f7556d7edb75144635a850903

SHA256
b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585

SHA512
14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

Filesize
5KB

MD5
7e1d15fc9ba66a868c5c6cb1c2822f83

SHA1
bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7

SHA256
fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265

SHA512
0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

Filesize
4KB

MD5
202b825d0ef72096b82db255c4e747fa

SHA1
3a3265e5bbaa1d1b774195a3858f29cea75c9e75

SHA256
3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314

SHA512
e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

Filesize
4KB

MD5
7913f3f33839e3af9e10455df69866c2

SHA1
15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25

SHA256
05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c

SHA512
534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

Filesize
4KB

MD5
58e0fcbee3cca4ef61b97928cfe89535

SHA1
1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b

SHA256
c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425

SHA512
99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping8420_827452687\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping8420_827452687\manifest.json

Filesize
1001B

MD5
2ff237adbc218a4934a8b361bcd3428e

SHA1
efad279269d9372dcf9c65b8527792e2e9e6ca7d

SHA256
25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827

SHA512
bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\005b3784-085c-4d99-9406-bb9e06e5497c.tmp

Filesize
10KB

MD5
1528f97f9d32bd78fa72975efcddfa20

SHA1
b4642ad9e074cdf8e9b4b3fed2c1c62d3478aae0

SHA256
87dda8031c5204a27fc166a06fcb28919614a4b6f334870698cf507125926a5a

SHA512
a88714a3d44d4d3aa6fdd2dcc46b0daea61fb74292f6fe0b1a4f98c2c825d5e234eccab6866753068cabd7387b2550832318c23591a2a3bdaeb12162aafa1413

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
1160553174ce0f967bb8b9c2db9da7e0

SHA1
b0d924772517acfaa3a717304910ec779d1ec0d0

SHA256
0437e053ec4f240355babd447d42949d00dae7049b76d4b27908e30e553a95d8

SHA512
aa475755867c8930686528c909500a4bfa4785a9ff7c6055e6a344195316c6677b8ce2c8e38f9001b7314c43bdc0b91fc8974ad2e529a63b599a2ae6a53eb89c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000072

Filesize
962KB

MD5
98eaf699f517ff88bb2f595bddb2c5d8

SHA1
eae1d3e4c6e6a8f9636c0efb0a04ecbabe8b63ca

SHA256
7aa34824dbe8dbfd8011576a365dcd057127406d61702634d69f0240325cc582

SHA512
7d9623ca066012a200a01bf48e0617fcfb35cad0efff091bc3b7931e98b72b95df66205cfa904ae9b84d92c9fcea421b366d9ef3023c023488cdabf91b5ef8c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
b9e68bf4037264128ae363444466f0fa

SHA1
02c7cf40c77aa64f04a253a089aa3b8c50dc0f2d

SHA256
fb6a9c558e8fbc1587768fd302e45b5965d6e07a19aa55a0cb89e55920b1e00b

SHA512
ea4c7052251709d108298179d556512ddf642b1d932a8839cdc1debd7debac99f051cdc5f441aed62affe161c8f4304458747ddec7363bd3959fe44a85d80069

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2b0a2d3eddd00e76fe0b17533df1545a

SHA1
feb26bcc6397cab532222650f5b4a88c18c70a97

SHA256
5c820a6f315e9570084c59a7048d433a0f05fff686dbb9ba2826d30a53869b02

SHA512
5d39ad4183ba8bed3224c9dc9124114f275d1a606294c9681cd125aff75b9b957de15843421ee2bdb6937319070a5d83e0ae529f1fdce6914ece466aebc33599

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
6ca3acc942f82df319f8a6bd3fb8356c

SHA1
4c05d07ce6e16054b99b3a23db03d3763c39865d

SHA256
baef3706d32f788321dafa8e823b28a2c127694b90e8c2dc067432b1b8e2c290

SHA512
fc6e462949372c7652b6c8df6ba44faf249ff47a27bb880e10cc291c028aeba33bb8bc775b045174508efc56a2815d0708ba1f5208fcd190e6f3b85a150af146

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\2910cfa2-7239-4a8e-83cd-8f12ba0b2b4d.tmp

Filesize
5KB

MD5
ab4300cabeecde65c4d2c9693b2cbc5a

SHA1
d4b55fea3c37dbfc820ddf3dfacd6cdd439df090

SHA256
76115c350a17cba55da9bebab2c80a92326301ca04003ee78292fd3951b8c1ad

SHA512
a0b0e31804e2f25ec21ea0715895d0b99b15c453f58eb3d5196a1c6f55f02c852c370756687d6498bd1a419738a3a0412c944fed830d98702d242e8d9a3b37f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d6c409e13334d3012437fb62ade45d4f

SHA1
eb7e7bc97f14d112d7e8359a7f862e9cd654a235

SHA256
f8748009fef8e275740e84369fdf566e7ae06172a904e81213a0f4ffe0a57279

SHA512
e258fbd3f305e8bfb4be651dd463dc8d158cbbc2d7f2403d56dfa677909e9158131ebb83f94ef8200ab58439f8b1a052cc73111b3d69a2cc5cc70b67ed029352

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b40bdaba0fdf8acc12ff39d10905527e

SHA1
3475d585f1f42f81250d180074bb5b007feaeba1

SHA256
aa06353c3a0eab0de0c7c414111fc0f02f84a741e2c06d9274bdbcd2df2d0f4b

SHA512
7cf97f93d2c227e22636381978d9c1e3da4bb1d6462ea8b85f4246f8a1d7eabcae0760f5ad6f01e90eb0caa0a5172d910827cdfb3d2a12cd9c523d23460ed916

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
4d9ec56f425f44e811f62a06f4f8bacc

SHA1
0705da13ec5383edd7801395787e2b3e10df6542

SHA256
9dd8bac0b8b7d983d5146f5c1466e37581399405854bb3538162fbe06089587b

SHA512
e92861a0b0f325af8c4ba2ef738a12ef193c53db924232175dbe8f1b1957b8d09697b99e630d3003cbea964f4597dc8f8c2b210f7074da3716f1619aae19d8db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
07926d358ec4938ec26209fc6f7ed629

SHA1
bf22de58e270e53a49853c868a55464c6b1fbd36

SHA256
3c40bb1dcc5eba794bc84fff6d73504bd43f760e081590c36509cc97be13befb

SHA512
f3513873f65db4d6560253f10ad16371d48f85e5e583bec009f7400a21a92e3cc53d78ef794f731b885ec79d97b0e9f79e07c9a642e1977ab4e4680d70bb222b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
4042cd1dcb11b6450853e6b7e07719de

SHA1
38e17d824669c60d13929af50edddf73dd87473e

SHA256
5356342a814bfd63095a2aceff82807d6217a84dfd5bbbd48ea0ef9f54e0c01c

SHA512
01f47a0048e74a3fa6f78b9fbdfe543a9b5b74bc40e81f9d113f7180e9ae1478ac66053d094dcc0496cf34ee5c802f67fc238fa74e24960af74fec0c5e67fc49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4d14d785ca2a96f999d69d911681ab96

SHA1
4e38a5f6f72d8816cbd6716a38cde583228b43f0

SHA256
380c38c3250212f4e8420df2cb4d3425871a7fba2217f8c5e512087f5ace5e11

SHA512
de719ed981d7dcc0552e958e2272aa10bf25c9ed9f7a9d5eaf2a1d1c7299ed8e183a961a54cde657da0508ab38d8f278721bc31d1cdba4ec642f66319e6b6207

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
92fa1d176fd8abfafaff940887e41f05

SHA1
e73df14e40f32f6071ae538cde6fde784384e4e8

SHA256
bb606a8eaeef48b2f980f536dfe620cbd3861a780d74125e3531fa9bfdc027e7

SHA512
7883aa74f20d64cf53586bc77d7ad984d46e128fb4075c29e3b3330aa8bc74e09027b71790b4993ea5ce597afb700cf71a2140ba35616e90297177239cdc1b62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7beccf82ab44024d90fd290528ddebbf

