6345a13c1eab921686d7ef594b6ac35e6e65839ac297795031014fbd9717508a

Analysis

max time kernel
401s
max time network
401s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-12-2024 20:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SWASetup.exe
Size

14KB
MD5

cd1436d99f11bc0382d6776f23c74831
SHA1

accc8e49ba85581de25288b9a461ae14b5554d91
SHA256

6345a13c1eab921686d7ef594b6ac35e6e65839ac297795031014fbd9717508a
SHA512

00374fa8dce13ce885714ab23b2d9111a8bb2194c17b5ccc6bd859aead6df36398fc2abed9d2840333e8a8dfa9f5da112e3a67a1141465300caad5b12c005493
SSDEEP

192:jgYX92TJJTcolI9FVigA6KtuY5AlF0o4Awh/b3B0OZnnWYlA8W2FCT1vT:Ls/aKu0AlFqAwFzSSWMQRt

Score

8^/10

steam discovery motw persistence phishing

Malware Config

Signatures

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: OpzlgoiQzcawzr@TWOfk
phishing
A potential corporate email address has been identified in the URL: QWHXWpWFjZhxZt@S
phishing
A potential corporate email address has been identified in the URL: QWHXWpWFjZhxZt@S#Yw!
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Checks computer location settings 2 TTPs 6 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	SWASetup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	SWA V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe

Executes dropped EXE 21 IoCs

pid	Process
952	SWA V2.exe
5768	SteamSetup.exe
6100	steamservice.exe
5388	steam.exe
15600	steam.exe
15632	steamwebhelper.exe
15712	steamwebhelper.exe
15872	steamwebhelper.exe
16072	steamwebhelper.exe
16364	gldriverquery64.exe
8120	steamwebhelper.exe
8132	steamwebhelper.exe
8428	gldriverquery.exe
8480	vulkandriverquery64.exe
8540	vulkandriverquery.exe
16604	steamwebhelper.exe
16976	steamwebhelper.exe
16076	steamwebhelper.exe
4656	steamwebhelper.exe
19388	SWA V2.exe
18644	SWA V2.exe

Loads dropped DLL 64 IoCs

pid	Process
5768	SteamSetup.exe
5768	SteamSetup.exe
5768	SteamSetup.exe
5768	SteamSetup.exe
5768	SteamSetup.exe
5768	SteamSetup.exe
5768	SteamSetup.exe
5768	SteamSetup.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15712	steamwebhelper.exe
15712	steamwebhelper.exe
15712	steamwebhelper.exe
15600	steam.exe
15872	steamwebhelper.exe
15872	steamwebhelper.exe
15872	steamwebhelper.exe
15872	steamwebhelper.exe
15872	steamwebhelper.exe
15872	steamwebhelper.exe
15872	steamwebhelper.exe
15872	steamwebhelper.exe
15872	steamwebhelper.exe
15600	steam.exe
16072	steamwebhelper.exe
16072	steamwebhelper.exe
16072	steamwebhelper.exe
15600	steam.exe
8120	steamwebhelper.exe
8120	steamwebhelper.exe
8120	steamwebhelper.exe
8132	steamwebhelper.exe
8132	steamwebhelper.exe
8132	steamwebhelper.exe
8132	steamwebhelper.exe
16604	steamwebhelper.exe
16604	steamwebhelper.exe
16604	steamwebhelper.exe
16604	steamwebhelper.exe
16976	steamwebhelper.exe
16976	steamwebhelper.exe
16976	steamwebhelper.exe
16976	steamwebhelper.exe
16076	steamwebhelper.exe
16076	steamwebhelper.exe
16076	steamwebhelper.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
17	pastebin.com
18	pastebin.com

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
820	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Steam\package\tmp\friends\trackerui_french.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_r_click_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\hp_r4.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_rstick_down_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_l_swipe_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_ltrackpad_click.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\vk_swiftshader.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\xbox_360_english.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\shaders\D3D10Overlay.fxo_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0340.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steampops_polish-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\overlay_tchinese.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_rtrackpad_click_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\submanagesecuritydone.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\resources_misc_all.zip.vz.e86a975545f3ab21a77373870cb311ef93934b8c_2224876	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_right_default.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\loop_4.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_l_touch.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox_lt_soft_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\remoteplaytogetheravailablenotification.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\Receipt_HardwarePromo_AlreadyPurchased.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_friends.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steamui_danish.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\hp_l4.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_outlined_button_circle_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_forward_disabled.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_left_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_outlined_button_x.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_button_b-1.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_buttons_e_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_buttons_w_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_rtrackpad_left.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\gameproperties_shortcuts.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0527.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0407.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steam_offline.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_rfn.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_gyro_yaw_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_l2_soft_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_l2_half.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0401.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\loop_7.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\dualshock_4_turkish.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_right_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_dpad_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_l1_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0307.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\xbox_360_portuguese.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_l_left_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_l_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_l_down_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_l_up_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_lt_soft_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_color_button_a_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_forward.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\offline_japanese.html_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\libavformat-61.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\EasyNotification.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\StorageVideos.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\icon_info.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steamui_postlogon_greek.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_button_x_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_l2_soft_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_sl.svg_	steam.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	SWA V2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	SWA V2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	SWA V2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\TypedURLs	SWA V2.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\steam	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\steamlink\Shell\Open	steamservice.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	SWA V2.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	SWA V2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	SWA V2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\steamlink\URL Protocol	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	SWA V2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\steamlink	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	SWA V2.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	SWA V2.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	SWA V2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	SWA V2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	SWA V2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	SWA V2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	SWA V2.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	SWA V2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	SWA V2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	SWA V2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	SWA V2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	SWA V2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	SWA V2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\steam\Shell	steamservice.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	SWA V2.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	SWA V2.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	SWA V2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	SWA V2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	SWA V2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	SWA V2.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	SWA V2.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	SWA V2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\steam\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\steamlink\DefaultIcon	steamservice.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	SWA V2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	SWA V2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steamservice.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 466912.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4740	SWASetup.exe
4200	msedge.exe
4200	msedge.exe
2940	msedge.exe
2940	msedge.exe
4976	identity_helper.exe
4976	identity_helper.exe
5648	msedge.exe
5648	msedge.exe
5768	SteamSetup.exe
5768	SteamSetup.exe
5768	SteamSetup.exe
5768	SteamSetup.exe
5768	SteamSetup.exe
5768	SteamSetup.exe
5768	SteamSetup.exe
5768	SteamSetup.exe
5768	SteamSetup.exe
5768	SteamSetup.exe
5768	SteamSetup.exe
5768	SteamSetup.exe
5768	SteamSetup.exe
5768	SteamSetup.exe
5768	SteamSetup.exe
5768	SteamSetup.exe
5768	SteamSetup.exe
5768	SteamSetup.exe
5768	SteamSetup.exe
5768	SteamSetup.exe
15600	steam.exe
15600	steam.exe
15828	msedge.exe
15828	msedge.exe
15828	msedge.exe
15828	msedge.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe
15600	steam.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
15600	steam.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4740	SWASetup.exe
Token: SeSecurityPrivilege	6100	steamservice.exe
Token: SeSecurityPrivilege	6100	steamservice.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15632	steamwebhelper.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15632	steamwebhelper.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15632	steamwebhelper.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15632	steamwebhelper.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15632	steamwebhelper.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15632	steamwebhelper.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15632	steamwebhelper.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15632	steamwebhelper.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15632	steamwebhelper.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15632	steamwebhelper.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15632	steamwebhelper.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15632	steamwebhelper.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15632	steamwebhelper.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15632	steamwebhelper.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15632	steamwebhelper.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15632	steamwebhelper.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15632	steamwebhelper.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15632	steamwebhelper.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15632	steamwebhelper.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15632	steamwebhelper.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15632	steamwebhelper.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15632	steamwebhelper.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15632	steamwebhelper.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15632	steamwebhelper.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15632	steamwebhelper.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15632	steamwebhelper.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15632	steamwebhelper.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15632	steamwebhelper.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15632	steamwebhelper.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15632	steamwebhelper.exe
Token: SeShutdownPrivilege	15632	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
952	SWA V2.exe
952	SWA V2.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe
15632	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
952	SWA V2.exe
15600	steam.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4740 wrote to memory of 952	4740	SWASetup.exe	83
PID 4740 wrote to memory of 952	4740	SWASetup.exe	83
PID 2940 wrote to memory of 4596	2940	msedge.exe	92
PID 2940 wrote to memory of 4596	2940	msedge.exe	92
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 1196	2940	msedge.exe	93
PID 2940 wrote to memory of 4200	2940	msedge.exe	94
PID 2940 wrote to memory of 4200	2940	msedge.exe	94
PID 2940 wrote to memory of 4772	2940	msedge.exe	95
PID 2940 wrote to memory of 4772	2940	msedge.exe	95
PID 2940 wrote to memory of 4772	2940	msedge.exe	95
PID 2940 wrote to memory of 4772	2940	msedge.exe	95
PID 2940 wrote to memory of 4772	2940	msedge.exe	95
PID 2940 wrote to memory of 4772	2940	msedge.exe	95
PID 2940 wrote to memory of 4772	2940	msedge.exe	95
PID 2940 wrote to memory of 4772	2940	msedge.exe	95
PID 2940 wrote to memory of 4772	2940	msedge.exe	95
PID 2940 wrote to memory of 4772	2940	msedge.exe	95
PID 2940 wrote to memory of 4772	2940	msedge.exe	95
PID 2940 wrote to memory of 4772	2940	msedge.exe	95
PID 2940 wrote to memory of 4772	2940	msedge.exe	95
PID 2940 wrote to memory of 4772	2940	msedge.exe	95
PID 2940 wrote to memory of 4772	2940	msedge.exe	95
PID 2940 wrote to memory of 4772	2940	msedge.exe	95
PID 2940 wrote to memory of 4772	2940	msedge.exe	95
PID 2940 wrote to memory of 4772	2940	msedge.exe	95

