Malware Analysis Report

2024-10-19 11:03

Sample ID 240524-xm5y2sfg85
Target Firework Stars.png
SHA256 9bb9b429599af896e15e17f93bd828d8917cffaff40b6107b47dfb6972b59145
Tags
adware discovery evasion execution persistence spyware stealer trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

9bb9b429599af896e15e17f93bd828d8917cffaff40b6107b47dfb6972b59145

Threat Level: Likely malicious

The file Firework Stars.png was found to be: Likely malicious.

Malicious Activity Summary

adware discovery evasion execution persistence spyware stealer trojan

Manipulates Digital Signatures

Modifies Installed Components in the registry

Sets file execution options in registry

Blocklisted process makes network request

Reads local data of messenger clients

Reads user/profile data of web browsers

Checks computer location settings

Registers COM server for autorun

Executes dropped EXE

Loads dropped DLL

Checks whether UAC is enabled

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Enumerates connected drives

Installs/modifies Browser Helper Object

Checks installed software on the system

Drops desktop.ini file(s)

Drops file in System32 directory

Checks system information in the registry

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Command and Scripting Interpreter: PowerShell

Modifies data under HKEY_USERS

Modifies registry key

Checks SCSI registry key(s)

Suspicious use of AdjustPrivilegeToken

Uses Volume Shadow Copy service COM API

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Modifies registry class

Suspicious behavior: LoadsDriver

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Modifies system certificate store

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-24 18:59

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-24 18:59

Reported

2024-05-24 20:28

Platform

win10v2004-20240426-en

Max time kernel

2700s

Max time network

2054s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Firework Stars.png"

Signatures

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\rundll32.exe N/A
N/A N/A C:\Windows\System32\rundll32.exe N/A

Manipulates Digital Signatures

Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLVERIFYINDIRECTDATA\{9FA65764-C36F-4319-9737-658A34585BB7} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\CERTIFICATE\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLREMOVESIGNEDDATAMSG\{9FA65764-C36F-4319-9737-658A34585BB7} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\MESSAGE\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\SIGNATURE\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLPUTSIGNEDDATAMSG\{9FA65764-C36F-4319-9737-658A34585BB7} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLCREATEINDIRECTDATA\{9FA65764-C36F-4319-9737-658A34585BB7} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\CERTCHECK\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\CLEANUP\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLGETSIGNEDDATAMSG\{9FA65764-C36F-4319-9737-658A34585BB7} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\FINALPOLICY\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\DIAGNOSTICPOLICY\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\INITIALIZATION\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{A6EADE66-0000-0000-484E-7E8A45000000} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\125.0.6422.113\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --channel=stable" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoasb.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoadfsb.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\orgchart.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32Info.exe C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excelcnv.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordconv.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sdxhelper.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RdrCEF.exe C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msohtmed.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setlang.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosync.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosrec.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenotem.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RdrServicesUpdater.exe C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clview.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\graph.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\selfcert.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msqry32.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Discord\Update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Windows\System32\rundll32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Apps\Rec Room\Recroom_WindowsPlatformless.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zC113EDFC\Uninst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
N/A N/A C:\Windows\Installer\MSI2B2A.tmp N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe N/A
N/A N/A C:\Program Files\Common Files\Microsoft Shared\Source Engine\ose.exe N/A
N/A N/A C:\Windows\Temp\ose00000.exe N/A
N/A N/A C:\Users\Admin\Downloads\ChromeSetup.exe N/A
N/A N/A C:\Program Files (x86)\Google4248_1089879319\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google4248_1089879319\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\125.0.6422.113_chrome_installer.exe N/A
N/A N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\125.0.6422.113\Installer\setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\125.0.6422.113\Installer\setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\125.0.6422.113\Installer\setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\125.0.6422.113\Installer\setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\125.0.6422.113\elevation_service.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Reads local data of messenger clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5CEF5610-713D-11CE-80C9-00AA00611080}\InprocServer32\11.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{490D6966-005D-36A5-B7EF-521A24207E7E}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DC67E480-C3CB-49F8-8232-60B0C2056C8E}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3BE786A0-0366-4F5C-9434-25CF162E475E}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E185-0000-0000-C000-000000000046}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E187-0000-0000-C000-000000000046}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{32CDF9E0-1602-11CE-BFDC-08002B2B8CDA}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{97A2762C-403C-4953-A121-7A75ABCE4373}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020812-0000-0000-C000-000000000046}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020820-0000-0000-C000-000000000046}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{355822FC-86F1-4BE8-B5F0-A33736789641}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32 C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8A683C92-BA84-11CF-8110-00A0C9030074}\InprocServer32\11.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{000D0E00-0000-0000-C000-000000001157}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{805B7F91-C9CF-4EDF-ACA6-775664FDFB3E}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{91493441-5A91-11CF-8700-00AA0060263B}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9800F18F-3D86-4744-A7D0-540989C86D7B}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3BE786A2-0366-4F5C-9434-25CF162E475E}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E132-0000-0000-C000-000000000046}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E174-0000-0000-C000-000000000046}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1EB89D6-0A9C-4575-A0AE-654A990A454C}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{909E0AE0-16DC-11CE-9E98-00AA00574A4F}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E3C66D5-58D4-491E-A7D4-64AF99AF6E8B}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DDFE337F-4987-4EC8-BDE3-133FA63D5D85}\InProcServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5CEF5610-713D-11CE-80C9-00AA00611080}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D7FAC39E-7FF1-49AA-98CF-A1DDD316337E}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{91493441-5A91-11CF-8700-00AA0060263B}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E119-0000-0000-C000-000000000046}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{367E582C-F71C-4BF9-AA1B-9F62B793E9C5}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CD7791B9-43FD-42C5-AE42-8DD2811F0419}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{91493448-5A91-11CF-8700-00AA0060263B}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3133A7FE-BC5F-4D81-BF02-184ECC88D66E}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A37BBB42-E8C1-4E09-B9CA-F009CE620C08}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EE84065-8BA3-4a8a-9542-6EC8B56A3378}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E178-0000-0000-C000-000000000046}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{91493443-5A91-11CF-8700-00AA0060263B}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A249E9F6-5B28-4ED1-8AF0-C9B9C5195486}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F09D237B-3FD1-4900-BEF2-3471CA68142D}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3956DCF-D1C7-4375-AAAA-22FF8191C479}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20E823C2-62F3-4638-96BD-90F4F6784EBC}\InProcServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3BE786A0-0366-4F5C-9434-25CF162E475F}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{33154C99-BF49-443D-A73C-303A23ABBE97}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{35C5242B-7455-4F9C-962B-369EA43ED6F3}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6F3DD387-5AF2-492B-BDE2-30FF2F451241}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8A683C92-BA84-11CF-8110-00A0C9030074}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{312AB530-ECC9-496E-AE0E-C9E6C5392499}\InProcServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E187-0000-0000-C000-000000000046}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE39F3D6-1B13-11D0-887F-00A0C90F2744}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{367E582C-F71C-4BF9-AA1B-9F62B793E9C5}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5EC4D34-77DA-4F7A-B8C4-8A910C1C1CFE}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5EC4D34-77DA-4F7A-B8C4-8A910C1C1CFE}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{82B02374-B5BC-11CF-810F-00A0C9030074}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{83081C08-382C-4ED4-ACCF-DCBECA021010}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E119-0000-0000-C000-000000000046}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1E886174-DC88-4B83-8BC5-66409EC75F16}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E17C-0000-0000-C000-000000000046}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1C3B4210-F441-11CE-B9EA-00AA006B1A69}\InprocServer32\11.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1C3B4210-F441-11CE-B9EA-00AA006B1A69}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8A683C93-BA84-11CF-8110-00A0C9030074}\InprocServer32\11.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDEADEF5-C265-11D0-BCED-00A0C90AB50F}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F90DFE0C-CBDF-41FF-8598-EDD8F222A2C8}\InProcServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{42089D2D-912D-4018-9087-2B87803E93FB}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe" C:\Windows\SysWOW64\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe" C:\Windows\SysWOW64\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe" C:\Windows\System32\reg.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google4248_1089879319\bin\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini C:\Windows\system32\svchost.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\addinutil.exe.log C:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.bak.db C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.bak.db-journal C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.bak.db-shm C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
File created C:\Windows\SysWOW64\Elevation.tmp C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\integrator.exe.db C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\integrator.exe.db-wal C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\integrator.exe.db-shm C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.bak.db-wal C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_hiContrast_bow.png C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\core_icons_highcontrast.png C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ru-ru\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\caution.svg C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\nl-nl\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\inline-error-1x.png C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\sl\ C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_sortedby_hover_18.svg C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fr-ma\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\root\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-j2se-1.3.2.jar C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1936_1009422985\Chrome-bin\125.0.6422.113\VisualElements\SmallLogoBeta.png C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\arrow-right.png C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ro-ro\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\check-mark-2x.png C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\Close2x.png C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ja-jp\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themes\dark\close.svg C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\ C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\hy\ C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dummy.dic C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_invite_18.svg C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\rhp_world_icon.png C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\plugin.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\fr-ma\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\require\2.1.15\require.min.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\dark\faf_icons.png C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_ko_135x40.svg C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\illustrations_retina.png C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\da-dk\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\hu-hu\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\pl-pl\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\sat_logo.png C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\visualization\libvisual_plugin.dll C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_backarrow_default.svg C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-gb\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\improved-office-to-pdf-2x.png C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\sv-se\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\be_get.svg C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\an\ C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\misc\ C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\next-arrow-disabled.svg C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fi-fi\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\eu-es\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\duplicate.svg C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\zh-tw\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\zh-tw\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\ro_get.svg C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\fr-fr\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\ C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\S_IlluCCFilesEmpty_180x180.svg C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\css\main.css C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ja-jp\AppStore_icon.svg C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\illustrations_retina.png C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\pl-pl\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\back-arrow-focus.svg C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\nb-no\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\SETUP.EX_ C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\125.0.6422.113_chrome_installer.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1936_1009422985\Chrome-bin\125.0.6422.113\Locales\lv.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-cn\PlayStore_icon.svg C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_copy_plugin.dll C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\msvcp140_1.dll_x64 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\reflow.api_NON_OPT C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\0EEQBKG8SJ\__AssemblyInfo__.ini C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\YGDY9ZN9ZH\Microsoft.Office.Tools.Common.Implementation.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\assembly\temp\H6P7W2CZDM\Policy.14.0.Microsoft.Vbe.Interop.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\TURKISH.TXT C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\NGGK9I5G9C\Policy.12.0.Microsoft.Office.Interop.Access.Dao.config C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\2LHS195TKK\__AssemblyInfo__.ini C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Installer\MSIC700.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\RQLZFKB85P\Microsoft.Office.Interop.Graph.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\pubpol41.dat C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\8LBQIOWPY3\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\assembly\temp\N40U1VVXR2\Microsoft.Office.Tools.v9.0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\displaylanguagenames.en_gb_e C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Installer\MSI1DD1.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\pubpol27.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\CROATIAN.TXT C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\APIFile_8.ico C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\vcruntime140.dll_x64 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\BJRXYOU936\Microsoft.Office.Tools.Excel.Implementation.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\collectsignatures.aapp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\YG1FXJ4Z8R\Policy.12.0.Microsoft.Office.Interop.SmartTag.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Installer\MSI332F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\Ace.dll_NON_OPT C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\viewer.aapp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\DigSig.api C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\pubpol36.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000073c7eb973396fb40000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000073c7eb90000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900073c7eb9000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d073c7eb9000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000073c7eb900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD993BDC-06E0-4131-B889-DD3B9AEBE253} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76E2369A-75BA-41F9-8B9E-16059E5CF9A6} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AC06A6F-4C88-4707-8DEC-61017CB50E1E} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FBAF6E6-C64B-49DB-AB1B-F93C607EBC71} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C6A861C-B233-4994-AFB1-C158EE4FC578} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BD57A9B2-4E7D-4892-9107-9F4106472DA4} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D13E03F-8289-4c15-A84F-7A8F655C830A} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D13E03F-8289-4c15-A84F-7A8F655C830A} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B3FB63-66F4-4EFC-B717-BB283B85E79B} C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FBAF6E6-C64B-49DB-AB1B-F93C607EBC71} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B723F941-52A2-4392-B500-60F3889659B4} C:\Windows\syswow64\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E1F80F4-953F-41E7-8460-E64AE5BE4ED3} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B7278BD0-7970-47D6-8954-99B2343EED88} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD993BDC-06E0-4131-B889-DD3B9AEBE253} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5054EC7-B9CB-4ad5-9F95-D8171A6D6BFA} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5054EC7-B9CB-4ad5-9F95-D8171A6D6BFA} C:\Windows\system32\msiexec.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\VersionId = "uint16_t|0" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Printers\DevModes2 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Common\ClientTelemetry C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\integrator.exe\ULSMonitor\ULSTagIds0 = "18679566,5804129,7202269,23978014,39965824,7692557,5850525,34198423,41484365,17962391,17962392" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@%SystemRoot%\System32\fveui.dll,-843 = "BitLocker Drive Encryption" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|4" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "5804129,17110992,7202269,41484365,17110988,7153487,39965824,17962391,508368333,17962392,3462423,3702920,3700754,3965062,4297094,7153421,18716193,7153435,7202265,20502174,6308191,18407617" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\CRLs C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\officeclicktorun C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Common\ClientTelemetry C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|10" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124 = "Document Encryption" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.3 = 63726f736f66742e4f66666963652e4964656e746974792e55736553706f436f6f6b696546726f6d53616d6554656e616e74222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e44617465546f5573654d6963726f736f6674333635466f72436f6e73756d657273222c20225622203a20227374643a3a77737472696e677c323032302d30342d32315430303a30303a30302e302b30303a303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e44617465546f5573654d6963726f736f6674333635466f72534d42222c20225622203a20227374643a3a77737472696e677c323032302d30342d32315430303a30303a30302e302b30303a303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e456e61626c6547726163655769746857414350726f6d6f427573426172222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e456e61626c654d6f6465726e41464f222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e486561727462656174446179734265666f726545787044617465222c20225622203a2022696e7433325f747c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e4e6f456e7469746c656d656e747353656c6653657276696365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e4e6f456e7469746c656d656e74735472794275794578706572696d656e7454726561746d656e74222c20225622203a2022696e7433325f747c3222207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e53686f77564e6578745369676e4f75744469616c6f67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e5573655265666163746f726564436f6e666967446570726f766973696f6e222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e5573655265666163746f726564476574557365724c6963656e7365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4d616e6167656162696c6974792e436c6f7564506f6c6963792e4e6f6e5075626c6963436c6f7564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4d616e6167656162696c6974792e54656e616e744173736f63696174696f6e4b65792e4e6f6e5075626c6963436c6f7564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4d616e6167656162696c6974792e5573654f637073563255726c496e57696e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4e616e63794f66666963655465616d2e7a686574616e34313232303231222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e416c6c6f7741626f7274517569636b436865636b45777353657276696365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e416c6c6f7741626f7274517569636b436865636b4f6d657853657276696365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4368616e6765476174652e496e766f6b6546657463684d616e696665737443616c6c6261636b4f6e446f776e6c6f61644d616e6966657374222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4368616e6765476174652e557365436c6f6e6564496e7374616e6365466f724572726f72222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4368616e6765476174652e56616c6964617465446f776e6c6f61645265736f7572636573222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4469616c6f6754776f5761794d6573736167696e67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e456e61626c654d696e43616368655265667265736820222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4964656e746974794361636865466f72636552656672657368222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4f7366496e7374616c6c6572526567697374657242675461736b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e506572557365724964656e746974794d696e4361636865222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e506572557365724964656e74697479526962626f6e4361636865222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e5765624b69743246756c6c4469616c6f67415049222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f4d45582e456e61626c65456e7465727072697365436f6d416464696e536574436f6e6e656374496e7465726e616c5570646174654576656e7473222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f4d45582e456e61626c65456e7465727072697365436f6d416464696e556e68616e646c6564457863657074696f6e4576656e7473222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6172742e456e61626c65496e736572744d6564696154656c656d65747279222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e4170706c652e43576f726b73706163655573657255736555726c46726f6d526177556e69636f6465537472696e67222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e4368616e6765476174652e53686f77494150456e747279222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e44656570426174636853746f7265456e61626c6564222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e52656e6465725570646174656457696e333252656458222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e53686f756c645573654e6574436f7374496e73746561644f664d736f426c6f636b696e67222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e4c6173744d696c6554656c656d6574727954726163657274222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e5063782e417474656d70744f75746c6f6f6b41757468466f7250726f66696c65222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e5063782e427567466978466f7255736572486561646572496e4964656e7469747941757468222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e5063782e4c696e6b6564496e4b32466978222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e5063782e5063784a756e65323031394275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e526970636f72642e33363134383230222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e526970636f72642e33393039323635222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e526970636f72642e33393435323833222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5043582e526970636f72642e56534f2e33363432383036222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572666f726d616e63652e426c6f636b696e6757616974732e4f737250726f63657373222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572666f726d616e63652e4368616e6765476174652e586c426f6f74436f6d706c657465416674657246696c654f70656e416e6453706c61736853637265656e222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572736f6e616c697a6174696f6e2e456e61626c65476574496e736967687473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572736f6e616c697a6174696f6e2e456e61626c6553656e645369676e616c222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572736f6e616c697a6174696f6e2e47657455736572466163747354696d656f75744d696c6c697365636f6e6473222c20225622203a2022696e7433325f747c3530303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572736f6e616c697a6174696f6e2e557365476574496e736967687473466c6f77466f724665746368696e67476f7665726e616e636544617461222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e4368616e6765476174652e436865636b56696577496e536c6964654a616e69746f724f62736572766572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e4368616e6765476174652e466f726365536f6674776172654d696e69617475726552656e646572696e67222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e4368616e6765476174652e4d657267652e5573655468726f77696e674c69666567756172645374657073222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e4368616e6765476174652e536c69646553686f772e52656c65617365536c69646553686f774d616e616765724265666f726547667853687574646f776e222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e48616e646c65434c524372617368222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e53756767657374696f6e732e456e61626c65436f6e74656e745265636f6d6d656e646174696f6e4974656d73222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e50726f6a6563742e50726f6a65637443325253657276657232303133436f6e6e656374696f6e426c6f636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e50726f6a6563742e50726f6a65637443656e74656e6e69616c53657276657232303133426c6f636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e50726f6a6563742e50726f6a65637443656e74656e6e69616c53657276657232303133436f6e6e656374696f6e426c6f636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e434c502e5570646174655374617475734261724f6e50726f66696c65537769746368222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e43656e7472616c697a6564457874656e73696f6e536166657479436865636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e49524d2e5758505644697361626c654c6f616454656d706c617465734f6e426f6f74222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e4973457874656e73696f6e496e4c697374557064617465222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e4d6f6e69746f72656446696c65457874656e73696f6e4c697374222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e50726f74656374696f6e536572766963652e4e657755784d6f64656c222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e53686f756c6452756e436c6f75645365637572697479506f6c696379436865636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e5573654e6f526566436f756e74416d736953747265616d222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e436c6f7564222c20225622203a20227374643a3a77737472696e677c5075626c696322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e46617374465445222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e4d53495442697a63686174416c6c6f776c697374222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e4d6f636861222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e4f584f416c6c222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e50657270657475616c4c6963656e7365222c20225622203a20227374643a3a77737472696e677c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e5365676d656e74222c20225622203a20227374643a3a77737472696e677c4e4f4e4652444322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e56657273696f6e506172746974696f6e222c20225622203a20227374643a3a77737472696e677c57696e3332416e64726f6964486f7422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e576f7264436f70696c6f74446f67666f6f64222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e416c6c6f775a65726f4c656e677468536561726368537472696e67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4175746f436f727265637455492e41637469766974696573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4175746f446973636f7665722e4275674669786573466f7252657472794661696c65645265717565737473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4175746f446973636f7665722e4c696d6974546f4f6e654175746f446973636f766572222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4175746f446973636f7665722e4f6e6c795573654874747073222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e426f6f7449646c655468726f74746c6572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4275674669782e506572736f6e61436f6e74726f6c4261636b67726f756e64436f6c6f72222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4368616e6765476174652e44656c617943757272656e745549416374697665506c616365557064617465222c20225622203a2022626f6f6c7c3022207d2c C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|13" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B\52C64B7E C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e\52C64B7E\@%systemroot%\system32\FirewallControlPanel.dll,-12122 = "Windows Defender Firewall" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\integrator.exe\ULSMonitor C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|2" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|7" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Google C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@%SystemRoot%\System32\ci.dll,-100 = "Isolated User Mode (IUM)" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|6" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Property\0018C00DBE6209BC = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb01000000a594b7f639e26c4083b3b0da538f62c100000000020000000000106600000001000020000000be6f871ae09cf3efc97e2e783321c8876ba15a090319e7cd9fe44d0ed59cd38c000000000e80000000020000200000000b8624d6c5052c4e7bd372b94870e41cb56f75abc8b4a1911c2b02271227e914800000006a29e1a54ede5006a747af8ca17e8117c0ef3ee9127aab149101e175e0bc1947c6d11a422e3d49578f088f11a190f2347c194db1e27ab6a6a37ffacd3dced1ca99147f3bd3874e6630fb72614927f168af6e7ed43a54e9de8ae3571f6eb5c86ec95d5d41a4b15d255d5bb508124ee717c32e78f20d012ba2cd9190deb6b6fd8e40000000d8a76c405dafbfd974861391c102c980e8edf901f6c59f1467353cbbc7718ffe1e58996e1fde34e6f5f1e7cd1012a40a29a5ff106bb56da455e3625a68c67ee7 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}\DeviceTicket = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb01000000a594b7f639e26c4083b3b0da538f62c1000000000200000000001066000000010000200000006bada39d3f8c76fccb4de17fef6bbd192478f2add365e83ec328584679921e51000000000e8000000002000020000000462776fcc4e9fb35e1477c9ecf6d48db1af9e81e13f6cdc5a0bd6327629e32e6f0030000ac742015702db70b870ac7c9da7d8cbf2e19eb05bec357019d3cf73091920d0d58bd5ffd68c03ddf555936102ace7da7e74af38c28f2e26f3c7470f61a91cc982f279cd37109f75ed9a9d87b2f99df98603d91e79f2576927d03170be1a0f4b818b67b151529ff9e4896ae0be54a9f8e9f113bad887e759427d3d878de0bc02d0e8969098cdfebc13566d3424e7329229ea15fbb3d03055e190d824911a3d3f1339e734fcdea5b4acd66774acde8d4db094122589f5857c60b20775e7c350f378231b95ec5109838300e7749c9d384afe92463a9edaf716851c2cb9085320293aa8b2492a5e807495bac5abe5ddc3c536faf53a958d6db828b27204320cea46573c21d1926221b683840b54397d4ebf1f92f48d88b8c14341aac8d40e3a898c04df8204487b544459f3407ead0d95bb2917b995297b87b2f089e4a64515e89d839665252fdff87a34b4fefdd9e57a01cf7460955feb34014054103633d97e8ee29eede0af7115ee6eca6c6562335412e994da5ce8f903ad272bec87c7bdb38ffce64872df3a25e36c4ee35ddbd27d175d64d5233eaf8756fe8fe26971a6a5894f5b96cdd4d3f6c6a87cc711799e5468a02b212b0a1e7f885c6fa90895b3e0e622cf5cf1b548e356f831ce377a1203c02d68646bbd4570bd7caba3a485de88dcdda663c38f8d06359a419f4c4f0c98b1ff21806fa1e4350c5637aaa6bdb846c465d6514872bb56b275fc74452a8d51f4549f26d6ea2f64fe52c58a9dcf6dd10cf913cb41b8c9b7daeadc2fcf29c6ec4a2675a9a360d53672c8f8ab28567b686e149c3eb7e6bb7d1d7b47762356cedb4963ddde7d602ededba1a0016179c765ad69b3c1e4bc37ab90eaf95db720988b8a774fb24111031049afa97f81797b29d69f812967a29649f7ca345d9241eb52046caca8a580ecfd24e98d4c93105579844497227a48920aa60688655c5851e891cf1b47c13b7f1dc4852b35790a6e7dd012ed3ef5355ff00b333922822c652349785ec406b8a215994d1b52fe1cfc306aa3069bf0de5b8d28e67418ec731ef31e489b82ed76081a05d4ca671caa15408eeefeaf16e8fdc017a315bf597670ade7db70f15ed1a12503d1c3d4c5b8ddab371d25203f827593d5b53c95f6bac1fb23724efb4b86a77fb998471c10dc66a77b80e7920e3411af7b6c943a3b015b8d39b861226082ea6df2c5dd2c9587a4d92d726eb320a34f14cac3786b1dd45a3dfaab6f8a90cbd9401104811bd64d1807772c2d158e94781faccf7c77f9f3e08f29b3687b7fea18484cecd665faff6e3d669e3ef8060f5a2c9ce1c0bc3dd5de7dff0eff3ca5a02f7559e748bd69bb37a48427c46d34ba73d5aa08670d30bb538190d47e403a40f92c1cc77e18036f8faf19e10f1dbc6bda05acc4feed282e63779214000000092b72fa34b6aebafc271b9ba14f6b2e810ea95917564ecf0c460e8ef763afb21e61b2535a699c83e905d58e4eaa577aa1b86364af22f79b933e0d935668e7498 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Common\ClientTelemetry\Volatile C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\integrator.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.5 = 6c656d6574727944796e616d6963436f6e6669672e446961676e6f7374696373222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c22436f6c6c6563746f725c22203a207b205c224576656e74735c22203a207b205c2253746172745472616365436f6c6c6563746f725c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e446f6373222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22536861726564436f6d6d656e74735f447261667443617264556e6d6f756e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224544502a5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22456e74657270726973654461746150726f74656374696f6e2a5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d736f456e74657270726973654461746150726f74656374696f6e2a5c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22536861726564436f6d6d656e74735c22203a207b205c224576656e74735c22203a207b205c22436f6d6d6974436f6d6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469736361726444726166744173796e635c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469736361726444726166744e61746976655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22447261667453746174654d616e61676572456e644472616674696e675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22456e644472616674696e675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22506f737444726166745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244656c657465506f7374416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244656c657465546872656164416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2245324550657266547261636b65725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224472616674436172644d6f756e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244726166744361726452656e64657265645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d61726b436f6d6d656e744372656174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2252656f70656e546872656164416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225265736f6c7665546872656164416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536d6172745265706c79506f737465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224162616e646f6e44726166745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469736361726444726166745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6d6d656e74436f6e746578744368616e676564416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f6164436f6d6d656e74416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368436c6f7365566965774576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368436f6e74657874437265617465644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244697370617463684f70656e566965774576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368566965774368616e6765644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368426567696e44726166744576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244697370617463684361706162696c69746965734368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368436f6d6d656e74734368616e6765644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368436f6d6d656e7453656c65637465644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368437265617465436f6d6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368446f634368616e6765644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368456e64436f6d6d656e7453657373696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368456e6444726166744576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244697370617463684576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368466f63757350616e655472696767657265644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368496e6974436f6d6d656e7453657373696f6e4173796e635c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368496e697469616c52656e646572436f6d706c657465644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368496e76616c69644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244697370617463684c6f6164546872656164735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636850616e654368616e6765644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636850616e65466f63757353746174654368616e6765644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636850616e65546f52656e6465724576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636853656c656374436f6d6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636853657448616c6650616e65446973706c61794d6f64655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244697370617463685468656d654368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636844656c657465436f6d6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c656172436f6d6d656e7453656c656374696f6e416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22446f63756d656e74416374697669746965735c22203a207b205c224576656e74735c22203a207b205c2241637469766974794c6f6744697363617264466f72446f63756d656e744368616e67655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67547269676765724173796e635461736b576f726b65725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d697451756575654c6f61644173796e635c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565496e697446696c65506174685c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565437265617465496e73616e63655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565417070656e644173796e6342617463685c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565577269746541637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756552656d6f76654173796e6342617463685c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d697451756575655772697465446f63756d656e74496e666f4865616465725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756554727944656c657465456d70747946696c654173796e635c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565496e7365727441637469766974794e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67456e717565756541637469766974794e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f6741646441637469766974794e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f674372656174654c6f675c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67536176654e657746696c655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f674469736361726441637469766974794e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67456e71756575654c6f63616c4e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67456e71756575654f7574676f696e674e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d697451756575654469736361726441637469766974794e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224170694f70656e41637469766974794c6f675769746853747265616d5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f6741646441637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f674361636865446f63756d656e74496e666f5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67456e74727946696e616c697a655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f6746696c7465724f757443757272656e7455736572416374697669746965735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f674c6f616446726f6d53747265616d5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f6753617665546f53747265616d5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565436865636b5265766f6b65644544505c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565526570616972436f7272757074656446696c654173796e635c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f674d6f64696679436c6f6e655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756546696c654f70656e4572726f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756546696c65526561644572726f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756546696c655265706c6163654572726f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756546696c6557726974654572726f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565536574456e74657270726973654461746150726f74656374696f6e4173796e635c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d697451756575655472756e6361746551756575655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67456e7472794372656174655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f67456e74727953657453746174655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22536572766963654163746976697479526573756c745c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f674f6e436f6e74656e74416374696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f67456e717565756541637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f674469736361726441637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c225472616e736d69745175657565496e7365727441637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c225472616e736d697451756575654469736361726441637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f67456e71756575654f7574676f696e675c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f67436c6f73655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736d6974517565756548656c706572456e737572654469726563746f72795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736d697451756575654d616e61676572437265617465496e73616e63655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2241706943726561746541637469766974794c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224170694372656174654c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736d69745175657565536574456e74657270726973654461746150726f74656374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2241637469766974794c6f674173796e635461736b5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22436f6c6c6162436f726e65725c22203a207b205c224576656e74735c22203a207b205c22436f617574686f725570646174654c6f636174696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f617574686f72476f546f43757272656e744c6f636174696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c6572795573657252655265676973746572436f6e6e65637469766974794368616e67654e6f7469667949664e65636573736172795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f666669636543686174436f6d6d616e6443686174427574746f6e497356697369626c654e6f7744617461706f696e745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c65727955736572436c6f736553696e676c65466c796f75745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f666669636543686174436f6d6d616e64497343686174417661696c61626c655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c6572794f6e436f617574686f72735265747269657665644173796e63506f73745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c6572795265747269657665436f617574686f72735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c6572794f6e436f617574686f72735265747269657665645c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c6572795265747269657665436f617574686f72734265666f72654173796e63506f73745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c657279496e6974464d5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c657279436f617574686f72577261707065725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f666669636543686174436f6d6d616e64436f61757468696e6757697468416c6c4775657374734f724d697373696e67456d61696c456469746f72735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22476f546f4c6f636174696f6e416374696f6e487562416374696f6e4a756d70546f417574686f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c65727955736572557064617465417574686f724c6f636174696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c65727955736572557064617465456d61696c416e64436861745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6e7461637443617264416374696f6e487562416374696f6e53686f77436f6e74616374436172645c C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.10 = 203a2032207d2c205c225469746c654261725361766555694d616e616765725772697465537461747573546f5469746c654261725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f6164437369446c6c466f72436c69636b3252756e456e7669726f6e6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2249735365727665724361636865645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d616e75616c5361766555736167655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2246696c6553746f72655c22203a207b205c224576656e74735c22203a207b205c22465344436f7272757074696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2247617262616765436f6c6c656374696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c225a65726f4279746546696c6555706c6f6164417474656d707465645c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c2252756e74696d6550726f706572746965735c22203a207b205c224576656e74735c22203a207b205c22496e636f6d70617469626c6543736956657273696f6e44657465637465645c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c224f66666963655c22203a207b205c225375624e616d657370616365735c22203a207b205c2246696c65494f5c22203a207b205c225375624e616d657370616365735c22203a207b205c224353495c22203a207b205c225375624e616d657370616365735c22203a207b205c2253746f726167655c22203a207b205c224576656e74735c22203a207b205c2243616368654f707469637356325c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d2c205c224d6f6373695c22203a207b205c224576656e74735c22203a207b205c22557064617465486f73745469705c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4772617068696373222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22415243457863657074696f6e53636f70655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2245326f5669657752656e646572506572666f726d616e636541637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224172745669657756616c69646174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224175746f6669745368617065546f54657874436d645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546f704c6576656c456666656374447261775c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224372656174654269746d617046726f6d506c6174666f726d4269746d61705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e6b496e70757453757266616365426173655570646174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250617468576964656e657246576964656e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250617468576964656e657246576964656e53696d706c65506174685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224776697a536d61727441727450726f7065727469657354656c656d657472795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243726561746544657669636544334431305c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22537065637472655472616e73636f646541637469766974795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e73657274496e646976696475616c4d6f64656c334441637469766974795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f61646564496d61676550726f706572746965735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e736572744d6f64656c334441637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22537065637472654372656174655363656e6541637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224d6f64656c334452656e64657241637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4964656e74697479222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22456e7375726550726f7669646572496e697465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574506572736f6e50726f66696c6553657475705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224964656e74697479536e617073686f745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657450726f7669646572466f7241757468536368656d655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472794964656e74697479506172656e744d617463685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526f616d696e6750726f7879496e69745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536861726564437265645265667265736846726f6d53746f72655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526561644f6e6546726f6d43726564656e7469616c4c6973745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22435265616453796e635461736b52756e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f6d61696e4a6f696e65644f72436c6f7564446f6d61696e4a6f696e656453657373696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744164616c416363657373546f6b656e46726f6d4372656450726f76696465725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574536572766963655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574436f6e666967546f6b656e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574426c6f636b696e67536572766963655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22506f70756c617465536572766963654d61705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657441757468656e74696361746564536572766963655469636b65745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526566726573684964656e7469746965735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765745365727669636555726c466f7246656465726174696f6e50726f7669646572416e616c797369735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225365727669636555726c5374617475735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2241637175697265536572766963655469636b6574466f724144414c5c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c2253697465735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e496e736967687473222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c22496e73696768747350616e655c22203a207b205c224576656e74735c22203a207b205c22415c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22445c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2248746d6c5072656665746368526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22535c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436163686546696c654e6f7456616c69645c22203a207b205c224576656e74466c61675c22203a20323536207d207d2c205c225375624e616d657370616365735c22203a207b205c224f66666963655c22203a207b205c224576656e74735c22203a207b205c2253797374656d616c69645c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22496e7369676874735c22203a207b205c224576656e74735c22203a207b205c22496e73696768747350616e655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e73696768747350616e65305c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e73696768747350616e65725c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253797374656d5c22203a207b205c224576656e74735c22203a207b205c224163746976697479715c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224163746976697479735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d2c205c22536d6172744c6f6f6b75705c22203a207b205c224576656e74735c22203a207b205c22415c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f7079466561747572654761746573315c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f7079466561747572654761746573325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573315c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331305c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331315c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331335c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331355c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573335c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573345c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573355c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573365c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573375c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573385c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573395c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22535c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2248746d6c5072656665746368526571756573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225265667265736843616368656446696c65735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446f776e6c6f61645265736f757263655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2241757468656e7469636174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22526573756c7447726f7570546f52656e6465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253656e64576562536f636b6574526571756573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22576562536f636b657450696e67506f6e674c6174656e63795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446961676e6f737469635c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c2238564d65686c6c5c22203a207b205c225375624e616d657370616365735c22203a207b205c22356b69614b3747426b7a505746675c22203a207b205c224576656e74735c22203a207b205c22373139305c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c22385c22203a207b205c225375624e616d657370616365735c22203a207b205c227a424b387872415553554e52497859484e4b55415c22203a207b205c224576656e74735c22203a207b205c22393133335c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c224f66666963655c22203a207b205c224576656e74735c22203a207b205c2253797374656d644d617463685c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22496e7369676874735c22203a207b205c224576656e74735c22203a207b205c22536d6172744c6f6f6b75705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536d6172744c6f6f6b75705f5f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536d6172744c6f6f6b75705f5f5f5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253797374656d5c22203a207b205c224576656e74735c22203a207b205c2241637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253797374656d68633863674f6a46515c22203a207b205c224576656e74735c22203a207b205c22383635335c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d2c205c22556952756e74696d655c22203a207b205c224576656e74735c22203a207b205c22437265617465576562536f636b65745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2250726f636573735265717565737451756575655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e74656e745365727669636550726f78794f6e436f6e6e656374696f6e436c6f7365645c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f6e436f6e6e656374696f6e436c6f7365645c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4c6963656e73696e67222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c224c6963656e73696e67427573626172416374696f6e5c22203a207b205c224576656e74466c61675c22203a203439343038207d2c205c22487244697370617463685375625461736b53746172745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22517569636b56616c69646174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253617665416c6c536b75696473546f52656769737472795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2257616974546f52657472794865617274626561745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536561726368466f7253657373696f6e546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224e554c56616c69646174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2256616c696461746553657373696f6e546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2243616e52756e4665617475726543616368655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22506572666f726d4c6963656e73696e674e6f74696669636174696f6e735c22203a207b205c224576656e74466c61675c22203a20323536207d207d2c205c225375624e616d657370616365735c22203a207b205c224c5655585c22203a207b205c224576656e74735c22203a207b205c224e6f456e7469746c656d656e74735c22203a207b205c224576656e74466c61675c22203a203439343038207d2c205c224e6f456e7469746c656d656e74734578706572696d656e74547269676765725c22203a207b205c224576656e74466c61675c22203a203439343038207d207d207d2c205c224f6666696365436c69656e744c6963656e73696e675c22203a207b205c224576656e74735c22203a207b205c224c6963656e7365436f6d706c657465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6567616379416374697669747953756363657373436f756e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c656761637941637469766974794661696c757265436f756e745c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22436c69656e745c22203a207b205c224576656e74735c22203a207b205c224653686f756c6441637469766174655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c224865617274626561745c22203a207b205c224576656e74735c22203a207b205c22577269746543616368655c22203a207b205c224576656e74466c61675c22203a C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\Expires = "int64_t|1716623525" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Common\ClientTelemetry\Volatile C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\integrator.exe\ULSMonitor C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@%SystemRoot%\System32\fveui.dll,-844 = "BitLocker Data Recovery Agent" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Property C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A