SHA1
2f4630eda8dff99abc26a831a595dc62267243fc

SHA256
bab35787455bbcbe04d24117324803892e50638bfd6255ff7523bc13d72fc3da

SHA512
d74811a2604a0f067bc172dc687aee8c1dc8312f325cda5ae8dd12cb31b877fa4f5ab4a34c130973fa8a6e7e6c9c6a38e0b99d62e57fd36c6ea851b50fcadb83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6c290925355b69e9152226034351daf3

SHA1
536d1fb5acc5cd98fc0b0c54c1ee1eb170d035b3

SHA256
ef9e1791f25e4637dbfcf191795b783d14c99c13ea8d8d7f8aa31b73d94e6bb1

SHA512
d5d8d1bea4f9fe335843f8bfbc27564441bf99333591e1e3803aecdcd3701b185fbfd46e36c3ff3e62998e6b2e788ef071140e43810197f5fde79bc088e3ee4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e3d4a879d9ced09b8748929aa7e8eac6

SHA1
327a929c572e36e073f6bcc0fc4d94442b822c21

SHA256
3a09cd15fbf91be3837a31833b194786e16edeb76aeb069dd9ba57dadf1d8adb

SHA512
b0c4d95a28e860fda2426c2a1d784560cc4e75e2021e22af7f5fe8c20fbdd18989a75e02fc97810ac756dc182f742a03224ce20afbcc059c000d702e7aa28c04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
abf395ee8e48245fd1ad3ca9a6e0854c

SHA1
cdfae633f5f228914e2e5a5a6f7b1807cec14e20

SHA256
2dd358c6856ef73aaf52c5ecc11a214963cf86697015e5846047f1e812f752e1

SHA512
34dbf6ff046a7648f2d78401ed1c31e230c3ba08884f2605c903b9932e105d19478c0d8c43ce37a02e630771419456f04b4719fe8094b8962a8f75af6dbb552c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
557dbd6da3a5a335ee0cdb2d3578931d

SHA1
f841ce5bb247cb55e7f975f9b7b2ead61c05f3c7

SHA256
8b63d0bc2eca977a92a77e99fd5bbe64600e622bf5140b116cb2d38bbbae28b1

SHA512
7e865160e951e907d45fe715213cafa965063f0cefbf76a33b5e68e7b7a8c1d1828cc88c4195af4add18c35ca426d5f80f9c181a5a332e739fbda2841835c88b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5f3f5c140df8c0a30fb2aa1fd28e01d8

SHA1
202c180a0d1b634c5344a5c4657b0c01f2193fdd

SHA256
1a795fc7a9b556b3f2ce17ae1034d9c5843470b925e24d1ede6eaff490d28f20

SHA512
7ca677a233bfee87bb7aa54a434321372cef96ab8ad921de4b78c4d99bc39658058150a1128ddc95fea7c86f612bb20d33a120fdf38230585fc9b279ee4a5397

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c120ac2954f9aafdc89bc50ec8268e46

SHA1
373db52135ca55cf1601feeca3045e62173a1450

SHA256
33e75938f3ce736fd08c45da2fd27978c9fd5cf2078cf2144253f4547ef82679

SHA512
ad69733482b8a8815bc5ed628e5d17e21ae557001e2d81456170426af06355cf1b3257de18cf0772d01014820f03c3d75c542604dbfd78fd98b9ab54ccc5eaa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5f3075a23bd27eb754f88894bef2536f

SHA1
a9ef478748c345212bc9ff3223b25fcd3c3b1636

SHA256
af1d983673da6d19c380e2f1866013ee8ff6974b4889796122aa518860c165e1

SHA512
dff5e4089655c50a0a405477285030b83b6461e9a2171c8a05a1d817328362952af8e00d277257fab5e2b387a5ef61642815a493ca6dc7250f6034b185b41428

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
34d8504366c2c338f1dc51d3304af692

SHA1
d9e769160f07fb668d357fe5822b6b4ab7567754

SHA256
b13752d41465971b4c7274028180edc8ccb7f65c0995b2a5c101a4d7ca0395ca

SHA512
e76c32dcdccafb2aaaf4e86a02e5cc701fc4a603126ddb6d92a7e215712351e6465259b515a2530f72cb389723d71fc7829d532c804c0b4d921318a1f492d216

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d2b309e096d72eb564ff972998832941

SHA1
8db9c2ccad640e23d9e4c5e29bce47f7adc5d470

SHA256
b2e7c1298304e8395d503671d87e6a7e8cd831bfd0a89159f060f208ee60dbc4

SHA512
79bb3dff856b2c9e7974da75517878a490689e35b28fc0461f95b23239f497fca3241a14f02807e5b348fa0aee638c4f80cafc8658071e1fe1f8489dcf6c08e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c8928596be00c301a27c47ce9f4159c8

SHA1
ddb69401a78d66e8e991408b44fe5efaf3cdbc9e

SHA256
8446aa3cc2ef3835003463c01c0ed797a152492fea4198958507b109dccf200b

SHA512
7e7368ef36e3c2f80d67b2a0e5f6f6f99547aadd233f71e3619a3020fefbe5619bcf28dbe68fbc92679f9c1750bf62548f5599fbbb8b5be8229cbed5c7709169

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5e1f86adee0c1b0b1aef21ab41f50851

SHA1
ab806346c80448920909c720894467838b611022

SHA256
b6798d1625d6630511d4869addb5961adfaf09a91d086964c604fe203d2f6fac

SHA512
95cceca39addbf23717ca988aa6f474cf759e1dd085777d5e4e92a92cbb5590fae261428e1905955280702a1c9232178acf06cf38c0fce0fe0c2dc724dba8e47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
00f99fed9ecb4a7eba7dad15010957bb

SHA1
7b779d82ef9a01d305e568bfe721c99afa57d8ff

SHA256
294d626402381baebcc8f68f319cb84ea4e95b8b007b6a0813ccf05c2903ac8d

SHA512
5a7911908b60fea5ac749fa4a8a1c519c8b504022c1e9216418471ddf48051a23acb071caa3256385a872d5c098eafd642dc9b537ec0fbf45a88d0d8ef15763d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1b398ce7b7ce89198192c5df4ffbc095

SHA1
401b139226357af2d2a2ea7dbeea3254e309cb17

SHA256
30d2d12fd9ed077d71e44eae27f92c6bf731f928f4412e5258d823a5b2489088

SHA512
7041b4ce55c866e4c26d267a97410d16e5d95bd339cef8b3cbb6e85f3a1885e812e86da4a05451786b53fa4ca1a62ddd1eac76d9c6caad4911260256c7bcbb69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4ce586b744ba69370f2400e6d8e08e41

SHA1
199d5e7b972eb52b700485f8232ffcf139b0b257

SHA256
50a6f5a09e486102553d6b13233c1b107777efc1899cfa047520b3e2e1df3762

SHA512
8c5b7557d62fe85d839e7ec7f6403f873083e78940b81db3209b10deba000de14300cf44cfc78fff483954e2613092bf77bdf422ed90360f41477d16fb33b6ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
975ccff64d1e0a2fcb06abf4252b4ca3

SHA1
72b2c836c5b3627b004f7a38c46a4a88c9599bf4

SHA256
41a98b16cd4c0ad695b0f5cdda7f6f70376dd1a526e0f048bc909a86f7183b91

SHA512
c34211f16fb4560f6ebbe6bc651032b7bf2afa099b93065efa2591b575c55671ef03b73161cbabd61e30a5c336c9bbb1b1aea16083305bdf170553172bbe1e4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
09936720a3d39acf81b08e7a1e425ef4