C:\Users\Admin\AppData\Local\Temp\SWASetup.exe
"C:\Users\Admin\AppData\Local\Temp\SWASetup.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4740
- C:\GFK\SWAv2\SWA V2.exe
  "C:\GFK\SWAv2\SWA V2.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ff8cd6a46f8,0x7ff8cd6a4708,0x7ff8cd6a4718
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2532 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3696 /prefetch:8
  2⤵
  PID:604
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3696 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6576 /prefetch:8
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5648
- C:\Users\Admin\Downloads\SteamSetup.exe
  "C:\Users\Admin\Downloads\SteamSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:5768
- - C:\Program Files (x86)\Steam\bin\steamservice.exe
    "C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2884 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:15828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1756 /prefetch:1
  2⤵
  PID:19868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:19872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1944 /prefetch:1
  2⤵
  PID:17948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1
  2⤵
  PID:10440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:10416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:10272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
  2⤵
  PID:18572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:18392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
  2⤵
  PID:18384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1
  2⤵
  PID:9620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:1
  2⤵
  PID:18240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1
  2⤵
  PID:18140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1
  2⤵
  PID:18096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:1
  2⤵
  PID:10720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7892 /prefetch:1
  2⤵
  PID:10712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7996 /prefetch:1
  2⤵
  PID:10708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8464 /prefetch:1
  2⤵
  PID:11204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8536 /prefetch:1
  2⤵
  PID:19924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8684 /prefetch:1
  2⤵
  PID:11192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8800 /prefetch:1
  2⤵
  PID:9936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8948 /prefetch:1
  2⤵
  PID:9448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9068 /prefetch:1
  2⤵
  PID:9488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9208 /prefetch:1
  2⤵
  PID:9480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9084 /prefetch:1
  2⤵
  PID:9476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9344 /prefetch:1
  2⤵
  PID:9464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9476 /prefetch:1
  2⤵
  PID:19936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9636 /prefetch:1
  2⤵
  PID:9512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10832 /prefetch:1
  2⤵
  PID:19772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10824 /prefetch:1
  2⤵
  PID:19896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10644 /prefetch:1
  2⤵
  PID:20196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8356 /prefetch:1
  2⤵
  PID:20396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8288 /prefetch:1
  2⤵
  PID:10124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11124 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10060 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10080 /prefetch:1
  2⤵
  PID:11276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10088 /prefetch:1
  2⤵
  PID:11272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8232 /prefetch:1
  2⤵
  PID:11516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10244 /prefetch:1
  2⤵
  PID:11640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10576 /prefetch:1
  2⤵
  PID:11648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9920 /prefetch:1
  2⤵
  PID:11656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10556 /prefetch:1
  2⤵
  PID:11664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10480 /prefetch:1
  2⤵
  PID:11672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11420 /prefetch:1
  2⤵
  PID:11680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11668 /prefetch:1
  2⤵
  PID:11688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10844 /prefetch:1
  2⤵
  PID:12084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11592 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12256 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8436 /prefetch:1
  2⤵
  PID:12296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12388 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10576 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9936 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7696 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8448 /prefetch:1
  2⤵
  PID:12436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11704 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
  2⤵
  PID:12388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:13048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11760 /prefetch:1
  2⤵
  PID:13128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11624 /prefetch:1
  2⤵
  PID:13240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12260 /prefetch:1
  2⤵
  PID:13296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7464 /prefetch:1
  2⤵
  PID:13688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9968 /prefetch:1
  2⤵
  PID:14196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11292 /prefetch:1
  2⤵
  PID:14668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
  2⤵
  PID:14456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7868 /prefetch:1
  2⤵
  PID:14848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12552 /prefetch:1
  2⤵
  PID:14784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:1
  2⤵
  PID:15020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9068 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7516 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8072 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8984 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8720 /prefetch:1
  2⤵
  PID:520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8560 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8896 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8588 /prefetch:1
  2⤵
  PID:6752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:6744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11088 /prefetch:1
  2⤵
  PID:6820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10484 /prefetch:1
  2⤵
  PID:6872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9564 /prefetch:1
  2⤵
  PID:6964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9580 /prefetch:1
  2⤵
  PID:7048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
  2⤵
  PID:7040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4676625347680926634,11904580429865482085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12380 /prefetch:1
  2⤵
  PID:7452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4456

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:5388
- C:\Program Files (x86)\Steam\steam.exe
  "C:\Program Files (x86)\Steam\steam.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:15600
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=15600" "-buildid=1733265492" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:15632
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1733265492 --initial-client-data=0x280,0x284,0x288,0x27c,0x28c,0x7ff8cc64af00,0x7ff8cc64af0c,0x7ff8cc64af18
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:15712
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1580,i,17326131609904444899,14287873766014689875,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1584 --mojo-platform-channel-handle=1572 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:15872
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2268,i,17326131609904444899,14287873766014689875,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2272 --mojo-platform-channel-handle=2264 /prefetch:3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:16072
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2812,i,17326131609904444899,14287873766014689875,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2816 --mojo-platform-channel-handle=2808 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:8120
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,17326131609904444899,14287873766014689875,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3168 --mojo-platform-channel-handle=3116 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:8132
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3820,i,17326131609904444899,14287873766014689875,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3824 --mojo-platform-channel-handle=3816 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:16604
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3944,i,17326131609904444899,14287873766014689875,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3844 --mojo-platform-channel-handle=3808 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:16976
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=4336,i,17326131609904444899,14287873766014689875,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4332 --mojo-platform-channel-handle=4328 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:16076
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4320,i,17326131609904444899,14287873766014689875,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4632 --mojo-platform-channel-handle=4212 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:4656
- - C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:16364
- - C:\Program Files (x86)\Steam\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:8428
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:8480
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:8540

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x490
1⤵
PID:16268

C:\GFK\SWAv2\SWA V2.exe
"C:\GFK\SWAv2\SWA V2.exe"
1⤵
- Executes dropped EXE
PID:19388

C:\GFK\SWAv2\SWA V2.exe
"C:\GFK\SWAv2\SWA V2.exe"
1⤵
- Executes dropped EXE
PID:18644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\GFK\SWAv2\Guna.UI2.dll

Filesize
2.1MB

MD5
b429ae86c5be521bc8ca3b164cec3acb

SHA1
387560073ff5a1f2191abc6f75fc34532bbb6dd2

SHA256
3ac70532408b89159bfe235d4ed228faa03ae3fbd63ec6a82d895f287a3b0579

SHA512
eae65de53da50708983ed8ebf9e1e3dd5f9aea95a354d272e199bb59517f62bfe35f0df7a37d81ab0423d0d6d29304fa70284c731bd54023e446b2c19bacafb1

Download Submit
C:\GFK\SWAv2\Newtonsoft.Json.dll

Filesize
695KB

MD5
adf3e3eecde20b7c9661e9c47106a14a

SHA1
f3130f7fd4b414b5aec04eb87ed800eb84dd2154

SHA256
22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07

SHA512
6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b

Download Submit
C:\GFK\SWAv2\SWA V2.dll

Filesize
808KB

MD5
c3e192a2ff49b948c4066ca3933d2de5

SHA1
7a2fb8db982bd21c06d663b3d1a4ec074f773c37

SHA256
2424295814e9acaf28325608940f69c854d27a372f0f50f5675f3f2b1ad12289

SHA512
ae304f89a0da518acf2051c7be2fccc6b650197f549aef4344ba0020c7bf8466f0c011ed6b6f5f3ac6e529d2b8fafdff77baacc9f78a4cb02918bb9600a32ee9

Download Submit
C:\GFK\SWAv2\SWA V2.exe

Filesize
396KB

MD5
8f59bec096bbf55c0934f97475394cca

SHA1
2f0a0fd2408c388ff740df2e6eb0a4ae3589ef33

SHA256
4c3e50b52c48e6e3a6caaf490c84e7e811ecea7b39e63834ea3906c89efebae4

SHA512
6364c0c820e7dd3782aa662b138093ab47c9525b19fe81527d12b2ed9f790ca4922610d22ea50a75022cfe2e07b4859576c5dad6205b8d27cec4118b2141607d

Download Submit
C:\GFK\SWAv2\SWA V2.runtimeconfig.json

Filesize
386B

MD5
186a65581e2f29258f54d396660409fa

SHA1
6f998d3be2e85cb5419205f867135874f27c0a3a

SHA256
e1e0974d0e8833375024eb7c78521b3b5cad4228aad22b23d506cbe702445844

SHA512
7dea87b523aab01ea3c794779b71bc0b52179e1d5e7b9a45539ddd39c775969ef22853c4c193699aec1e3fa3cbe26e90e3a4881226c52a3aacae1eac260ff896