Modifies registry class

Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CDEC13B2-0B3C-400E-B909-E27EE89C6799}\TypeLib C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D5EC4D34-77DA-4F7A-B8C4-8A910C1C1CFE} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.iso\shell C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5007373A-20D7-458F-9FFB-ABC900E3A831}\ProxyStubClsid C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{DF1EC000-0822-3C47-8E22-E3AE308567E4}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{1E1C4C4B-742D-40CA-8DD8-6E9B772D117D}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\AppID\{521FDB42-7130-4806-822A-FC5163FAD983} C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9E0BD17B-2D3C-4656-B94D-03084F3FD9D4}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.asx\ = "WMP11.AssocFile.ASX" C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\AudioCD\shell\PlayWithVLC\command C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\SharePoint.DragDownloadCtl.1\CLSID C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{BD0E5FD4-BCC4-3913-82EF-19EE05B56F04} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D7FA6F5E-9122-4900-8846-5AB0A5499D52}\ProxyStubClsid32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{91493443-5A91-11CF-8700-00AA0060263B}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.avi C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9B4CD3EE-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.qcp\DefaultIcon C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{033D10C1-80FA-40E2-B578-A800DF9A9316}\ProxyStubClsid C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{56B47D6C-2795-39D8-8B21-CDCC7BE7ECBD}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{36DE898D-AD48-40A5-B4B2-123F916BFBAB}\ProxyStubClsid32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0002E17C-0000-0000-C000-000000000046}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{CBCC669E-8D89-3F3B-AA13-4EB4FC3B34B5}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\AcroPDF.PDF\CurVer C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{4ADEE80B-6697-30AE-B907-F63DC07322D5}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{6299711A-E372-36AB-A8AB-129031BFD9B9}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{B2EDC2A3-924D-3C82-B34C-DE7E8F03BD0E}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.ram C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{417EC967-ACF1-3B68-9743-D9D104681FB3}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDEADEF5-C265-11D0-BCED-00A0C90AB50F}\ProgID C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CA8A9780-280D-11CF-A24D-444553540000}\ToolboxBitmap32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F241-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{7BD721FC-E709-48B5-9358-18408F131030}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CA8A9780-280D-11CF-A24D-444553540000}\EnableFullPage\.xdp C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3FD37ABB-F90A-4DE5-AA38-179629E64C2F}\ProgID C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{DF09291A-1712-3919-B144-B9CC016C28E6} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{5AAABB05-F91B-4bce-AB18-D8319DEDABA8} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files" C:\Windows\explorer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\.vob\ShellEx C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\STSUpld.TitleDisplayElement C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{347CDE09-0CE2-3FBB-9BB8-7C9ECF5B750E} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE39F3D6-1B13-11D0-887F-00A0C90F2744}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1588C1A8-27D9-563E-9641-8D20767FB258}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0486745C-8D9B-5377-A54C-A61FFAA0BBE4}\1.0\0\win32\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\127.0.6490.0\\updater.exe\\4" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mov\shell\Open C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20E823C2-62F3-4638-96BD-90F4F6784EBC} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{9570E3C8-3B3D-3029-B960-AA478C2A65A2} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{796A2C2D-5B11-4FB5-9077-56D5E674972B}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1C3B4210-F441-11CE-B9EA-00AA006B1A69} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{42F39CA7-B680-3CFB-8F67-5B3E2D276747}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{301700D5-8B2C-37AB-A875-C8B763D7389A}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{226CC8E6-1ED0-4770-A7F1-A80BB4DDF07B} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{2253A7C8-C563-386D-BDC6-B55E72015C02}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{4179EEDA-0598-3CC3-85A8-2FC201D18FC6} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{93914D16-797F-3747-8421-54B51590CEF1}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2A792539-9CEA-4A63-A80A-A645FEF2046A}\TypeLib C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F2AB-98B5-11CF-BB82-00AA00BDCE0B} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}\TypeLib C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5A1DCFD3-7982-48F2-8A3D-5C35272862DE}\InProcServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{0FE28955-0AC2-36E0-8AF2-4C841614704B} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{7177C219-3448-3232-BCCC-480DF7076FFA}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B685B009-DBC4-4F24-9542-A162C3793E77}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7CD069A0-50AA-11D1-B8F0-00A0C9259304}\TypeLib C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.ifo\shell\Open\command C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 5c000000010000000400000000080000190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0282000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Apps\Rec Room\Recroom_WindowsPlatformless.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Apps\Rec Room\Recroom_WindowsPlatformless.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Apps\Rec Room\Recroom_WindowsPlatformless.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0280f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
N/A N/A C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Google4248_1089879319\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google4248_1089879319\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google4248_1089879319\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google4248_1089879319\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google4248_1089879319\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google4248_1089879319\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\System32\rundll32.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTcbPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\syswow64\MsiExec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\System32\rundll32.exe N/A
N/A N/A C:\Windows\System32\rundll32.exe N/A
N/A N/A C:\Windows\System32\rundll32.exe N/A
N/A N/A C:\Windows\System32\rundll32.exe N/A
N/A N/A C:\Windows\System32\rundll32.exe N/A
N/A N/A C:\Windows\System32\rundll32.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3888 wrote to memory of 4776 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\dashost.exe
PID 3888 wrote to memory of 4776 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\dashost.exe
PID 3580 wrote to memory of 1956 N/A C:\Program Files\7-Zip\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\7zC113EDFC\Uninst.exe
PID 3580 wrote to memory of 1956 N/A C:\Program Files\7-Zip\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\7zC113EDFC\Uninst.exe
PID 3580 wrote to memory of 1956 N/A C:\Program Files\7-Zip\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\7zC113EDFC\Uninst.exe
PID 1784 wrote to memory of 3760 N/A C:\Program Files\VideoLAN\VLC\uninstall.exe C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
PID 1784 wrote to memory of 3760 N/A C:\Program Files\VideoLAN\VLC\uninstall.exe C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
PID 1784 wrote to memory of 3760 N/A C:\Program Files\VideoLAN\VLC\uninstall.exe C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
PID 3760 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3760 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3760 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe C:\Windows\SysWOW64\regsvr32.exe
PID 380 wrote to memory of 1592 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 380 wrote to memory of 1592 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 4084 wrote to memory of 2848 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 4084 wrote to memory of 2848 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 4084 wrote to memory of 2788 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4084 wrote to memory of 2788 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4084 wrote to memory of 2788 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4084 wrote to memory of 644 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4084 wrote to memory of 644 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4084 wrote to memory of 644 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4084 wrote to memory of 2152 N/A C:\Windows\system32\msiexec.exe C:\Windows\Installer\MSI2B2A.tmp
PID 4084 wrote to memory of 2152 N/A C:\Windows\system32\msiexec.exe C:\Windows\Installer\MSI2B2A.tmp
PID 4084 wrote to memory of 2152 N/A C:\Windows\system32\msiexec.exe C:\Windows\Installer\MSI2B2A.tmp
PID 4084 wrote to memory of 2364 N/A C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
PID 4084 wrote to memory of 2364 N/A C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
PID 4084 wrote to memory of 2364 N/A C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
PID 4564 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2400 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 2400 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Firework Stars.png"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService

C:\Windows\system32\dashost.exe

dashost.exe {d522108e-206f-4b4d-a5ba3115fd951556}

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\SystemSettingsAdminFlows.exe

"C:\Windows\system32\SystemSettingsAdminFlows.exe" TroubleshootActivation

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" shwebsvc.dll,AddNetPlaceRunDll

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding

C:\Program Files\7-Zip\Uninstall.exe

"C:\Program Files\7-Zip\Uninstall.exe"

C:\Users\Admin\AppData\Local\Temp\7zC113EDFC\Uninst.exe

C:\Users\Admin\AppData\Local\Temp\7zC113EDFC\Uninst.exe /N /D="C:\Program Files\7-Zip\"

C:\Program Files\VideoLAN\VLC\uninstall.exe

"C:\Program Files\VideoLAN\VLC\uninstall.exe"

C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Program Files\VideoLAN\VLC\

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s /u "C:\Program Files\VideoLAN\VLC\axvlc.dll"

C:\Windows\system32\regsvr32.exe

/s /u "C:\Program Files\VideoLAN\VLC\axvlc.dll"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 8C5F401395F9BD32514E77C05F389B0A

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding C8129A1B1D387A67027F689B9D543DC8 E Global\MSI0000

C:\Windows\Installer\MSI2B2A.tmp

"C:\Windows\Installer\MSI2B2A.tmp" /b 3 120 0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" ClearToasts

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbf324ab58,0x7ffbf324ab68,0x7ffbf324ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2236 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4368 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4516 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4668 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4956 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4812 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4016 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4868 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4872 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5076 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4912 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5048 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5080 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4588 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4860 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4924 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4144 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4696 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5016 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5096 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4964 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5140 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5404 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5592 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5272 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5188 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5292 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4652 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6012 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5700 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5272 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5532 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6148 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5268 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6024 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5852 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5108 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5096 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5700 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5240 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5588 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5300 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6216 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4908 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5080 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5664 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6284 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6472 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6256 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5424 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5108 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6684 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6700 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4904 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6828 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6920 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe

"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" scenario=install scenariosubtype=ARP sourcetype=None productstoremove=ProPlusRetail.16_en-us_x-none culture=en-us version.16=16.0

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe

"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe"

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe

integrator.exe /U /Extension /Msi /License PRIDName=ProPlusRetail.16 PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root"

C:\Windows\system32\schtasks.exe

schtasks.exe /Delete /F /tn "Microsoft\Office\Office Feature Updates"

C:\Windows\system32\schtasks.exe

schtasks.exe /Delete /F /tn "Microsoft\Office\Office Feature Updates Logon"

C:\Windows\system32\schtasks.exe

schtasks.exe /Delete /F /tn "Microsoft\Office\OfficeTelemetryAgentLogOn2016"

C:\Windows\system32\schtasks.exe

schtasks.exe /Delete /F /tn "Microsoft\Office\OfficeTelemetryAgentFallBack2016"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding CC0D8E36D2C455A6D77F5A1C65DA3355 E Global\MSI0000

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 97FD039C3CA461B34924EE609FA51418 E Global\MSI0000

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"

C:\Program Files\Common Files\Microsoft Shared\Source Engine\ose.exe

"C:\Program Files\Common Files\Microsoft Shared\Source Engine\ose.exe" -standalone:temp

C:\Windows\Temp\ose00000.exe

"C:\Windows\Temp\ose00000.exe" -standalone

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.v4.0.Framework, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.v4.0.Framework, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.ContainerControl, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.ContainerControl, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime.Internal, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime.Internal, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe update /queue

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe update /queue

C:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe

"C:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe" -PipelineRoot:"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\." -Rebuild

C:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe

"C:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe" -AddInRoot:"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\." -Rebuild

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding A2BF116BCD2F691D06B491716834CCF8 E Global\MSI0000

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe

"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /standalonesystem

C:\Windows\system32\schtasks.exe

schtasks.exe /Delete /F /tn "Microsoft\Office\Office Automatic Updates"

C:\Windows\system32\schtasks.exe

schtasks.exe /Delete /F /tn "Microsoft\Office\Office Automatic Updates 2.0"

C:\Windows\system32\schtasks.exe

schtasks.exe /Delete /F /tn "Microsoft\Office\Office Subscription Maintenance"

C:\Windows\system32\schtasks.exe

schtasks.exe /Delete /F /tn "Microsoft\Office\Office ClickToRun Service Monitor"

C:\Windows\system32\schtasks.exe

schtasks.exe /Delete /F /tn "Microsoft\Office\Microsoft Office Touchless Attach Notification"

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf324ab58,0x7ffbf324ab68,0x7ffbf324ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1900,i,12050025954994525686,16913640659583626693,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1900,i,12050025954994525686,16913640659583626693,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=1900,i,12050025954994525686,16913640659583626693,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1900,i,12050025954994525686,16913640659583626693,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1900,i,12050025954994525686,16913640659583626693,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4368 --field-trial-handle=1900,i,12050025954994525686,16913640659583626693,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4484 --field-trial-handle=1900,i,12050025954994525686,16913640659583626693,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4652 --field-trial-handle=1900,i,12050025954994525686,16913640659583626693,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4652 --field-trial-handle=1900,i,12050025954994525686,16913640659583626693,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1900,i,12050025954994525686,16913640659583626693,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5008 --field-trial-handle=1900,i,12050025954994525686,16913640659583626693,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1900,i,12050025954994525686,16913640659583626693,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff780eaae48,0x7ff780eaae58,0x7ff780eaae68

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf324ab58,0x7ffbf324ab68,0x7ffbf324ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2268 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3132 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3160 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3588 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4488 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4492 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1660 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4488 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4892 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2744 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5156 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5192 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5236 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5328 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:8

C:\Users\Admin\Downloads\ChromeSetup.exe

"C:\Users\Admin\Downloads\ChromeSetup.exe"

C:\Program Files (x86)\Google4248_1089879319\bin\updater.exe

"C:\Program Files (x86)\Google4248_1089879319\bin\updater.exe" --install=appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={76D06516-4F7D-D71C-9575-DF3CF5EFF77F}&lang=en-GB&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-statsdef_1&installdataindex=empty --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/updater/*=2

C:\Program Files (x86)\Google4248_1089879319\bin\updater.exe

"C:\Program Files (x86)\Google4248_1089879319\bin\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0x7a758c,0x7a7598,0x7a75a4

C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --system --windows-service --service=update-internal

C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0xac758c,0xac7598,0xac75a4

C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --system --windows-service --service=update

C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0xac758c,0xac7598,0xac75a4

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\125.0.6422.113_chrome_installer.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\125.0.6422.113_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\e2f11544-0faa-46ac-be04-dae8486ee6b7.tmp"

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe" --install-archive="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\e2f11544-0faa-46ac-be04-dae8486ee6b7.tmp"

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=125.0.6422.113 --initial-client-data=0x27c,0x280,0x284,0x258,0x288,0x7ff699ef2698,0x7ff699ef26a4,0x7ff699ef26b0

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=125.0.6422.113 --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0x7ff699ef2698,0x7ff699ef26a4,0x7ff699ef26b0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffbf324ab58,0x7ffbf324ab68,0x7ffbf324ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1904,i,11986969737998208179,15727918139085421063,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1904,i,11986969737998208179,15727918139085421063,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\125.0.6422.113\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\125.0.6422.113\Installer\setup.exe" --rename-chrome-exe --system-level --verbose-logging --channel=stable

C:\Program Files\Google\Chrome\Application\125.0.6422.113\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\125.0.6422.113\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=125.0.6422.113 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff725ac2698,0x7ff725ac26a4,0x7ff725ac26b0

C:\Program Files\Google\Chrome\Application\125.0.6422.113\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\125.0.6422.113\Installer\setup.exe" --channel=stable --delete-old-versions --system-level --verbose-logging

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --flag-switches-begin --flag-switches-end

C:\Program Files\Google\Chrome\Application\125.0.6422.113\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\125.0.6422.113\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=125.0.6422.113 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff725ac2698,0x7ff725ac26a4,0x7ff725ac26b0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=125.0.6422.113 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc01981c70,0x7ffc01981c7c,0x7ffc01981c88

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2044,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2036 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1900,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2060 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2300,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2316 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3204 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4536,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4348 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4768,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4772 /prefetch:1

C:\Program Files\Google\Chrome\Application\125.0.6422.113\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\125.0.6422.113\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4780,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4880 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4540,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5084 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --field-trial-handle=5124,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5164 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4888,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4700 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3268,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5028 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4808,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5436 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4796,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5476 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4784,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5612 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4832,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5752 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=5408,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5880 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6504,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6540 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6484,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6492 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6812,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6836 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6952,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6956 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=7104,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6672 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=7136,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=7268 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6848,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=7424 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=7548,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=7576 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7592,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=7728 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=7688,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=7552 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6568,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=7964 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7080,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6628 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=7720,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5016 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=7996,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=7988 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=7312,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6968 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=8112,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6992 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --field-trial-handle=7056,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=8124 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6988,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=8268 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=8276,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=8284 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7564,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6836 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=8268,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=7160 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=8592,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=7244 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=7252,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=7452 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=7540,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=7500 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5596,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5616 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=7428,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=7780 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=5660,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5036 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=5692,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=732 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6468,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5796 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=8780,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=8684 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=7172,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5656 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=7820,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=7760 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=3520,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3868 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=4632,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2544 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=2592,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2576 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=3404,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3368 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=4400,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5708 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=125.0.6422.113 --initial-client-data=0x118,0x11c,0x120,0xa0,0x124,0x7ffc01981c70,0x7ffc01981c7c,0x7ffc01981c88

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2072,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2076 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1908,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2116 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2132,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2236 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2600,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2700 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2604,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2740 /prefetch:1

C:\Program Files\Google\Chrome\Application\125.0.6422.113\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\125.0.6422.113\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --field-trial-handle=3864,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3880 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=4848,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4860 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4156,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4412 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4528,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4200 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4484,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4032 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4228,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5040 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=2504,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5304 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5328,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5488 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=3132,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5624 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5824,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2888 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5200,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4280 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=2956,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2964 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=5088,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5144 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --field-trial-handle=5072,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5108 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5112,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5568 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=2980,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5492 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2888,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5460 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x378 0x150

C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --wake --system

C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x25c,0x27c,0x280,0x254,0x284,0xac758c,0xac7598,0xac75a4

C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --system --windows-service --service=update-internal

C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x280,0x284,0x288,0x25c,0x28c,0xac758c,0xac7598,0xac75a4

C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --system --windows-service --service=update

C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x280,0x284,0x288,0x25c,0x28c,0xac758c,0xac7598,0xac75a4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5608,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3704 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --field-trial-handle=2716,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2856 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --field-trial-handle=5716,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5900 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5860,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6024 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5924,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2696 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5944,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3016 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6236,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6220 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=5264,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6228 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=5848,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6200 /prefetch:1

C:\Users\Admin\Downloads\DiscordSetup.exe

"C:\Users\Admin\Downloads\DiscordSetup.exe"

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .

C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe" --squirrel-install 1.0.9046

C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe

C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9046 --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=28.2.10 --initial-client-data=0x534,0x544,0x548,0x53c,0x54c,0x88f6284,0x88f6290,0x88f629c

C:\Users\Admin\AppData\Local\Discord\Update.exe

C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico

C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1992 --field-trial-handle=1996,i,17978107259643489289,402416930706581911,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2

C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --mojo-platform-channel-handle=2244 --field-trial-handle=1996,i,17978107259643489289,402416930706581911,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe\",-1" /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe\" --url -- \"%1\"" /f

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=6212,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4884 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=5036,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6260 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=4400,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6292 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=5972,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5996 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=6540,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5652 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6532,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6380 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6800,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6680 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=6556,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6364 /prefetch:1

C:\Users\Admin\AppData\Local\Discord\Update.exe

"C:\Users\Admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe

C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe"

C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe

C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9046 --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=28.2.10 --initial-client-data=0x524,0x528,0x52c,0x520,0x530,0x88f6284,0x88f6290,0x88f629c

C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1936 --field-trial-handle=1952,i,16506792906759348743,14102841930008623430,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2

C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=2272 --field-trial-handle=1952,i,16506792906759348743,14102841930008623430,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8

C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=0 --gpu-device-id=0 --gpu-sub-system-id=0 --gpu-revision=0 --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2280 --field-trial-handle=1952,i,16506792906759348743,14102841930008623430,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f

C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3252 --field-trial-handle=1952,i,16506792906759348743,14102841930008623430,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe\",-1" /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe\" --url -- \"%1\"" /f

C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=3452 --field-trial-handle=1952,i,16506792906759348743,14102841930008623430,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8

C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=4212 --field-trial-handle=1952,i,16506792906759348743,14102841930008623430,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe query HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9147 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=28.2.10 --initial-client-data=0x4f4,0x4f8,0x4fc,0x4e8,0x500,0x7ff731073108,0x7ff731073114,0x7ff731073120

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1924 --field-trial-handle=1928,i,688912946692706251,14574758608370234209,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=2156 --field-trial-handle=1928,i,688912946692706251,14574758608370234209,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=0 --gpu-device-id=0 --gpu-sub-system-id=0 --gpu-revision=0 --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2260 --field-trial-handle=1928,i,688912946692706251,14574758608370234209,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8

C:\Windows\System32\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3200 --field-trial-handle=1928,i,688912946692706251,14574758608370234209,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1

C:\Windows\System32\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f

C:\Windows\System32\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe\",-1" /f

C:\Windows\System32\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe\" --url -- \"%1\"" /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "chcp"

C:\Windows\system32\chcp.com

chcp

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=4048 --field-trial-handle=1928,i,688912946692706251,14574758608370234209,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --enable-node-leakage-in-renderers /prefetch:1

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=4108 --field-trial-handle=1928,i,688912946692706251,14574758608370234209,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4136 --field-trial-handle=1928,i,688912946692706251,14574758608370234209,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --enable-node-leakage-in-renderers /prefetch:1

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=3436 --field-trial-handle=1928,i,688912946692706251,14574758608370234209,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=4348 --field-trial-handle=1928,i,688912946692706251,14574758608370234209,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=4356 --field-trial-handle=1928,i,688912946692706251,14574758608370234209,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\modules\discord_voice-2\discord_voice\gpu_encoder_helper.exe

"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\modules\discord_voice-2\discord_voice\gpu_encoder_helper.exe" nvidia

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\modules\discord_voice-2\discord_voice\gpu_encoder_helper.exe

"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\modules\discord_voice-2\discord_voice\gpu_encoder_helper.exe" amd

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\modules\discord_voice-2\discord_voice\gpu_encoder_helper.exe

"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\modules\discord_voice-2\discord_voice\gpu_encoder_helper.exe" intel

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Windows/System32/nvidia-smi.exe""

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discordapp.com/handoff?rpc=6463&key=b141f82c-1427-4cd1-b196-b35265c97fda

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbee0646f8,0x7ffbee064708,0x7ffbee064718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,16996443260802497510,8500974861844249815,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,16996443260802497510,8500974861844249815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,16996443260802497510,8500974861844249815,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16996443260802497510,8500974861844249815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16996443260802497510,8500974861844249815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16996443260802497510,8500974861844249815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,16996443260802497510,8500974861844249815,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4348 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,16996443260802497510,8500974861844249815,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5072 /prefetch:8

C:\Windows\System32\reg.exe

C:\Windows\System32\reg.exe query HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord

C:\Windows\System32\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=6040,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5704 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=5976,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5616 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Profile 1"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=125.0.6422.113 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc01981c70,0x7ffc01981c7c,0x7ffc01981c88

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2032,i,16219177339817476565,12699994400049000634,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2024 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1860,i,16219177339817476565,12699994400049000634,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2052 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=1668,i,16219177339817476565,12699994400049000634,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2516 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,16219177339817476565,12699994400049000634,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3108 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3228,i,16219177339817476565,12699994400049000634,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files\Google\Chrome\Application\125.0.6422.113\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\125.0.6422.113\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3552,i,16219177339817476565,12699994400049000634,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4548 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=3716,i,16219177339817476565,12699994400049000634,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4576 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=3720,i,16219177339817476565,12699994400049000634,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4820 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4832,i,16219177339817476565,12699994400049000634,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4836 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4824,i,16219177339817476565,12699994400049000634,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4940 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --field-trial-handle=4984,i,16219177339817476565,12699994400049000634,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4844 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4504 --field-trial-handle=1928,i,688912946692706251,14574758608370234209,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Profile 1"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=125.0.6422.113 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffc01981c70,0x7ffc01981c7c,0x7ffc01981c88

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=1940 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1812,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=1956 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2300,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2460 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3112 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files\Google\Chrome\Application\125.0.6422.113\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\125.0.6422.113\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4564,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4552 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4684,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4712 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4680,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4584 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4504,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4932 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4928,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4836 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --field-trial-handle=4892,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4932 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4392,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3716 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3912,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3700 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3132,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3220 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3716,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3840 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4532,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4932 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5492,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5452 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5484,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5440 /prefetch:8

C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"

C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Program Files (x86)\Mozilla Maintenance Service\

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" uninstall

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Profile 1"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=125.0.6422.113 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc01981c70,0x7ffc01981c7c,0x7ffc01981c88

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1964,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=1952 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=2144,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2288,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2472 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3088 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3212,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3220 /prefetch:1

C:\Program Files\Google\Chrome\Application\125.0.6422.113\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\125.0.6422.113\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4572,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3704 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4720,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4708 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4840,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4028 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --field-trial-handle=3816,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4832 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4456,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5160 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4044,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3336,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3324 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3300,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5272 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=5220,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5224 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --field-trial-handle=5608,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5240 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5800,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5780 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5980,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5156 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5836,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5044 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --field-trial-handle=4992,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4916 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --field-trial-handle=4904,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4828 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4700,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4824 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=3188,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6108 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5144,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6328 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6292,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6448 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=patch.mojom.FilePatcher --lang=en-US --service-sandbox-type=service --field-trial-handle=840,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5472 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=1164,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5212 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=3204,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4708 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4444,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5624 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --field-trial-handle=5168,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4428 /prefetch:8

C:\Users\Admin\Downloads\RecRoomSetup.exe

"C:\Users\Admin\Downloads\RecRoomSetup.exe"

C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe

"C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe"

C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe

"C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe" --type=gpu-process --field-trial-handle=1660,16455386052927794794,10774032728220302029,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1668 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe

"C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1660,16455386052927794794,10774032728220302029,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1896 /prefetch:8

C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe

"C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe" --type=renderer --field-trial-handle=1660,16455386052927794794,10774032728220302029,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\recroom-launcher\resources\app.asar" --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Programs\recroom-launcher\resources\app.asar\window_preload_script.js" --background-color=#fff --enable-spellcheck --enable-websql --disable-electron-site-instance-overrides --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3000 /prefetch:1

C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe

"C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe" --type=gpu-process --field-trial-handle=1660,16455386052927794794,10774032728220302029,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=MAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAIAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=3920 /prefetch:2

C:\Users\Admin\Downloads\DiscordSetup.exe

"C:\Users\Admin\Downloads\DiscordSetup.exe"

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .

C:\Users\Admin\AppData\Local\Discord\Update.exe

"C:\Users\Admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe"

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9147 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=28.2.10 --initial-client-data=0x4e4,0x4e8,0x4ec,0x4d8,0x4f0,0x7ff731073108,0x7ff731073114,0x7ff731073120

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1844 --field-trial-handle=1848,i,3364100434142125110,17012424070029545726,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --mojo-platform-channel-handle=2168 --field-trial-handle=1848,i,3364100434142125110,17012424070029545726,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8

C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Apps\Rec Room\Recroom_WindowsPlatformless.exe

"C:/Users/Admin/AppData/Local/Programs/recroom-launcher/Apps/Rec Room/Recroom_WindowsPlatformless.exe" -RunFromLauncher

C:\Users\Admin\appdata\local\programs\recroom-launcher\apps\rec room\easyanticheat\easyanticheat_Setup.exe

"C:\Users\Admin\appdata\local\programs\recroom-launcher\apps\rec room\easyanticheat\easyanticheat_Setup.exe" install 502

C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe

"C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultb97e25e7h4adch414eh9948h8df82bd10915

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffbee0646f8,0x7ffbee064708,0x7ffbee064718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,2467947275133667011,12177083863101597154,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,2467947275133667011,12177083863101597154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2596 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,2467947275133667011,12177083863101597154,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 56.94.73.104.in-addr.arpa udp
US 8.8.8.8:53 c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 cxcs.microsoft.net udp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 114.66.68.104.in-addr.arpa udp
US 8.8.8.8:53 156.33.209.4.in-addr.arpa udp
US 8.8.8.8:53 101.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 support.microsoft.com udp
BE 2.21.16.124:443 support.microsoft.com tcp
US 8.8.8.8:53 124.16.21.2.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 79.239.69.13.in-addr.arpa udp
US 8.8.8.8:53 shell.windows.com udp
US 2.17.251.20:443 shell.windows.com tcp
US 8.8.8.8:53 20.251.17.2.in-addr.arpa udp
N/A 239.255.255.250:3702 udp
N/A 239.255.255.250:3702 udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 4.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 ogs.google.com udp
GB 142.250.187.238:443 ogs.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
GB 142.250.187.206:443 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.206:443 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.206:443 www.youtube.com tcp
US 8.8.8.8:53 tools.google.com udp
GB 172.217.169.46:443 tools.google.com tcp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
GB 172.217.169.46:443 tools.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.204.67:443 update.googleapis.com tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
BE 74.125.206.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 84.206.125.74.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 172.217.16.238:443 apis.google.com tcp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.204.67:443 update.googleapis.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 accountcapabilities-pa.googleapis.com udp
BE 74.125.206.84:443 accounts.google.com tcp
GB 142.250.187.234:443 accountcapabilities-pa.googleapis.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
BE 74.125.206.84:443 accounts.google.com udp
GB 142.250.187.206:443 clients2.google.com udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
GB 172.217.16.225:443 clients2.googleusercontent.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 142.250.187.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
GB 142.250.187.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 securitydomain-pa.googleapis.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 188.206.125.74.in-addr.arpa udp
GB 216.58.204.67:443 update.googleapis.com tcp
US 8.8.8.8:53 optimizationguide-pa.googleapis.com udp
GB 142.250.179.234:443 optimizationguide-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com udp
GB 216.58.204.67:443 update.googleapis.com udp
GB 142.250.179.234:443 optimizationguide-pa.googleapis.com udp
BE 74.125.206.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 myaccount.google.com udp
US 8.8.8.8:53 e2c49.gcp.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
BE 142.251.168.84:443 myaccount.google.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
US 35.211.148.231:443 e2c49.gcp.gvt2.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com udp
BE 142.251.168.84:443 myaccount.google.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 192.178.49.163:443 beacons.gvt2.com tcp
US 8.8.8.8:53 84.168.251.142.in-addr.arpa udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 231.148.211.35.in-addr.arpa udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 142.250.187.234:443 optimizationguide-pa.googleapis.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 163.49.178.192.in-addr.arpa udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 142.250.187.196:443 www.google.com udp
BE 142.251.168.84:443 myaccount.google.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
BE 74.125.206.84:443 accounts.google.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com udp
BE 74.125.206.84:443 accounts.google.com tcp
BE 74.125.206.84:443 accounts.google.com tcp
GB 216.58.204.67:443 update.googleapis.com tcp
BE 74.125.206.84:443 accounts.google.com tcp
BE 74.125.206.84:443 accounts.google.com tcp
GB 216.58.204.67:443 update.googleapis.com tcp
BE 74.125.206.84:443 accounts.google.com udp
US 8.8.8.8:53 memex-pa.googleapis.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 216.58.212.234:443 memex-pa.googleapis.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
GB 142.250.179.234:443 memex-pa.googleapis.com udp
GB 142.250.179.234:443 memex-pa.googleapis.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 discord.com udp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 8.8.8.8:53 assets-global.website-files.com udp
US 162.159.128.233:443 discord.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 global.localizecdn.com udp
US 8.8.8.8:53 d3e54v103j8qbb.cloudfront.net udp
FR 52.84.174.87:443 assets-global.website-files.com tcp
FR 52.84.174.87:443 assets-global.website-files.com tcp
US 104.18.4.175:443 global.localizecdn.com tcp
FR 52.222.153.27:443 d3e54v103j8qbb.cloudfront.net tcp
US 8.8.8.8:53 uploads-ssl.webflow.com udp
FR 52.222.201.64:443 uploads-ssl.webflow.com tcp
FR 52.222.201.64:443 uploads-ssl.webflow.com tcp
FR 52.222.201.64:443 uploads-ssl.webflow.com tcp
FR 52.222.201.64:443 uploads-ssl.webflow.com tcp
FR 52.222.201.64:443 uploads-ssl.webflow.com tcp
FR 52.222.201.64:443 uploads-ssl.webflow.com tcp
GB 142.250.187.234:443 memex-pa.googleapis.com tcp
US 8.8.8.8:53 233.128.159.162.in-addr.arpa udp
US 8.8.8.8:53 87.174.84.52.in-addr.arpa udp
US 8.8.8.8:53 27.153.222.52.in-addr.arpa udp
US 8.8.8.8:53 175.4.18.104.in-addr.arpa udp
US 8.8.8.8:53 64.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.206:443 www.youtube.com tcp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 remote-auth-gateway.discord.gg udp
US 162.159.134.234:443 remote-auth-gateway.discord.gg tcp
GB 142.250.187.234:443 memex-pa.googleapis.com udp
US 8.8.8.8:53 234.134.159.162.in-addr.arpa udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.230.21:443 js.hcaptcha.com tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 104.19.229.21:443 newassets.hcaptcha.com tcp
US 104.19.229.21:443 newassets.hcaptcha.com udp
US 8.8.8.8:53 api2.hcaptcha.com udp
US 8.8.8.8:53 21.229.19.104.in-addr.arpa udp
US 8.8.8.8:53 21.230.19.104.in-addr.arpa udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 imgs3.hcaptcha.com udp
US 104.19.229.21:443 imgs3.hcaptcha.com tcp
US 104.19.229.21:443 imgs3.hcaptcha.com udp
GB 216.58.204.67:443 update.googleapis.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
GB 142.250.187.206:443 www.youtube.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
US 8.8.8.8:53 clients4.google.com udp
GB 142.250.187.206:443 clients4.google.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 142.250.187.206:443 clients4.google.com udp
US 162.159.128.233:443 discord.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 142.250.179.234:443 memex-pa.googleapis.com udp
US 8.8.8.8:53 gateway.discord.gg udp
US 162.159.130.234:443 gateway.discord.gg tcp
US 8.8.8.8:53 234.130.159.162.in-addr.arpa udp
US 8.8.8.8:53 api.spotify.com udp
US 8.8.8.8:53 status.discord.com udp
US 35.186.224.25:443 api.spotify.com tcp
US 162.159.128.233:443 status.discord.com tcp
US 35.186.224.25:443 api.spotify.com udp
US 8.8.8.8:53 25.224.186.35.in-addr.arpa udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.212.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 dealer.spotify.com udp
US 35.186.224.39:443 dealer.spotify.com tcp
US 8.8.8.8:53 233.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 39.224.186.35.in-addr.arpa udp
US 162.159.135.233:443 cdn.discordapp.com udp
US 162.159.135.233:443 cdn.discordapp.com udp
US 8.8.8.8:53 dl.discordapp.net udp
US 104.18.52.172:443 dl.discordapp.net tcp
US 8.8.8.8:53 172.52.18.104.in-addr.arpa udp
US 162.159.134.234:443 gateway.discord.gg tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 ogs.google.com udp
GB 142.250.187.238:443 ogs.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 accounts.google.com udp
BE 74.125.206.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 172.217.169.10:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
GB 216.58.213.10:443 translate.googleapis.com tcp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.238:443 ogs.google.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.204.67:443 update.googleapis.com tcp
GB 216.58.204.67:443 update.googleapis.com tcp
US 8.8.8.8:53 updates.discord.com udp
US 162.159.137.232:443 updates.discord.com tcp
US 8.8.8.8:53 232.137.159.162.in-addr.arpa udp
US 8.8.8.8:53 dl.discordapp.net udp
US 104.18.52.172:443 dl.discordapp.net tcp
US 104.18.52.172:443 dl.discordapp.net tcp
US 104.18.52.172:443 dl.discordapp.net tcp
US 104.18.52.172:443 dl.discordapp.net tcp
GB 216.58.204.67:443 update.googleapis.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.204.67:443 update.googleapis.com tcp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.204.67:443 update.googleapis.com tcp
GB 216.58.204.67:443 update.googleapis.com tcp
US 162.159.137.232:443 updates.discord.com tcp
US 8.8.8.8:53 discordapp.com udp
US 8.8.8.8:53 discordapp.com udp
US 162.159.133.233:443 discordapp.com udp
US 162.159.133.233:443 discordapp.com tcp
GB 216.58.204.67:443 update.googleapis.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
US 104.18.52.172:443 dl.discordapp.net tcp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 discordapp.com udp
US 162.159.130.233:443 discordapp.com tcp
US 162.159.130.233:443 discordapp.com tcp
US 162.159.128.233:443 updates.discord.com tcp
US 8.8.8.8:53 233.130.159.162.in-addr.arpa udp
US 162.159.134.234:443 gateway.discord.gg tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
N/A 127.0.0.1:6463 tcp
N/A 127.0.0.1:6463 tcp
US 162.159.134.234:443 gateway.discord.gg tcp
US 162.159.128.233:443 updates.discord.com udp
US 35.186.224.25:443 api.spotify.com tcp
US 35.186.224.25:443 api.spotify.com udp
US 35.186.224.39:443 dealer.spotify.com tcp
US 162.159.129.233:443 discordapp.com udp
US 8.8.8.8:53 233.129.159.162.in-addr.arpa udp
US 162.159.129.235:443 tcp
NL 35.214.212.66:50001 udp
NL 35.214.225.26:50003 udp
NL 35.214.229.162:50003 udp
NL 35.214.221.167:50002 udp
NL 35.214.169.198:50001 udp
DE 66.22.243.53:50004 udp
DE 35.207.110.97:50002 udp
DE 66.22.243.47:50002 udp
DE 66.22.243.191:50003 udp
DE 66.22.243.187:50004 udp
IT 35.219.231.247:50004 udp
IT 35.219.247.14:50002 udp
IT 35.219.230.140:50001 udp
IT 35.219.254.233:50003 udp
IT 35.219.248.230:50004 udp
ES 34.0.212.55:50001 udp
ES 34.0.206.55:50004 udp
ES 66.22.241.158:50001 udp
ES 34.0.207.21:50002 udp
ES 34.0.199.158:50003 udp
SE 66.22.237.153:50002 udp
SE 66.22.237.160:50002 udp
SE 66.22.237.25:50004 udp
SE 66.22.237.16:50004 udp
SE 66.22.237.145:50003 udp
US 8.8.8.8:53 235.129.159.162.in-addr.arpa udp
US 8.8.8.8:53 66.212.214.35.in-addr.arpa udp
US 8.8.8.8:53 26.225.214.35.in-addr.arpa udp
US 8.8.8.8:53 162.229.214.35.in-addr.arpa udp
US 8.8.8.8:53 167.221.214.35.in-addr.arpa udp
US 8.8.8.8:53 198.169.214.35.in-addr.arpa udp
US 8.8.8.8:53 97.110.207.35.in-addr.arpa udp
US 8.8.8.8:53 53.243.22.66.in-addr.arpa udp
US 8.8.8.8:53 47.243.22.66.in-addr.arpa udp
US 8.8.8.8:53 191.243.22.66.in-addr.arpa udp
US 8.8.8.8:53 187.243.22.66.in-addr.arpa udp
US 8.8.8.8:53 14.247.219.35.in-addr.arpa udp
US 8.8.8.8:53 247.231.219.35.in-addr.arpa udp
US 8.8.8.8:53 140.230.219.35.in-addr.arpa udp
US 8.8.8.8:53 233.254.219.35.in-addr.arpa udp
US 8.8.8.8:53 230.248.219.35.in-addr.arpa udp
US 8.8.8.8:53 55.212.0.34.in-addr.arpa udp
US 8.8.8.8:53 55.206.0.34.in-addr.arpa udp
US 8.8.8.8:53 158.241.22.66.in-addr.arpa udp
US 8.8.8.8:53 21.207.0.34.in-addr.arpa udp
US 8.8.8.8:53 158.199.0.34.in-addr.arpa udp
US 8.8.8.8:53 153.237.22.66.in-addr.arpa udp
US 8.8.8.8:53 160.237.22.66.in-addr.arpa udp
US 8.8.8.8:53 25.237.22.66.in-addr.arpa udp
US 8.8.8.8:53 145.237.22.66.in-addr.arpa udp
US 8.8.8.8:53 16.237.22.66.in-addr.arpa udp
US 8.8.8.8:53 optimizationguide-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 172.217.169.42:443 optimizationguide-pa.googleapis.com udp
US 8.8.8.8:53 id.google.com udp
DE 142.250.185.163:443 id.google.com tcp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 163.185.250.142.in-addr.arpa udp
BE 74.125.206.84:443 accounts.google.com udp
US 8.8.4.4:443 dns.google udp
BE 74.125.206.84:443 accounts.google.com tcp
GB 216.58.204.67:443 update.googleapis.com udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
GB 142.250.187.238:443 ogs.google.com tcp
GB 172.217.169.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
BE 74.125.206.84:443 accounts.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 memex-pa.googleapis.com udp
GB 142.250.187.234:443 memex-pa.googleapis.com udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.204.67:443 update.googleapis.com udp
US 162.159.130.232:443 udp
US 162.159.133.232:443 udp
US 8.8.8.8:53 232.130.159.162.in-addr.arpa udp
US 8.8.8.8:53 232.133.159.162.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google udp
US 162.159.130.233:443 discordapp.com udp
US 162.159.129.235:443 tcp
US 66.22.227.56:50004 udp
US 66.22.227.56:50004 udp
US 8.8.8.8:53 56.227.22.66.in-addr.arpa udp
US 66.22.227.56:50004 udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.169.42:443 memex-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
BE 74.125.206.84:443 accounts.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.234:443 memex-pa.googleapis.com udp
GB 142.250.187.234:443 memex-pa.googleapis.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.204.67:443 update.googleapis.com udp
GB 216.58.204.67:443 update.googleapis.com tcp
US 8.8.8.8:53 ogs.google.com udp
GB 142.250.187.238:443 ogs.google.com udp
GB 142.250.187.238:443 ogs.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
BE 74.125.206.84:443 accounts.google.com udp
BE 74.125.206.84:443 accounts.google.com udp
BE 74.125.206.84:443 accounts.google.com tcp
GB 172.217.169.42:443 memex-pa.googleapis.com udp
GB 172.217.169.42:443 memex-pa.googleapis.com tcp
BE 74.125.206.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 142.250.187.238:443 accounts.youtube.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.238:443 accounts.youtube.com udp
GB 216.58.213.10:443 content-autofill.googleapis.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 clients4.google.com udp
GB 142.250.187.206:443 clients4.google.com tcp
GB 216.58.204.67:443 update.googleapis.com tcp
GB 142.250.187.206:443 clients4.google.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
US 162.159.133.233:443 discordapp.com udp
US 162.159.133.233:443 discordapp.com udp
US 8.8.8.8:53 optimizationguide-pa.googleapis.com udp
BE 74.125.206.84:443 accounts.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
BE 74.125.206.84:443 accounts.google.com udp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.204.67:443 update.googleapis.com udp
GB 216.58.204.67:443 update.googleapis.com tcp
US 8.8.8.8:53 188.110.250.142.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 id.google.com udp
GB 142.250.187.227:443 id.google.com udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.204.86:443 i.ytimg.com tcp
GB 216.58.204.86:443 i.ytimg.com tcp
GB 216.58.204.86:443 i.ytimg.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
US 8.8.8.8:53 86.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 recroom.com udp
GB 216.58.204.78:443 www.youtube.com udp
GB 216.58.204.86:443 i.ytimg.com tcp
US 198.49.23.144:443 recroom.com tcp
US 198.49.23.144:443 recroom.com tcp
US 8.8.8.8:53 images.squarespace-cdn.com udp
US 8.8.8.8:53 use.typekit.net udp
US 8.8.8.8:53 assets.squarespace.com udp
US 8.8.8.8:53 static1.squarespace.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.kidsafeseal.com udp
US 151.101.0.238:443 static1.squarespace.com tcp
US 151.101.0.237:443 assets.squarespace.com tcp
US 151.101.0.237:443 assets.squarespace.com tcp
US 151.101.0.237:443 assets.squarespace.com tcp
US 151.101.0.237:443 assets.squarespace.com tcp
US 151.101.0.237:443 assets.squarespace.com tcp
US 151.101.0.237:443 assets.squarespace.com tcp
US 151.101.0.237:443 assets.squarespace.com tcp
SE 184.31.15.40:443 use.typekit.net tcp
US 151.101.0.238:443 static1.squarespace.com tcp
US 172.67.75.106:443 www.kidsafeseal.com tcp
US 8.8.8.8:53 144.23.49.198.in-addr.arpa udp
US 8.8.8.8:53 238.0.101.151.in-addr.arpa udp
US 8.8.8.8:53 237.0.101.151.in-addr.arpa udp
US 8.8.8.8:53 106.75.67.172.in-addr.arpa udp
US 8.8.8.8:53 40.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
SE 184.31.15.40:443 use.typekit.net tcp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 163.70.151.21:443 connect.facebook.net udp
GB 216.58.204.78:443 www.youtube.com udp
US 8.8.8.8:53 video.squarespace-cdn.com udp
US 151.101.0.238:443 video.squarespace-cdn.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 p.typekit.net udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
SE 184.31.15.57:443 p.typekit.net tcp
GB 216.58.204.78:443 www.youtube.com tcp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
GB 216.58.204.78:443 www.youtube.com udp
GB 216.58.204.86:443 i.ytimg.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 rr5---sn-aigl6nzl.googlevideo.com udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 57.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
GB 74.125.168.170:443 rr5---sn-aigl6nzl.googlevideo.com tcp
GB 74.125.168.170:443 rr5---sn-aigl6nzl.googlevideo.com tcp
GB 74.125.168.170:443 rr5---sn-aigl6nzl.googlevideo.com tcp
GB 74.125.168.170:443 rr5---sn-aigl6nzl.googlevideo.com udp
GB 142.250.180.1:443 yt3.ggpht.com udp
US 8.8.8.8:53 170.168.125.74.in-addr.arpa udp
US 8.8.8.8:53 rec.net udp
US 172.214.116.196:443 rec.net tcp
GB 163.70.151.35:443 www.facebook.com udp
US 172.214.116.196:443 rec.net tcp
US 172.214.116.196:443 rec.net tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 172.214.116.196:443 rec.net tcp
US 172.214.116.196:443 rec.net tcp
US 172.214.116.196:443 rec.net tcp
US 172.214.116.196:443 rec.net tcp
US 8.8.8.8:53 performance.squarespace.com udp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 35.186.236.0:443 performance.squarespace.com tcp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 196.116.214.172.in-addr.arpa udp
US 8.8.8.8:53 0.236.186.35.in-addr.arpa udp
US 8.8.8.8:53 52.177.19.104.in-addr.arpa udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
GB 216.58.213.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 featuregates.org udp
US 34.128.128.0:443 featuregates.org tcp
US 34.128.128.0:443 featuregates.org udp
US 8.8.8.8:53 api.rudderstack.com udp
US 8.8.8.8:53 0.128.128.34.in-addr.arpa udp
FR 13.249.9.111:443 api.rudderstack.com tcp
FR 13.249.9.111:443 api.rudderstack.com udp
US 8.8.8.8:53 recroom-dataplane.rudderstack.com udp
US 52.22.248.30:443 recroom-dataplane.rudderstack.com tcp
US 8.8.8.8:53 events.statsigapi.net udp
US 34.128.128.0:443 events.statsigapi.net tcp
US 34.128.128.0:443 events.statsigapi.net udp
US 8.8.8.8:53 111.9.249.13.in-addr.arpa udp
US 8.8.8.8:53 30.248.22.52.in-addr.arpa udp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 104.18.32.137:443 privacyportal.onetrust.com tcp
US 8.8.8.8:53 gsght.com udp
US 8.8.8.8:53 cdn.rec.net udp
US 34.214.69.148:443 gsght.com tcp
US 34.214.69.148:443 gsght.com tcp
US 152.199.21.175:443 cdn.rec.net tcp
US 8.8.8.8:53 148.69.214.34.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 162.159.133.233:443 discordapp.com udp
GB 142.250.187.206:443 www.youtube.com tcp
GB 216.58.204.67:443 update.googleapis.com tcp
GB 216.58.204.67:443 update.googleapis.com udp
US 8.8.8.8:53 google.com udp
GB 142.250.178.14:443 google.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 216.58.213.3:443 beacons3.gvt2.com udp
US 8.8.8.8:53 api2.patchkit.net udp
FR 18.244.28.36:80 api2.patchkit.net tcp
FR 18.244.28.36:443 api2.patchkit.net tcp
US 8.8.8.8:53 36.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 cdn-cf-ae.patchkit.net udp
US 18.245.175.28:80 cdn-cf-ae.patchkit.net tcp
US 18.245.175.28:80 cdn-cf-ae.patchkit.net tcp
US 8.8.8.8:53 51.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 28.175.245.18.in-addr.arpa udp
US 8.8.8.8:53 app-catalog.patchkit.net udp
US 54.191.234.124:443 app-catalog.patchkit.net tcp
US 54.191.234.124:443 app-catalog.patchkit.net tcp
US 8.8.8.8:53 124.234.191.54.in-addr.arpa udp
US 54.191.234.124:443 app-catalog.patchkit.net tcp
US 54.191.234.124:443 app-catalog.patchkit.net tcp
US 54.191.234.124:443 app-catalog.patchkit.net tcp
US 54.191.234.124:443 app-catalog.patchkit.net tcp
US 54.191.234.124:443 app-catalog.patchkit.net tcp
US 54.191.234.124:443 app-catalog.patchkit.net tcp
US 54.191.234.124:443 app-catalog.patchkit.net tcp
US 54.191.234.124:443 app-catalog.patchkit.net tcp
US 54.191.234.124:443 app-catalog.patchkit.net tcp
US 8.8.8.8:53 api2.patchkit.net udp
FR 18.244.28.12:443 api2.patchkit.net tcp
FR 18.244.28.12:443 api2.patchkit.net tcp
US 8.8.8.8:53 12.28.244.18.in-addr.arpa udp
FR 18.244.28.12:443 api2.patchkit.net tcp
US 8.8.8.8:53 ip2loc.patchkit.net udp
FR 99.86.91.14:443 ip2loc.patchkit.net tcp
FR 18.244.28.12:443 api2.patchkit.net tcp
US 8.8.8.8:53 14.91.86.99.in-addr.arpa udp
US 8.8.8.8:53 cdn-cf-ae.patchkit.net udp
US 18.245.175.86:80 cdn-cf-ae.patchkit.net tcp
US 8.8.8.8:53 86.175.245.18.in-addr.arpa udp
US 18.245.175.86:80 cdn-cf-ae.patchkit.net tcp
US 8.8.8.8:53 cdn-cf-ae.patchkit.net udp
US 18.245.175.28:80 cdn-cf-ae.patchkit.net tcp
US 18.245.175.28:80 cdn-cf-ae.patchkit.net tcp
US 8.8.8.8:53 cdn-cf-ae.patchkit.net udp
US 18.245.175.28:80 cdn-cf-ae.patchkit.net tcp
US 18.245.175.28:80 cdn-cf-ae.patchkit.net tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google udp
US 162.159.133.233:443 cdn.discordapp.com udp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 233.134.159.162.in-addr.arpa udp
US 162.159.133.232:443 udp
US 8.8.8.8:53 cdn-cf-ae.patchkit.net udp
US 18.245.175.29:80 cdn-cf-ae.patchkit.net tcp
US 8.8.8.8:53 29.175.245.18.in-addr.arpa udp
US 162.159.134.232:443 udp
US 8.8.8.8:53 232.134.159.162.in-addr.arpa udp
US 18.245.175.29:80 cdn-cf-ae.patchkit.net tcp
US 8.8.8.8:53 cdn-cf-ae.patchkit.net udp
US 18.245.175.29:80 cdn-cf-ae.patchkit.net tcp
US 162.159.129.233:443 cdn.discordapp.com udp
US 8.8.8.8:53 udp
US 18.245.175.29:80 tcp
US 18.245.175.29:80 tcp
US 8.8.8.8:53 udp
FR 18.244.28.12:443 tcp
US 8.8.8.8:53 udp
N/A 52.222.201.22:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 52.211.40.47:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 52.212.240.101:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:443 udp
US 162.159.134.233:443 udp
N/A 162.159.136.234:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 2.17.196.177:443 tcp
BE 104.68.66.114:443 tcp
US 8.8.8.8:53 udp
GB 2.21.189.164:443 tcp
US 8.8.8.8:53 udp
BE 2.21.16.124:443 tcp