SHA1
b4bd6fb9276fadb9d80314d976d464244c5b74dd

SHA256
3ce4be0bc736b40ffd1bd1f28fdef4fc417b682a7e2b37c4079b4bb88d626240

SHA512
56772fe0b40adfefc879fef9e19ca765cd250a54a798fd6d539c767974d957a56ceb4fae17951ea1021c41e5a0ce670961dab711ce46a9e4cf726f3d8bb58889

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f50fd8d067bfa945599e43537fc1ab4b

SHA1
008f578b15578a0309522268605c214594bf5a8f

SHA256
00e18f725163ea3348b11bce884d5aa6a61db364d1a8a85ab591676ab2e5feed

SHA512
f95d6c22f0fe158efbe2853fbeb23120f85885973a7d8722fc7dc0f1a2390455339a54ef43a9638fe775e8f3fbb51c82c848f63d739d43f7b571b606f715d7e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8c2b530ee2e13c921e69112c7da8b0a2

SHA1
19c8997432763fb513b97453fc0db13f78ddd04f

SHA256
076b8a88714f919a9583c9b440c8b912f4e10fc157cd7635b97c04291b99098a

SHA512
3c7f3db7d153b3eabce6e16b794a36e2ca6c194f3a3c348ec1fa5b31807d06dc18bcc2d05bdd51af859b2abec684f3306aac03360ec855ca111fcda27f1d2a5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4eb5f46b28049776d0aea74d8a295167

SHA1
81d51adca57a2709e1d42bbc8bbe356e10efb475

SHA256
f200960899a95651cc4e7c64ec71b8381cf599cde265ee10062c926ef67a6d73

SHA512
c01004ce40b9e0da31f96223ec0c4e79475d90c98d60e14144d6c5a2095fe00275357dc1a9f5fe329fba06d6af898de3811608c66dac392b051cf5ca2c50ab07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
24921ca32b2593f4fc73e096840ca95c

SHA1
6504cc2d2b94867a98d31e1fdacab187b8094076

SHA256
faa8f546b58fea42df998951cf757b5955ed68f0b9644c448bb25b4e066be7b2

SHA512
1cf5a2e35091180468e664acc32e1e2812e5d58912f1f84e30dc21c2d57debeacd44eb58cf13d23572638f759598fe6c83b6cc71ed262ace573bb77b8f4be05a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
927e2b451d12e086410cf2ace8e16ccb

SHA1
fd948fb19490493fd70244ade86f5d9104b14c1e

SHA256
d12085986306aa101eab65796cc30d9588cf4e6d76001a28b75f500d35613717

SHA512
760e25d2d58695366d0950f40dcaefd38504b0599809c9047fabcd72a500a885d96fb417a138f623f761ad390f63933bb19b7b250e0c81a165ceb2eeb3fa4c30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
db8af01580f1d5057d2073c80b8b88cd

SHA1
ade40c2a177090f2d7e75a7a1e5f86bd631ef732

SHA256
27c48de2e836b2ac214283d6e8ede619a743e5f15c7ebc9c50636667f75be2db

SHA512
12579c7a9baa1734a9399daf6b62c90384d5584dc0a8f4969fd927c172d1dd3fccc56d473490fd09fe14c95f76413c0ffdc97c091d17d00814baae21b4fb3613

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6aca96f18b9a16deb4f31090c7541b81

SHA1
e2ad47c33bf1c911e0364da27581ef48c9ad2359

SHA256
fcc95f7cb2e2577f361d3c4fe5d597dfb16b85f0cb4ea6db587c1465c2a11365

SHA512
204b12ee902f1be40f583ff6f3a3c229fdccd608faa99b02841ba4e335f61c7996cbda5511e95cbccdd6d3ccc789c94a6bca8e6cb9d30e2be227eb0266083c65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5f52ab97953cd5a0237214c9d552d1e6

SHA1
9824cc6302cd132f27e5830fec4dd3fc3cf93591

SHA256
b070c98f8bf6663bfe0841166d7c3f1013c1d26ad15bbcfb21196c3ff24a42b3

SHA512
2bc4a65f8e367c13187b18eac6df58274998a5aeb93e8724d957c1cb54da4ace8f294b16f2d2a21783fde3bace4d7a71fa939ccc27947fabe89e894f06942590

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
62531a58f07403baf17cb9d3f26d04e3

SHA1
2c48104106c3c606184e74d436880dd9c1d4f74b

SHA256
8174bc8eb957f7b78b80ba916e569e5eb786b63ab7a2f409f75d345f7559f785

SHA512
32a6bf47b2142b7b9e8226b5141daa243fe7efbf22127095aef51f583a450b88567e8d8b7cde9f5759c533f90dc771554d0af11956a243fe30201ea06a6f24d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
14b78745473cd23a1fe2ab95552ac986

SHA1
24c7e299b5815dc19f4e2494a02011e595cd936f

SHA256
96622beaa358fa40de8b8c11264e8e32f9be1b40fe074323f372c9afc37e54d2

SHA512
0580802ced8f6f1e1f7d18cb5437405236f1f4bb8a2319e000ed732f4abaeadef229b160372ee48d6a083d8f93fef2f877e1b6d318efd4f9e17aaf28a6730fd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
58363af387a127c1d12204b5f93e5b87

SHA1
35c5728390a3c05b34da342f1d375256cb0184db

SHA256
a2b810b115d06afaed3674dd025c807fb221e289273ba96f245c10a9de47fb2e

SHA512
d7f8c2bce643819fe7f7460e59c75c607ba177d97fd20c40951f5cce26332bc3eaf5473d70e4278a9e22843d1ee5403fd6128566f520f8de2cd1c2259a3966fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
09abd23e827b5674842d160cc330cc2b

SHA1
bc482f73418793594d3697a7dcdd15ce9f2093a7

SHA256
1c59e37318b91aaad2523ae0d2ef6d393739d8950407c6bee0893b2b3e21146a

SHA512
34732c656f776ac90c4995c69460dc0d7269d77f4b54408bae27175e925933cb7ad9903e3fa2e2bea3a7e762b177daa16f84a5020c7ee65df54e9ec7fe92fb11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
722b166b792ad86495a1b2de4348c17f

SHA1
ccbaa66e8a4e68644589e1cb11e1f67d74f3359c

SHA256
4f1bb0438be5f493c95faa4294449a27eca7b8773a2ecd9c8510ee78f59e5cc8

SHA512
ddcd8d7da6c9cd247604d4cd5ccb7affa765d73141ddbd2f6277dd5eb00a1173544ca3e808e1b09b49029798e785f11887dae1e08c873dda2112489e0aef2a79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
24ca60f2859bb3531a93ee5f4e28c3bc

SHA1
2062709471779d75f3d2d75a31dc0b70fda4c2fa

SHA256
6bd44752941964daff3cb26405aeb9f5af8557d55e3efa99bdffdbb851809261

SHA512
95d09431db01464ade22e5bb7050506094ca47a8cd2edef2fbef8c65fc16705ae9007b6e98a9245779a18865c0e27c939abe6379fd2276bf6d46ba5e3d3d2cfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f5417ec03b5f5027b7c1d7b0036a35c7

SHA1
d564bd911cb5ea7f60196783777bb6aac60ade0d

SHA256
42ba781ee7ee531e75f69d1dc5bdabb4de6628f39423561c73fc8cd97494f494

SHA512
fe74fcb1f69fbe267d8b6eea5c3c2ea68d71a19d7682bb96322e29d6fcb019bf57ce9fe23e622e2f155b1c974efde43e93e20b7c8cfe457dbe1c6ad98ec15266

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
960f82a94e2410e54d187d6085a35d49

SHA1
66cbf20721c93e7d7a8f9e41cc588ef5e354c700

SHA256
1819183f5dc1c412c6ce793e603d1bedd3149859dcf38695a9e5439007d6cf81

SHA512
f9ca440a37e16a5bb15da9e50cc04e7f6dc72b9e175a1293d31fe9711f0238ec97509a456d10d0399a27fc8bb41b73dc61be6f841d1e06635abc21f63a232265