Download Submit
C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\bin\SteamService.exe

Filesize
2.5MB

MD5
ba0ea9249da4ab8f62432617489ae5a6

SHA1
d8873c5dcb6e128c39cf0c423b502821343659a7

SHA256
ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d

SHA512
52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
15KB

MD5
88d5df959621cebdd570342cd4dbe4d2

SHA1
e9efb1600c26c76a53eca07da1b4a14d206280dd

SHA256
7147d4fbf6b190cd984413651fa28be4a6b8c6665b7f00bfafe74d18f2c4b485

SHA512
ef2ed0489d377fdc664de75e60b9f118f7e55efe66bbd02f20b030735d306bf81c6004374fbaf0dcaa5834923b8782f47cc1ec839b078b9f85ddaf4320ceea12

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
16KB

MD5
a0b6da51594a279965cf265d5528df55

SHA1
93b5f794977df49167c0b93a90563070a30596f7

SHA256
5c3ac47e00413f8890098f6096a09e0f18c046839439da565d95fd14d01450a3

SHA512
90a13b152243a174d9ef3032322b2954dab1f4587a77e2acaa545e6258d251fcf2e1c8db6f80e665d37633d679bcd8c23d043e27500d8994b33fa685636133de

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
15KB

MD5
641aa2d3bcd40aefc76f7b5e3b540e15

SHA1
5d16d5e9a67bee0b1849efd69134f584c77a0648

SHA256
829f846218665347faf037b72106c3def6499b6a5c1937b6d14ad0db71cf4700

SHA512
1d02085a7b5f7fdc6af9f81ccb48f0946e0f94237f81bc5f3850a5d0b181339e93c1a4c7b28f37da7e8de7b1028e3c46b56cc42c99943b198dc626bc646105b3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
16KB

MD5
00b668fb5b2534b447d9d44ef1c27561

SHA1
00303ee27597bc283ae0c92d61f103de96b66b7b

SHA256
c689ab9c4012e06100c1f6b4abc37c5a704fd8c7d07f0efb9ae115397487f30b

SHA512
3b9518ef1378f9c2078d8c0830bf28a4d479b78a3dd584ce17c694c8f6b4ace16ac96639f1c90eb8652e21e59473ad601673571a96ae3919b470575c199a533c

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf~RFe59a251.TMP

Filesize
184B

MD5
3cdebc58a05cdd75f14e64fb0d971370

SHA1
edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe

SHA256
661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7

SHA512
289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

Filesize
4KB

MD5
0340d1a0bbdb8f3017d2326f4e351e0a

SHA1
90d078e9f732794db5b0ffeb781a1f2ed2966139

SHA256
0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544

SHA512
9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

Filesize
6KB

MD5
4c81277a127e3d65fb5065f518ffe9c2

SHA1
253264b9b56e5bac0714d5be6cade09ae74c2a3a

SHA256
76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9

SHA512
be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

Filesize
4KB

MD5
2158881817b9163bf0fd4724d549aed4

SHA1
c500f2e8f47a11129114ee4f19524aee8fecc502

SHA256
650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7

SHA512
f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

Filesize
4KB

MD5
03b664bd98485425c21cdf83bc358703

SHA1
0a31dcfeb1957e0b00b87c2305400d004a9a5bdb

SHA256
fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115

SHA512
4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

Filesize
4KB

MD5
31a29061e51e245f74bb26d103c666ad

SHA1
271e26240db3ba0dcffc10866ccfcfa1c33cf1cc

SHA256
56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192

SHA512
f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

Filesize
4KB

MD5
da6cd2483ad8a21e8356e63d036df55b

SHA1
0e808a400facec559e6fbab960a7bdfaab4c6b04

SHA256
ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6

SHA512
06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

Filesize
4KB

MD5
9e62fc923c65bfc3f40aaf6ec4fd1010

SHA1
8f76faff18bd64696683c2a7a04d16aac1ef7e61

SHA256
8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7

SHA512
c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

Filesize
4KB

MD5
10c429eb58b4274af6b6ef08f376d46c

SHA1
af1e049ddb9f875c609b0f9a38651fc1867b50d3

SHA256
a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13

SHA512
d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

Filesize
4KB

MD5
5c026fd6072a7c5cf31c75818cddedec

SHA1
341aa1df1d034e6f0a7dff88d37c9f11a716cae6

SHA256
0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382

SHA512
f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

Filesize
6KB

MD5
189ba063d1481528cbd6e0c4afc3abaa

SHA1
40bdd169fcc59928c69eea74fd7e057096b33092

SHA256
c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695

SHA512
ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

Filesize
4KB

MD5
18aaaf5ffcdd21b1b34291e812d83063

SHA1
aa9c7ae8d51e947582db493f0fd1d9941880429f

SHA256
1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5

SHA512
4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

Filesize
4KB

MD5
1514d082b672b372cdfb8dd85c3437f1

SHA1
336a01192edb76ae6501d6974b3b6f0c05ea223a

SHA256
3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4

SHA512
4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

Filesize
4KB

MD5
8958371646901eac40807eeb2f346382

SHA1
55fb07b48a3e354f7556d7edb75144635a850903

SHA256
b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585

SHA512
14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

Filesize
5KB

MD5
7e1d15fc9ba66a868c5c6cb1c2822f83

SHA1
bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7

SHA256
fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265

SHA512
0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

Filesize
4KB

MD5
202b825d0ef72096b82db255c4e747fa

SHA1
3a3265e5bbaa1d1b774195a3858f29cea75c9e75

SHA256
3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314

SHA512
e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

Filesize
4KB

MD5
7913f3f33839e3af9e10455df69866c2

SHA1
15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25

SHA256
05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c

SHA512
534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

Filesize
4KB

MD5
58e0fcbee3cca4ef61b97928cfe89535

SHA1
1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b

SHA256
c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425

SHA512
99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

Filesize
4KB

MD5
9b0b0e82f753cc115d87c7199885ad1b

SHA1
5743a4ab58684c1f154f84895d87f000b4e98021

SHA256
0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32

SHA512
b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt

Filesize
4KB

MD5
eb8926608c5933f05a3f0090e551b15d

SHA1
a1012904d440c0e74dad336eac8793ac110f78f8

SHA256
2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04

SHA512
9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt

Filesize
4KB

MD5
6367f43ea3780c4ee166454f5936b1a8

SHA1
027a2c24c8320458c49cd78053f586cb4d94ee6f

SHA256
f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998

SHA512
31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt

Filesize
6KB

MD5
e04ad6c236b6c61fc53e2cb57ced87e8

SHA1
e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4

SHA256
08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e

SHA512
0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt

Filesize
4KB

MD5
56dcf7b68f70826262a6ffaffe6b1c49

SHA1
12e4272ba0e4eabc610670cdc6941f942da1eb6a

SHA256
948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f

SHA512
c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt

Filesize
4KB

MD5
66456d2b1085446a9f2dbd9e4632754b

SHA1
8da6248b57e5c2970d853b8d21373772a34b1c28

SHA256
c4f821a4903c4e7faea2931c7fb1cf261eba06a9840c78fdca689f5c784c06c4

SHA512
196c2282ba13715709ece706c9219fe70c05dd295840082e7d901b9e5592e74b1bb556782181cdbe35bd1ab0d6197fef67258b09491fabc6f27606dbed667d49

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt

Filesize
4KB

MD5
b2248784049e1af0c690be2af13a4ef3

SHA1
aec7461fa46b7f6d00ff308aa9d19c39b934c595

SHA256
4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690

SHA512
f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping15632_1740619022\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping15632_1740619022\manifest.json

Filesize
1001B

MD5
2ff237adbc218a4934a8b361bcd3428e

SHA1
efad279269d9372dcf9c65b8527792e2e9e6ca7d

SHA256
25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827

SHA512
bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\178645ce-ea6a-448c-9c9d-b7aacfaed9ca.tmp

Filesize
10KB

MD5
5ba0d011515b5aa2bae0c74c77927561

SHA1
21866862aa717aa7eed295ce921a3255b0a6fe7f

SHA256
0ad7b85ed9d3dbc0d6c532bc48918a6d74fb13b284b4e70e614716ac88f3fd7b

SHA512
7a44f5e94b1a9bc82e9e7e037e7a946df5e821d57171ceaf5d23a21d5f707e36c5d8d68f9e35161edfb0308e49cfaa4faa45b2dcca53e6312741a9b74a1503e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
47KB

MD5
9f96d459817e54de2e5c9733a9bbb010

SHA1
afbadc759b65670865c10b31b34ca3c3e000cd31

SHA256
51b37ee622ba3e2210a8175ecd99d26d3a3a9e991368d0efbb705f21ff9ac609

SHA512
aa2514018ef2e39ebde92125f5cc6fb7f778f2ab3c35d4ec3a075578fda41a76dbd7239fe2ea61533fb3262c04739c6500d1497c006f511aa3142bb2696d2307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
26KB