Files

C:\Users\Admin\Desktop\ApproveSplit.ico

MD5 de5b6697063997dfd4eeb2c607db27c6
SHA1 1ab6bf1904f39caf043ee2fe2f9bf623bd2bf7a4
SHA256 2a792d5507e73d1c6d0597cff9a2a49a60056fac185b6040c60e1aae4cd1a346
SHA512 bbc2dd5647840f57019ba2f0d63d58696534fc32feca3cfb27d8dd5207f4775c9e2b4a49919e39ae6ee19a6e23e1a554fc85c165f0470e62ff8f704dce7a359d

C:\Users\Admin\Desktop\BlockPop.midi

MD5 1cd9cd035058391c545d73cd0955e916
SHA1 c7fbcacf280b7d300b7e9a87d6d4203fd30f4a23
SHA256 ce6997a6931f7ceaf9886547a38ab2539898e773dd4f285ff059c0f0b0aa0c53
SHA512 be88d2b6dd0a5d67897ef26c58e5f527d2ce7f25d7a7b172530089e9fed2b12962f373b986c3173c37ca95a6380649e033020f2257d117d1ac2d01a140152a04

C:\Users\Admin\Desktop\ConfirmOptimize.xls

MD5 e997acb37be8cd31b08f0eeb02579ba1
SHA1 13e637b39103864c75c90337f240a4c3b28b85f0
SHA256 5fb841f5561fbabd9c80409a8c0c0abf434f4c4347e643c313e851517597f3ef
SHA512 62484120d146738432ee784e459f271ff0552bfe53fe0d7f04f2553bf4551c88476767fc284254c3cc7b84006d54619f11e8c356927001f0174d49b9656026ac

C:\Users\Admin\Desktop\DenyProtect.html

MD5 be20a99d09e79941af310064f0c9cc69
SHA1 54c970f7ed8a8ecd0c4da871716b5e0890b506b6
SHA256 9f7a93eabdc469ada4678ad3ea63533e78f490b6179b7ec9bc7e85efd483cd3a
SHA512 7940741ddd39deef9b871519934ac6cf8572827bc6ef1733b82f31782f66c6d84d9190ed500a1bb61506a0dde58aeb256a2a3eec9b642f25ec47b60827943540

C:\Users\Admin\Desktop\DisconnectRequest.DVR

MD5 26156561d27b5e8bd7fe11d2c9f7d59b
SHA1 9df225a79b310900679db44fa533ce0815513848
SHA256 f087f21a777afe1ffcbbe04a43042884c9c9e5f678527eeeca587ac64903dad8
SHA512 28b790b6402a712c39145a2898e64b3ef64ef6bef95dadf02bf44fe499419e8129850c1bcc4b6bc98656fbfe5576c91f90a8bf8a0b6c3b828d2294bfb20634dd

C:\Users\Admin\Desktop\DismountInvoke.nfo

MD5 dd5db567f295046d34d8d0ce8798de21
SHA1 0f03f47b1c82eec37f49227df887c1035840904e
SHA256 415c8a72e25bdf425be2dcbd3487944c82aad7586515431d66583d2adbb690b0
SHA512 c0ec994a8e4ea579e374be6ed4126dc3d4a36e47f2637671d30c0b96d36c9c04e99af58325be9447d915da10ae47bf9184506d3d9a2d591bdb9e9f761015dfcc

C:\Users\Admin\Desktop\DisableResume.vdx

MD5 2d07e50130dacde07c71ce5273c910be
SHA1 5470d6ce7287c3e7935d18920f9096b88b5b40e7
SHA256 c7c1e4a9d8d94a9463f0b7a315cdbb100ea2bf621d1b47bc6aae970115b74d51
SHA512 d1c7ec3c81337ad01e7ac8ae586213bfd8ad9b82eebff1a3f89118d0d54f21ba92c38eadffe665b95611ae323626fa43f57b8eea2e0149815473199dd98334cb

C:\Users\Admin\Desktop\GetRepair.gif

MD5 25c0e89b17b010ec9c9f0508664f7b66
SHA1 5bf22d719f14f0e802079b1097f9ac3ed6bb5b82
SHA256 d3bba35923fb5313c40a7b734792b3f06b69c7d2e1103982821555ca176ab2c0
SHA512 7c02c70a571c336f0ec13ee2e664d904b527f56cc018f240c16321e22deb10ee791ccd01835a0a32220ff41d16fb023b3bd0711f40020ad9013993abbf41ff6c

C:\Users\Admin\Desktop\HideUpdate.dot

MD5 11366630986515c1580415619889b043
SHA1 6988752c6422a73503fa7cc083ced1e7a01bbb13
SHA256 916d5c4aa97be01fbde5b384de3649d4123bd62144a2715a1e5c033feebf1c99
SHA512 5b57b1b32a995636f7218d53f4496ee779e472e1de55d9043f160fc3a4cdd2c198083f3509101c7b9b1c54ab26ff917f4ce1d093b1376204dcea0e808578f7d8

C:\Users\Admin\Desktop\PingConnect.html

MD5 f6ab496ca48cb711b4b1ee5b125f1dcc
SHA1 9f23bae1aae85333a65e61b640c704311c1b8445
SHA256 4ec6e7150889bfcbc90110fbc1681c0966e46bb69d27ae95e41bdc3c31fe233b
SHA512 a811da881bf8c977e3985ef492e509374fd6d07cc64e0a90bebe74cfea2043d48bfe185a0a895d59bcebd8e156540968b8e3b3c37c6291c3d5381202997e129b

C:\Users\Admin\Desktop\SplitImport.js

MD5 e1f5108da2e825caa08502503c503113
SHA1 e0baecb92f35ea355d62eab09d86418cefd87bfb
SHA256 2cbb53b88e74efbe3990458f62ca3894187ee491804b7934521d591c16fdd524
SHA512 3a38b9074e2b4210e613b48f8bd52421869809d93bce197b444c5fada901467371676b05d5b55ba39a96b00afa0b88aa782ac76c2635d6763ae79e5f2bd109ad

C:\Users\Admin\Desktop\InstallGrant.mpeg2

MD5 d399dcb4e20b4688834481d5cc499686
SHA1 bbcbdd73c524249571a063388f8456da81376509
SHA256 d70fc6609b410953395abb09cae692d2068aaf17755ce496b8495b40e652a29d
SHA512 ad49985c26860ca79b91ba2f7537263b762017d289d9139c207830fe0581f985b992eac76522e0b679adccc36dd5539e3e748e3f6c74414a2840e1d319ebe629

C:\Users\Admin\Desktop\WatchConvertTo.odt

MD5 fb9bf12eff8ec109f6e66efebfa52963
SHA1 ad01e093d54db4f6eb7d73dcb59eaadf4545d986
SHA256 05c520d42024a1b7658998451b449301263acbcf2c1c35e9558c145d0f844267
SHA512 86ce34c3efddae8019a8bd8a1665341a04a4c8eb349a3edeec3d3bfe41b39175d3cea6c9934f15b53be2850997d8742bd9bf0410d52c78bcbd3703f82b58162e

C:\Users\Admin\Desktop\TestDebug.mht

MD5 3aad1c79aff5225f7dbbe96b4e3e289d
SHA1 8063668e518fe900b26c93bba8a3e3bfaf39400e
SHA256 5b5a3203ba77997674ddb6c1c6a9ad5e72e36c92c7327b0691be37c9596c0f15
SHA512 42ecf77f1146c9e645f1e5cf38e155a9e7e52ce7da2baf1f3cea503e7bd0f3e2020bb28ecc2e47f6b7c8cdadec1ba3cb19f11415c74ab1459eb7c5d4a76502b9

C:\Users\Admin\Desktop\SwitchPing.vb

MD5 55e0a634ce85cbe6b2d0bb7d3020af1f
SHA1 b8905d40f0bd63beed5ee0de518dc6a40c8bdc18
SHA256 6f839bac855aa47dcee483c5131c234300ceea8ec7dbae82e7b401d81a42abdd
SHA512 5497e12c29870673f9bf81b5757fc39546bf7298c3d859fca091d76c96bef0f97fff5a05f6787391a314f0332ce11fa97a4bf5bf1864dc0c3285dc3c3e1434b5

C:\Users\Admin\Desktop\SuspendHide.sql

MD5 adfe19c4e0d29b424d0aa5eb4faaa598
SHA1 5f8b4a132159e8d4b57e7fe815406edc129a3c95
SHA256 18cefb5c21b28dabac56391c507f8c5914814a590c151d0cecccc4d4fe4e4773
SHA512 cdbf1b8244b3ad5f6b354bb74f52de3319df08f9dfb657823e8e43a970a8f6b8306aff60584183ae6c73a01cb0dc004bb995a342854c0f6e2c119f22c5a30e76

C:\Users\Admin\Desktop\SkipOptimize.mpg

MD5 9c2a2ff8bad33eaa2a6063cff997cf72
SHA1 9254324a4513185d17a9adac5050adfeec459390
SHA256 626304eb0fa55bf93e5e9f8da17ba85ad75ec1859ec1b93b904f7523e9ac3d83
SHA512 4e4944f9dfaf401b511b0faafa75cc0247b6075cf0d0675160088476ba063e8bc1a9a3dbc276f1da28d7de951e087c4e9699460a473e79fd62933bfe147828f3

C:\Users\Admin\Desktop\SkipConvertFrom.docm

MD5 4dd66c087bba8f70b5807b89bd5f98ee
SHA1 244d5a649886843f398e3886de9fdac90e3f71d3
SHA256 75ed43d0b6c34bfbda711664a016e3f34e9dfe35c379292cce46ae4d14993738
SHA512 17d655a0090a3c50386586efa642a048c22c784c54bdf9479b9880124b1c7b2f06993da0f05a1bd3c6085b650ee5719406e2d57a91e854b4c4fb8346d3a00772

C:\Users\Admin\Desktop\ShowPop.mpg

MD5 26b1acfe1567310d9addfe03e10d6c14
SHA1 33da87cf82488c2a3e41137aeacb978f25e9a28e
SHA256 0603bd37ecf494d88c2e753202835dcd4b9bd44ab42bc55f472924c72bd69e29
SHA512 690c48d483f7a772d0cdba89e591d43e26e2df0108db922095babe6cfaf0af533443fde7b0374453e890811423c6090f3a6ed01b38eda09a330505be4b5989c3

C:\Users\Admin\Desktop\RevokeReset.rle

MD5 80b5da5720fe7faed561e9ac8004aa41
SHA1 687ea5ac6f43af05ce379b82e43054843fb9ca37
SHA256 86acfbeabd86149bc433e735310db652af1e91b9e15738515a02e1f79e3c6a94
SHA512 51ad36749254e4ec481d8b8305cb7d8d0879b4785e6fee379dddb7cf52fde5dbe78439ef395c8550723ad7a2e70aaeb5172d06edc8845a3a331b634aad45ddd6

C:\Users\Admin\Desktop\PopPing.wps

MD5 9b6803ae493c9c9bd585feae42d3951b
SHA1 8aa310243c94b3923afc7004a2daa8329fe75c22
SHA256 897135f7744aff5588bbe8b37f7c567bb4a490f4b1f92366fb964057261c6ee8
SHA512 6a161a07b2274bd1bb1eea08922763c1c4dfa917ab396edc2fceba818840d9e5e51a5cbf62f08a950f4fe333c6c649c5f8f7b620cf999046c24c4f1d897ac0e6

C:\Users\Admin\Desktop\MountUnpublish.jpe

MD5 7c4f530b36dd6ca6b5252e505de95d5e
SHA1 ac61401b7c77226de04e9e8b6a373e0b5cd0b019
SHA256 572efa8f6d8e1b1ecedc6ab79a1ed4e74bc13dcee556077b75d403b0339d1fa3
SHA512 0b893e28e36ee3967c2d7b337be410cfff2715e82ac646e9814a5baa868403391b103151b2f91252a4a6602f86e6ca7f9a5585c0e1f369623ae4855f1efe0937

C:\Users\Admin\Desktop\MountTest.ps1

MD5 dd13767b69694bb2ab56c9db8be5f501
SHA1 d849e8c32c84f3730ebec57a420c5ed83af95d0e
SHA256 9503aa04944d0d342a3960bd988a8eec97ab32e801468f2475cf6f18d9e27b42
SHA512 7bdfceeb6e37b5e95f1d54178e4c671acfb7853d6592109db111ad616ddccb8fded0d4f7e7baee593bf154c9b83a4e16b3426f170e8bf710a17fa7ae28699537

C:\Users\Admin\Desktop\ImportBlock.M2TS

MD5 4724d9ab3f4acb986061c4fa13561da1
SHA1 42712557f41699c626d1ad2b708d772f3cd7e2d7
SHA256 48278f8710ae9d53257a90abbcfe4fdb5abe710111c4be97ae83970bd55968d8
SHA512 e5d74dc4d279e4beba64ce73adaeb33dbfd9f387c81a42d12a08ee59d99317d200f3813df0f087cffa6cfccadebb24e0b0cce018f84a2f1f79adddd5f4801c16

C:\Users\Admin\Desktop\InvokeResize.odp

MD5 4488b8b3615c8ac7d362613ee6c99d1c
SHA1 1dd80918a947600a507d43503002b78674c66727
SHA256 7eab02ff49f6ee418b98c241e790e1df7492e7b35f0c09789b858265b46ca03f
SHA512 515bcbfbfd1d84fd23a7d57214fc67628b812d41768bec8a04022b81be018894e64840c03bee84a3b78af1de365f5c88bcbba392a58f72de8f486528742ec37a

C:\Users\Admin\Desktop\MountSubmit.rtf

MD5 94fc9ea761ed274eb41792f76fced2f2
SHA1 adadd7f007fe6006b4ce67d8831549cbb4715ea8
SHA256 1d866dfc5e5bd15d95ca5e78c5093fb177ee578053b2404bcd6425d7ba997951
SHA512 ad8f399a7c24629500988a693c7f1253854a35ce1ac121d95c868dbf4454856b6b61c49cec78a7ebe37d9587ef19b8fc4dbef4b3d939f057fac1021c9a18c367

C:\Users\Admin\Desktop\UnprotectUnlock.3g2

MD5 747868b65cc3901e208afe4fcd4fdd54
SHA1 98126b498696ca99cf6d29c3d6ead42ddf071a2a
SHA256 eb2391f7081f282229a861098103a1dfc8a9818e01db0b6eb5c607ab934ea6b8
SHA512 e0fbe93ad502504d250e83552e04a4713b18cf2825e2d130561c0d1213b429117cfae8b4b38bbb590d21db949f0b6d850ed4d0d0dd10e27fbbaf591115c1e9b9

C:\Users\Admin\Desktop\UnlockOpen.mpg

MD5 cf6e0f4be71aa257a8c6382401ebe46c
SHA1 f7c03919b7bcdefde9d8b8e17828ffc270c2cca5
SHA256 fd0d66702b96a85c6d161fa162313ecf97b52620cb81fd0cabeca8d9a3b4b63f
SHA512 22e6735566c893af741c9addb44553157ec921b621139d2c93056786995a76b7b8d5eee8676412a2288cfa369357ede9e2c9e1576fa5a2442f14faaddf028ab0

C:\Users\Public\Desktop\Acrobat Reader DC.lnk

MD5 a642ce9cd936644b11644212466d56f8
SHA1 d72c36d2f0e20574a9ee06ac4140a8583d260438
SHA256 5efc35cc146809198c02675f88725ba9195a9dbdba1d842a63f5766036b31050
SHA512 bf6ba31de7d7abf2d550fdf14cdbdc8e84364957badc0ae562dfb528850fd9ccf60cc62c068285c7eb1e3ec7ae092bc835d517afba2d71817650431ae17cec5d

C:\Users\Public\Desktop\VLC media player.lnk

MD5 fe0185200f58d45aafe80c6d3d63b494
SHA1 1989a806738d73240499ee3294b8ad6af44ca19f
SHA256 9411eda708617491c76fc8577652935547ab294c832b8d01926e5571b021faf5
SHA512 2d7b649541cc4e5fc6dde3191cec456aa17889df73243c87c217598894b9b13242631e4cb2b70bc4ae5d83683522ca6d119a7d2f6022f39bf9bd8cd7e9749d03

memory/1856-30-0x000001D759760000-0x000001D759770000-memory.dmp

memory/1856-31-0x000001D759760000-0x000001D759770000-memory.dmp

memory/1856-32-0x000001D759760000-0x000001D759770000-memory.dmp

C:\Users\Admin\Videos\Captures\desktop.ini

MD5 b0d27eaec71f1cd73b015f5ceeb15f9d
SHA1 62264f8b5c2f5034a1e4143df6e8c787165fbc2f
SHA256 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2
SHA512 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

C:\Users\Admin\Downloads\CheckpointMeasure.svg

MD5 65ef4977fc726d466b93ee3cbc3a9369
SHA1 72ac9ed300c13a7799fbdb99d684c9fc6ee82775
SHA256 a2483f499568b2bb4de9dbb7e86cf4e06f5571e49e734bceda8299c752a592e5
SHA512 ef122d2a2dfe7f533b19c5159055b4250fd44e09d38d24a83509e53dc131ff22608263f88c5abb2eb94ed5af9122269467928f5b87c04c4562dc76d6e76ea19f

C:\Users\Admin\Downloads\RedoDisable.mpp

MD5 0ae858476ff3b8bd9ae8231dff69a553
SHA1 742df0692f53f8f59abcfcb2f1584f86fca84b7c
SHA256 6db968b669c60132cae75907256389bf3a4d9bc178b6fceeff6944382c6cffd6
SHA512 337209b75092b855bb1ae9085b9acbe2d8388ebbade0e070381dcb7361c244a2bbb415d1f4cab004860542319404bdb318adb901b200c58c1f9ffe0cffae02bc

C:\Users\Admin\Downloads\SkipUnpublish.DVR

MD5 e23fbf2ae670e589f4c3b4254c783213
SHA1 da193238931ba3475c02055c209bff5019855996
SHA256 f16d634bd02811bbfc25338e02306dd3e914d1fbd5e49cd658187290d7efc08b
SHA512 8960bbdacd955aee0fbad980013eca930e57fcf89e8ccdd6d15b19ea1b085465cf9e7c60131f183d19c24227c1e33e06a2316a9ebc9c77ab0c5295cd44bfe30e

C:\Users\Admin\Downloads\EnablePing.js

MD5 e39bd4aa14e2e72e4dbe68bd9227ac8f
SHA1 ebffef7850e1acee75e4198cd45a785aa5bdef59
SHA256 d1a022e0ad6bc775eff5f6402e417b9998d79bcde2b5b40b72bb8037a69cffb9
SHA512 7e4c42e40095e84c034dbabcd229363194f177b807aea9d1dfd9dca467f0ec60c34fdbb335dc7780fefbd3b195dff4e60bda853dfff86e953131eeba4cfaac5c

C:\Users\Admin\Downloads\SearchWatch.gif

MD5 e6f4805395848d1aad20148daddbb6d8
SHA1 66dd49779866778291ddbb94c86f4b94d5404e50
SHA256 f52c2fea597a4677b0dad51c7a07efb5048a9184989242404e1001a6a2b72c83
SHA512 8a2a8693f0a42416c11d541fdb49753f11492250efe075696896ec669212af734965a4fbde8af06006b025dce3aac08714d98ea28e1877c69e4d59d65fa77137

C:\Users\Admin\Downloads\MeasureDisconnect.xhtml

MD5 f41938e5e2e05900b191ed6cbd0c60d3
SHA1 2d624557a0287bb4cf2d71e23b8664a3b17c0235
SHA256 975a5e276f88f783bb2276d6158ff6fa5789662e35e192d856b66cffc91307df
SHA512 365fb6aaf19e8c15e662ded5a264897f59e95e53ea6a4b62a3fcb01c5456d2de81150920c26970edcf0e57665faae9dedcbab6ac372b54ca2e24c899ca345499