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
04100025933e28e8b377e5bbfc703a81

SHA1
d95950c278caac2b17dc561410aef0206dfbfd32

SHA256
8ba8566205e5802f7d0a666b3c87fdade5da7dc7b37f2597327b3779ec4bf92b

SHA512
d4acc15e3b004f68ff22333397e33fa8124c2efadac87945c55529d332d4a186c916aa9e6296a30b4481d375c08393e12752345a087723346098c73615b29fc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3a850a0d277c20617332fc421fbd8c25

SHA1
c8274daec4e3638df98a3133a43d832cb9e4e18b

SHA256
6f81e6dcbf8f7244687aec134773ed7ee8684aa1c06033470cb587d6b017b78b

SHA512
d63156227b31a0f8e36d60034103b8d3bbe28176e33668c0134a67be762320021da04ec9526b9aa0b57995d66a1236091176e6b64619f41f8339b8021fb73dc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9d2d1539d536112a5236a5430377b36a

SHA1
712175993b858a65cb45dfa90efe0101a0f5e087

SHA256
ed3ae1b64acfc83784e61fe3d99762b8048acc3154d5b4572d4b75fbd0bf3377

SHA512
9580872b0a571e2f66cf7bef470dcc56558fe7c2bd3793278bce922bfde70784031e74df03b282d289108013b13c16a9bd264bb4c4c844dd6f77535595a11da4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9e523c2f844791884943bb18c291a2fa

SHA1
7d2259944484ad98f42d57a02c29a6148854293f

SHA256
649db3f0613f8a03dd068162d131626d25eafb57dd7b6f2af3f90347e074f7ff

SHA512
f4c8f3226c00fadb16b5f56421562b94c49e3fe86e99514136400a337334e82dd455670d23a782083333f43db413993df733160918361163b876331b5a00a2f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
278fa81ea9a7759e4f0f87c11fb70a59

SHA1
3782599334b1d6fb166aefc66591846557ca6235

SHA256
c06758ea80572af3ad4ad4be75a8567a6ea29b07d2f91a0155da6388627e1e99

SHA512
90e687a27b921909f873012b449228ef2c910fb6302be319f932e23bb8a12cb720945651afd359970f25b9339a29924177961f86db03727f0cf620553782f670

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7e1e5df9740a26b7ba9d03859bba80a6

SHA1
837e8ef4335028101924bb1bb0553eec39dcb35a

SHA256
8ff69dd854cbb8071c1df3203e25a494a86095e18183d64439790118a1905b84

SHA512
17adf01403b14430263868ef3da33b1e5af7566974213343ecef72cfa167f8ed7f83f20fce7317da197e002bb1745d6f0f28c1fc5002ddc8153aa96331fb3092

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c93033343d077882023388452a7ef1e0

SHA1
8c51150c8a1843286939cec7a3715fbd87701cc9

SHA256
6bb29f76af933865758825fb05a3c3b82e60346f94631660880006669c2e6721

SHA512
e38623538fa0db3eaeaa47231f33a0bd1ec8f5b44036165e79609a0155fc8181877e26441eba9bb41eedad98582ad7e7566e675ac629f5ff51258eb109875b4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
07a6449b1da5b76ca85b6f1468d595e5

SHA1
9ed1a998711a08f2f02c775d5d97b16c923ba326

SHA256
461315be197ab9eb2be67121c6209772570356a2c4de2c04ba88e7df18adbb9d

SHA512
429b3e41a6258d891b5a7e01a5b805a11157dda621a6db612deeadcba69238c6dc4ab479994abc5217030c99e6fa3f799c7773c9e97b5e573bb529d17aa37002

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
92550fbe74ae0a6876a2d32f5a97f004

SHA1
2767ac5282f979a5e7f7df56ebf27e72345fedb9

SHA256
66db34aa502ebf924a618f49919ad2eafdf8bcf6ced5eadb77261b90093910d2

SHA512
80bbab971e8090ebce269d9a79641dd72975c0c0f3b956e187bc756296a2ba0f2c2c3875e67894efc5de9264b1045c9fa1ce6fecd7059a1df41ccbb789e860ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c38b996cc71741c3feac35264a7e34c0

SHA1
99de426cef9694e9bb2fb794ad25d2320223840a

SHA256
b243c4127f84dbb60d5d8ee092ff4c956d4683f7a5abad10b8a5204436e74fb6

SHA512
2b288f9ae64a5a0d41390ef0dcce6ee44353c24585eaded235f65cc39fc5164e57f8c04b00d0704865ea9a9584251edd4cf61ddf6203b106304888e1d7044689

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
84df59c218371fbc6305d3a914055508

SHA1
315344ced3a4afcb143ca465810421a5acaa159b

SHA256
1d2a58f8e80c3900c95ff750d92f7641023dac16f9af713e47e622aac9018b41

SHA512
78f74904d84c6b86619c02a73c4da3a1f540cb29e10ba2d9fa8c1cb2cd13061813259bee862f4614433342c7a96a69a8cc4d90c1a95207e7c122a19509132cc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a78079343b4932a8d58d50450a8f3a79

SHA1
f874996848e0c0b4bc293ccaa7470be7b2da7139

SHA256
8b6ca0ccbce97b5b9c23f8b46eefb93a65b24f7c52f995e6031d4a84e90f96b5

SHA512
730e22637e2750f16778d3fabadcb5e16509572c00f87c0d2eb01fa1fec272d6b5a7a9475d57eab89f0f40226cb330c88bf8fa69f43d94ec4399d282e0f951a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b43925d835a9ff46c3f66effbbe8b85a

SHA1
ac0aa9390a8faf40d592136c554ad7f9e7a7076f

SHA256
a4a95f7935d815edf45fc6238628d842a01e1f2c27e79b3698092ad41ac2be89

SHA512
8287d087ce42fc07d10436023b9afd882c7aabbe108672300c4751dfd06875c4c31c44223e67a0bd0ffac39da7512f432b20073ae5b0e3413caad83e6fadf47e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9a5db8b7310564949603c33620a7cbc0

SHA1
9db7d9218b731fdd5bc16fb97d2a738d07a15a2f

SHA256
fca5ede058ca519a73d228e56f2db28d7ed6d7272e499b6beefdbfdb6541fecd

SHA512
79f5bfaa9907e55e23df0df9b8a7ae64a374fd14ac095003fdf1d6b89868fb9557578e2aebd411623ead3568e455eb281af98ce147d072128b34743748bf91bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
64050957b74713ff28a98aa9e095c967

SHA1
c8ccec6477c421afb84e0b46496c52d7c87cc7c6

SHA256
80afc0734d57e56ac106c7a595e94cb8d07609af4fba6608c9242a348f8f302e

SHA512
0765a745fe2e34770d06edfa6fe9ab500a8d8ad08fd0e6e99f0f805673f04616a46adae1acc017a827ab8af78338ee689ed344d7172122a806f5d954c239f387

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9a618a9e06ad72c94c036d060a90f655

SHA1
0f68bcc4735450662a3943551923930ea17a0d28

SHA256
3d21e5b37f7113524e50e76608c0ad10752dc0b706a0842b66cdaef0d1daa5d0

SHA512
f31b92797025f135b82fe624f85708691e415c673f064e599bc9de4e1f232d79744efeab4947bbbc78b33dbc82575e5c33d17a110a895ddbc46cf70cdae6fd9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ca8a8c7ceb30d417cc484fbec42b11bc

SHA1
3d68fa19bc1384120cc34702619bb1dbe543f029

SHA256
27f618b016603ab27fa2320cbcbebf542bd2837b27e106f2ee8be9283e32bc32

SHA512
89a6ba33ccacb53bf5e724992283ad95e1dbe7e3f029428336ca198d6d4f35900c5efdc68cebe7bb8987ff01a3678706d9220374fa27482452706fac3a3a3191