MD5
5dea626a3a08cc0f2676427e427eb467

SHA1
ad21ac31d0bbdee76eb909484277421630ea2dbd

SHA256
b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6

SHA512
118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cb

Filesize
84KB

MD5
d1cb8e58e7880351ce9f6385c4ff0af2

SHA1
9a845b408dd769a4c1ff3e7d50692033dbf35429

SHA256
72b41bc5d2e6fa0ee27c2510ec05d42894b2af6b1e4bdb601ef7836f69fd5059

SHA512
5e47c03e082513b52894badad0dbc157b80e4dd823e83d478b2e3f2366b301b5203d1f54d7aa17377688ae47d198949afe9b8008f206f7caff55ebc98bfdf8e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ce

Filesize
153KB

MD5
1b2731006f2b2597b02859e501bc2d4c

SHA1
118d27a703cef3fb083593a56bbc93e62420f30a

SHA256
59dc184cbc1a318493460d1d78999cfdaaaac9a457b5a3a02c2567dfa17314bd

SHA512
f7452f91afe2fbfcb04f80dc7b051d874224de8790bbc53858678332a6b49f7295a15989a587811e1e8fb58a38625ec3e15657d88a367fd50d5b201d7abbe90c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cf

Filesize
16KB

MD5
89a574ff00e6b0ec61d995d059ce6e65

SHA1
aea09e96808ab77165ffa712eaa58b8f056d0bb6

SHA256
e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44

SHA512
30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d0

Filesize
28KB

MD5
a762fb5a64dec4556d980f51ff3060c9

SHA1
6ac0b291cbbd8819e9a922c9c5228f76ad029983

SHA256
cfbdf62609fb4493b45b6b7a9a13c5357ab5e7447c606d9fd707dbca46359a54

SHA512
23169bb323a788ccdb915dac2a8d8c58b018c40941f2c7b10a3814a68b42ad3694d07d23e2eef31d77a7c16da355c98d796b94f82b8f352aa4825ec0c3e08b55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d7

Filesize
67KB

MD5
bcfda9afc202574572f0247968812014

SHA1
80f8af2d5d2f978a3969a56256aace20e893fb3f

SHA256
7c970cd163690addf4a69faf5aea65e7f083ca549f75a66d04a73cb793a00f91

SHA512
508ca6011abb2ec4345c3b80bd89979151fee0a0de851f69b7aa06e69c89f6d8c3b6144f2f4715112c896c5b8a3e3e9cd49b05c9b507602d7f0d6b10061b17bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000da

Filesize
36KB

MD5
9a56f4eb7af045f304951ceac625d949

SHA1
669b2ef84c7cdd419c9dc893899f429fead33109

SHA256
0b81403335bc3a5ad450bac7ab9c397da343fb3d41aec9cabbce5bef4e03727b

SHA512
91666500a50f49fbae49bef7b531ad9bb816db1ccb877f36313f4db5621c871f83488f24390524868d2160b865e4ca13d170568e9b2c410151b6d7a7d66d42d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e5

Filesize
20KB

MD5
6475a4afa02878aba743451522eb5e43

SHA1
c0f8d41970f233ab9fb258b06674d1df7bff58a9

SHA256
db13973812c4dd5f62d6885ad06ed9d86f59089de6753752618b32be56d72fc3

SHA512
a016fd71ebd5c38cf4c4f4fcff4d0c555e86ebc201b8da4cd29e5f68162ede89922458495df44b05347ad62c76ee9f82f3147bfce1e5b4bfc5d55332de3119df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e6

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\114afc79615abd1e_0

Filesize
32KB

MD5
4237ae59d0bcece779a180a3c0b0f54b

SHA1
ea76dcb9933f5da8e839a83156e3f216f68e4b2c

SHA256
6ebb97759c065b55414a11d22668be8fd2c92e5026c4c04dfe0612e6e63c0652

SHA512
b4dff0408ac8c9b4a421ab3878d4cee51f4c9b5ccb6f39eb4980d7f21e62e7e65824cfb2fc06a4581887890aa5bf30ebfc684f80776b2315cacbae6a8028b96c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d19eca892e7c2f49_0

Filesize
3KB

MD5
2ad576d5de9354081881d9900ba235cc

SHA1
5462532868cc20c35c2e9f232abe41434bf477e9

SHA256
9f0cef1dc6666f0c6c1afde695b13ae93182da6c74b5abc406ade82d076ce046

SHA512
11607fea23a93679167dc27d9ce4b19febb3528a88d7f50981bead9bfca15e4d72348a8001fff5113564fb5bec76ab13ac33f447ba840f4bf60948b7f5557de1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
6KB

MD5
864db54963ebd2f13081f2df3e681b45

SHA1
69b79e125fe08b9a704f59b007a693197aa22850

SHA256
4be8e8865ab4b2490c51dadd636fe188e539c5452538463338e453c9a4bc5948

SHA512
1e8234d12fb85ef2ec1a5b5908d703b88757a7dfbf8f0a61976f3c3b09b27f8c25a8d47009c6019173ec16235bda72aaf31dacce1cb40d509fdf6adb16e759d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
b3c185c7a6cd70939c648925a9532699

SHA1
bbf8cebac2ba0a026dd61993eb12aba987001eca

SHA256
88bee394aa0c68b88d3727a63656b4b096e07a56dd536738c900614010ec52e0

SHA512
f263803dcbe57bedc504ed7601af20b1b8d2539c259fdadf3a53331b1af8584f86b7b9d429143490a9be18ad5fa1de8a831abba4a0ff6242c2e30e9be402ff5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6c79fa0b03ea9ec00cd8af728a9a27f2

SHA1
935aa9d788cd903d9f01e59ba92afaf2dddb7d08

SHA256
1d3357b4433a12e316324a4795d4e17eff786100541953f2d93c07773505905f

SHA512
36ac09326d937696ae74386bbbdb30a469c15ba7ba90e40a6c393af04fda637b008d72897f54dc4d74004288dd0831f5fbfe71bcfb2eea5d79e9695cf4afa6e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
cd0f6e611b72f3437e5b94502b12cc3d

SHA1
b5104d8253be4b18896389612f2cdd13817b53f2

SHA256
04ea167b567bf9b48c1465736714313efc70b9fe54068fd3527ef272b0862146

SHA512
b46726d1408884bc7f36807858b4575819253cabf3ee38dbdcf9d814314c1a4e909154789679078f6654256e633fb6d0842843e86a93ba7f529c7d7748ea6bc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
15e1a5522bdd1e2d08b3f3ca5c6bae49

SHA1
bad30408c7d2059254a8f05cb8368f8bbcf1e082

SHA256
1b3d15f55733a9ae2ba4a4bf7634f8d55d174e7c543d0b6026cd636578e9ad7f

SHA512
d58cf84abc7f2708246652607f024f451c73c6e1a2850b762943211a96607725678301a0395d5cb1e798000c8f34d633919091983ad01199de6aa1e7d166d5ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
411f4a03849f182599530332b344b08f

SHA1
cd0a54bbb3809a1ffcd2c50ea74ec0f566acb808

SHA256
b7546d24f27438d61cc1388889b5a2f539a6c54745780ea3b5f31daf4fa14d7e

SHA512
cb2a2e5d32bc36a078c6a2332dbe165c2173f4f583191eb049c4d604fc90ff883cff2046d74d2417d7bee4007fd580348614601e9fffd37f894d9fcbfe406c03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
948B

MD5
97a94d497a0c09b34ee2488044fc61d1

SHA1
04b9a44493ade816881c5daab048be1b3de50fdf

SHA256
b48ba2998f37e3af65f0d79c3614ccd0db3a68b6beb2e545b3470c41af92d2f2

SHA512
df1788e0eb9a36cd10feeca038a7c49f9c4e19900cfbddbcf9eeaea5049d84cd94e5422234246936410cb802317e4543b42029c8a868daa058ff01ce09dbbd88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
22KB

MD5
592e873939e4e95d09d79213fbd605a9

SHA1
132a5be8d04d14075b880a13dbc87eef4901da77

SHA256
a77e0535530551922ce3d0955fd15d0e74d17a37a200a9e5d41a2a359fe5eb20

SHA512
8cea8d978304ff4dd0874c947276a713af0337cfbabb1c7c55d0830a20eda79b3c14c475b6aa1202148f2d965504da82dab3f64c90250225b3addc01d15b9756

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5f642e9e022122d373bd09baf7d62507

SHA1
a0ac0b933c6a1359ef57e6c4032278e1ac17c7e9

SHA256
0db155fba75aa940ba713673a87d3711cd6eb9af70aacd18defdae9dfeb58fda

SHA512
c46ce2afe913ad016f00c48389def79cd580ffe9c796370ba01697d2a169f05d75c54371ccee1f1b991294ff0052cb52392fbb0a83446709b2c007450aee544f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e3d546a01fe5f635ecd7de387b6a6f1d

SHA1
eba9b3c8bf9fc98a5b3d6c9d2eb32bd8b31900a2

SHA256
baa55bc07473dfd119ae7ee574571c45af646068ebcf9ddd875836cd2d003bae

SHA512
4be34f5119b28323cc81fb5c2e86585c761bf90653f9cf7434ffc3ba2de990f43f6a871c08a80ae05639f186d6ee954e4397f073756f80623b5ee379dece0ffe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4a075a857cbdf6d2b367c1868f2e6825