C:\Users\Admin\Downloads\BackupClose.exe

MD5 6ff7a3ac4c5170e239fbd7d8052f4dc9
SHA1 0c60479e7a59acf71a700429472e567dd8724336
SHA256 885cccfb1060a639ac47fc4eac4b02e628bacd07580b7e213ae4294f037e8bf9
SHA512 e4f311a9bc017eae695db0f741654e0783cc4399b4d3149910bc9ba9a09c1cc702f5d087ad0ecf0e6ee4b733569e2797865c3b8f485f8504c8ee1eaa2a4d1a37

C:\Users\Admin\Downloads\RequestSearch.xlsb

MD5 6b20401c4a3d8022d27fa73bcbc1ced4
SHA1 99ea5a35e036883d2acafc346c041c09991d32ab
SHA256 df8b3c64761c0f2712c4863944c4f0c9849ecd6e40a0f83debb53eaacb1b21df
SHA512 702a0d34f709cc24852be3f9dbdb26e87f705661fc719d6d0e815551c967363953649bde058626b4d295d353c72fa551fc7c3853fa3d620574c7a39c3d0e417f

C:\Users\Admin\Downloads\InitializeEdit.bmp

MD5 befd7a0640c1b8aa63c9f9ed7dd82eb8
SHA1 34f76ce95514baf89df0ec9a2b1756974f5232ff
SHA256 67c4dc3aebbf14e06584db0925963b0217206848d8ce4ba4a9c16a4d9219752e
SHA512 4c1eb8819212b6ba297fa8838ce1fc1d07c59ffa7b121efd32068aa65c0f175fe222d0c58e67de0634e9a80c3a5c0d33b38d727b673fbcbd87adc2cc24477e51

C:\Users\Admin\Downloads\StopRevoke.mhtml

MD5 a80e0152ab65326709b1e05ef5f13c0d
SHA1 d32d3e5ab6bd708b6a5b74b77267248b13017380
SHA256 f59f86f3f0f113efdaf1ef118eab91a1feffae0b741f6ca73c36e2539c539756
SHA512 1335a0c8847f0f0cfa53273d59360d8df47cdb4d72934c73077c7326108c63ba36f4b83fb4302b7e46b3c23359450352c2d2efe1400332e7111a80d19b5f94f8

C:\Users\Admin\Downloads\ImportResolve.zip

MD5 80d690c25e18337b3ceb09c15dd478a1
SHA1 484bc73ef11a531e7f0c4d245f86907f54e5708b
SHA256 b2d582e53263de6eef8c115b1d15a54997a8842b10cb931e53a38a343767314e
SHA512 2c5a8f943ceed3c8bd50ecb86a4dfd2cb2ff54f0e846b6400b71ad61afe7e887c57e6ec7d4c2603d3a68e7662c48b93f4a629abf0ae6d9d4ffd1a10f355d74c9

C:\Users\Admin\Downloads\ConvertToInstall.aif

MD5 673c407f0277168a787225cca9f70fe2
SHA1 2de36de9063cc80c4a00b1b6b3d1e80fb3d8dbc5
SHA256 a9806a21e93f9fad7c247fbed96016745a1a980fb382eec5059a362f34a36531
SHA512 f1cf7a8971e3d6cbc9594b56691b217bb677e6bde469163a2ad5068584c3e6885d3988590e87b3aa308563aa6f4d613eec905a2c1e8abb292b8a96a779388d6d

C:\Users\Admin\Downloads\StopRequest.emz

MD5 4d8f159918595188572ef1202bd0da90
SHA1 fa7afe06c744ca8455fcbac93260aff06d963af7
SHA256 ca13f205be4a8519ee9c2cae09bdd3bc226fe99450f0e28344294cafeb85155a
SHA512 89be009a23d1008560a53d474fcafc5208513381456c0664ed34da520014447287e8f6222029ebf6a8efbf1faf94a1fcc5384bf2c8157a4e045f2f51811e3fb8

C:\Users\Admin\Downloads\SplitRepair.raw

MD5 78a6cb764003dd3f80e2ea2346660406
SHA1 bb1f106dfcb16143e6d1b5138998acebd72f5923
SHA256 52bfc45cf16cb00e444bd44eff5948174e305a0253b8cd31dc7b572d343f1b22
SHA512 0a6a580f83a4f674973917ac8c7eb018b2d998cf65140db00c37d754fca94c8b5d91e494a1ef5a96207e7f978e2abd1d058f9f4fc315c35e7cdd48d4bb6f1b76

C:\Users\Admin\Downloads\DismountAdd.mhtml

MD5 fae91e5fcd91bf1feed13540a8762d59
SHA1 c5c0f58f6179734ceffbc268d089339f85303d20
SHA256 15d01dfd7c0a7d4a86941fc6b62e5552fda0c168c3715493e3528f0613d11656
SHA512 e8014edf2864b62afa8aa15183f5919d3034ee376b6d0788f6c5a57bf545a88ca09b75eb71a0c627234aab6e59c3aaf978bc4c580913505791464c59195cc632

C:\Users\Admin\Downloads\ResizeStep.mid

MD5 37a5e3738a0634423b5438b840991b2b
SHA1 8cdc62c53ac2a704a2c74667fedabd55d5ff9173
SHA256 f83579f5dc304193c4d4ef11acf6044516b481b67ca81351bab394da69406d07
SHA512 700e9f1aa6a46b1e0278c7b9f042f6a6fd37c1b0b6527c4cd94a1db4b2e8807a83e6b1867ceb84e28257512adf6d040b0dee53b7fa79483ed01233784313b250

C:\Users\Admin\Downloads\CompressUpdate.asx

MD5 27b0ae19f5e080c4f5121ba9ee02a35a
SHA1 7795471068fe8827076aa808aed91a1cb9e2750e
SHA256 eea97d3e8a0f3b85a7866c4bbd93c704f551f2e47f7f1823148f1aac5f8441b7
SHA512 0e42cfcaf3d7f6b8a42d18bdb55d18711570f6088def2626479bff75bb2f65fd5a753c8691641dd6bcee5e123e2941a44dd49459822d8017b98fbf17e35e0fa7

C:\Users\Admin\Downloads\SelectRename.vsdx

MD5 43574fe1bf1820176cc7d571b3116655
SHA1 6fc4d23109907fb17664155bd8d556f9975ffc18
SHA256 de04b9885d0aa1de20ac1e64424c31fe077de0657c688f45a0e78b47f7a236ac
SHA512 4dce8f0aec99d007bf91714ba052192eb516e0dec92fb89768d8fba3befa9f8e0cd11d7f655f55e088a96373e85e1a437aa3bf91ebec6d44b89d235156f2efef

C:\Users\Admin\Downloads\SelectImport.midi

MD5 68432bfafc6ac010b7357ea53c006442
SHA1 ac15662717412b91bdc7c8bdad03df48e590459d
SHA256 046de520f4786cdd5a0f795b27db7c3db93528b3e4ae4b63c954f6baeb986490
SHA512 5aa48d516e8e092a704220b8e4e5b0ce0f920b659a79911b063e93bbb69c311ae33781d2c122fbe63111ee652247af566576140d5b403a11b7877adb8ce02b1b

C:\Users\Admin\Downloads\DenyApprove.xlt

MD5 4371227de2474cfe0cbb966df06b7ad7
SHA1 deb6100a1b3e0463ab1844dd1d8369020b880e1b
SHA256 b2b23bd8ec701031f1cf64efdb879b1bd56d001060f7e3125e2da9304e5145f2
SHA512 d7d6794903b49636b38e0b4e2a42ebb16b1bb4225995ed66faf896f7c80f8f614c0497071d92effcc84d835a53ea7e7500d50ec8c15afaedf8f243beba55fba0

C:\Users\Admin\Downloads\UnblockOpen.mp4

MD5 4bae3b6a6ff803720dd4b7d469dac64a
SHA1 22bcd5107e5e37eae430e0adb5a17f0fa2736b6f
SHA256 100b6579d82b79aee292f318d8e75c6c5a1190c0710504c23f2e6746b3d4cdbd
SHA512 6fc1fd80c4834698acc6e0f12a96c0fb9ccd320548bb307cbee6fce0027a64484727e4620833c3b7986d857c9498e49fc5fe19c0f3db14a828d55d68adb4905d

C:\Users\Admin\Downloads\BlockFormat.mov

MD5 509eecd29099a6344131a3252eeae14f
SHA1 3bc1188d02292562c0f0fbb03d65b91cfd9b84d6
SHA256 3bbe10fb111aaaa9275041678a5c4a9cb5a490ef5d299f13c3b4653fc8189edf
SHA512 0bd14ea21916d483ef6ee82cc3c264c825c5adf1ea7ef37a6ed014357af78a9d20ed4ed4ab45c9485986b263b4bebcc098ad5a32b2767f6f7538ff2a592fc26a

C:\Users\Admin\Downloads\InitializePush.cab

MD5 6d5cc4ce3ebd4918a1204ec6e3bdab69
SHA1 b60bf3e87ff028923fd85ea06ed35cbfd8dfb35b
SHA256 53c667e640bacfe1661f85835ea215ed5b09f042b97452fee142a58778b62a36
SHA512 42ad4e866233391fec79e310a1d9efb95f92f357e7a36c3dc9b4462ab216c531686d59ec77e43ea88bc50a0869d714df2fe144fb98997431ffbda115820f94e8

C:\Users\Admin\Downloads\SaveDisconnect.txt

MD5 950f805d414d792bf2285573b9db9646
SHA1 402e7d07489819a11408520d1c084ffef88f2f63
SHA256 b56b1e3de03b7ac3016558e2ae91a5a10837e1af81c34eba7fe4bfc6c537439e
SHA512 ed549cf73c5b780e89e98d5a71e7f9161d1ef4d9c76d5f9f59394a3055fed472be1a836c8681b3e9b88ad364d38ba65b61544ecc8a88c34662d3501cb56df21f

C:\Users\Admin\Downloads\ResetConvertFrom.MOD

MD5 548ea415943595986e80068055998c91
SHA1 9900a6045b29e1055a62854cfa404d26a2042243
SHA256 57d4939085d1f6d6e199567851091b5565e50b7adad419e8a290e89f6a2579ef
SHA512 eed665bd4bc6b72669707fefd265e5e0845986cd0941e625a495941571569ca6f34cedcabb39498252f560a277c5375b341b787c431d4b0f3bc57db8f6c611fa

C:\Users\Admin\Downloads\NewBlock.xsl

MD5 c1b9f817d50d70de3f4fa2696a7c21a3
SHA1 66715383a091fb59d6d82e22e097cd06a3d4e72f
SHA256 6487d70e17a8d3d8a4d72ecb6604a324fbaf71f30b43daf6f2b81c398c08e6d8
SHA512 25f176f9b30d94d2d3e2cf7eda3d63961a40ce1bb30027e7dc3582124578c294366ca03a64ace1169db9011eadd5e40574ce27d15138903382c91b7ef6831e99

C:\Users\Admin\Downloads\ConvertToUnblock.tiff

MD5 5c823d32351485792525a78c8abe4fbc
SHA1 cae333e4625d5ce924251bb575cbd38f1e0dfecc
SHA256 ee7075825ff7428d95e76438902a39bba93786147076860d499139735be0b9ea
SHA512 2c64831bfcb9df1e91a3f20e41eb3b1a5a54fc1e403e980c33c8fffba49f29a12d0c9343dd70ea3c6013dca4c53370932f6490e174c08d3b6358804f057cc27d

C:\Users\Admin\Downloads\PublishCompare.vsdx

MD5 e9615d4df9e49972b5c3cadee063a1b6
SHA1 124b531905187a78f969acccf8daefc16232ae6a
SHA256 b59025213fe41a1def317806badad36abfe6e5221a619eac9596038b150f3da2
SHA512 a09399a8d8dfae8f9d086de972b7357e2321e609312bcf8e8ec4d8f45786131d5dcb3634c72d62396beee38fff15bb4e327b9471733a4f915a64281ad5a2d3ef

C:\Users\Admin\Downloads\ExportMeasure.vdx

MD5 daf3816b9fa98c72e9f2403175cd7d2b
SHA1 dfba4012368e4aaa7a13dfb39f18e8641fa63307
SHA256 af773dc3d251215fda34706689d3763187f5f0fdec240e43ea5472b06be5199e
SHA512 f2e8d7b2f17f5432969d4830098c3cdb47960f3a28d9e01c3b37c016b3db3d68e1b3a78d28a7dcb2ff1111d449a5bdc533dcacdcde165e4cd909479a3284bb74

C:\Users\Admin\Downloads\UninstallPublish.cmd

MD5 5d4dcf022ddf44ad4b9205a5aacb41c4
SHA1 df7c36edb7f7d023cd5bdfaed3eb391aaf4ea234
SHA256 7c4594ecb4024afa4308fd10b16a6e9c75d8e5e61aa7b43ab63f24973c68a614
SHA512 4daa885d43fd3f7fe6b3366ccc3fa0184613de4c2448d6a2a7c37c91bdbc176617d45583d7060a8013cc1e39dfe7905d2afd2064d09e262603ebd3f08a74ce46

C:\Users\Admin\Downloads\OutStart.ogg

MD5 f40fdfb10ba827539548c4a08e3fd6c1
SHA1 3cc29a43e443d7e4cc0bff7dbb7c379ac76cba18
SHA256 d98dbb55b7a1ccb709b68314aff5e19faed8b6f9127d8b428d721cca6cb21ee0
SHA512 6bcba062a9d3491173544f17a303000c0fd0e52b1ed4ea738c83d953c0f6338ef900496e4b7f41c97113e18f471c73c9bd9fb4562d4f220d51a8dda1b4e83470

C:\Users\Admin\Downloads\SelectPush.3gp2

MD5 63589f2f2d26b45f033a2e8ea5f54a2c
SHA1 e4e6ee9abf4a7b98192f2180af2d9b4d24cc4bb3
SHA256 58d7308d59b5f754713904a622a749f5b5c2d9f77eee4f69bd94e343117b62e7
SHA512 c767cd3048fbc73de2eca9289dea6350b1a486bd3257f2258eea303c9a82cad33de006c08be9bf0c09645c4842191ada878ab4f1f5d316acceb21a203dcb329b

C:\Users\Admin\Downloads\InstallOut.jtx

MD5 ea3afa9e999a966fac512202a507204e
SHA1 b9bbe0811fe48e19e109b485aa54afe7ef1f3753
SHA256 ae2c978f1c884b7aae07241ecf4895f5bd2f7027c17b6f3873cd727d5030dfd2
SHA512 87d5332bf2a7d57bca12123dfd304c431ab2e22146616b3cf2d78ff856ba960a06f80c0b4a8a5b3079d2f1fe7785224e97225fa627ba4f3b979b827382c6f4f5

C:\Users\Admin\Documents\SelectAssert.xls

MD5 e981f700d1266637c159e0d4af8b8a0f
SHA1 ac44ee6505695224e9dc1b4e2f7d0605e024d2eb
SHA256 0eabf862553e480049d5d5b3c49569d075fc85e2c2220a9fab7693741ddd8dfb
SHA512 96a96743c87b567fcc886b5ec2a2a26ccd6699bdfd8aedb5d4edf7d671e8d047880d86c7d34b761cbd6934fbf175d053b8cea75f3b595ef0e70aa255cc144ec8

memory/1784-93-0x0000000000400000-0x0000000000481000-memory.dmp

memory/3760-99-0x0000000000400000-0x0000000000481000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nso799E.tmp\LangDLL.dll

MD5 20850d4d5416fbfd6a02e8a120f360fc
SHA1 ac34f3a34aaa4a21efd6a32bc93102639170e219
SHA256 860b409b065b747aab2a9937f02d08b6fd7309993b50d8e4b53983c8c2b56b61
SHA512 c8048b9ae0ced72a384c5ab781083a76b96ae08d5c8a5c7797f75a7e54e9cd9192349f185ee88c9cf0514fc8d59e37e01d88b9c8106321c0581659ebe1d1c276

C:\Users\Admin\AppData\Local\Temp\nso799E.tmp\System.dll

MD5 4f25d99bf1375fe5e61b037b2616695d
SHA1 958fad0e54df0736ddab28ff6cb93e6ed580c862
SHA256 803931797d95777248dee4f2a563aed51fe931d2dd28faec507c69ed0f26f647
SHA512 96a8446f322cd62377a93d2088c0ce06087da27ef95a391e02c505fb4eb1d00419143d67d89494c2ef6f57ae2fd7f049c86e00858d1b193ec6dde4d0fe0e3130

C:\Users\Admin\AppData\Local\Temp\nso799E.tmp\nsDialogs.dll

MD5 2029c44871670eec937d1a8c1e9faa21
SHA1 e8d53b9e8bc475cc274d80d3836b526d8dd2747a
SHA256 a4ae6d33f940a80e8fe34537c5cc1f8b8679c979607969320cfb750c15809ac2
SHA512 6f151c9818ac2f3aef6d4cabd8122c7e22ccf0b84fa5d4bcc951f8c3d00e8c270127eac1e9d93c5f4594ac90de8aff87dc6e96562f532a3d19c0da63a28654b7

memory/3760-118-0x0000000000400000-0x0000000000481000-memory.dmp

C:\Windows\Installer\MSI1D24.tmp

MD5 67f23a38c85856e8a20e815c548cd424
SHA1 16e8959c52f983e83f688f4cce3487364b1ffd10
SHA256 f3c935cac911d9024c7797e8ffe4cce7d28154b236ad3e182f9efb85cd5a0a40
SHA512 41fc1b4e2f47d5705861ee726c8d5d7b42191e7d586b370981da268414f207f6dea00a59dc53012cf6510c44651fec4a3a33bf69e501d85fd2efd66517e4169d

C:\Windows\Installer\MSI2C46.tmp

MD5 be0b6bea2e4e12bf5d966c6f74fa79b5
SHA1 8468ec23f0a30065eee6913bf8eba62dd79651ec
SHA256 6bac226fb3b530c6d4b409dd1858e0b53735abb5344779b6dfe8859658b2e164
SHA512 dddb9689ad4910cc6c40f5f343bd661bae23b986156f2a56ab32832ddb727af5c767c9f21f94eec3986023bae9a4f10f8d24a9af44fa6e8e7e8610d7b686867b

C:\Windows\Installer\MSI3821.tmp

MD5 0e91605ee2395145d077adb643609085
SHA1 303263aa6889013ce889bd4ea0324acdf35f29f2
SHA256 5472237b0947d129ab6ad89b71d8e007fd5c4624e97af28cd342919ba0d5f87b
SHA512 3712c3645be47db804f08ef0f44465d0545cd0d435b4e6310c39966ccb85a801645adb98781b548472b2dfd532dd79520bf3ff98042a5457349f2380b52b45be

C:\Config.Msi\e5d1f5e.rbf

MD5 21438ef4b9ad4fc266b6129a2f60de29
SHA1 5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd
SHA256 13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354
SHA512 37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Config.Msi\e5d1daf.rbf

MD5 66faffb88b5f052bc3f569c1cff63df9
SHA1 7efc9c11c51993a1da2e3eb1329c72f8553e2a51
SHA256 34bdca264469ccf8ad439f3d5f8f10c80a73d361b0462440d70dcfd37678ff84
SHA512 923ae7c122ba5e9569190b7fd5cb3e711ddeba7142db6494f700294124f9b138b7508d3da7c4a14dc74b81ca040ad8597ffc27d4a7e66dbc8e685dfacd6d0128

C:\Config.Msi\e5d1dae.rbs

MD5 790298661ebf8a96dfc2074e90d9e27c
SHA1 a886d263618009e2d664c4a6f124d62c7e244d72
SHA256 f2a721e5d0608c8d8b4d0334e211f187c1c0b407d52693d786546142dd38a939
SHA512 eb417aae72a9a7eb03e5e8304e889e5251bd4d140d6d9f70ced9622e3488476f3211276b5e4e09cb1e43ddf16ca7e8384161e032126d474e030b972918eb1836

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b3de73181b6362c99e0e4a1ced32d9fd
SHA1 9cf1b10c99a3efaf507230b3436bcc105b03ca19
SHA256 47a2eff3f4c4598f26090c2fca67b297b78908226a1e2d8af0f7835cb692362b
SHA512 293455213d6b1d67ae924217d873f1e3dfd927c17f640ebe7794f253ef9bf0b019f7a3ef1c2f0f7c01d69a210632889f877539219ca6db10b4c3d7b7a5ba7c3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1d799b09b5fd9c74632a4e2640b69f73
SHA1 502d967fd23eb5b9252b468d0f55642782bcf129
SHA256 c2ba8087f7428c8a70e03eda2c68b135d0867f2d3f44d778c192869ed2c57e20
SHA512 73ae21dc799a3f0047027a811d87b633704af8ecfe15af29f47b82923ca0fef9a9659424e1fa93323af3d58e32156b4e366f9be859bcf6e402534a64ff1c4466

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e60adcd08d4dd776e1219867377648c3
SHA1 3b6cd8a2835c5befdb0af050ab9329beec6dd33d
SHA256 af5f44bd6fc2b867efd3e878e735f330461dbf3c7e755200516cb01d5e735643
SHA512 3eb42d10780b1b50f166bc273cea5168d16188c7f9892a4882855d63fbb5bd23c1575998001bf15c89132ce4fa15151c997e279e28278e027d298387f0c50e1c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 8699a6277beb3591f6975eab6387666b
SHA1 2ba7399e3f0319e548f817626b3352f874659539
SHA256 8591dc7e8cc27c4083029938249b59032930a81e714c65d6d4c39449353cb40b
SHA512 967eaf34dd0924243e644c5bb20aa4ce3001dbee3e44c44a42c7e59961b3719f52acc20b21a03e057afe2a2bc22d956a73b1eed479420a28cd9bf0e249e3ba83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 29f557bbacc14a89a23f85bae323210f
SHA1 ed67050d838109c98b855f52c6ceb36c1d83c4e4
SHA256 0742b7e1c239d2770d271b73e23be5dbaa7f705328d7c4c405cb05ac1258608c
SHA512 36897e08a82ea98ba85ad930d380b38e2acde7d5d84ce75fe6abc0f4e1ff8ae3d93f258538676f1d9ab77bc36a5a895c66025d1114d762bb1939c3804b65f4dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a073c66035ad18830bba2abade9adc98
SHA1 690d896d970f271f43b1648d847a83fcd501af48
SHA256 bfec89743557124d94a423f0abdac8bef4bef839d8dd2d142ffbdd239c7cc09f
SHA512 5e5c5bffb9b79e0cc9dfd7a31196fc65577e62c6e74b463becfe584bb886104b823a998d50db03c200279cce4b9096ac15ab422a2dab6fcadd9c71b5ce2f40fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 51b3ffcb058921ac8406c95cfb9650c9
SHA1 c2ca11b9391966833cc3089e0d282984df01d82b
SHA256 bd0d86938b9e5cb2d34972d8dbc39559e3b11bcba663cdcc898e30bea2bdf538
SHA512 b44fa4596448382b42d173a73b5b9d086209a6f8d448017936c8cde6ab39854207135d2c5788cb859c30b7bc6db4d155073f59515d6802fab01c33c6413b418e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3202502a5d598d600931d9f5c1d16273
SHA1 6a0144cf73b27583ad1726105c8838bf90c9fd39
SHA256 6ea5aeddb3285d5c28f35687d31ebfe35244ba5cc51db09680a6cf9ca49f4f97
SHA512 0be781e7173df9bd08c0ef7a0f04c57389c9dc2942dfe699fa0d33a7dcbc33f4f7df7f27bcac4c236dc276c7e6e789c394d45a3e1daf9c1c1a26b8cb144e7d2f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 09c796cc9177b075489bc476b17197d8
SHA1 a7b4c10934f0e315989c8e73f1058af3810cd2b7
SHA256 232036f64ecf93997e6cb34dab003cd6b3a016b879e10024e0d202a664ae68c6
SHA512 fdc60a8249886906a6144d8eea3e93cda1b75d02f578f49ded16f34b8f909d0e57efaefec00b1d0eeada2ba72b6c6afa5cab04b3ac1bc850242886a21b36a655

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 4e41ed67c9d23a8f1d87f0e44cf892ee
SHA1 de15d809c50bfe6812feb0f2fa58d22591ac848a
SHA256 e5d8d30328d5a5ca2c5936820796368642c6b4d2a3fbb5f04cdb0a5e90b9b5bb
SHA512 39c0f3debb6af8bd277fa5f54d3d58334697cea8435a3635cf0b2789d7cb9d2d995e1aef6cea2619b52367a426279347b1271129f28f7072891ff54807d80690

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0c746df07cbedd0b064344fb688d1ca5
SHA1 22061b336a8e69574f294ffafaa88fee555ea56b
SHA256 ec87fc7ba99c8687157a2629d41c57ae1fae14f043ae29454c1062578c9e878a
SHA512 7db21808e380b2bbd3c119880d7ea8e13f6698e68bd6003a44432a4315f1d64a3a79fa8c363931e05ff1eb47dac48ee2e0c750439b129357e86e32fad29a3849

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\nslist.hxl

MD5 05ea4d7d3fcfc5ed4b76b0c3e1c7cda0
SHA1 bb2dafd5cf78979a83e31cfe85055104dff5e01a
SHA256 2a2c3bfac69ed00267b3bf1f78752b0207a11fb721634ef209b387dc01495cbc
SHA512 a5c159ff09f5f2f426eff2981802ad860c918cae21630f9b946391e5baf9e8ec8c806e5dca85f41ebf7d8a36cb405803903f8222f88893d5f2556dfaf37f72c5

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log

MD5 e80c895f4ee2aa707ef2cdc2ab4470b8
SHA1 7b5fd61c5e0dbfa3c224e69662465e55b9e1346c
SHA256 cd452b5f2f8a49bb8099e5ce1a876bc28866f623faadf5e22f6c387212a91139
SHA512 547b54166b0893a910dcfb7ed002d32860022381de8640b15c6865cb85e36fd0ff0f237c4ff86de624d5a6ced5d424ce0e4fc0c163b47d5d3acb4a52f3078ff1

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

MD5 d641a9828abd189035757b53be9a8edf
SHA1 ed5becf7761fc792a6f7774b93eee7ac18b02633
SHA256 7ae483ce505af4ff62052810ab0ba503b96c5a0a10211212f5546f64a94cdea3
SHA512 30edc4582082c357db5e7eb2984f14b9efb93b65f648feafd0669d19216f4deca572c8fc353ba1159285a70cf9be07680a06f4ea103cee4f7974f47052c02a54

C:\Windows\Installer\MSI6077.tmp

MD5 fccdc45ca17e5180b40efc28052bac39
SHA1 cecb5a7e8807e619956183897a64930ce56294d6
SHA256 4ab37b0f9c5fe3505e1ecfe0764aaa04838cf81f9e0a402425e057f7a251e621
SHA512 67a9cd2066155b35a4b11e7917c2b6dd1d39828bfbe2972b22eea79c1891fd142f50273dde0cbf0a500259fb468f7636db05131a70b3c54a143f945d037da1ce

memory/3520-1246-0x000000001B8F0000-0x000000001B91C000-memory.dmp

memory/3520-1247-0x00000000013A0000-0x00000000013AE000-memory.dmp

C:\Config.Msi\e5d1f90.rbf

MD5 745897fc2816625a0e5f1ac0f9af16a2
SHA1 cfa9d4dbd1a5bc728ed712cef8b3fadc903d111b
SHA256 5512cabd57b6e1fbd2b96c298d804a3795cd317f61e154aedb335f6c119eaf62
SHA512 7053e9c95b943a30006065a66830bfeb0f37dfb185fcc27019c205e3cea358a0f71ff8007cb6aa39bf61e3406e989ac8366226d83dea5e37c429a5242d1786d2