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bb0735e2e72e35fdfa1b0fd9078d74fa

SHA1
d8b6b33213c28318460ed684d4556c40179d7651

SHA256
f7a61b16eb32be1794ffb57b6d426fb15b2184889766afa639032f892ed8b171

SHA512
342ae560a5bd9acb68d5e05879fc505be24cd5dbcc1953a161430af35aa9fb8ea2d92a2554894442d5b4e363c25b8f940e2a320246619bf278f7fdda9675fd04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
66813421b38f8331241171f2c05f8b92

SHA1
ef662a9587950b982a47d4fa2242b0a09a51dd47

SHA256
45d82aa3383a12996afbd3280b6498ed5ef38f8c1ee7cbf3f301c00c1fecda07

SHA512
9ae446e7a4a00d52a68e74ddeae7d4f7a44db1cdaf1200993f93be921dc23a07c53d79ed33a7dbf0c2396303337b25bb9bb4dd972be28fdbb091d0e3ce2dd00a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c31705eabdc7a9bbe281e3215627e754

SHA1
13d820b3f7a4916ea510aa7740093e993b8d0d4c

SHA256
684cda03997075d25da8ce27029f8ad573da91c8cf45aee8b8953f58fec2db95

SHA512
8a0f3ca1ceca358d365550fb75467124a55b25948073cc4f5b317c43a44d0958c3ce9202bb38b1c17fc32c87cdf2f272a33d1b92f4ca98165eb2833e4ec0baff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e6a57e1a639fabab3e5536d7d4610dd2

SHA1
76618e7df82302777b255115cb1f6c0abd4d5c8e

SHA256
3cae7be16bb813e08d8ad096468408bae358e3d13f15a1b25105f2de1ecde833

SHA512
ed5880cef14e25fd6aaae8062f2f53dc50b7e24040f65c9580ca28c4045ca0ecf41ed57f295ad21b94f6a29961b7f662c9087f11abf11fd7dcd925124c84672b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3de069ee45fbf8345d70a467e35b1869

SHA1
49b55b3b40a8377826cfdfe416a055547544a43a

SHA256
056b4aaf7586ab7a485e786b0dc102821139a61c072dc5c1e6ea05b134eab19c

SHA512
163687847f5bbc56a4c327aa8e3b78e617d0668cf888fca1c38dc6e779e3fbaad582c8bfe8f089215d5b1acb101181ee85fde5dc8af273f6861135674f2dee22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
215c07b1d36b9b0bda2cf61b785ee62e

SHA1
854be169072264f347cdc19771ffc00373dbde72

SHA256
e0baf7cf9a85c9ae0e3e68b62f5a9a5f9bbf7a8d1353d32b62ca0e7837986c9f

SHA512
5ec5cc777a57992979b309a485ae564254eb0a5b8dd9fe5fe1bf55f876094a29cdffbf827d16c2c795ceda3644a3154d341740411331cd36673325873678e61f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d77791b0-e024-483a-a02f-aa623f4d9498.tmp

Filesize
10KB

MD5
2989a42ec603f8b4ae09c9d4fd27e4d1

SHA1
cb6126f14f1961e94a6fa08df472cea1b0d819b1

SHA256
2f6289c7911dd1e05c3718ea7309f4492289a0eefbf666ab88f5a5b6c5c87336

SHA512
0cf4aa911101cb989ea533ddd50749e9df513b2b2015c38069e5c57df6624351c54555324298546fbc1d956478b206f08cf4e7aef064f24a16030e38949a6520

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
b0332b1db2f42bc481d8908252058c6a

SHA1
83d4596c9e2ebf58a509ce2505ea8bfbaf96a8ca

SHA256
5167c39672bc01d4dc7d4246cdbba0a439b6de1c254290e8c851de5933ea62c4

SHA512
6e33b52a348b88a2be23df9621bfdd3fb2ac0c72d60d1d7744b089802b929d27b547f542b89b80287f2f8a4ecadba2cc28ba654bab4ab9a9ce0fdc979ebc2199

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
38a4a3f81f016ef9a9a3f72366702b8f

SHA1
4b83be2d3eea84d34581cc7671a219bfeedd5c32

SHA256
2578d3dc2d2de888151efbfba443d0b96826e62aad443b907241a76a414410cd

SHA512
efd4c5fc5675c97d0a2f201a7e7cc2ae3bc25a4fc75159eb3b8ce799aec853b9e58c16d8b2609ff15cafc243fee160126481181ed8074a835d69398c9a554aef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
390c19203f97c52758d1dd26c828d666

SHA1
98b32ed9a10b61774d3172086a87890e7a4ce3e3

SHA256
a2e06dbacd8cd632b1d3f23ac50f2b5beea948c0861ad7aa7c0816f4811c4efa

SHA512
b88fc7b850a8b168f777954749bd739d0cfe129f397d56080c16e24a92a90877cc732b3fcf166bee46ee1ef822e198c237a37478e9bad14564a17b4fa6302f46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
74e31252bcf6ad202c5b9fe5df0659a6

SHA1
8c969a20c834098021364d1cc3293bbec4bfb261

SHA256
f4c9d4007bafc5eef25b00abd03db6e2a815dab96b9f2c1bfdf785c3db54e157

SHA512
b07a8d85a0a7025eba294f1f8862be7480e492e3bcbf49fd22a8dd4de0d2ee35c73471f4b575c34ba3ea82371d36fe8815d8432d3a1e0ebedb0fdf92f7b0b720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
36KB

MD5
80c484a058ca2ae0f9bc62a38223d496

SHA1
8315360b781e7161b79df6bc8def9a66db7530a9

SHA256
d7530b224b4842c08b3bd6e33a059d33cff50653f06b3080504785c6c3997c7a

SHA512
5b3aa4494da9bed0fc7e7fefe00e8343e3e63322b7923bbb959a0d274716da283cbea5ebc4b59f4e508b8167c32479ffa3ce8b36465c6563bc20101aad9f8608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
32KB

MD5
31b05e57c066452d73ab005bb42865f7

SHA1
2a8efd5d7753dd756c539ad66831b01f603fb13c

SHA256
84d0be622ddeef6d0793df5d274965d6d13a756979b4b484185dc7a051eb4071

SHA512
f793863cec23493b58311d37720fe7d48e21c92da5cbc9c5d4562e47a046e33be4584d58a1c031513298c55a9c33f5e591fd5ce831c9c33af9c2594bb071c277

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
19KB

MD5
8f661b8c2dc08d06a2992b1006fbf95d

SHA1
51f7614ee218ca027670a3bb0d7cfe1f23869602

SHA256
8bb39a6f700638d352b26ee0cb86fe5fd1127397dbc18d50a5bf37eb9ef6519a

SHA512
80789cf71769f1c03910535c610c942aa4be684433bcdff360ba309a6c15b3878920a49d1d1303c322de64f200b8e5d316b428b66668d51f9ddffaac0aa5f80f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
19KB

MD5
4d01e326592ce2f559ff1613a10a00f1

SHA1
fb1c762040ee1e36bcb7c44674638b32040fb74c

SHA256
56c9ff85451fcbe3d0c8a80051d5cc690d9731fbdedb6549b4386c6010519078

SHA512
e8f9cb416f7ef90613812861ac6033d712526dc3fa11ef59a1b5929f649a063c176024d2e3e3cffc5ec33e7f516e5fb3d082947b059ef812f701eabaff17b16e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
19KB

MD5
48ffef4fc267c7350a37339001bd1a02

SHA1
9379041d4d542c116b420d014c7ebb68137a008a

SHA256
254467e453cf3cae3c70085b41462cd71b233c247b5e212f444347537b4c4873

SHA512
34b459dde39b3056e2f0a4c593b342d32829c9eebb2b01f146aefa0d54f0b52ecf4954873cf76b424abb25f84370d0b5ac06fdac734b397a7444b4b64b4d52f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
150KB