SHA1
d5474ce0776771c743800222d30cce1e92b9cd12

SHA256
af3a6b96edf124b527ae6a4f6acd205581e7f87b3b1e3fb82fa0412d6f1e53a6

SHA512
c67c68b6e9ab4e798fc28c7ac52ff3711f08ad9d37d7f3dff446f72071095e5bd11c172cec2e7de03d731bf1d5457efeae01d4223307f28bb23edaf9b227520d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
f8eda3ef216985cd916122eb4bd3733e

SHA1
7df1b96034c84829588f3cc2745a4bca8ce5a20a

SHA256
7bf953f13633a641d542e5a790f15460c4499af307ec51022e12102e95fae434

SHA512
c03d06b7bb7ebf6ba834e68217a00e40eb33fe3295a5b363986993153812b116e097d015b2721a9866f05533c519a2fcf4eb3a2860acd49e695d09a9c86eee44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
8f8af1a6ce8938e696b94455b84606bb

SHA1
44fdf9942fb9696393cc2d32ff0107c8bcdc6dc0

SHA256
10407ed9de21f505e2aa8fcc1d965b532a4b7edd4d1bcfa6ee60f9ab3ada4d92

SHA512
b72059c75e89cb034ee6a478fbeee6b9330d59900662582415d7722e03beefb776e17eb197aa809407e8f1d6bd20172b8e560e8e5d108e49c099ab994b5bd9e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
0e1a7dcaeec27e2b129909e68a38e430

SHA1
5f0990e981b339866b9c169057e1b25daf619bbc

SHA256
731fa93783fecfa4be5576958bbe78ce866c1ca62a03833ef21699de8b9eba6f

SHA512
b7e6ababb785a25e9ba3ba90936c1e3c6df51ab7193defb77548187152427521dafa80de7f8068c5f3f88595ec9c5a63d0c51acb2d57b8692a1d14e96611af2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e60294cf74752e13041b4e572649b9b7

SHA1
c32796bbf9e4bc0b98c2a257474397c41a6cd97f

SHA256
acb32d507bd71fc589a4c21daddda4b14875db2d8fe5bbca47f2a31cdc1ce8d4

SHA512
73127b96ff9813f66082ae24145443b102846dc8ef1d30bf5481ee57b0531d9b06a65dd02a262178101e90ef22055e02799ab4b67051da5c7ad41564db6fb123

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
e177283063a9ad8682798cde06f15529

SHA1
fc265514bb21d7b1be3d1e5a7ff71e433f761536

SHA256
6df263ef6e84bd8d22fbf21ea5b77d207d55a2e14973c07dde9988daf514a7f5

SHA512
57776684cf9bbdd08ab91811826f7d9df8ba9df7ea6072f432b7c9f36ca566e021d45e39b945a336061da9dee8d612d84a6e9c599a3e685b8572f104677feb3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f2a3a278767c49cf048137c85a690743efd8eca\f39381e1-18f4-4671-a21f-9d4481260270\734d47405883b63e_0

Filesize
6KB

MD5
c14e92ee8a9a3a8ef13d4b959b358879

SHA1
4907fc8a08db20914a31a86f92c763b1cf8f7cb6

SHA256
2d9e4e7e37db8fe4d2c3a0b9c8b3cf40283c07586d27aef31db80fdf5b847111

SHA512
009ee788aa86d21da78fd6f5912dceac792d4c3d29cd19c92ee30a47f81b9d8a586cc43b2d7453a1e367b6a7cf59da10e4ef88e302ae79c3e043e1cb660c4431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f2a3a278767c49cf048137c85a690743efd8eca\f39381e1-18f4-4671-a21f-9d4481260270\e15cf4b52087a9ca_0

Filesize
4KB

MD5
d08174320cb8661b3fffae1f55ae87e0

SHA1
8a1cf5ea897d55624971935e85aacc2529fde8de

SHA256
4c4e0902fce0705c3ea58954204dac357043b0891898c4fedb754b20d61338b8

SHA512
88522e789fa6a3e290a4fa4770aebec4bf37bfdf3939fa39349fb0dd2047043c64eaab3cef789f924d18c4d7d206deff1df60ecea667ce3622553d68e30bf606

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f2a3a278767c49cf048137c85a690743efd8eca\f39381e1-18f4-4671-a21f-9d4481260270\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f2a3a278767c49cf048137c85a690743efd8eca\f39381e1-18f4-4671-a21f-9d4481260270\index-dir\the-real-index

Filesize
1KB

MD5
f54abb4835a10cc57a9ba1a2396a6178

SHA1
eb5282fb596b9f000b956a0e828268cb1afcd784

SHA256
74b84999413aacd066cc5054b8ced2293fe23a2bb233a43c1e5c1bb4ca079614

SHA512
955f6ba8242660f7d3a9db76684906a1b34be68a41d0d05975c0cd1f174d81bdc32dce73787cd9eb1beba6cf326360fd322dc8b05ea59410e485276e74de69de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f2a3a278767c49cf048137c85a690743efd8eca\f39381e1-18f4-4671-a21f-9d4481260270\index-dir\the-real-index~RFe5aa2c9.TMP

Filesize
48B

MD5
d238121e631ed0bf3732de2d93cca21b

SHA1
2ca079553d77f8ed6d87a970ec27ff60c1015df7

SHA256
f178d6d9cbef76b0b00a1b960a7c2b563fd619f42a5e7d0619c289ab05dd557a

SHA512
8692ed8565d8d0bfa3288f5610067382475c7b6057c5c0750b4c0471ba19164e40117947792a69715a03ba7e9612a90882fe91e221ef206d6449e62a5d098c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f2a3a278767c49cf048137c85a690743efd8eca\index.txt

Filesize
109B

MD5
5012741eceeea1216937243d3c8bc1a0

SHA1
98de930cc9e16f71ce6b3038711a3d728fffb8e3

SHA256
e8fb7d81a1810d37a0d84256b112f82ff2dd00b31a5a0540fa04941e7e6d9d5b

SHA512
701ea0e2dcaa477e4748a27fa7a272977d4bdf3e04df90be6b824effa9ffd0472764cc9c712e7f8846c1956d149e6cda8b3c7190f9ce6467922c36e1f86e382a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f2a3a278767c49cf048137c85a690743efd8eca\index.txt

Filesize
105B

MD5
951525075360cb9d05890f5c8e1c7de4

SHA1
11bc4818aa3d2a0488637868379fca74e1abf25a

SHA256
edd4c6159777a011736ab6fc1861df76152837ff0c0344b2e7a73c63d53fd12a

SHA512
91c9bcd510259765e006a379a7cd097d200c9e7ad05b4728ce8898cebb5cf50cba77767e33ff60a8aff55cbc2cd46fa31e643cc6de836f67b45dabb51039ecda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
a9c329f53f07775f149532ae1a4d7c8f

SHA1
30e354e8b73827ef892870546e0a03288d1383a8

SHA256
ccbe4a03d7034a0bf36ea4b080636f5858d8b66315ec911d0373994c5a9ea25f

SHA512
558b89e4358bb48fbea46f5cd44bf72005c6a63149e09f658a1604bb0cebe4a29e930d23a7c1efeb8673c0007ac19fa3cda5a7fde2a002d04afcb4f0a33e6536

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a7eb7.TMP

Filesize
48B

MD5
5c6f97685dece47aba67429f1587597b

SHA1
ae52a73f3433811d39af3f84620693a884e48dc7

SHA256
4850ab894ae551b7fd655c0e11ea5c5dcb9dc2c8e33c33d4415d9cd89f7aaa8a

SHA512
7e27bfc34a9fd026f2450a87aed7ce5bc650c65fcc36d2e7249923ed4805cee49f734a8780db3316a0a1c9de3a67c7e5099d799181513fec638ebab776696692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ee074ebd348b174fd1dba7a9aea8e4c8

SHA1
75d396b2e1dd18fa732bd74943cfc647a33af364

SHA256
7fcfccea8158260e1ecb7d52f2ffaa0545d3393a53d71a09bebac86de6482544

SHA512
05540dee1af4fdb2083ff34c57dda671b007cc02e094792fe7a9134e7f933a1b73fab6d742db220d01bfb1b74edfac121e47d020da8cb4acb5354a53919a2e34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bac0a28db19c011bc6310dbb0ce74e77

SHA1
5e5141a60fd14ea34a42b67af101b7d3ed4d2fd0

SHA256
6eb2f8850518189d4ec07720759584358625a3d0d495fdf94bf64fcffbd250df

SHA512
9a1cde2bcfdc7a17008582ba2e46aec13d1dd39337dde971f46dedfd542bdad16a12495d279578b0c47ca2c96b8136292a2d788bf8e72a51554f40a80662a831

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f6692fcf750181b9bcdd72c7db8cda00

SHA1
9675b243cdfcf54c90dba465e1bb1340da4bd107

SHA256
6a00a79f3190aa573540e2515f2133d773b971a9f9de529bda7c9746f28601f5

SHA512
f8c41234ff4b2efc19eb76048e64eb38b7c1487e0aa38a03ce9104bcd5894e3be1f5cfb931fb4cbf71a4f1717ac69c8320e73003c72ce2e0c097f3595162f70b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
007b7053bb6f1614bc3974cb938017d1