C:\Config.Msi\e5d1f91.rbf

MD5 485f3cd5a94355f8e6b0aa101abd9f04
SHA1 a91650f4f103fdf08c8c261cdb1746aca658229e
SHA256 ecb94457c6327a56138dee83fcd82e61352c45e7097309a2effc694e5e78d1e8
SHA512 31b1746d7491d4be907bfe966cecc43f9fac099f897f423cf0b85bef4846a325d209ab64408edfbbd110ca3d3d61644d0cd547e431ae6e6ccd5a74cd9dcaa794

C:\Config.Msi\e5d1f92.rbf

MD5 7e23e2abf1e03fd0d3c0ed71d3e67201
SHA1 77e9ff622eb2b07d4eb908146251d2061895fd47
SHA256 588aa09f39b70d191b92c2414217429a2fd21c4fb7c3f21fa1d57ece2f552209
SHA512 14496dcaaccd6b00b156d26691465f6fb85da94b04d0a804ad22a8f42d992ef201c4c92b87e2c9d6e5b80ffe53049ed8b44d67ec304bd604d18f6204590c7bb3

C:\Config.Msi\e5d1f93.rbf

MD5 57626036538c8abbf5bc761c8ecbb274
SHA1 f3dc829a302cd7e268b566eff47b9c5b3badc33c
SHA256 aeb0afc185056f716552564e277ef8a6740a4e7f1600032153eebffae18b3ed2
SHA512 2d508dc1d441187d18502f3d470a27cc8a34af5b16a97db713a2c34801ad65eaf4e15e7b13fb216c11ef4ce505e438e4dd49c326e8217341735ecfbedbdcd330

C:\Config.Msi\e5d1f94.rbf

MD5 642d05fef3999b47e67a3b979395d87d
SHA1 0806dda798421528f8e61e81ac4aadd20cc101e7
SHA256 53bb64373a30ee2b7b2d2fca25f1d0047fee7d932f351d902041b3d5fad6016b
SHA512 7f362c47552e0e31c1361f5cd81c94a7e3b1755b4c336b36275a4f42b77ddc775ad5c46e5aed5659f10beef92f228d52882b1fc421bba093373df82f110e2b2e

C:\Config.Msi\e5d1f95.rbf

MD5 fd580865ff5b65ffeead3da78f9d244b
SHA1 f26c08181b87d1a6979f97293413d25f6f2862e3
SHA256 5256b74f3447a7fdbaab2ebe6442160dd617fb10800fd0045895b280f603604a
SHA512 5c7dd9a96db711627e4e2f0bc57bc56a1ebd22d8063cc6b8d5d10ad86104b0aaef52fc17e84ebd07d902d345931aeb33e8ba1dfc334e8da251b538e5e8fb10bd

C:\Config.Msi\e5d1f96.rbf

MD5 1c213c5e8828353641cef6d74ee6838d
SHA1 6e16eb31f642327afbed7b8d4ca56e791b799cca
SHA256 a1cbfc3eca8b075ce204c629bf0cf36b0add593c8a28040018319e5e2533ffdd
SHA512 7b7a222c49a95cea34d8ea005302295572a9955a396bfb51e929a83fd351a67c55c4b8c1647eeb0d4d7bf5e9b0c9502d7f4f4e75970e5b004bb72b4c5c2abf43

C:\Config.Msi\e5d1f97.rbf

MD5 b4c6016286bdce7c51c3634999f2ea5e
SHA1 c446378afc6b12c372bf4dbf33efa61e9f7fbbda
SHA256 a8f8ab6c63c8d4471d158010f18cb24d4d2ccea495a160cdcef95a96183ffc6a
SHA512 a121b4df2348ef53413b82c69a66ad3654aaec7d40011dfa4968f9a6b9a5e1252089f39f4961f2305a678c227abc14bac88a3674ab960fc52f71f7c3776c928d

C:\Config.Msi\e5d1f98.rbf

MD5 dcc6434e76ccc91fa6c35df0d0d6f5ce
SHA1 ed1d50016a7db340208145d988a82ce7c126cc94
SHA256 45526926c328fd96d9be162238b22694fc496d7a946c0e5a085b83257e7e25e8
SHA512 90e08c83dfc95cac80150ebda86085ed2dc86fbc1b2f1112de15638f548e2eb4fc954e3ecc17d828a1a6ed549acde8a1f8ded666865d46ef30eb026127c8b102

C:\Config.Msi\e5d1f99.rbf

MD5 2317370717a6bf28b9af805dc45ae5c4
SHA1 ae6876ee8672be7ef18ea64af2293e0d4bf8703a
SHA256 01cd704e1fb542c10b368985c57204b1f78f1d61b07ae6cb193b47aab12cf663
SHA512 5257384b0e7d49852786f81b03d5cbf4026705c1ddf0c533faac970d92cc9e7b9f3a954bde5eefda6c883bbaeb7feda50292245fed9fd1e5914a404d66357ec4

C:\Config.Msi\e5d1f9a.rbf

MD5 f35d405459f10fd3d1f52f6dd64252ca
SHA1 5f3bf4ab1c25ec54e79afe7f92390a624ae5cf14
SHA256 384f7c7d81020a72029972324ec6d8b84dbb3f342418c15e0833db02174416c7
SHA512 2bf358ed9e7c09f49280bffb7e200d93ecd3de99d0a842bdbb468b808383aa16f444ad8888f030d1bad5e00fd49c7c3d01a72a256c96aadcab04dba59fbe0a7e

C:\Config.Msi\e5d1f9b.rbf

MD5 3e3b6511ef707e9d2344b320407ca1da
SHA1 af55e484ad47daeeaedc5efc0d301ed8d6a7be16
SHA256 8b8be00e22af7c415c0086e48c6ce86ec5d146c75a43829ead4a82d25b5ff636
SHA512 a14250cf607d8d3bde7b9f118bdebcda8deb1b4866042be3aa4d266fcc4734f47f2398c6635d4884d16935c58df6e3a64c68a6196e9892c0c6e2195904cedb30

C:\Config.Msi\e5d1f9c.rbf

MD5 5fe646e5f52a6183027c87160b922e2b
SHA1 53123095d2ff679db51a55961e7efa6f3c2cd09f
SHA256 ff729c37c44b93705b3d7f3e07a35e1debb5deb6be7a00c0a82546d0fb88c0e0
SHA512 a8e7b4f06fd7a2f46d75ba2a43e924aec6d6e270a0ab7b6a3f6cb259d33f7ac78b00ecc6d6b39e8f0433dd35894972790c43d81c7177bfd72decff8a4a768ea7

C:\Config.Msi\e5d1f9d.rbf

MD5 9473054628d25757f804cc2584a931ac
SHA1 1ec0e971be84d5e980988c16e1dba3b5323e7ca9
SHA256 6c699e95e7a018673fe586f5b96ead5bff5861f22699049d72d92ecb53497a47
SHA512 668ac3365f98ea2c6ba58d13017dd4a2f8ae28dc4bd8e8d72ee6fcfc3a7b51bf0b3f658e8a95c6f5bd2015000f3a347ca417915d99ca4fb7f4a98271a27ad1ae

C:\Config.Msi\e5d1f9e.rbf

MD5 d80746b2f94a3a28e380735d4b8a9ea3
SHA1 adf85a8d951e2ef30100f88bd072d333839462ad
SHA256 45bdf89c40a35f2bb5e8a49a8fe3b67a9984adb4f65bc40ebf4e320c50194218
SHA512 cfc016d2f98385f407d660e276e31891939792d7de667dc8fe0faff37e38fa7f02b55526084682c75d474757c2dd790b714ac2fe1300f39f54fea61b4b3780d1

C:\Config.Msi\e5d1f9f.rbf

MD5 5440ee9cd44616d60cde57ebdb286e95
SHA1 bb7635d6911311b2f3a637a2e9d8446fd0698678
SHA256 e3ba35c5572761c20eb59e25b2332a0cdfb726c48963d40291d7f977531e47a3
SHA512 4600215bd9788b30aa5a5038d6749aa294ca0d6d0063335979d2f4acc29af09967a9160bfd8a2ae093f7fcb95c80fd51ce832cb639354360965d0202a044e1a0

C:\Config.Msi\e5d1fa1.rbf

MD5 7ecb661f50f34a941a44dac7241f7d08
SHA1 772b0df3ad4a89a078cd4ff8e5f45115778d04a2
SHA256 e2386b60a73fa7c95a8968161fb1c84dd9143462b2880133778a3027f75730f2
SHA512 aa007a71da51b145a7fc702a0cd8930d43e03a884c331afb48de01e82e06c20d2a5325aaa893d03a25e5b670e9e0a03f002b55d9620202b6b48045e4a79b577b

C:\Config.Msi\e5d1fa6.rbf

MD5 524014d39a54d3908de59807c09cae3b
SHA1 cc166f76626f94cdbabd8095286a82a474af9f8e
SHA256 f259988c45f54338d57175fcf4fb9f895d484a4eb0c4b861a3abe885c263be66
SHA512 02bdff78beab753a58f46579e61ad4d2953475edb53b57f75ed4828ff04d9641f114357f11059ae28d82c1d28f7433a4eea7b7cc01c1fcf85bb5dc6d58261182

C:\Config.Msi\e5d1fad.rbf

MD5 ec5a78ba8d91e89c0d9b3683d0cfd5d8
SHA1 0db33de0721fda2e302c39b98f3987ddb9267850
SHA256 b3d09766f50b21e4b825d1ec7908cadc7fd74625b4757dc7952344797c72ac07
SHA512 c8ed1321211aa260ad8fa7314cc4036a743c0bc1ac06defc9d061edd4c3032f1e42c6cb06f2fa8836e66a0a4816a921961a5379b0e20ced8fd4f398085b125d9

C:\Config.Msi\e5d1fba.rbf

MD5 df0c6bb7965a3dfce5f0f158e9d5251f
SHA1 5250b2c7d557a71dc9fb0823fdc0cc94f0a81e35
SHA256 883e42e3319fa4c059623e4d5a937215ad2f2cb123e88aaec27955f258627c4f
SHA512 8b5f7cfb9d3d857b2396706cbcda445b9131abf79e84296ecbbffff0dc1588b19399b506e4e3110ac4782f60ddee081cd5243e598e0871738803512358efee04

C:\Config.Msi\e5d1fce.rbf

MD5 9f8ecff52bd15cff2deeb91bd325e101
SHA1 c82a0eddc66f95f0bfe1fc984671837cf0b07a65
SHA256 aca44b663633d4785d4fca1ed45d2c1d58c994fd927374569b8b5bfcd7079170
SHA512 cf52103d480a589e88c909239dacf5add2467adf6f4ad52d89af16ffb9a5cb32d7e771fe005694d37189ab2ecac08cad9ca7cbcc7d971f17d384a959705f168c

C:\Config.Msi\e5d1fe8.rbf

MD5 75e8bc00ad7da1e7628f146dc33cc83a
SHA1 b140b32eeb3cb2223efc7c92346e3c4ecf65eb7e
SHA256 5a35e93da45d610cebbdc4980e7a33b3d094039a49823561c8a3fb87e88f747d
SHA512 b80522f835414b493c97715823902443088bd33c7e54a5fda665d73de7899df5e59c44aafdde33ffc9d71dc7c48036cee050dfdd87a24c29a9fff8ac1253acd3

C:\Config.Msi\e5d2000.rbf

MD5 d8a76dfe6188e600bd7a8480dcedcbdb
SHA1 40080e226be118c2a0a8f9dd70879467ec09f198
SHA256 a1254966826e2849b1ba2d630e93ca7b75105c8d3acd9be795d625edf835ac0a
SHA512 9a01c3290be7d309e23a6048731c541cd0c602669ace34779e1e69c29da154b378edf0cacfe92354996e293bad205c1bfaf6a003840cf53216100cd39bf6dd76

C:\Config.Msi\e5d1f61.rbs

MD5 e4bac1e5331d2a5ec44703879268370d
SHA1 303287c6d1adc531a14f9e1dcffeeedcd7df06a2
SHA256 1a7750068b5d7398c85bbd9daa6451308c7814086bc9ca5f1ab38c22d94b8b73
SHA512 63e6f68e524140f89dc668895d0fd5c445d82af9bb695bf5c04643caac0ef01e6b0871816cb3f3fef056415d618da57f8f10f8365162310cb1c91fa62d809597

C:\Config.Msi\e5d1fff.rbf

MD5 1a063e60707636e76e61ad9784bb1eea
SHA1 baf498bac402a29b1330fcd20cfbacbc5d245cf7
SHA256 878566ee8a41806ee9b9c4cf590e1953881dde2127616a647fa31940a5096cc5
SHA512 39e2bcd04f4ee4e6280b7723a628acfbceef254fbea62833a34d7f4cba566c9556bfcfe2424ada027112a8b722da8349331ca416d00d0e3d6afbec96e3d91a65

C:\Config.Msi\e5d2003.rbs

MD5 e50dd58913a5e2e03db8be760d187706
SHA1 1613ac78a2e8a0c8906c800c114779fd1d94ce25
SHA256 95e92011dc9cec1f88fb1a55c42d5c45e9dea2c609db1153aec7f8ab331572c1
SHA512 dd71234c1bf5710ff22cde8e002c5347ac0ee321484b38ace2a5993ce0deb2c83754332b1cfd3eb5c30eb5fb0f4cc7fda3f8a250467fed2cdb5c9b2ea91a8473

C:\Config.Msi\e5d1ffe.rbf

MD5 683fc126a13b915b3ff36735ea5ca5fc
SHA1 d1ccfdf78919f51b09fbde02c2cf0f332601bd74
SHA256 b8361411d7b7b0094669b0f74ce8afb488cfad61e2c26f76473db9ddae702929
SHA512 4d88cbe5c42815940595b1c7d466ec84a9e753977fa234591c0b14d2d826423c5bef13aaf93e4f3637a669c56e040da53529dbc31339f18b0587b0c1270c14d9

C:\Config.Msi\e5d1ffd.rbf

MD5 4b15c6de8b0cbeb6d4d7d6e14b9ca7fa
SHA1 af3b589712be828302778a6e248ebd659fcdabfe
SHA256 7150db5b3af392a250b79f1078c87848a08b6c13448943d5a0478c2d37645b85
SHA512 1f68f55cb4c32d0abf929b3382d9b773369f376853912829299c6386648c39807c6242eba037bb3988ebecd0e8b7197c91583243154c569bef1f70d0d958c491

C:\Config.Msi\e5d2007.rbs

MD5 5db137c0e41895ff45193a6021b6e59a
SHA1 38f3f2275bf81e5374f2cde4ff627b8b69ccd4ec
SHA256 fdd82b6ecdc41da8256aa2cdc99a5a1ee0c8b0ae9a4c7f79ce3b6c1f32ab91ae
SHA512 2c718a1791c4a4e9cf327bd95a277e7bffdd7707d1220814456f908b44b022e8f6dd57e99bd75bbd6d05326fb3d050ddf3a52a2e5b3c239b0ad1fc870d21fefa

C:\Config.Msi\e5d1ffc.rbf

MD5 9f735917c0bba0f42b40e719047eefd5
SHA1 d8c1ef036b9d841db86ffc76d9150064ee836cce
SHA256 7acd536b7e7fbbf4578ce24aa39740279e7ffb7477bb77f6a2c7afbc12f16c83
SHA512 65522b77519efd6d43f17848ecf65d4bfed8f07d9f4212dce7f6c905650b4107396e7067c62802c7c953b02f78e924560c8ff151e195c0cab37606be69270a3e

C:\Config.Msi\e5d1ffb.rbf

MD5 54c12705dc6a32282762bbc4252e2b9b
SHA1 2d1fd38b5f3db7c7f0d7baee446a00099a506d50
SHA256 a5a600ca8a60a0af629047ef8b227feba5221c5697f820da69e274f40869a6cc
SHA512 c4d96a8d8064ef917ddb98532360a8bf318535b310f908a384c0ca140ed058f5f3f24f34c3992da4399386f546381cbb1eef5432b3ff2b7c19e0491dec8d4aaf

C:\Config.Msi\e5d1ffa.rbf

MD5 18a9dd94b5112ea94f3fc9fc22ff8409
SHA1 97a0b82343ef1599e517946a2c3c259b61e53ca7
SHA256 55758341c4094ac4cbf26712f45f1ed17fc1f570197538ac2267bd896a9f854e
SHA512 7bac448be18324efd337c7cffbae2c6db763d9d7450e70dd33b214981266008b7e4d0a895c7fd214d908b3eecb9a7a0ac0aba1d57c9e1fdcee3f9e72c39de3f6

C:\Config.Msi\e5d1ff9.rbf

MD5 32f2ac5f45b93b733cab1865affd588d
SHA1 5062e6d2a8c1e06e19c9f0b29164915286ece618
SHA256 38f422c1c5751cf6796c44fec1c478a2a5379ddb6f3512004f1fcedad3b35cd5
SHA512 8384c6aef7c32ac0f10aad8490d82b1553c3d194dd3f7821bbe2c75eb50a6e5ece195be6c09615f273d3d4935163c15d1c83e7bc4ef45fd1113a9f0641ae0bf1

C:\Config.Msi\e5d1ff8.rbf

MD5 158f96bd130a9f3a1f7e91dc611e8b7d
SHA1 207264f61e8d8cd77c7dd82e7c8c38927bcdef85
SHA256 89885cd48e706c533aeff66d45cfee67561db4708bef31367a546f685f30eb55
SHA512 6ae9e17dddd7ae166fd195d202d73904bf6482d727f0a9d5cc01454d4a58f9da027acc9591dcfacafa039379bf151cb385ca4208ea70baf069516ff98fd31d4a

C:\Config.Msi\e5d1ff7.rbf

MD5 d2d2a9e08ad2df5d73ca0aa0797cd96a
SHA1 f6050bc38d27c805daa078383506b93c5dd854c7
SHA256 1246532e2e335750fcdeb3c801f98eaca1ac6579d1bdcae1c5ca89f8b24fd879
SHA512 197385ac8d349674675fb411cbd246b53b0860f8cbd47b79f6f05ebefda4563e75285cac2bef45ceb12cdfcd4b4d42c47050767608f96eaebc7111dbdbead1de

C:\Config.Msi\e5d1ff6.rbf

MD5 facce237d5cc5e89d8e92a36289f588b
SHA1 5b91fe97781b107df2754a5d38807a597f1d99a2
SHA256 ed9b46fd9f3275639988cb71eccb7c3f31b48282ed78e4abc9ae303cab219bf9
SHA512 f0363e0c7414157dabf929fa9c4b49b74d86a0997481b48d29ec3f0708221d9fc4954f4ba93f4299e9ef0c31d38dd8a691b908cc6557864c1a4baf3f448286f0

C:\Config.Msi\e5d1ff5.rbf

MD5 62faa6fe395c5810fe4fceffcba62966
SHA1 ed830d3d1156c3a5ea6502148f4347af0c4a8051
SHA256 1db349e42e9c57afdefc29f18886a98290099b74210cb396ac5485247bcee099
SHA512 4e876c4afdce30b29275eda6ecbb14aaf56bdaef4a1951e6ad09bbe2af5a37667d18f4358c895843010336f467e0bac3a7f8449a907011124d4e374c7b0c1e54

C:\Config.Msi\e5d1ff4.rbf

MD5 aa8ef0154efa83de1c2786ab1cb76f37
SHA1 5e4fcdf55c34538dfdda172a985731019f74898f
SHA256 db7364a16090f58ce23aeb0426b005b1d1a965307d7d4de117a553c190ba5d57
SHA512 17d3c193a516bf56ee6a28ef708b01c618d5a159d7c389be6f54579638e3d9c0a9a3add7dc6e19c6f0b63b235c53bbc186d92e77c60ddc297e2df8c612332bbd

C:\Config.Msi\e5d1ff3.rbf

MD5 fca2f9f00de26d0b5af4881836d6337a
SHA1 b11dcad7c00c2c85354b131c796ae34bbbefdb38
SHA256 19e6ec40e9a239b3b208eb3f7874a76e12adbfc8b865f43452296df66a14e501
SHA512 7fae923c2a9c604991b172ac91e7e9e4298c01391940f23a190eb4bd3920c97af2476f1a4730cac350ddbd8956806e98870b46137b1711b224a6174c441af738

C:\Config.Msi\e5d1ff2.rbf

MD5 c30dfa5fbf9f2e6d18ceb7108923fdfc
SHA1 523c4b9043cd6d722c01215f64173b9287623d76
SHA256 ec383c0455491bdcab4a1e8692359543d96f82ad73602c171734ae8ce45449e8
SHA512 075b726d3e37d9ba15db1aaca781502aff97b90dc6a80c4e1be20368dd1c9df13160b9d8bce09bfe467b406f7d0b698c6ace6aee5b0bf4149e4508d9ed74cab2

C:\Config.Msi\e5d1ff1.rbf

MD5 93030b5af327ece3ddc3518410e1af59
SHA1 4be27729a906169d2afcf025e10f308fce35056c
SHA256 ea82d8bd8289e5892cad2443c1d586c0a311ddee52a8fda0f75072ef2317b650
SHA512 247e2d5e63e6bb12dd826e452ce7a1e086152a170e7f15c0d7794a1588838c2b6dd4038f07dac42844356795b72b5aa357e01039e419c6c5d90b05ebfd74da4d

C:\Config.Msi\e5d1ff0.rbf

MD5 218e31b07c6e07633a84f0248730e220
SHA1 47ee36529b741f3d52c487e6dad151f516c2eb5a
SHA256 241e01940f6f128aecc75d21f148468eccc2d368883f0f5a869fb7f58f57e5ec
SHA512 e0481b2a424da192bd9ae9728a89f7c1496e887f198150016ed262b924b1634b414613bb80b969effadb3e34a108992768102f48da7a41ea87b9f2a459a2ddd0

C:\Config.Msi\e5d1fef.rbf

MD5 9002a577c07ab2b99979435cd8b67acd
SHA1 5b3c6231c113b726ddd55fd8a8e3ae84b1526820
SHA256 c323b9ebba3aabb01111f281f604ec0555c6030134ca18422ac7f6c73721d9c1
SHA512 f4e066679e9c34cb44cb459ba178fd43ef2e600f94f86ded21af1583f182050178a57271f2a15967c2caa87fb6eea1f5409edcb87b95775245db45af6506bb47

C:\Config.Msi\e5d1fee.rbf

MD5 4d4774a30da56119888490cdf3157b09
SHA1 360221725daa9b7a14460fe6939d54b2173fb8d1
SHA256 0ee427eaedbcd82bd07674c9793435443c5b1c0780092909cf791198f0ad85e7
SHA512 eca13baee14a633c3a193df85c28eb797c18063977cea410d6ca41d0aca87379d04e6d2850a032ae5264e536863186e96eb9dc8baf1440517d69e33d4de73130

C:\Config.Msi\e5d1fed.rbf

MD5 7a016cec8851a57b2f0376ae6d1fc837
SHA1 f161f9d8d7b073c1f17f55719c37124969bd7d2a
SHA256 19e5e00b55a8b1fc36c33d0d4bd0fba24a03a0959e91f3ab59acb353fed9677b
SHA512 f646fcd298b7a5d7b451219544ede8dc7e09aa3ea6f9a4256d336373d63b475281020ac70e5e08024e2dd8b8c886ff8607ae3139ada650eb8a6293aa0a141456

C:\Config.Msi\e5d1fec.rbf

MD5 63a1e9cde10490008ba7ef47a12179d1
SHA1 5299af182b7cf08f95fcb3815149d7c54e73187d
SHA256 9b151503214ef428ece37af31d3d8345f1dc27fd26d17b59c52b718e8fd08bc4
SHA512 dc4074fd0614212d54dad0370bb99d53dbf9078cd3d4981d96f5ecebe36c82df0406cb2c232d07a1928a1ddddef74d832db3e7f479d5d3c1292481143c382efe

C:\Config.Msi\e5d1feb.rbf

MD5 bd3e2c28c647533a057b5cdf8bff2c5f
SHA1 d36c80e460c5dde615ab1c268bd89309225ecb82
SHA256 f2742a96cb0a290ab71e316c086db449e6262a4614c70956f69165df8f9a0d3b
SHA512 14aba74084828f9710a1880d8ab55d7c76532d90ef6c9b8b5aa4cf7c67cbae1892b909b35e9239afba181a09f5bb59bf2607862d16330cae09fdcee0248a18cc

C:\Config.Msi\e5d1fea.rbf

MD5 2a9b706d83be29f32a28f29be397e533
SHA1 31135de80dd7b7c4a27516806fbbb13d871548d9
SHA256 db47a4a99dc0cb5f558891ff552f75053122d04f4e4a2ff6165734cd456a0236
SHA512 cee9cf2576729b34f1352f63d9684695bd491586d31d3b3e81b11f2136b3843d513dbf59280b5aaa63b1cf085f0840040abcdd9d3d72dc15103987b2ad812e64

C:\Config.Msi\e5d1fe9.rbf

MD5 775dac5f81248b14182c82013672c42e
SHA1 cef7bba712b25da04f60f597cb614c7e4b87f24e
SHA256 e95e6d348912c8bec21b006ba6ef77e52fe74287debea2864180c0511e68766f
SHA512 2d99dd61a4ede26a11e6f4c3569732c47911605543e7a72b0298ad25e0a573ba884bdd5719cb8b7cfae43b25f41ccb764c8a233d978346bd49bee1104e7cc97c

C:\Config.Msi\e5d1fe7.rbf

MD5 219c69df0c23fdaf84e4c9ea2835a628
SHA1 d3b091bfcaa8506d299cb1d7453fdce7fb27dafe
SHA256 e9cb0016e439bab9d34038b15798cd9261640dec8c577a0035314de5d7892457
SHA512 e209df73a2dccfbc349657925ba9760dc2ea9b52e696f5159bbf3c729e768ebf43a1e6e86a28bf6b023dfc78fd217f03648513479956bfffcd4da04d1cadf8e8

C:\Config.Msi\e5d1fe6.rbf

MD5 e3c8239a97601bb203b9e9037eed89c2
SHA1 75f0e5f417477d4c491e8ad81f498faf761618a1
SHA256 27864727360196540664a55e1808db79f07303949156f843f0520106ebe047db
SHA512 71304187ca95a404d6d175d40be1dcf40d1744c644412e702a25fe7e9745977e3f826d7a9ba1f694c3da4382e8f97fcf41ec8dfdf40240dabee932619e26e7f2

C:\Config.Msi\e5d1fe5.rbf

MD5 f148286b321ed09c2d17e9e3637c807b
SHA1 b0928429f52028b512dad9c7e0996ee7ade315d3
SHA256 33fc291a41f38880549e72b23ec4598cb7404259a93775f59bf2be17f798a69a
SHA512 d175430df339ae9b0f46d00aac752697f95ced9f7407b2d15505645bce313536c065ccfe2260787d4f387ad548f02a94457e662c32174f36ee97a76fa8e59f0b

C:\Config.Msi\e5d1fe4.rbf

MD5 03898441f5d9a8809c04fe746fd498b3
SHA1 35cfba8e3600bd0a3389e96dd56ecd8efbf5ffc6
SHA256 8da3b816828229f66334565432f12973529f0d594b685c919b753cf2f692b296
SHA512 dc2c0f6c8d4985770535962ad31e55c13abe248363c12cf55a14bf1fe9dbbb78a2c91eefd9a4711beb53606202b1c2d5648971339c4edb9a61dd271b61416b12

C:\Config.Msi\e5d1fe3.rbf

MD5 5e1a793d9615d4d9e153ee416abc83ad
SHA1 27d231f4d1e2b473f9695daa21b22804db779826
SHA256 8186f5e641a5b0770b635814b5cec2a5dff43158918bc1174edb328194b27090
SHA512 f54e786f2fab5324ce87be1d84ae69f63afa4ff5399e00248451375d2a56b5a0d30c74b27e5fd56b06976ec62688b09dfa39c4a1a02d47c3aa92da21b5e95876