MD5
52344bfd16b4f6d1dc61922468458ce0

SHA1
142e9ec2e44f56e7e97f243624655decd4ee75ca

SHA256
d4636d2d08503bfd82c4e2a614efaac77ed9aaa38793703e16cf8f73b445aefa

SHA512
4bdf08a37c220abdb1ff30a30b10573082960ea9ad4118d3a9abe3e0334aefbcbe07eb60cf17d9f8f4539c5f719a67c803a452a4e79ab64e71e7c7b83c0de172

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
268KB

MD5
9b9f102b995fca5d0a0f265e0c187a43

SHA1
a0338d8ecb007c7ae97afb5f82a4e8b31e53abdd

SHA256
c76ebf55f90e72f7a9dd1b8649ea15b18e49cb96be63b8eb3ab2931624636043

SHA512
787f907c0e965bb2e3182e58bae720ae5cf12db6d700f9e9ecaf7c1ff7d51059560e5cad3fa5bb5b109cd475fee95e68a88d5ddaabb54c10334302055482c64d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
17KB

MD5
a421438ebae11fcb4808982f78536c8e

SHA1
cb3287d6dc2557343cc2e4723f6bb5e5534ab075

SHA256
8d40f05f3d7b0c08cc959534185a4ec52963c06322e7c31dbf90266d9a0c6bfc

SHA512
5f6e88895377f671f867464313290d9cea0ccf4377ed74153c3fa745456ac35f9686fcf0a2e9643316c60f5bb677dfabe1ff408a56318c48e0f7853954abfe1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
22KB

MD5
9d53309ac2415ed6efe77b43a5a2b2b6

SHA1
31d26e32f551242c037116da7fe1f039bd1c4b41

SHA256
31e667f7d809056c4199b4204f46dbc6cd118a97530308229bbb9d450c42f89f

SHA512
25510c4cd3ac3388a1c91b5011e12a34c409f272d8f7fbec1a89cbff45f2553f7061c1f63d1a2c06f8773b885bcabd9c96501434b8905778132fffef80989476

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
66KB

MD5
100655c23b1e2cbdadf8919bf6f14f50

SHA1
1b535aa013148bcf8dbae70f31064ed03380f97b

SHA256
9de4c1063286a2bcfe2c2b232e45bd8947e70d941f4685a50fd9d99cc6b74fe9

SHA512
9904ae2ea00d092f4d2cad4969d26e08b1840373e6869b358f11686d109b09eebe25fbb6a45671a918e1be53130a4ca20cb5e217348a855811cc4fdc32808f67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
216KB

MD5
60f3ab1dc0a84cf62f6d7c533345ff78

SHA1
68bd632dc672aec73c776b3c49322ac902e97516

SHA256
fe3fb6603c5f71392831a1b000179497379624f33a652b74a2ae7afa545cd942

SHA512
fcf4d20a55afebf404d04d2fef682865ddb85c26752786722e2193a37670022791f87426f3d9264e6a012ee72585cca1a3433e0c65ff75f4ba6c07ab4c288ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
205KB

MD5
c9c9e7a0321c20a8faea53cb744f62a5

SHA1
a4f7964d6df916c63bc019879e15dfd8a010c9e8

SHA256
9dc45a4308a94cc765a3fe2409e6998871eadf786e01bd0fdcbc5e354ced331d

SHA512
12bfb41ca0dffe67448d2ca50e44432d60f150b588e168efcebe37ce4f030da3161936d443735587b9833eaf506d6448bce92985c16456caa6b2b94b48b7896e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
b60b4c56f50d25fdf6282a1a5ab93af3

SHA1
ba380181cbe40621af49aadc5ee324dff6b62145

SHA256
b5db2ff1256f626dd45d149464a81404a22b16a945c7ebea45afec8cac2ca9a0

SHA512
60401c7c2eda1f0918fc90f13ee48e55ae0c0d8f6818f8844da007df89d029c2be49e4d4444bc41f339655cbde39c63097f91ca2d0074e41fd9a21209692c9bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
660B

MD5
d7fb8933c0dfa967ba2cc18c1f2474c8

SHA1
f3aea6cb4da8c3eb3c7cabd5d3116d5b7e07b127

SHA256
90bf87c097b36ea34a26025c4f184c0fb290f6b2a8de7ba9de20faa4621a00fd

SHA512
739e3e10c123c1cd2206955251f828ffba64db02680a50556eb8510888ed2c557061651ba50847ae699a5c439f3f379350d87076e303ef29a69a5bfff33034e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c3b758156206f66ee63b7c9162d275d1

SHA1
ba313e216aae8922d55db7c8ebe6101ea8740f7d

SHA256
96ef268adf7ab52ce0535f9a0d05e64b7cfae23828d41c27f1416f7824c3c442

SHA512
ba9a847172d695b0c02f040d6c22e4d0e1213522273ad0d4c42ed6c7a7aed010725a4ceb7b9c5c0d3706714644a94e25279b54d4f375f3861178ccd20ef00e78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7c13e30d9fa68fcdd8453f9a5737b63a

SHA1
280765c54cb4e0a7fc77cc8e5ec1426ff0526a59

SHA256
740217613140e4fc4e355bdea345ffed353f6b760a3ef312ebce042b75d85f21

SHA512
859d8c0d1e39b2e83a1db344605e027a30567bc9bf219dc2ddfc6a1554ed2ce7ecadefe1ba0c2ca2532c69157169a39323687a68a3ed6451f361a1ea1242a4e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8132ba63ab80bb46289d19db65aa910e

SHA1
551d7d003cee852af0c93b25a0d47cf77c99bf63

SHA256
cc13f69af4da8adfed917ea54bd54d77621e6c29629b782870a432fdd2a0401a

SHA512
2f8f060482a555e7b903bdd56e8b973f3b9d749d9dfa722a6c2e424c5e06a2fe14dcc0b5e4350b373ec2589791e7e10634db9f899b1f2d39b84ec833296efc7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2d3ad61218fb9a4587685968c42c89bc

SHA1
305027114830a0c492f878c8f0fae770fe19ca93

SHA256
e3c74ed15b62fe3d92009633379ed06072508ff62d296f9913090cfa0f70663d

SHA512
f9406a2a207f8b4f7b1265d76050f50f5dccb656a6e32e8b616fe4ecb63594e48964454cf3ec4ef66fe3d95072111617f6a7c6fe99e6b0f5205a944543e6928e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bf21f741-c409-454f-a128-15ae207c0f1a.tmp

Filesize
6KB

MD5
25a2271c75f69e8bd83cfb70e01092a7

SHA1
fbe00241fbc9680ceba1ad34e1047e91cdbfb711

SHA256
5aa922b1cb2adf2c98fed36e0ed7f37605d4f1d724ed4cd4ecec54d7bbb5fcd4

SHA512
69ba3c266b745c28ea53d6d5f3a40910bcf062d3017a05fabf945636f150ac63302d27d62b0ecceb2fd9946ef8aa8f29b3b9a7d4e7f65b87ff33e39fe4bb1a60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
89ce6e2ae3624c9cd9ecd3e06afc50cf

SHA1
e71cda6ff88fa4569a75457ffb464af35817bfdf

SHA256
58b1d298a0f40b97c6cc4f30187ffaa46fcc5f3c02cab806dc2d0c7ebf81819d

SHA512
ef99abd6581d7cfa3f226c799fa7ad005c7ebea6d69834b1ae52e2e087ea1ac102b02d7af0859341f39efff4be16b522d8ae6e49d2b13f0362dd5c525b7c72ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7f4c3bc6b510e40bb11b842f4aaf0bb9