SHA1
a745a39890cca469093cd5d834cfa9c1376f0f5a

SHA256
dddd2ce62fd568acf47c2373d8f34919aaeaf27dd02b18fd96289bc3d94b4d7d

SHA512
5dbba2767daf37a86f90d56812070e4a1688862e3b650822196dd8292a7db2782bf3be6a4d86b6ff92a555f0cd367e1c2dba77fc8ecd0948b3662f4bf116ed96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
1a6a3a63244b3b2fb3cc5c0e5943a41b

SHA1
b8b7796f39464b24ae2a295e8a08a284121c3ee0

SHA256
a381eaabb2612e3f69fa3e98cc0e857c3f86aab19dba73237357c7ce0c1006b1

SHA512
06b690a75cfdc758bad749ad8f423f3ec6d42f8d78af05ee0e174ce3cff01f9f55e1d9d1128abb4d310e6d9a7c10527c536bc3581d5ee9b347fd35db36b9079c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d9068b335619802954ef522df1c6fbc5

SHA1
451a043dd92f6b870403c4f0309d63623b77e59d

SHA256
a8ec6710317209d01a902b45db6f7fc7b5e370ec0345c0461e272317269fe703

SHA512
5744e870e5bac180e18337a11e5cfdc9e14e4e67ce0b0ccb10b862fd7800001676c29519185aa0b21cec03435e86eeaf93d937adfe86e08999c5f3d3c34ea8ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
0d5cd731ea3bd2cba698a08c21475c25

SHA1
df0b1737a673521d718aa128df1896eec6cbc5ad

SHA256
8cc18bfb03528b26b72a99e8358250869f64df875e03f82c83e9c193c34424ae

SHA512
f01666429aa077e3c9d6f462b378d1ef31d92aae593924a91d48a1310c6b3fc65884b6e058161c2705e6178ac297d95e279cf3f1904dad174462b711e572478b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
e9cc484963f3658fca5cd16fbace5938

SHA1
64ec1f42abd0756e4e150093ec618e31258d67b2

SHA256
b69e3f85c41c80dcaad078ccd11ac7e1d09591c875857e28d4be127064f79fe8

SHA512
bc17fe9f0fdfdaac333b56ae880e88cfded389787d13336d45c1f4e9a603b6743d14320dbb85f4bd8c67f9b2233a14e52e2c7b3074b3cbc8ab986f64bf32bc12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
8aef08b1bb6cb40bde383834e78ef5d0

SHA1
986a7c3510af74bb0e250fda2ffdeb9453295ddf

SHA256
6b0e4cfdc5add1b491189d81cb17caef119a4d4be1f2bb0b8dd489741b1e29f3

SHA512
27c72773cbc09d0c4e63e09b90d92eb9ec6d24f7752fd4dd6b15d1f888179f243ba9470fa8b831bed1c3605b612c8fdf390a3dd7a2188af417a98f4e476fc4ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
90ef6e83df26a1b41e9df474cbbc7f47

SHA1
5dc2ca54611fac38680db592b9a3bd2793370838

SHA256
2b0c043f227809ade8d2a5c979ffa79f9f846135a174ebe3b517bb9f4c85b7a8

SHA512
2c5eb6a19ce1e5fea623df53f0b73d50509d99a6e692c2b5e3725106ba259fe2e1bec0051be39d2f47c70b8a05bcd55351b77d0b6e5a5d7473462aa7637247d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
c1ae6d19ada763a51aaf355260a81c77

SHA1
985297ff8066ae89bc6a661cab37a12b1fb258ba

SHA256
04df20344e2ba55fd9860ce6dd5d168e1483f5bc907949afe3b46050bdcd9d6c

SHA512
4692b9a3866d75212e220d6b2d21a456363399ba613a00a96f1bc129716476aa61574165676f57274ab345ba04b06ffa0c441110ac3807652ff79985fc645f8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
e4283f04b34553f92b205db1892d14f4

SHA1
e212aa6cc07f297be1ca93f9735597f217e26251

SHA256
8b2e925616533291f8542ed6e9dadb19e41e17142daf0734af7699376e16ee1f

SHA512
6c81977e25e4e3f691deefd04373577fceca65b617bdffc95594dbd448b9acc4fc06c94f4086cda02a7b738fccefc0007f2a55b6fb361ef748e33a7661760987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
cc650ee25419d7f94d3a788d48bac539

SHA1
93d309173df17ab96775ef3dd2c7160beb60c301

SHA256
cdcc0959653b7c3f336b01f3fe7bf728adfeb239934430c5ed9271c6a23d82e5

SHA512
9da890a44b7d420f36b66a372b52d84fd477d6d343daca2a11c1904cd4819e17b733412b9f6d02559b5d7aaea940fd09e2c55229f2921a57e3bf20cec3d6fcb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
a05c2dfacf6057a39e84d4c316ff69a1

SHA1
7f0ab967aade4c1b9b2ce58dab338797280ab042

SHA256
6ff7f2c17838edab4201305f5f4a1f51ebf70bfbb49afaa18da8304241f46849

SHA512
de00f044d5f458b4b7feb65814813448d0bbfebffff676e98e10657ba45602fd3ca0add6da6760b7708a674626060d84988d908fc5104d0c07425b0a422dab76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
bd75c1da7a1b3d90ad8988d7af66c086

SHA1
63c51da2de2f9d34c4fd5ed8ec6f68323434e79a

SHA256
fff1261553ed33a2be0a757f82b70b755f30ea7ea751949e82fa05ffa170251b

SHA512
e2a1eca6c2c29dca7cdfadf9ad00f1d6d4eb35a600192dd8a0a89573b251bee86529e58f9b21471243077d58f71dfa17a65ba2a90d59b1977e958c63a8876df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
6c7f1222b6f44d1c5d6e949971b8998a

SHA1
a6f6b7aeef005d6bff09e22c93eba10554e9eca3

SHA256
6e487ed30d92be05f1d32d37f8ccec8096c568ab351c7eac80bc8d570bfe1ed9

SHA512
0aab7a6e37f27298b1682028b3a52f6dcd1e65d45989df8bdc9c87dddfbe702ca8cdb97c1c0329e6a777ae774f3dd843b706dc7a390d8e2e58d96c1e51eabccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
695beafb44f23a3a1a164a73b957cc39

SHA1
f805a2722a19c9c27ce2096d85e8fe2ceef531ff

SHA256
5ce3165308ec4df82c974a85ad667f218a9ff7f2dae82e4e806d15ced822d7fa

SHA512
02d1507aa1172d97dc500ee638bb9ed6e719b0341f122f6eaea8fa5f819790ad5172f8047498a85c599578d9235463d47a0d8cc162406317fd665c5e4575830f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
c18555eb6579d235850cb0f259c01c0f

SHA1
501ddbf9f8a546f7327c604155cfacb0b5e82da6

SHA256
9b15c30b144483debc1817ede1641ed426d8631ccd1fc1c637884c5ee9d8c4f2

SHA512
bceba88e7904c9ceec6cfeded19e09234c3b50537e6938eb99b4274bd5ced6a1586ab481dcf34b8589bc90e8ac5570ee6e04d65a3ce9c002af9e3fb9fd2c71a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
b5ff35258b42d2e380382da03bd2a7cd

SHA1
3452d3dca2b0c9dd4d968a142a14ea43973147c4

SHA256
e08c404eea3a06960c4000426e3756ba494f71fb24ca1e99d1550c6981ed1626

SHA512
2320250f76afc2782400ccaf8485c926200ff75574357adc7b93ce71feeb1344d5664b6b21b6bea3c8b6632bcca39b023f0236005f14827f45b888b2af516627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
6594633a946657d4903c950d7660835d

SHA1
56aa1c6e23166e7013ecc5d3ef8816612c3cdecc

SHA256
895bfb2d6fd01dab6f778b856cfa938b835f61218bc3624baef0eaab867aa9eb

SHA512
1bafe50d67ec236676ede6c8ca45d66929c17ff3f41d20944f98903d8a8d64dd464d246a7e6806f34be4b9f0f0c2dfd707a18d366c1a47311e0adc653a9893dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58392c.TMP

Filesize
1KB

MD5
b3710a8f036e03c2bccf88ce05e948f2

SHA1
d4b15bd4ed9bca3a456d734449967afec3e05f4d

SHA256
d190ebd73b13e16c82584146770828044bc7dfc3172f65ed30bd38d868788f05

SHA512
fcbf04160e9f405f33f6fe6a359d50bdd7b9fe1016db5e5ce5fe605c68427295f16f03f33dc95b9e1e940f67cd6a5615e675241d7d113543af665d7e2765a346

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
75d6d7ef4bdff43c20ca163cbd3770e9

SHA1
045634ed5a878a497f715090be95fc5a60f84238

SHA256
07ef087f1303082a5789f21cbfb527d58f4dc8c0286b5fbd0fb935e56808f111

SHA512
6a6ed979f02f93aa41e2be7fc8e3ef16437d0a2e8b9af0b772b456ebfd0e4b34c034dd998b87672e27391828f31018c6b914b0b29f3e41ad1520a40bea352481