C:\Config.Msi\e5d1fe2.rbf

MD5 535d9d8441e0e22aa3f407c7197f8a0f
SHA1 ec6d047e975c107a7ecdf78bf352a5a68f53392f
SHA256 6e6afa2d6e7c46b9c64406efaf23bfdd3f7fd7a25cb757580f70730f4096ddb5
SHA512 f5e051ef6af191d86797a55dcd114ae920f8a285191f3f09c3493497d381f9ec70921d712c93280b3c8e82fefa77c040cf51e8af3a1e52b040a7fd442d9ee95e

C:\Config.Msi\e5d1fe1.rbf

MD5 c7fc5f01de9577403a1ea8aafad79e72
SHA1 6422fa355184394ace02c0ba88e5b8af3db7fa6c
SHA256 c778577e39211753844d5fcd2267464c043cea271c1477e866d40c9cbdbe49ef
SHA512 b7af7af4aa1dbe92000722bad422af6d54c842af065427e1cf82f61b1a0f82e71f2a2c9b4b12d1642205dc54ca23ecd4ac61c8015076389907914b0cecd04e87

C:\Config.Msi\e5d1fe0.rbf

MD5 bc9a83d77cae33f9eb9bd538ab65b2a1
SHA1 363fe5bb344cf1843d5f7eb2b0a725ac491ad6d8
SHA256 d0b2520c660959e388b3b24b1ebb7a6eca25dde878b0c0ce798657ae422a9c3c
SHA512 37ac66723c5bb78e45df3ae7175b497353343aec2eb5412213e3c6a1f3558e9cd68479728644643faac97c34ec3f3c43b7d01bb36b1e406613cb46ae4cef1c57

C:\Config.Msi\e5d1fdf.rbf

MD5 9e877ffed2e2c9a013c59581f88786b5
SHA1 d3bbb3e2c36520ec267463916d3356bf4fcd8037
SHA256 13f36534cf603cd722ac9078e51930cba190395d23d6688b65a8c788262759e5
SHA512 5b4ff6de141bf2dc321dfa05fe8c93f64ca91eae6b41041264736c3c6db9d0520c135103873c5f32a47c742fb51317b3303e7656cd259331113f9b876ad17613

C:\Config.Msi\e5d1fde.rbf

MD5 d68368708be2b6dac797743e23dbf655
SHA1 e843b858d72359ecf6fcdfca328ed19a7f23210b
SHA256 dff2dd57e4892ce613b160c935e2d0215d3357edb7791ceaaf880b5995c98361
SHA512 2542ce485c0c630b09be44a4faa841a3ebf2e1b7bd794e0b3fda4e866d97361b014eb3895c70c6b7acee4e29dcfd46b76697a1602666d1febf9cfa62988ea86e

C:\Config.Msi\e5d1fdd.rbf

MD5 1f50737bb92b1f71b15824a0f113d3f9
SHA1 4d78793ea921986d011a024b91ac59d6c02de6e0
SHA256 f48f267a6e081809bd5ae607aa649529849a6541ca303a5653f6515d865a6b57
SHA512 89e6be6df11dd02896382a7cc9ee41ce74d5bbf845722531ff9a26fd2cb1a016925ea7d4948a4a652c079dafd084538b9b74c4a5dc0bfdd3cb2f0293796481f4

C:\Config.Msi\e5d1fdc.rbf

MD5 cad14a2ced4a556139097c1f716eae70
SHA1 9552115b645c17165bacc2231725b3f8073105a3
SHA256 35cd20b4567788e3229be61becd6ea1eb115a2b81bfacf3d65d81d0003ecb96a
SHA512 df629a07c217880f174d52772090d49a5e88b73c0df45fccb714cd6ac4c01612e0aa755a1a0b9ba6c2a7a6701e6e94653e71a54c97a1076b7a5bde99d7f0c331

C:\Config.Msi\e5d1fdb.rbf

MD5 6742f826c21773c933fc2a68ceecb99b
SHA1 dc689d3fb31e7cab6a33cd2192d6114542173514
SHA256 a203989e4399f9443a8848486292dcf04d7c7180dc7d1b4af07030cb0532e036
SHA512 4138836bf9561104facb88c175d9a1d29863110b7e0108149cc0ff32edddbd30ee1b0ba4b7ee8137ffe36c973aa2901f7c23a3dafc79a26b09a64a8b95b6db9a

C:\Config.Msi\e5d1fda.rbf

MD5 1c8e5ef9f86430fbda800e45c0a89aa5
SHA1 4e18ee249a208dbf7d7b52d412fa0d402fd3ff2a
SHA256 6e18c01cb3fd1b795c062a00d2921e8e0eee8efd89fa77d50c5e16f2b7ce74b6
SHA512 721f29dfd9beed272cbe213eadaba62aa1e1979828b23a226cb05eec536ac495eb33a01da05de82a23113a6d0ad4012032f453339499db3816abfecdecf19b66

C:\Config.Msi\e5d1fd9.rbf

MD5 a3ae8e892e025e479978fb07fb449784
SHA1 71a1641ffb0da859af5e355c5bf4a9bcf1746e74
SHA256 a991c7d6fd80ce581f8bbeb7268032f06c9434cfa67298b0669c84d38be6535b
SHA512 e39d58dc26f8710006fefb51cfe1adb34c8886b6b281a8ea3d87a89c116e255d39c028cc42fce05a8ed61dc0a7c602e344e6c0957bc4156f9a76677687591a54

C:\Config.Msi\e5d1fd8.rbf

MD5 d87310699e3baac5ecc0f64673fe3485
SHA1 34460b0eb74977b98d9d3e683d5ffa2aec11059c
SHA256 4f9a3c48edbef17a0984c473d0d100e5541a26a92ed4ca3b336974c5eaabb4eb
SHA512 096196d3ff876b7cc5173e0d30125174e6fd1bb60432aa9cf64c3b22fd5ed2fa5a8bf35824e5840ab248b1015907eea0eddd964b4191f52454b03edf583e0b38

C:\Config.Msi\e5d1fd7.rbf

MD5 6083b2909a6c1ab52ce84da1b435e7cf
SHA1 e851ccddf1fcb0c2fd9cfb4a357f72633452f240
SHA256 0ef563502d57298ab0962de24692931a32327fc1338cbd80b6b0b2cab067c956
SHA512 53b8aad68d574e57f88fb3663b41455859b2c84ddbd152aa1f0973df15ad1ea1e72b57b54a0984ff8e4abbd1e4606833fb2e132d1d49d428f2e0ea4e7c4568f1

C:\Config.Msi\e5d1fd6.rbf

MD5 86a1d818b679edbe94ab51b963ba79a1
SHA1 2b9ee6b54aa2f709442e7e514335e2548c933318
SHA256 b36b011818770bafe044bd83826f38eb81093f529872a0b83e341f6863b3cfaa
SHA512 ee1ee27bc740b4e4e29a11f4a428b5ccf7ef545444db972b64a8f4b7884462b8c589b5911d7d33e3f2a7b0d97dcea0b5d610a99a00b04d8b3099e695f9acf5b9

C:\Config.Msi\e5d1fd5.rbf

MD5 da7787ae5278031ef79441d29599dcff
SHA1 4e2a4c70035808dd8bffaeb6ded8fe2980566e0f
SHA256 06afbd06123031d3198a25ed0cbb7cfb08c1184cb58ecd7d12f42c235ebb5b39
SHA512 2c1ac894e778aea4515be33b9e894f89a527a5106734a8ea6d6693557aff8417a7f7b340834dd1d207e85e250e718c1d0365332e77ffece2f9e1e81b0082bd7e

C:\Config.Msi\e5d1fd4.rbf

MD5 7173d17aa9ff4cda07fbfff21a584a67
SHA1 37b04626e282aa6ae2a2dc96117dfc5b0b1f25cc
SHA256 972595aefda400197282647fa6d6e40b58ac15591443213682a87d1ac80cb867
SHA512 b583058ce0a7bac48042d63142342a430701f96bb8c8c0f00e2bdb168cf431e2f98a58bcb889623f6e6775195a9d4bae8f37686a48a2cd0034e426d6089a4167

C:\Config.Msi\e5d1fd3.rbf

MD5 91ceea551937cb5da627f33ef7995ee8
SHA1 4e7483605c4027381e4796345f0a0e6aa9342a5b
SHA256 4256104f1e0eb69836f00b38813ae62f79abed1724e0b07f8aca908e7bb74806
SHA512 2d720c8a331278707913fc064d7a0c2727ef13b3f8cd46aa4e4a2936aab2b1228d78c1662856739964a87a33c312be2d3f65170f38d65545f3a3184c0ad635f9

C:\Config.Msi\e5d1fd2.rbf

MD5 bc959a160882b0de0583047b1b5b93a6
SHA1 78bda837a0fcc25623b54e95f3eff76c3bd79332
SHA256 b9ffa79403a9c57e5a36d6632bf8ebf8da0f6256c0b71fe4dba50390df17702e
SHA512 7cd370afe9903daf36543a2d57ffc869f2ab324fc4ef363119d4923eb3b6079485d6f1a0304b94b928aace18900d034d74ffa0d1cf8382301f6e22f4daf4f0cd

C:\Config.Msi\e5d1fd1.rbf

MD5 3fd311d5a5cab694d93c6de5ab39adc6
SHA1 2950e2cecaa45f46dcc443037c7a4db550533578
SHA256 4e5cd2074b70b073ff9010a22f6e469fc08c93f63e14c85de93377c2d0e97fe3
SHA512 fd884db714d134994c1ef742ee85d5002b07e29b8bf1db2120a4139198f162ad67b093be3f232eeff3e05976ad243ef691af69db86ebcc8e2d6f0400245c6a35

C:\Config.Msi\e5d1fd0.rbf

MD5 f1e8d3b056eb17b33d6d23b5dd20eb56
SHA1 7556e1bf214dca70ffec24768f3c549ab4ab1886
SHA256 e709b2b5901d6987b46febd4f3d5ba50b94e4ae4e0a6bde09ec981509b72000c
SHA512 914b340a8c175dfed4cdb99bf071e14ab787481517009ad92680725368dd7b7667dfe2ffcfbaa871b2a9edad6b8566828133dccbd0a0c7fb90cbabe4f812da87

C:\Config.Msi\e5d1fcf.rbf

MD5 90891a2ac9ef19d26ddfae3dcb69fadc
SHA1 14af0ba5b5b4ed5dd82685c7e50a544a5c5e7a98
SHA256 dde3ccb81cfcc3eb4cc65752fe14bf0c7ffc6814d55f7c9bca4d9ae638b30f6d
SHA512 4f97ab143a719bd614a63a3b34bb6ab6931eedf310e2e077c361fd63d2d579e126a3a419256834b021d86250114ecf4c0ef120c9fb267be9aea004b252c17a49

C:\Config.Msi\e5d1fcd.rbf

MD5 a06591a7b689e5fe00f6755a180af130
SHA1 a581485fe2c6d9acf795e80c7d6b0f3a0e721584
SHA256 6555b4dd2c4e4164c8e00c06f6108a9c1dcdf141a5ca54bbe5675e08750f63b4
SHA512 bc0195276fa8c7937c7c39d567a7f41cc4ef92521836515c11ef5b422d68aa791b96fed829900e998435eb5b719c3a21e58c94534ec1fe4d637e39d43407e4ff

C:\Config.Msi\e5d1fcc.rbf

MD5 070f18d93af687edf010efa343dcc983
SHA1 16858f9fd0d8ed788ec49460ca2b596c193d2af1
SHA256 89547b37ec7e20f96e1f1b9aeabbe86cac8a0372bf1520fbc2272eed16f8b4a0
SHA512 e7b9ca446b5ebf397e7c220e8a0f639ce20fb35a11010b641f6727ec1c9119093790d4f5521ebb28e8f6de4ed5c4c4f58a27355fb5d012ec949f0de3df5586de

C:\Config.Msi\e5d1fcb.rbf

MD5 be6f4fd7365dfa124d60114095380602
SHA1 66a41958ead9151d7e61d690f12006ca8a40df89
SHA256 66d6f247e3cae875c3c86dd16ea1aa3512663b8aa8626984007bf5343326bbaa
SHA512 e9f7d819714c905577a2603aa30cc72b87b7a66561c7cc6029dedf48de78fc3db580069602dedbc6b18496217da6b94bbe0c2734ba2dfa5f8b57b7fc6cbdb781

C:\Config.Msi\e5d1fca.rbf

MD5 8b1132f4e0387a233497141cf30b1edf
SHA1 2afb866bc5093b1281b2ad0fc4a29bc2cab035d5
SHA256 51063c0b520a9ab73aa3a0674c593c3c3de26fa9709175be085d2d8c456ab54f
SHA512 f528da8cd45823fadecf870a348f605e8fa199c6bb139c7930392cf638289c794ea15746cb0f4b9d918a1fcfae7c6578261e7c20fced854e9afa20974e252490

C:\Config.Msi\e5d1fc9.rbf

MD5 a5c7d3197e0ac097600d2901ed4f6e77
SHA1 a459c50978c7e377f1130d7779f4a2fa41d0033c
SHA256 8d0b449684a977a3d81b8fad0663a20555504e8609c987e84364a6e232b51356
SHA512 f9d662be82e96ff035c7aa938a9de7f47162bd4564575eed4aaa42ed4ef49ced0fa4a9b6b2b789b5655c3ac6787f7b3c8439d82962d9668c1d31e62a54a804bc

C:\Config.Msi\e5d1fc8.rbf

MD5 aef35350473c3e263b6d8d4a76616b7d
SHA1 265bf8cadf460109a3a2d0d8e23b7b1eb18d7660
SHA256 fe61442089ed613075613d0db818e9f1c87907dd5c76dbfa67e93abf7f24e135
SHA512 b4f966b9c921364283a6dc42d8b44ec10e8d032089dc157c23ecfda55fbb16f86b9c02cbb22fa0eee51dc784ed83876c9b29ee9cb1cbe823e3b99bf08e46cd76

C:\Config.Msi\e5d1fc7.rbf

MD5 8a138a7c5f6826e2adec47162589bdc7
SHA1 8ba9043cc728827655406126e46950e6a6bf35a1
SHA256 9d4041b781a2fe7e677cbbb210497abce1c6e566047fe4592d6b2bd182768c43
SHA512 beb99a0c999a2e2b3bee93c32246826608d74c95b4aa1e5993228dc5af9e1a775035f52bacbd488d7589f9821fe17df2652f94bc5b66297963fc3f6062b8e0fe

C:\Config.Msi\e5d1fa0.rbf

MD5 aaa2e20588e154a10747bf1b31b55125
SHA1 03cf9f79b9cacda13aeb644a88180222240b6f0c
SHA256 fd12cbad7d1155b311d97dd5da05869200c50e7698ce997cb96004f18018ad2e
SHA512 29df908a09bfd551c50a3c64074c88814065b5b4cdc0d8a1fda5b1d01cb1f1597f2b71b343b59b9fe99ec7123fe48f9a83f93c0880275c19969523a8bd56dcaa

C:\Config.Msi\e5d1fc6.rbf

MD5 e9e2502356902589e8b0b86314294f30
SHA1 44a972c0ccbd52ac6e21f2c0cc1dc81907b5e7dd
SHA256 c1fb9faa66ac74fd4094538d83afa96c8c3a5bf7f30ec302b7ed1ad1f4d99b25
SHA512 7e51bd97735028dd90e855d8e661e2aa8c9e859e2b4c02475d65ba67eab8cd99ce207795e9a6eb4b146483852bd90255feaabc7b50534a7efc43bbfdfdcc2849

C:\Config.Msi\e5d1fc5.rbf

MD5 967be7e7a5e3cfc4902a4dcd26eda18a
SHA1 f0b364113ccd380a256a3f6217b8795300d0fe30
SHA256 071549c2a67ba11cb90362c3a60b904e339c66d33add4e0fdaf348f17365695a
SHA512 db437ef46aae9b0f45bd21958397c163f2c55c85bda25215af041023c63531ae3e0b62fec62ba76b70c6a297b928fb7c8a79ce82463ade93d22a6501b756ccda

C:\Config.Msi\e5d1fc4.rbf

MD5 f8354171db5fc4506cd0a0b9a3c9eaf6
SHA1 f155f11010d91896161a2818815a1dc32f183731
SHA256 6131d4341986952f7343eeb984544a17bb5f121e1b24ad572ae93d928f9179fe
SHA512 10aa970372b956ee7d018b4d5d8bd7faedaef20b83ada551e7a260730d5a642c9ea13548743ebd470f5ecbc7a08ddead828c41e229c96538d93d3f0ea7cea52b

C:\Config.Msi\e5d1fc3.rbf

MD5 acfd9dff068c374658366e397a5695d4
SHA1 bbd33c62b022d3592e0c2a67144070ff4e2709a8
SHA256 a4d8b8a525271bfa836744b7705f0993ab454d9a153f81b3502cc62d9284dbfc
SHA512 b2ca941ee0d18bec576ba84e09403cd8dce41b9017134581f1a2e2babe25dff99e9f172a6e9764ca6c58d5ac679405883640e2b7bd108cc0308336098d9099ae

C:\Config.Msi\e5d1fc2.rbf

MD5 9184814c35561939e4b0ad91788441f1
SHA1 a5281447d62fb3acb7915e757c68b6c29ae69adb
SHA256 788f42981bf0bf25f0899d9e3c19a0d6edea44f9c1f9eb616160de99b82e8d27
SHA512 cdd744fa29b63922cb112d645badfe59176bed7a5c2ec12e3e8d095ca2401588565f356aea4a1f40157434fd8d20edbcfc92febc4fc33e4a13a20abcd38ed199

C:\Config.Msi\e5d1fc1.rbf

MD5 6a5ee23e3d7b67dfc39ce1c085d8c654
SHA1 6f9c0d88df3df2cf86cc543822b2e6196e849b15
SHA256 b40f265fe31c5dec0943b2d910e997ca1840ee290912b814eeab333af71fbd48
SHA512 2d0cb3ada34426ec079933c96af4e3e67795cba52a6a78b520b7c7aa02a7e0eff53a33da206c7843df42a257474380b3014338c2063dc8848edbacbc6cadbbc9

C:\Config.Msi\e5d1fc0.rbf

MD5 97cf058f86fa06f7e5893211dca28a42
SHA1 17bc3e8fdc48c24ca60d7b1ca10acdbfbd8b5e9f
SHA256 742530e55d505236eae91ac26a923b2efa8b454fc0b449ba43f1d6a28ac5b52e
SHA512 84df980720e846a8a3651d62f2639108818d18db139c6e0b41acb0ef4642312e11689bb6971ef778c1638d8d53430571eb8d560061e6e8c0cc13c1f40b35fcbb

C:\Config.Msi\e5d1fbf.rbf

MD5 af6ae18e360ffca6c0ceaeeebbf6d8d4
SHA1 0b4ee1121e9070e95147f6c1664f23a9c772ac7a
SHA256 9ae57781418fef37b51dcbeabd4e26dd82a35c3aa2c15917cb98656889d3c7f3
SHA512 eee57abce64bd9b1514a5a3a074948547725e78aba19e085b53d9e8156613a1ee30e60fef77429844ec4abd22ef02c45fe9f31aebff0eb7925e0a62e2b4efad0

C:\Config.Msi\e5d1fbe.rbf

MD5 a9762e02d260a34b79fdea198f3e82d6
SHA1 5023fc4a74ce1eb15893cf0f724e658c9c5236eb
SHA256 15cb74f02499b76c42faf72e6364392bfa997d0b2668016bec69dbd7d0571578
SHA512 61aba378b6a2533b9f67b4f46a2873fb08be4fe55c0de18785cd1720f4041aaf003ab0310a1d7415d8153508789ceaa82fd1b0731827f75aab41c5962c905502

C:\Config.Msi\e5d1fbd.rbf

MD5 2cf01239384af6de8b712278d7598e90
SHA1 613cb264d8628008809878154f6eb17f35031c04
SHA256 51a234186dd5e1087a7ecb79bb8538767bd4bf46c645e1a6e83f972de726e95e
SHA512 0e2dc0cf2d2925895af2e5fb918f0c171bcabc6dfb8c094dd63ff7df535f776ff2c3ab89038ca5bbff0f4c02d8474055adfe3609c70d97870c46504f7bb871e6

C:\Config.Msi\e5d1fbc.rbf

MD5 15caac1ec79f05d8aa62aaeec6903e8d
SHA1 1990604b5491cc83a73f592d1e70b41be5a2d998
SHA256 e485f4d3468410e989c147c9abeef742c57650a794e0ff18c2902eb976d25cc2
SHA512 d418191828c8fca0a4d092d2101191fa5afdeff417cc4c9f1ba02795e3e4981a3ea3b0478c6abc00e284f95c5529a686411b90870569bfcbca15fba61372d402

C:\Config.Msi\e5d1fbb.rbf

MD5 0da2f7810a668012c630db3fa8230499
SHA1 9ca963ea4e3544609741308d71863bc86a0c0ceb
SHA256 4d997a3892a9fcee4bedb3f47b91f068d6ac823c5ee5f00d1887634e438f41c0
SHA512 57e214fa9ea204094bed5086d6542a32774b3f234edd93d6f9eb364cb7a0825b2056bf2a299c65f8395545fe7f5e21869525575dbfa3c0b35c796f8de6c543ee

C:\Config.Msi\e5d1fb9.rbf

MD5 4f94bf5157da351f7d0089a0b72b1ad9
SHA1 c61d8fb8801a3362fcb8eb539003c996cd94e9fd
SHA256 257b042bbab38406cb720fb9b2275828b003c6be15933227ceac68e08b846412
SHA512 f75d0365f67ff6632c8d1a3745e8e8eab55b25a562841910320dfda967a5428a5afc469a211e90d7ac78930fd55e0597b11aaf15cec5e57c0f22c02da53881d5

C:\Config.Msi\e5d1fb8.rbf

MD5 4667b1d3fe384b97a94deb1553af2174
SHA1 e14902922748fffc1f65cb299b52c114887b761c
SHA256 705b42f6a55a4cecd347ba954089148572ba9fa033e5a08dba176b652488457d
SHA512 3f2db08d7fbf8f6042f7ff1001f20df3879402a25e7d3b8bb7270ad3be7216ac07a8ded7cd62568d6292bcf3828286105e1d9b87f21dc3e1764d0bc20985a8bb

C:\Config.Msi\e5d1fb7.rbf

MD5 5062f0598bc909a99bd21ff77d3421eb
SHA1 4917cf83d7e3ebac3fbf3e405c4dd633430cb98f
SHA256 e2e634f5552e5214c79cdc2a33672f2cefda7c73fb6d9c7b87916130a969c4b8
SHA512 ed1d812cdf867b963d0a9bebdb6d63698bb107409920ccdb770e197815f5d72b35cc8c1e3602d4b5c63adf06c0d9e125c5a5ad6eff2da22df373b06c7c88be2a

C:\Config.Msi\e5d1fb6.rbf

MD5 da8a2cab1ddbd3fa6cfa43c0bff54348
SHA1 45268d28d4e628781f65f08612394ff7e0d38720
SHA256 a19e7736666470a6eda6d00473cba753deb0e8fb40d3311daf3c50676040e200
SHA512 18be388c509985137e34d4ccac72e60dd726f9c64b76e25988b7c91b3a306f1d15b21546face19ca087db02b0949306a554a889e3832a39c83f5f3686dbb5b10

C:\Config.Msi\e5d1fb5.rbf

MD5 de2943783e864e16eb161a507dedcd3c
SHA1 577774c71730c72d22a80e5d049073fc23f8023a
SHA256 6aa7490ae4134caf546322c9aafdf062082536e1b4c8ed063c8bb5f93cab8afe
SHA512 00abc7a380a864e808e2b0de3dfa5555b0bc691b0d8153bcf24935495b21722be21f9143edc67c7a0fe69f9e3d1e6ebb3fedd633efe439e6b58c1b5594c051ec

C:\Config.Msi\e5d1fb4.rbf

MD5 91d3ae6b71705330e73ca4159817ff4e
SHA1 a941037aa373a426e73dfb853526f150ce4457b0
SHA256 4d16c2bc77cc45c596dabbccf24e51b8d6b47c6582d540993856337d9c7dd6ea
SHA512 8866140622e9241bbc2a5f7f26f659b7d2dcae7890c6ad357f76afeb5b96e6b30914b2b223906cd1f2b29eea27e885e33774782cd2c3b688aa1da72ee61a56f5

C:\Config.Msi\e5d1fb3.rbf

MD5 4da7266720463186401b1ee9ae625e09
SHA1 040cf60bc1f52402d10e0b898e38b907dd9d9ba0
SHA256 2ec5d00d46355af4cd7d06a00745e726b87c329d090e0acc02f767e75c60601b
SHA512 da22f8e24f5d59232adf9e77914d65a82ec2bb1331a83f72c2d45f8e6e27de3bf113173ba56bcfa40e95851f105bfd941cf63392bd6d4fd4a9b1eba36087c091

C:\Config.Msi\e5d1fb2.rbf

MD5 e8013aaa8fea097b88d7021039154ed9
SHA1 4866c788df4739c011e62f3634989e8959832730
SHA256 a3334e83a418db4f304a621c2a498db48c0f8fe21f21282cc61e5ee9b80c1370
SHA512 8614a03a87b2c06d1d2e577def16deea927e010d0f269f37613b9b737edf72350a5457b22a82d96ffd6d02747bf70116be301f891a0b103214ea3a8263cce32d

C:\Config.Msi\e5d1fb1.rbf

MD5 d78266c35a0ed4bb6fb2f6683c8a6e68
SHA1 7ebda40cdb602b20323e6e7d24f28f25a931b11f
SHA256 c68b82408df6d0e6f7c7ca0a5e7d1c80af6cbec57788570bea58efff8053f306
SHA512 e60ae6b2cd22614be134d06ce823bc5d31d0aaf1f01dcc4fd0f6021bd307609e8d2f47ebf8490d3bc33f0b225303b63e44f09384bc3804494f595e876e673854

C:\Config.Msi\e5d1fb0.rbf

MD5 6d525c5be39dd69154fb0cf297fa9c1b
SHA1 48b89a8803b7020d7a0bc5dd760c261b2dbb87bf
SHA256 82a7761c6042176cf97947da1e910ce8a320fa7a17dadee2a115ac5f34cdc744
SHA512 0a0416c8a7f967ea869ffe2fe77535cdfc9211d78fbff89e58cac0a4cbc38ba182fb3e88f4de3d38c010f6222ba52f8f10e3f58b4d13e5c7438f9a81a8f871ef

C:\Config.Msi\e5d1faf.rbf

MD5 2408534b8cefaf5362700e8afedf070d
SHA1 f197be5f143eae025a5c40837b8432e89b8752a3
SHA256 e89e45dabc6a2422cd5f523d554d6314cf9ecec2238e26c6d8f63f040ed9b6c2
SHA512 94b78d6d0b597fe9b69d438f4ac3d0855ccc9c684a28070bb9e2cc44d171b5047b8c3da03406a05405c74ab56081dffbfe84478064b0b0884bfb6e415c3159fb

C:\Config.Msi\e5d1fae.rbf

MD5 7273fe5d0ce6473e646ba240e3fffc8e
SHA1 af11a7b48bde2b1046779147c84d3287a469639f
SHA256 d4e738f4e3d39e7001830f71b52836a20707d14269cba22f34f3fdf0436981dd
SHA512 9efc625c42ce99028297b23c78226264c851d74d84158c2221c2ff9faffd37248a3977461e9fc021e25b903bbc11ec475178157bf9fae9512bfe39eb98404a6b