SHA1
3e4c91689a1ecace310becbf1b1de90dc2a17b6b

SHA256
f1199a826e70614d02bc50b189663b2d0b36078b4d55f0dc9cce69cbc7f9f2e0

SHA512
569f2b569070bbe27ae46ae570541d3b8d173406f9d110bde6d812af5fe2c5bf3da003b6254260ebde5f5bc89ba9b4e5418358d79260b54c9e08f7ea19a7a219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
194f220c455d5473471e9a4357b6d16e

SHA1
bdca0fd8f839632a53d41a1843f06446d62d0c72

SHA256
2816a2b2c3dc4bfff3ca78425fb789ea400a72b3339b4a0b322f2abca8fe73cf

SHA512
a21a7337f2f25b213753e2265552178624bfab616a2efff9930c771066446750e35b8818e0d7edc730eddc9f6299f47b2749d6a230be62acba8176dfa8c56142

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000003

Filesize
24KB

MD5
b201e8da90ef456598b8b3bb0e31bf53

SHA1
8bb524c8e9b17920c83d9a06c0b305e41cfca560

SHA256
2c8b630d1edafb8cc8c8cd73fff10c8ab6d06232929a4d458ec34628920f1665

SHA512
50126ac5b7800f5a848ef49ebc8e71d78cb5ee9c1602486b30e697ce57af32c868e46795ac2c157cdfd7fe65c03133c7a752813d520a9106adc3e50620b473f3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000004

Filesize
40KB

MD5
0c9f37673dd9c878a4b5bb419ee24b5d

SHA1
d973a8e073c1f76068f0947d495998f7f823d76e

SHA256
c1e12f630e7f356d154ffe4a7a3873e7e136e41c1c37e6c0fa4d2c52f1d269dd

SHA512
b361afedb4a910b12f7dd7b5b33d2914be39528bf4d1486661d0107c24135cff3a5393df1af85cd7d1551f0e601ea9d2ad4b147e56f469691e2b11906fd1514c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000013

Filesize
99KB

MD5
cfcfc24a2387d0df4c6d6720f10a2c03

SHA1
6c814019646496348ca28599b6cf0fe0834d6331

SHA256
479485d672bf6a462911fb1811254f4052309e5a8b539be09e414948a04535f6

SHA512
933ecc54138b143564df5d9ac15c407fa781ddcba071613d719e447963bf84d2941c65eff05f915685f934c2a03834c83017a364f2ddf5637973945a80349910

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
500e12d147a47ac23f097287d995a91c

SHA1
93af946e1ad213c5e4df211ca766676c286559e2

SHA256
355aceec40ea03684a43e3facc16a03327b00aa22e37578542853a593c85ed17

SHA512
b8ddc7e4fde09ab7cb772bd257cf8785c06ce19eaf5ec055461676c7f91f26ab1034b795672c349a7ac86249fa7a389f1537fe7673b89c78889b34532476e504

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
e3970f0a25ab5b14cae300ceee65f825

SHA1
141c444b59a26f0f96484cf35371e7d73edd5256

SHA256
14584878a67894525194b10b46279e2764e61e0762dfd230c885050be9574d60

SHA512
f72fc0402e0acf5118ed2ae609733a6f54b93b29e2c181d2441493967418f8ccc91381573575643b7c18a8817187a162d8c68088a59293e5cc38d244e2544cb2

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
f31f4fb9091ae08c3f5fff73c8b28025

SHA1
7a3bddef06cca2c5362a488998dcbb2eaec3a822

SHA256
2c32e468bf5a10959e5b845de9e79bbd2738d532f05ebd6a06761257bde25dba

SHA512
722123444d0eb66053141e2e6ccc06e4024f1fe7aea087d66f05b4afda48e02e47c4bc96b81c99eb07c42b383e0829d3bbf94367d981f8305806826740d4920c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
710B

MD5
971099681202fa956b0a6027bc197aae

SHA1
8903289f5128baadbf83875b63d77509a0fd83e6

SHA256
b7c726157c55ae9dddb31dc72efc3c54bc9ea320ce238dd67c1b16f47dc9bb4b

SHA512
a905ddd4e5c1cdf743cde34a9c7e240597ba283b7b9f00594fdbda887e9705fd579f3c75090947bb2c0bd27688b8741a494c49468bbe5550603bf956d2f9bb00

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
822B

MD5
b51cbab0f976a063cd0fb15136507d76

SHA1
93c9c0a2c1bd9a7fa8020899b6ddd72e8b229511

SHA256
4cc4967c6d14d51b45592ad9d5077317571adbb859d262112d612b73d038539a

SHA512
c897721b3f3f589527ef13c3bda9b084182302911430aaa877bdbcf37528a25eae0d8c1b91e390cf00ccb279fb2b05e04b03bb12b4cbd66e4473f37cf52f52e2

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5aee97.TMP

Filesize
529B

MD5
5ab3042b765a0083bdf6eee3465cf569

SHA1
a2d6bc6a8f2e8a8c853afb4c9ccd6aabf5a8ae60

SHA256
cb19e3af5776dbdb4a72c2c44676b15577f31b5f5cdf08837eca3dcc4b143bad

SHA512
30a888f056c04426d1620566d4aaa85e41519c7a02f2107db0a3bc96331f94d19beb669cb46d4e67d6d96f5be442d771e188bafc4052f0523d31a11498815474

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
300B

MD5
ce0d62ad7233e96ad9f633a0772f2987

SHA1
8dc4426d11983f6b29831a05369f5c24be0262b3

SHA256
6d9a7570305ad3b9f0d77749d2292fbffb1797378db5a027d0988fd2ec14ec64

SHA512
5fe4f778e024d813da1827da634f2c5a93cd0fbb0fe2b1a4a11eef5e2254f46cf90295726674e7dd1ca2d066de9ec4082c409328ea5d910c77dabb394deb012c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
b98b7bf3a6ebc77bc763106fb1926fe3

SHA1
376deb661183b2d529b767fabe64a1d9fb4445cd

SHA256
6eb16e238f0617851725d6ebd9f3aa5db45eea6b5cb843b8bc7b3a2aa2b7ad24

SHA512
7ba1c2acd1d3774ce5f0c3c3324a7a3256f03140345e966993733ba3535fd014e49b0d18e2101be8dc400b4338cd1d83f593f92647b3a99903cceeaabde98f28

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
24f780fcfa9960760401825f26301dbc

SHA1
80a5119a054c84d4b83699ecca5046fb9c610c22

SHA256
430c11d4b142b833f70a1bce9a96025b582e7b2f909076b2019164cc8f4e7b1e

SHA512
81c083331157ead1adec112abb2f57db7a88949e5bc605fb7ff62566bd367c98bca42033bd384531edca249aed1d504cdbf90e589297ffe07ed97aa379278fb7

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5b00d7.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
b30ebc9702cd51f8bfd862b237d9da3c

SHA1
54887e2c5a9a917c7ba1d6d1c8eb955299e996d6

SHA256
8f990bea237f5cd8ca7e19209cd4eaa23e45717134d6f51a85411279f0020b5b

SHA512
ce0cc8038d1a02d586fd8cec618f2619255601e3402b4e75097894db6cf919eeeec5812a889b6563c0640236ff316f695c673d3ca37a3e32a8e7e12b94eaf003

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
ea4a85ec0bf460a7c89dfdd0b2487799

SHA1
683109ce867ef89b9ebe5167db9e6404d3627f93

SHA256
82b3bbe7f108462a11723f1ce6619df368f2758e4e6bd5b3038f2e677a5ec167

SHA512
c5d7eed0f183865f7f80f8a0b9814335920418c2d7e402ded87a7541257e1b5fa26fe2cb5e904aa910151645d7ffd797f97481c914c574c109bf4f949597823f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
a37b4d54cf0fd7d15c776dd753ff85f2