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ffc1fdc9c8b2c1ee4e5a00c221f9f7c5

SHA1
74ef8e1bb533f7d9d79320a113b6bd0c72f1773f

SHA256
2908629bc18eb1037f81a0327d208ad08510aec51d0e0584e50ad1c1ee19dadd

SHA512
79b7cb7bf858be309152d71b4e8c4aa17340116f81fae924263a6762e8d956b0a0aeb4bbf91105dbb49a5e3f7a5372ad9d7fdff9e7f26202d7eb632fd276945a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0372f022e574847970b5a38f1a136e5e

SHA1
b18297d07a1189ba7777f534e57e1d54cb2dbbb8

SHA256
6a90d27d3c93dfdada9a96c507f2ae3c4a3772b67b6eb23a12f3bcd6128a893d

SHA512
5164cfcb4dac16f0644f714d29abf51e1e1b0ba24987704b624ec9ac280fe0c44a17198604cc59a3c6999e6582d8439dadc5d34a5d21d6f81af75b9920e0b9f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6e21e6df65c85a2d7d7760346b5b893f

SHA1
a290200a5918a230859549fac612290e57ea070f

SHA256
3b56f3c638fce72dc7cb9536eac9f10912e262391f7a87dbb7e5a7c04e32430f

SHA512
5bec8c10c365bd06a713395ea772d931ed10268be796641deaa69b55356e1a98a0a1ec79d3dd6a3c56efaad7b4c12986bcb0b68d5c70c869e29aeafeeb01f337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a005fc9d45b3168120e3f3b4092981e8

SHA1
4e1aad23df9f3a38c884863131578a1b48fa680c

SHA256
093542b98e8da73255cd0e7a0c5926af42a696b133360972a1f0e4df69472eb0

SHA512
0e71adadf399a43d0907d97e8772a4b6b1222ec9381b0fc11c9f18231e020459a019b76d1afc3676ea5b2be328227953e84582ee2a4a4b87b62edc47b6386905

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000003

Filesize
24KB

MD5
b201e8da90ef456598b8b3bb0e31bf53

SHA1
8bb524c8e9b17920c83d9a06c0b305e41cfca560

SHA256
2c8b630d1edafb8cc8c8cd73fff10c8ab6d06232929a4d458ec34628920f1665

SHA512
50126ac5b7800f5a848ef49ebc8e71d78cb5ee9c1602486b30e697ce57af32c868e46795ac2c157cdfd7fe65c03133c7a752813d520a9106adc3e50620b473f3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000004

Filesize
40KB

MD5
0c9f37673dd9c878a4b5bb419ee24b5d

SHA1
d973a8e073c1f76068f0947d495998f7f823d76e

SHA256
c1e12f630e7f356d154ffe4a7a3873e7e136e41c1c37e6c0fa4d2c52f1d269dd

SHA512
b361afedb4a910b12f7dd7b5b33d2914be39528bf4d1486661d0107c24135cff3a5393df1af85cd7d1551f0e601ea9d2ad4b147e56f469691e2b11906fd1514c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000013

Filesize
99KB

MD5
4373ef1991174142133ef4199c702a67

SHA1
0cc854fbe8b6980a28dc5d0bb59d53eeac1e46ed

SHA256
d5e6f8df1d8518f2093ef0a028967f3b7d6eab1dd986fd531269832663bef34a

SHA512
cf1e6b497d6db14d957d4237145780d20157e4915aec4fbe48d6a7af80fc0d7a2fb704d1d2d5b5178710ff0b2b39943d3e91bce281acff18a0c8e2fe398f946c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
8c993988d05cdb13d32fa085ecf13301

SHA1
fed031d8f12d020216159871306377e793ac0306

SHA256
a4b4028491c2dc4e7646582cd0cad83199362461f81c92d449469ce93a4439b0

SHA512
2259abb2775fdeb289c5a1a4d700d6c6961a26416a8f412eade150a30b389ba88ff151ba3e974b30b2da9e54dab82dcd9f066250a39f040ac2e5651bf93285ff

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
b1d4b537743ac6240758f908cbd25b29

SHA1
031343112309f158a25a508200f7e78d883bc99e

SHA256
512736d7153ddfc73f6c55eea113c5393e17e959ec07d40b8147906749b0c174

SHA512
b6a7ecd2ed7701361c324d5a7b5afa71dfdce29a7ef822c0d54ee4d0cf486d86f52ced96759a7d3a941132af0801a179c7db64fb8dceb23a9e27748086642319

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
996243dbc8afefa2d9227599c3f5cec7

SHA1
183e639b47d45b17eb3a736c065554fdcad18851

SHA256
eed5a57baa7f48cd1175f322ae9b040a2db25004cc4db7245bc0d1e97ad2efbc

SHA512
56da1abc163efd89ef9f12efde5ef26b74555d9be8b17b51430cfbdbb3cf59d708ea1a01d3d34e447ab201bfd1fbfaefe30bd2fbd09e8137f4faf17855639c5b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe59f591.TMP

Filesize
48B

MD5
1aeec4b155041f9f07f3e2af32446218

SHA1
a682787ce4e949b288c89547f282861f13cb74ac

SHA256
77e9eff9afeadffeb4799f0e542b26f06eaa1052e36cca6933eeae1b76892776

SHA512
ac4f1366e40024d678f4e2a8570602bf964a307042fdfa9c18328eb3805119af46f0d194fce733f47f48cb89bf5286c6a18d150d4b07100f5feb76ce78093f31

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
710B

MD5
16af10b305b6ebd5cf856c93e82b13d6

SHA1
45f19e0f40b572f7fb4b581b3d81f998b1146642

SHA256
3e40d2e4c1f001a1b1a2f314a7097bf8c906da16bf9ad10b4ff6602f49c52e6b

SHA512
7c4fda59cf9e6f965901c44d43c6e8324a3f8cc5f542ea79b650b81f4f121e1d35d8a1cafca3c0afb7b78d374ad901a591cad803ae4af671c0a66e7926c81686

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
822B

MD5
63ba30cdd74fdb236f7dfd46bd4536d5

SHA1
6658282c0bd52f4c13fcc37c9fd6295b3dbb8654

SHA256
7e621312032430ea8df23ab81adbfb65a955ae4358d042d5881ac5cf0dd5fc89

SHA512
36061623f3c57bde239f7c6c31b98cd9cfd34af848819da8b3342eb50ff14060868b00efb0b9689055a67c470f9b10ec088bafda2373b7cb12c7d3d477a2017b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5aaf9a.TMP

Filesize
529B

MD5
0370979cc699a916cdd81e0931172367

SHA1
0bcef90d84dbd7e76f50dc72b7641b15f5ea94d7

SHA256
be606ad2740c4a776dba457de5c9aa964d9b9f0cb8ca62e95609857505659ae6

SHA512
f1bfb9cf266f468089ace144e70720eb8275bc68479f1931a66225660640ea782f3688b2b2f804f26cff8880e3e3b05eafaa64a3c4bb53ad7b93bb8e49306ea9

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
7ac56b1b057390cc4d846e9c3f5906c0

SHA1
7d01cb684ae5460134d71bab797894e0d7e93deb

SHA256
0cefe58beccae57c8939752745e46552eb23cf14bc951e20e3ab993251e74f16

SHA512
3f6bf7617b99e21f33c233d5f4787b2a72fc9395a8161f6ace6043a9e975db3c2f772a8a8e579de75c3fb4ae45832caa36d397cd2c078df4ae9449c8acdb8065

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
448e4b6b8b0e794477b525fe222f9b84

SHA1
8c7711061223b7aa6a6a38cd87c37724d4e008bd

SHA256
148793fda6fa2021aa66a17cd47cb0df27043cb8e0b4871e734f2bf4e21a56ef

SHA512
d3debca17512589d0ef66dd2fbd31b4e19855d778354d05c2a96853334d11dfea41529677c6f30298de000cc4954a6a425f6332760b9009bd9b3d19bfb769f0d

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
be42e68988cc49f6b09c0646920375aa

SHA1
52898c71778131a407e5ad713567426452045e62

SHA256
5e84faaee5999aa3b8555a419f550014df51650106b871f9e20b9c3242ef3e6a

SHA512
1899d228f6029382e3dbfc1471838e89aed1cbeb3ef1060fcb86cbad6ceed99fa0f22daee0a634fe1d5faf3c616becae164be172f109323f6b9e6f34b6c1439d

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5ac322.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
fb452d27af16fffd83bf131aba2cd779

SHA1
6565c55edb67eb44671ccf0eaba8283b2b408f3b

SHA256
0245d89d56954872ac2df4e1f3211a690a3b12d617dd607939885d9179f32806

SHA512
991f9343021fcc4eaad29676ca1abffc987de627f281eb7547d1ac75f4c2eb4e368062f0636dc80d3c00910f7ed78b08a88e3040e1179b71c17b4c4f496fd9e3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
01588de67e338ef0b1056d722621e235

SHA1
94ec3952fba7d59af1199950985d5dedce42f88b

SHA256
b0ddfa1fd516cd2a9314666c65bd2a73e76d9f2649f99997c131ea7f76928386

SHA512
aa48f9a1e1706de2416dc9e1ce14c296b5776a4e7657a85638510e027284e9e8ff27ad10c4c24a265fb9c4a3d9b06f58381c82e5607acd2987ced069796bdab2

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
641cfe129f7febf1abe9d2b555f9fe97

SHA1
f55b22d405a7c6754b8ae95c62fbf1dc43327f4d

SHA256
ba4659b9691120b34f49884c5004ab7dc9a3cd85f897a05cf1e806e1d6160039

SHA512
a7d58a211519e38077354e5d6d8517a1762ad7f38a9bc8a8b77906c32e131e71788542fb796524eda1cecc7564d2a063ecfed1611897ed1e05a9af1786a3b2b9

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
e56b46527db65b254ecf7824b4f70762

SHA1
54381a1c48cfe4ca7b571447f456cf9ad64a642d

SHA256
12439090e91ffadd8a9f3371b13e8396bf0e2e26fbda3aaf1e12a7a69932ec8f

SHA512
803bf2a96a3ebc098e1012e366e48e7f4ccce38873a64976a3fb0504c6794e4c7184943296cd7bdc1170aeb2ef21cbe210aa3a791ec3f29f47e0172a0c24c8a2

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
dfef9ab54a19bbf656298be857334a2a

SHA1
95bfc94a8c3fe50781ffbf6ba7cf2af6ce6740d8

SHA256
144a78c32bd118ad39e2b1df8b56f23a5e14a294d29f6db13ee5b1189133e460

SHA512
cb93270c96ca62da9f157a629c0dee691d4d5dffca3be25a451da340ab00447e0e55d052dc165108618347445db07d228d52377d533fb755605c97469a4079c3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
cebe5d4cce882e07a7627df0770be849

SHA1
a64b18bbb9e3f928bc0b725a1b47acbc91fa5711

SHA256
c30b5f6d59e2c65ea9a4e10693db74db3ed40eaf3d50addb7c547b34800e3d08

SHA512
ba0dadd99915c6a7fc93534aaa3452c9f412fbf5d465815c944dd7f77d8a101c5b35c26760c56b0aca14544474aa4807a1cb9f7f148d00cf4caa5e8c1322e9f1

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
1KB

MD5
2eccac12f4c0396c30e44bcd19e11bd3

SHA1
22a963b0419e5874c786793931685647edbf2b88

SHA256
065a9f5b924ea43aff77a1308390bffd54dc86ba584d5be011aa04cb155e9e44

SHA512
796e82d142ea46667124f29b74c1e62e39e471d17804f684e070a6bf6a07d4b85fd10bbe0a81ef037d771db3963f442a4547fb5ee23efb8b769e2919bb12fa2f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe5a1a40.TMP

Filesize
188B

MD5
ccc72afdd5ea986535ce71ea466a79d7

SHA1
595f44d2d7572a548295f04873b4652162c4d3a7

SHA256
5e0ab5c7e4e803d6ae900bbaa341339af39985290e555a59dbdbdda443b7f515

SHA512
0e409d5e2705421dfb5c84bde64f8620f6cfb4495d2aa28ebb323ef5e280d2e892839967980de6d4e3399e0c3f08dcf3a5e90b0672031081ecb48e92c7cd5958

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

Filesize
2KB

MD5
602c49f9246967bdcff45b4f43cf2fb0

SHA1
4c5796e0c724bbd7a9244cc8a0fc9e8f40181f2d

SHA256
a3ad9649c1038078038be1abd591cdba73b4b4f5cf30e11bb6cb7a432b746114

SHA512
2f273c0dd0127071f4c768cfe7277c6efff84c1ef4f4271c1326db3658c84261794b106af3198717f349fbaaaf276163700bbb50ae20fe52ed0a88a192d46f77

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe5af7fe.TMP

Filesize
2KB

MD5
68b20851ccb9834d21fb32615e42bd43

SHA1
88fab935f0b9484994097c08f785e9ecb7d68127

SHA256
a954b528dd65ad6c4c2091fa32f17abdb7a49454ce88e10bb6c377734c70c26f

SHA512
dcb0771120c8fe35213d60e9abf4b242af807324759e3c99e9b2569c00a941d885d53ef6fadfe69e6b740e0b52a6008602605d643801190a2d29175a7d065e15

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd4D71.tmp\StdUtils.dll

Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd4D71.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd4D71.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd4D71.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd4D71.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd4D71.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\Desktop\SWA V2.lnk

Filesize
1KB

MD5
97be3093ad454e9f284132c1071ed546

SHA1
4b0e0538b6990bcb3691987f4edf7ad9243ce659

SHA256
f4d0e18583212c17cf548846fec004e81a19e617d141fa653cc2d29a9058f2f9

SHA512
b42265ec6bb2bf41c7590e2981ce7cc1d4314f5b35f1d2b80c4fd7de1cbfd7b95a330c54f8b554d5bda49317ab84c2dfab00d6dcd988fcb55d51842d91ab88f1

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 466912.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit
memory/4740-2-0x00007FF8CFC10000-0x00007FF8D06D1000-memory.dmp

Filesize
10.8MB

Download
memory/4740-0-0x00007FF8CFC13000-0x00007FF8CFC15000-memory.dmp

Filesize
8KB

Download
memory/4740-1-0x000001A2774F0000-0x000001A2774FA000-memory.dmp

Filesize
40KB

Download
memory/4740-4-0x000001A277930000-0x000001A27793A000-memory.dmp

Filesize
40KB

Download
memory/4740-5-0x000001A277980000-0x000001A277992000-memory.dmp

Filesize
72KB

Download
memory/4740-20-0x000001A279CA0000-0x000001A279D16000-memory.dmp

Filesize
472KB

Download
memory/4740-21-0x000001A279C40000-0x000001A279C5E000-memory.dmp

Filesize
120KB

Download
memory/4740-37-0x00007FF8CFC10000-0x00007FF8D06D1000-memory.dmp

Filesize
10.8MB

Download
memory/5388-12886-0x0000000000890000-0x0000000000D42000-memory.dmp

Filesize
4.7MB

Download
memory/8120-12929-0x00007FF8ECE70000-0x00007FF8ECE71000-memory.dmp

Filesize
4KB

Download
memory/8120-12928-0x00007FF8ED440000-0x00007FF8ED441000-memory.dmp

Filesize
4KB

Download
memory/8120-13031-0x0000015519330000-0x0000015519685000-memory.dmp

Filesize
3.3MB

Download
memory/8132-13032-0x00000209CC150000-0x00000209CC4A5000-memory.dmp

Filesize
3.3MB

Download
memory/8132-13033-0x00000209CC750000-0x00000209CC7F9000-memory.dmp

Filesize
676KB

Download
memory/15600-14188-0x000000006E5C0000-0x000000006F901000-memory.dmp

Filesize
19.3MB

Download
memory/15600-13179-0x000000006E5C0000-0x000000006F901000-memory.dmp

Filesize
19.3MB

Download
memory/15600-13021-0x000000006E5C0000-0x000000006F901000-memory.dmp

Filesize
19.3MB

Download
memory/15600-13038-0x000000006E5C0000-0x000000006F901000-memory.dmp

Filesize
19.3MB

Download
memory/15600-13460-0x000000006E5C0000-0x000000006F901000-memory.dmp

Filesize
19.3MB

Download
memory/15600-13940-0x000000006E5C0000-0x000000006F901000-memory.dmp

Filesize
19.3MB

Download
memory/15632-13022-0x0000018A2AD20000-0x0000018A2ADC9000-memory.dmp

Filesize
676KB

Download
memory/15872-13163-0x000001CB6B590000-0x000001CB6B591000-memory.dmp

Filesize
4KB

Download
memory/15872-13162-0x000001CB6B590000-0x000001CB6B591000-memory.dmp

Filesize
4KB

Download
memory/15872-13161-0x000001CB6B590000-0x000001CB6B591000-memory.dmp

Filesize
4KB

Download
memory/15872-13158-0x000001CB6B590000-0x000001CB6B591000-memory.dmp

Filesize
4KB

Download
memory/15872-13165-0x000001CB6B590000-0x000001CB6B591000-memory.dmp

Filesize
4KB

Download
memory/15872-13166-0x000001CB6B590000-0x000001CB6B591000-memory.dmp

Filesize
4KB

Download
memory/15872-13167-0x000001CB6B590000-0x000001CB6B591000-memory.dmp

Filesize
4KB

Download
memory/15872-13164-0x000001CB6B590000-0x000001CB6B591000-memory.dmp

Filesize
4KB

Download
memory/15872-13159-0x000001CB6B590000-0x000001CB6B591000-memory.dmp

Filesize
4KB

Download
memory/15872-13160-0x000001CB6B590000-0x000001CB6B591000-memory.dmp

Filesize
4KB

Download
memory/16604-13193-0x000001A883040000-0x000001A883395000-memory.dmp

Filesize
3.3MB

Download
memory/16604-13194-0x000001A882F60000-0x000001A883009000-memory.dmp

Filesize
676KB

Download
memory/16976-13258-0x000001C6513A0000-0x000001C6516F5000-memory.dmp

Filesize
3.3MB

Download
memory/16976-13259-0x000001C651900000-0x000001C6519A9000-memory.dmp

Filesize
676KB

Download