SHA1
8faa3fb3af2472aea37618927c5bb2950dc8429a

SHA256
0cc413271f2795755bf4c83bfbcc829231c7a073275012f6592b853e731f232a

SHA512
6d5c597d05e2791489806caaeeaabd92c2dc18ee3541ce50cb7155dacbc41efaed48fdb23ee896e5846ccf98fa8a917485918068ccaf1965774399f6466e1a5c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
22b7fe49a3f7e649eb9e800f0a8fb19a

SHA1
a3bd54cf5cd223db4559515951c533df122b0de6

SHA256
c46301c9a4adc3351d08dcc0350a4500f7b24f9bb705e833f7ac415707232ae5

SHA512
1be150b8f2a3bf59331ef1cfc618a64fcf70d578f1c4940507835fe9b7e097b013fa7ed187dc1276c0db61e6bf2e88de104015a13f3c800d90bfbea53434571c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
5fc9fde1ab9676a22f0f43916ab0bc16

SHA1
60bbb3895206423351baf312a0d8005c8b654ca0

SHA256
1553e25f073cad3fdcdbf83da92781913087e4598178495fd59d3655d4cd76ea

SHA512
b165c15d67868258c180de12b4a22f98f5468945ba6d9d2815069fa47d82d1bb371998383a8a897e1821e8c4cd08887cd52a6d64830fc451d3ae6139a78cbb32

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe5b54e3.TMP

Filesize
188B

MD5
345d22ecd54129e05f60fe04b6836b59

SHA1
8dbbaf2bb5e74d3ff15937640d0f184d3e25a808

SHA256
7a341f0a116a646f54169b548edcdf5e2fe5b0b7fa2cdf3221aa0f2f4dd412bf

SHA512
11c59d8ee7b4b95abcfc8af6282803e489f64774707c05c64c51821da00208043471718a19784c450f004c3e4efdfe580b8443fd9e4273ddd73edfdb1693e01b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

Filesize
2KB

MD5
602c49f9246967bdcff45b4f43cf2fb0

SHA1
4c5796e0c724bbd7a9244cc8a0fc9e8f40181f2d

SHA256
a3ad9649c1038078038be1abd591cdba73b4b4f5cf30e11bb6cb7a432b746114

SHA512
2f273c0dd0127071f4c768cfe7277c6efff84c1ef4f4271c1326db3658c84261794b106af3198717f349fbaaaf276163700bbb50ae20fe52ed0a88a192d46f77

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe5b6761.TMP

Filesize
2KB

MD5
68b20851ccb9834d21fb32615e42bd43

SHA1
88fab935f0b9484994097c08f785e9ecb7d68127

SHA256
a954b528dd65ad6c4c2091fa32f17abdb7a49454ce88e10bb6c377734c70c26f

SHA512
dcb0771120c8fe35213d60e9abf4b242af807324759e3c99e9b2569c00a941d885d53ef6fadfe69e6b740e0b52a6008602605d643801190a2d29175a7d065e15

Download Submit
C:\Users\Admin\AppData\Local\Temp\721aa599-14fc-47fe-b5e6-2a710535ea13.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuF4FC.tmp\StdUtils.dll

Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuF4FC.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuF4FC.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuF4FC.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuF4FC.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuF4FC.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1388_828668755\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1388_828668755\bdbf99ae-f9ff-4934-8b08-4389cced6c15.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 417736.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit
memory/4716-4-0x0000024859350000-0x000002485935A000-memory.dmp

Filesize
40KB

Download
memory/4716-21-0x0000024871E40000-0x0000024871E5E000-memory.dmp

Filesize
120KB

Download
memory/4716-37-0x00007FF8C10F0000-0x00007FF8C1BB1000-memory.dmp

Filesize
10.8MB

Download
memory/4716-20-0x0000024871E60000-0x0000024871ED6000-memory.dmp

Filesize
472KB

Download
memory/4716-5-0x0000024859380000-0x0000024859392000-memory.dmp

Filesize
72KB

Download
memory/4716-2-0x00007FF8C10F0000-0x00007FF8C1BB1000-memory.dmp

Filesize
10.8MB

Download
memory/4716-0-0x0000024857700000-0x000002485770A000-memory.dmp

Filesize
40KB

Download
memory/4716-1-0x00007FF8C10F3000-0x00007FF8C10F5000-memory.dmp

Filesize
8KB

Download
memory/5928-13306-0x0000000000D70000-0x0000000001222000-memory.dmp

Filesize
4.7MB

Download
memory/8368-13767-0x000000006E480000-0x000000006F7C1000-memory.dmp

Filesize
19.3MB

Download
memory/8368-13466-0x000000006E480000-0x000000006F7C1000-memory.dmp

Filesize
19.3MB

Download
memory/8368-13687-0x000000006E480000-0x000000006F7C1000-memory.dmp

Filesize
19.3MB

Download
memory/8368-13536-0x000000006E480000-0x000000006F7C1000-memory.dmp

Filesize
19.3MB

Download
memory/8368-13802-0x000000006E480000-0x000000006F7C1000-memory.dmp

Filesize
19.3MB

Download
memory/8368-13514-0x000000006E480000-0x000000006F7C1000-memory.dmp

Filesize
19.3MB

Download
memory/8368-13502-0x000000006E480000-0x000000006F7C1000-memory.dmp

Filesize
19.3MB

Download
memory/8368-13490-0x000000006E480000-0x000000006F7C1000-memory.dmp

Filesize
19.3MB

Download
memory/8368-13446-0x000000006E480000-0x000000006F7C1000-memory.dmp

Filesize
19.3MB

Download
memory/8368-13487-0x000000006E480000-0x000000006F7C1000-memory.dmp

Filesize
19.3MB

Download
memory/8368-13827-0x000000006E480000-0x000000006F7C1000-memory.dmp

Filesize
19.3MB

Download
memory/8368-13566-0x000000006E480000-0x000000006F7C1000-memory.dmp

Filesize
19.3MB

Download
memory/8588-13740-0x000001B61BB20000-0x000001B61BB21000-memory.dmp

Filesize
4KB

Download
memory/8588-13731-0x000001B61BB20000-0x000001B61BB21000-memory.dmp

Filesize
4KB

Download
memory/8588-13735-0x000001B61BB20000-0x000001B61BB21000-memory.dmp

Filesize
4KB

Download
memory/8588-13732-0x000001B61BB20000-0x000001B61BB21000-memory.dmp

Filesize
4KB

Download
memory/8588-13741-0x000001B61BB20000-0x000001B61BB21000-memory.dmp

Filesize
4KB

Download
memory/8588-13736-0x000001B61BB20000-0x000001B61BB21000-memory.dmp

Filesize
4KB

Download
memory/8588-13738-0x000001B61BB20000-0x000001B61BB21000-memory.dmp

Filesize
4KB

Download
memory/8588-13730-0x000001B61BB20000-0x000001B61BB21000-memory.dmp

Filesize
4KB

Download
memory/8588-13737-0x000001B61BB20000-0x000001B61BB21000-memory.dmp

Filesize
4KB

Download
memory/8588-13739-0x000001B61BB20000-0x000001B61BB21000-memory.dmp

Filesize
4KB

Download
memory/9012-13348-0x00007FF8DE280000-0x00007FF8DE281000-memory.dmp

Filesize
4KB

Download
memory/9012-13347-0x00007FF8DE1A0000-0x00007FF8DE1A1000-memory.dmp

Filesize
4KB

Download
memory/9012-13453-0x000001D776980000-0x000001D776A2C000-memory.dmp

Filesize
688KB

Download
memory/9104-13454-0x00000211A67B0000-0x00000211A685C000-memory.dmp

Filesize
688KB

Download
memory/10824-13756-0x000001E612D50000-0x000001E612DFC000-memory.dmp

Filesize
688KB

Download
memory/11436-13757-0x000001754B810000-0x000001754B8BC000-memory.dmp

Filesize
688KB

Download
memory/11592-13720-0x000001B2B9810000-0x000001B2B98BC000-memory.dmp

Filesize
688KB

Download