C:\Config.Msi\e5d1fac.rbf

MD5 224d8b3ed1cc4f5b32e295612f1c263d
SHA1 d84f00249e43dcf21d4e68c1b2b21efed5f3c267
SHA256 20e49d3119901517f055950021e922971cc65578c4ea2898593e29becafd2676
SHA512 87f9a1d17331e85a3df58fcd92e65a60f7b1a74eeac6c6707aea56fe7dde578f1b09798dc3f7a7c0a4b65696524793d7121b19d27902ecfc215a3233128dccd2

C:\Config.Msi\e5d1fab.rbf

MD5 846e77a9f3c6bb2ecf5518d470b2b908
SHA1 f16c73c5b7a4b0a596ab41472a246faffd9a9b01
SHA256 17a9b9222850ce3e6786cedd7c698aa145453b37cf8f03d676fbd89f70afa072
SHA512 d94115b82c4abb4570a821919458fb2f322d939928fba6f00fedf139f489f358004de4db3b58b4fce05afcaabf7fcfe9e51c3cb7d0f6f43bebc56c2094086941

C:\Config.Msi\e5d1faa.rbf

MD5 574d91266ee9fa03432cf50da30dd232
SHA1 b5c48a695fc376c174a79954a6d49280178eb4ae
SHA256 6f262bba82eed8a8d69fac44e491b99cca2d4cd448166291ce2186833e730a85
SHA512 f052ec088a703e50c893decd7f88c0af2b36251dfc70b08e513d55964d1be299f0d772d52e71bf0aeb9abb752eda156767b8be321320e1c60f78af285b33aeaa

C:\Config.Msi\e5d1fa9.rbf

MD5 fda48714f6a291e25a1a219e89d59d9b
SHA1 c1e8ddfc64995c0acc48623f30aadb1448bca62f
SHA256 be2885e897470da3778a661158dc21f32a4aada769996abda082cc4bb6030086
SHA512 8508ee381bfc5d2491fdd9b14603003264441222984762d14f06440afbc2cc88d80b95bdbbec4089127ec76402408a60b850e1f46ebb5bcda5aa3ef1b6ce70ab

C:\Config.Msi\e5d1fa8.rbf

MD5 c1e58c73d935540d0673dffb303aca5b
SHA1 2a95a12c512a2aaf29587db1ec4271cb92846bed
SHA256 3d004ae76cdc99ece59a0dfb980182a727635459eefb4590d8e2c80ac3115b44
SHA512 471b7f432369940d1854dfe50a71e06df25550704efc4f83c60815bc017dc19f875e2ee3733a9750de4e79c6413db59e762df42777b945d0bc045893604b23c3

C:\Config.Msi\e5d1fa7.rbf

MD5 d2bc82e2f203cc4778ff312475a1d37a
SHA1 2da7e8f3e8e4189acf5624bead6b7b983af17e5e
SHA256 e34e79770b6a3a4ad1583c9a90ac12aa4348ad134366c0b0436f00162fa41734
SHA512 976b018f717e45136be48ee8b4ba2593f88e5ca3c6d14602621d2a394d13bbbd6e707ee3a611442caadc3f5f1ac1a8de87b0407da8178a74d25404cee3d9657b

C:\Config.Msi\e5d1fa5.rbf

MD5 0ed609c8782c37c67a5ca7233f08d103
SHA1 c286345aae83608005c0e20aa000acdbfabbdac8
SHA256 10913008d1befd194fc4c96cf0ea20112e9e075974ff5420557141b7ffd5198f
SHA512 92d4547b36cf76823bd9658cc8476afa33f1b20425fae2bd05ea353b6d4de6929c5b72f10100aa1b11493c177df0526aefd1e7d3fabc10d848b88d9f0a382d9c

C:\Config.Msi\e5d1fa4.rbf

MD5 5f0934c524364c1e1a77db8ccb832c5e
SHA1 848eec26bf024a7c350bdb02d0e92116a4882b76
SHA256 82589b2d5ecae5ddcda39076a33180b6cddb7f54a0cffd4329087eb1f507bed6
SHA512 1ac672272b16a6bfd3977886fb773a21d8606a873478ff036a462728d18b59e9c68a08606e1f869b7e6606416b74c90c72ff9be33036371282564b0d3723a222

C:\Config.Msi\e5d1fa3.rbf

MD5 f8d11c60b70acd2ec9154ee676f615ba
SHA1 a869fc75f44438d9207511dc73bae976f558ba6e
SHA256 b342088c8a4403092703bf40062041265e12edd204aff4f6532226478a65cbb2
SHA512 c4c324e22ff7570c6d9a6fcd5ea3bfc4917a404110b3e202be847355c57c189096feb5c37c0a36c541f4a9d9e80bb1f1bc5db3f4146e515ba34468c5547ba907

C:\Config.Msi\e5d1fa2.rbf

MD5 e1eeb7e26ab04075eecc7275239b20b3
SHA1 ba62b37d4233b88948fdc2ffed08f3c82e8627f1
SHA256 d6cdf961c6d2712fe1958815e51a30960d79fff1e97788b7741627dba972e8f7
SHA512 dd64909c983794c8ac6c33b74711a89b3b33e4429bb5a3a2a2b4e38f5d74902b1589a97014a35fbaf97b469fa57a11314c02d68e1db0934de5244308699fc262

memory/2584-1755-0x00007FFC077C0000-0x00007FFC077D5000-memory.dmp

memory/2584-1757-0x00007FFC02EA0000-0x00007FFC02EDA000-memory.dmp

memory/2584-1759-0x000002909EDB0000-0x000002909EDB9000-memory.dmp

memory/2584-1758-0x00007FFBF1210000-0x00007FFBF151E000-memory.dmp

memory/2584-1756-0x00007FFC02640000-0x00007FFC026DB000-memory.dmp

memory/2584-1754-0x00007FF74F200000-0x00007FF74FC99000-memory.dmp

memory/4384-1768-0x00007FFC02EA0000-0x00007FFC02EDA000-memory.dmp

memory/4384-1767-0x00007FFC02640000-0x00007FFC026DB000-memory.dmp

memory/4384-1766-0x00007FFC077C0000-0x00007FFC077D5000-memory.dmp

memory/4384-1765-0x00007FF74F200000-0x00007FF74FC99000-memory.dmp

memory/2584-1773-0x00007FFC02640000-0x00007FFC026DB000-memory.dmp

memory/2584-1775-0x00007FFBF1210000-0x00007FFBF151E000-memory.dmp

memory/2584-1774-0x00007FFC02EA0000-0x00007FFC02EDA000-memory.dmp

memory/2584-1771-0x00007FF74F200000-0x00007FF74FC99000-memory.dmp

memory/2584-1772-0x00007FFC077C0000-0x00007FFC077D5000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 d0df793c4e281659228b2837846ace2d
SHA1 ece0a5b1581f86b175ccbc7822483448ec728077
SHA256 4e5ceefae11a45c397cde5c6b725c18d8c63d80d2ce851fa94df1644169eafc9
SHA512 400a81d676e5c1e8e64655536b23dbae0a0dd47dc1e87e202e065903396e6a106770cec238093d748b9c71b5859edf097ffff2e088b5b79d6a449754140a52ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1c40119360398d5128c622cc606d125a
SHA1 a31203350eb4459d168fbf3671952677e7c360bf
SHA256 54cd1b9701b7f8cbdc686a08a11bc942383de7c0e8277a8bead9215e91e5f76c
SHA512 03018eed79ba02a3c0584826f6b973ba64f66364b07e7f66f21075396a99b554a73708579d3e610c8cc539bbc89957b8b5cbc82ece9bf9e6c8ae1bd9f9bbe4f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 33c1cb8f8317446199c2a34cab0eed1c
SHA1 657da3f08bab93762e74194f264ddc627b295b7a
SHA256 0ebe141e4415a760f37d5e2aefbf5d4e8dc96d25e8b9588a3f1699d63d69c7d2
SHA512 5e56974d24e08a1ea9a22329ace71f893f314c2b09911348ab5675bb8e98b7de0c9d089ab4f99ab5ac035847421b044c9f00301a40dc19abce91a8b7638181c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ca48deb021926ca6ee8e9edfdf442197
SHA1 6ac1a84f7e2937226e7879b8a9c50fa430db5752
SHA256 919b6f64251052cbb374724e3c2cd435d5fd8fe031f6920ba5c14a773b1ae8c6
SHA512 68f9f8b02cc1e76ede115a32a04ddc6a0f81f1a6c101cac81f5b57084a5d9a82b75182d8f072ad627c87daa63faab324445adcd4997920317a7d6ce58884744f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8d09cfcb801bb92c2c92e752c4ca784d
SHA1 24eef1a02c50a29f0c6b49960bbf16a9b8e6e03b
SHA256 345e1b9507b32c228f35ea8821eae6cbed09dc494495f12c2bfb03880d36443c
SHA512 1712998d15060981d62611f9e038c2a2e8db55bb27628abad2bcc1e209fb306864a0ff1278939daff3f975c7a864e8c374b50b6824d703be373aba1ad46afb9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 51a88a4b3bfae884e181f90f8039d90c
SHA1 24904c37d9aa74798e22ebba0f0403721a847f8b
SHA256 54079d8d6e85504d24b1df56b9a5e6b93bb5946c3c7fb55e498ac5f0c4f9def4
SHA512 8a171d98010bf83da844dc3c3cd55b1b220de5d655bce4848a49a0e17beacdc9d36914c3e4368b5b00732a23a999cb067bb58e817f9edaec2952c3472ed239f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5cf0aeca-fb91-4ce0-b698-d03bd02a38f8.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4d1e8f9177b25a9472f0c1d0d54c6389
SHA1 5503fcfddfcdc7fe448d977cc5a1baf90fc669fd
SHA256 4c5d0a04b7c70ddafbdc2522d525e8a5e94faced526b0351cb3f6459a5b85509
SHA512 ac9540e580d4512d499a3850be3742dab4c73bf00336fa524546b2ae088638db022e97380f9fac3091af84af3b9ac836eb1e103c77adf1908d3c163713f8f391

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e1351134a7565b7dbf194230552b50e5
SHA1 0ffc2c5d7dad6935649a3e8b717ac76b7618333e
SHA256 fbdefd686be9de740f417713a71966eb06856960e92c7da1805349a634fa3c12
SHA512 e390f3079c806ab26c2984e8b81d0917ae2711eb7abad4f81d8a5040e39d68d80968b335f02e066b55e816fbeb26ecca8140aca31df1a6d8cf5935d46d0c14d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e571149c405c574c57316d79b362d059
SHA1 2ef90c17afc9a2a746cbb686f1be05a561eeb00a
SHA256 11d0dfd00a87cd918283d1a963d0f77ddf0057d61b167079179e3317a41a1628
SHA512 f5125ed52a39ab1f038c8019f5fd7fcde8dae11de25e39f46c6dfd28bc564da7c29ab227d39201d2e1efa330c1e7d9ff41df6b1208524c131ebdc415580737f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7aa157751fc09ecd2a1a43a96b088a38
SHA1 dfc51d1eb98587aa3f1ddf51b3a3f6930f26b098
SHA256 c4bac13f4f394294d3ec69cdc2f8e1848b4b04b9b5e6f8ae416c5af443cef1c9
SHA512 92a4fa7897bf6e1ae7b8c0906998e8cc69e8487d34598586a36766e8954c504caf2a2b00753ba0543ed596b1a5a111586ab6778305ca6f927587e3a2bd4adb91

C:\Users\Admin\Downloads\ChromeSetup.exe

MD5 bb7b0398253a1aad58a8fedd4e5b0b6e
SHA1 8f8486b6ce62b5af6f67a4922036713ec3e5c0f1
SHA256 be8f3c1f53deab9832b7c5ad4b2e2140ce7bbb70d9d4f2cc24d6c749e77ec4fe
SHA512 310bb8b2dbd9585382cb974cf54c6914fd7a8af43f2e463870ff08d7a772eb887e0112be44eff91d14e03da7a87de920418b49bb3b857f16553a2df55259ad34

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0a7c05a54e03e63aa722f48f03088c7d
SHA1 a1ec2eb787323c91d08b7d433474fd786e35c8b7
SHA256 e768aaacd54f193f58fb640f17cc5b259d9d16739ce4a693730f56784a66791b
SHA512 266bd50ceed09a460d064105156f80d76a351a48ae78dc545b93de52dccbd2ac4cdcda19926e4158cf92bdf0b1556c072ea0dd2272b815188352ec08816ae9cd

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 7136b45ffcac6b52d6873f2864471ea9
SHA1 7afb956fccbfa48ec7fcac07cde0f6059a51a534
SHA256 78f60448736dd9d298a2bc503571a91a8f0c342e95ff8cc589d546e84e7384c2
SHA512 66755a95e16371a527df8b702ba8d686a08678aa0d3257ec4775c5fef8c81d422d7a6ce8aa1fa1c150ebe02f14a0df23776dabc42b6da5ed83b79be956fc2ac7

C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad\settings.dat

MD5 496d4a726703ab9ce687346a24058ed4
SHA1 602881e74ef717285ea4e7f53c0ac444e0b8d577
SHA256 13804b4c2f1f039e306ca26a3385a8b269da3960e8b6fb53c4899e67e97ff3f6
SHA512 2849033bd0995155972239172d28459aa440bf852497380496691d57b7de3b0f684bc39829ed93d8126ea19b854f3c30ef0d5d4710459da21a7b9d5909a97c65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fd523a4940112a8f8024719dfd387cff
SHA1 5985f5be7cc0dd4ab34e3614827d28e58516c481
SHA256 c417e9aebc89617d1cb4c1e671b579f1ad25fac77fc3040f78d2c39826cba996
SHA512 69495259d4dc95fb13e5a840b6fcef35dc77c52156fa606f2954a02f601565af3774bb2ab3f6adecbaf2e40a9d8f18c8e3260812a9dacb2c806352158c711df5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c4646cf36edcab5fe1a938cb24fda50f
SHA1 19201c058c67460c67f2d81fd3f2672dc326c25b
SHA256 836eb19c36f657a9991383feaaf6c258838915fd8af5716790342ca828959798
SHA512 72e93de911a45d3cc52fc96ad3d5979830d049794b57d9f13e715fd2d2dc52ec7772d154dea6fee7dab5080509716acbfdfde9a8071abc359f50b618d016be43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ad2ca338254f809888f8b4dde3f9c110
SHA1 83aa912e0b7e33bd8f327d8f302142c875ff6bb8
SHA256 773b9e251938f434adfdd2d531bddb9cba2920e111cd6a8a0ca559cc943467f5
SHA512 69b57c9119de2f35d4cca1e2446e1401b3d2da7d89aa7ba68b25461dcc68cd5f2f8ef7118881b5d6bfe0a6c4c47dc1328269fead4f22fdb5929c9dd39282d3c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ec068fd88dfabd534671a910aa4b26d2
SHA1 7056a7e29010eb0a413db8a67f487a3f5f1ed617
SHA256 354b73659fb6f1950d6b35de14304485e608d750c91cb066200df264ee621501
SHA512 fa4794001a77021479597f4b69c3f23a05dbc65692f7d7157fea1ec4abdad73bbda68b8b75cdbfc0de836034a1f05c952f24d07e6d0d1dfcf318397008a8eaf2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8751c5ce8678f8d9b446643b79cb56df
SHA1 263702d8a1b8864e753be67043a9994278830fe4
SHA256 b82203ab8c749afdd4e65408fdc299f5ea14553de1a1c93fd9b4a9bf93371421
SHA512 dfede0edd8ada3fd7c4bc1c5aea7f5825e0ceed6e89e74c8dfbc8d761a94c3ce46f58d3438257ef310e1b7d89147ed3101dae7566c9813e6199323648240c529

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 4caf5d0f8d76777e821c67e5b203122b
SHA1 e75091fac99cc03ee3a3e8a549bf7754400946bc
SHA256 239bc74d7c3c57160441a4338f269435bba9a3dfbd404bf995b84e7fd67a7327
SHA512 3bb7eb07d6fb040053604752715e3b216a466bcd04f91e96dc043d1e3a0ea501d8b5989a7f5d32d280ec7cbb1fa3f73da0ff86512369215886321e19b350336a

C:\Program Files\Google\Chrome\Application\125.0.6422.113\Installer\setup.exe

MD5 e8e4e8f66fa72b10eacc18ff5ce000ba
SHA1 9064de09632d155e2acf236d54c343f276bdf79a
SHA256 ac03c7f78bc590bf6b400c5078a7fa6b1e61d3935cd591868f7f73fff930e4b3
SHA512 7fa4768d6043a4fbe38ba70947e9b5bd8e4111606ce673f8b0ee7dd3d95ea9b3e6dcf0f96bc55634c85a1a3f6a4120ff7461a3463ca36133f57a607bef49b158

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 867a0be11b63337e930ce696e237a80a
SHA1 a73055a00b0a1f7fddeea0c128bd3a48ed78e1f7
SHA256 c199b14484bb3a33a56e0e809de9be737fa68240ae5364551ef1594e2a108bad
SHA512 9e518ac145762dd8e89903b87122ac05d2adc3193788510043b6eb6ac94e787055c6e35133bc8e947619a0580736fc5728bfd4745a53a7de47347fa8ec098d51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fe5bfaff6705c536ccc3ae592950e155
SHA1 fbe8b797c59eab22d1a95d5beab9e0f23d4dbc37
SHA256 8bd8532d0c48e662049e3b6dd4707a5e3bdec3a8b0f07a4e062678a8b212d78d
SHA512 b8964699919b23672a05c1d50bb2f21f5abd99254575f46dfbaff066e85940bbed5f338c6e658953bb78200d8122c55071aa454acc0ae884a33742d5bd625a29

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b3b664fcf955d3fd971948f2fe38237a
SHA1 cb1821c707293c8a1197ea1990ff0850136b5a14
SHA256 1a652bc309d4cad853f7c1dba813cae2c9b13cbe33748639b0a6a9e9ba652911
SHA512 86a127ccb9e75d01a822322893214872397a178e3154664079ceb8d5cd06b6f744e2305e3a23f33b5b1c4cb672a701076340339d05530ce47e036e4943623a0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ad1ce7afc58969be514b76b943c17fa2
SHA1 e478c171b6c7f7c03ef7846c2710f235bc89415a
SHA256 9937f92e7d57a636a67ddcc00c3104e81a85719beaca4d689ded724d29c1b602
SHA512 56698b6ca7fdf5bd215b19eaa838a44aed6a0fab9d808f7bc03b160b7940e4403cc55947bad31eece713735213a156fd96222dd355cb39669d6947b3d70ea9c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

MD5 505a174e740b3c0e7065c45a78b5cf42
SHA1 38911944f14a8b5717245c8e6bd1d48e58c7df12
SHA256 024ae694ba44ccd2e0914c5e8ee140e6cc7d25b3428d6380102ba09254b0857d
SHA512 7891e12c5ec14b16979f94da0c27ac4629bae45e31d9d1f58be300c4b2bbaee6c77585e534be531367f16826ecbaf8ec70fc13a02beaf36473c448248e4eb911

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb

MD5 3433ccf3e03fc35b634cd0627833b0ad
SHA1 789a43382e88905d6eb739ada3a8ba8c479ede02
SHA256 f7d5893372edaa08377cb270a99842a9c758b447b7b57c52a7b1158c0c202e6d
SHA512 21a29f0ef89fec310701dcad191ea4ab670edc0fc161496f7542f707b5b9ce619eb8b709a52073052b0f705d657e03a45be7560c80909e92ae7d5939ce688e9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 07bab8d0e6088fdabb9f35b689e8cea6
SHA1 2bf2ede301f80494c7b6ecf5ca12ff4e8b0c4bf8
SHA256 470377ab8ec868dfc1931e17d21b0e5448b59e265525195c1a618fba8da638e4
SHA512 9ae44a167112ed6a67cbf275d19bfae36e362ebce34a2b7168beb56d7cd3ad979322206317a9065b1f83a67e38a21d73936dfca0dc01328decfa6e99e832a31d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9a0ddcadf44ef8bf2a3b4fc491a98f57
SHA1 ad922a4f936590a99167344d4a9cb76781abfce4
SHA256 85f65213ef6641625da51c563bf071a49390c6969a3a6a8e8ee1fc1ee70a9e94
SHA512 8cfee95ffe97d1ebfdf30f89160b4b0b067d825045bbc05c0a0be3009137c6c4a5d5f829be39060fe117dbc833632a48cd082ee109a5c61fb58bf5f2076620a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 02daffc6dcb07877051caff531c65fd9
SHA1 53f971c6471031791fad581e101e383a4198b960
SHA256 fd5ff32c6f11c05af9cab999aefe9d4f8ae59f89c09b0e03517b2131615c74b0
SHA512 154dfc2d02b38505d974c46c577d393869de86d75766fa9a86576cfd80e0e3ebb414422b0727729390bf36b3a873bcd62e62dc774b66850773e08de6506cedd4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4c0d8fd6ec4868ea30898159546e7aa7
SHA1 cc4394cd2029cac6f5b50ca34ebd0ae8e94200f1
SHA256 efcb52528a53fc0e531452e5c820fa6e41057cc4af02545aa59639550474b2ba
SHA512 865df43a3d79e9365fb23db25a6c35ee31f85743de36d54f1e0d34b83ab15cb8e033be8cd6f06abe812ab3f8a916d03c12c409f275a3e34f55632dbc697ec6e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\wasm\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\DawnWebGPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\DawnWebGPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\DawnWebGPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

MD5 c857bae5a9eab59c2f5080b798de919a
SHA1 c2db3057371e0fdef3ccc33b511b76ac41bd72ee
SHA256 78a819cebbd01fe4fdd106df46172a0b254f6ed912bfa12ee8959f744feaaa88
SHA512 d6db75919dec2fe780822906ea4c838b7f2f0407dee66165b6a93e7a0338b0864056aa6a9421a06462eaf330149fade42fbf77ca714ce9b4a5318941a7724413

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\64.png

MD5 e6671b804d6013a6706ea598e2d854c5
SHA1 40e4f401fe4afbf7bda49a02fe94f5308868460e
SHA256 57d5cd9fa59f944ffc78ec2a12633a79e2f923124fc50676ffbecaef5021b4a9
SHA512 7b11a47497ae5810ec4c7038ebf8358f03d79126886feb6daffd92d116fd606f530ecced9c3d635c0f57b9f9eb80ed9e8fa4eb98b029f9fd798d9b89ccd279a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\48.png

MD5 1625c1dd7bab831d8ab5308a1a71d525
SHA1 f1c145985a7c8c18891caaba0f46729bcbd1f63b
SHA256 9bdfc3aa03d4e41b0d83862ce02f9fe7fdb55a492280d86d551b91a24efd47ca
SHA512 75079bcb02482abd10b121d81fe39607dcac17bb3107ca274c549b570bb473260dfdbdd13df769b1745425ac5433a22fd392a2a1d815897e0c2091b787bada8e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\32.png

MD5 60953b3aca67505c2c7ea1a902e84d51
SHA1 5e6a8e04a96e36306c66409edd4775a606f13f54
SHA256 3197a2ac164c5bacb65f02fd9a6eb9c0a533fdf3b24f43043bbe9af65ed6608a
SHA512 2e65ec84471c3f703617171aa32f1a0d6c57d73e1d5c074b92d20d580df78e7ac4eef5ce54ab7defd0027bb38e33c44a6602d3e123a2fd310e514af0f5b38086

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\64.png

MD5 f2222b9d8dea52f5ce7d75378de76037
SHA1 e3b266fca2e5bf8bd82a62791902e879af7ff6fd
SHA256 e895cbcc424d6000a15b21d7cc9dec96deb2403a1469761ba3d9f11528c215b1
SHA512 74b947bc915c89f27954b5d0c8c790316ace581a20f7031aa91af3d95303ff0dd8cb4c87d3746ef2b13f76e0e8bba1b5b4a6916f3230c0514164fb1700640f66

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\48.png

MD5 815ddced6b03c8a62cb590ea4585fcba
SHA1 9f7e8cce2319b15ec63d89f837a173bd247e6998
SHA256 3339af4538fdfa40bb438469e35f6b7668d5c5ac93db0ef4a9e2fbf9ae884446
SHA512 ec7069b51959572c40dfa02f380b081912053898b4d4f86166b90bd277f9e8271d0fb3f0627e82645052ebe021c2e24698785e5214e82190a2298f32dd879b3d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\64.png

MD5 1efcc119d02c61752598ca121cd0babd
SHA1 6d0736581b02aee66d51fe29e68babca6a59fdb5
SHA256 4fea2d966296665a3ae1d35c0eae541b0ef7b9b1a9890e9e65314f80db5a3e21
SHA512 8d5554a167907f96720a126e901aa25f01e1f58f9469f8366e7f2352ce16da82fa3963845cdd586837c5aeafb3092a2aec6d3e755bec2031d12325b4799d44e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\48.png

MD5 33da9ad751e4a3b21bfccca9e6727e8f
SHA1 05d5ceb6a2b80de82a2f70442f68ae803dad22f4
SHA256 a16b7fa466101581d443223247589ff21fdf73f1b09d43ac740fa128d0252931
SHA512 5af9ef87eb7c050158b7add761ca06273094a5a2d5dba87991c7ab20fa2dfb7e7f7ebf1fbae21286781144ec1fe3531457deaedfd2a668975dc7184020c6f0a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\32.png

MD5 b422f26131f7d87105b2ef5bcc8996d1
SHA1 5bebedb12720c3b09dbafe9204bdc8eb0f7971d4
SHA256 c0b2a99e82bfa9b629fc903c77bd36fd3b148b25fb67ae196cbda262c593efcf
SHA512 1a4b3406afb311ad824a1adfcb33f336de09efab34c66e058936a57d4f73ac33431eacf1fdb11f516f56107a93741aab3b9fa5c85d805466ca58c3e24bcc9c28

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\32.png

MD5 26496798ba29a454042d60c9633c1e72
SHA1 65977f9cc15dd73026c91b479f1bc678050c8c45
SHA256 af50d64bd3cc7c3d201cb5abf0d76f44737e2a4040741ce178d9765fe440bcc5
SHA512 a4a61f66c712fcd27681073c2f30fda3a98fb6348ac4451d8a8e181e525f4ad8491a09d19c17dfb8f01a53eecbfc3ba25f370afd9df5b2ecb9b613236ecdd3cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\64.png

MD5 1f695a492ddf318b832bb48f5b9442fc
SHA1 81eb257fc22a30c4e75454ea0e4677043367a6f0
SHA256 a693bf9d32c7ec663b864a2faa9b99d8bb6cb76e332263f5e9a6e3fc2ba60ac5
SHA512 0ad7e376288ec7a2d9314447f2649bb19bb703bedc9710a758e7a15e39083150aa34e2a2e6c22229b324cef4e41c09289c90b445a413336d6eed497f65d8bcb3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\48.png

MD5 19f9c11e56103a25a50b9c33be84560b
SHA1 266f57c5a015281d4dd266a9b3dec9cb3a754653
SHA256 2e201cd442e08720a6d4e38516ceea3e892dbc345db1835441e9eec005501c67
SHA512 964e1e6d787450b837f130a4289906ac39277fcd4a98f6314e5aa0450fff81fae275f023c15eb58548ef3ada0b7363e4e6b3d61bb326246f3dc63336d68bb160

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\32.png

MD5 166a9c3ecab6cfe73664f783d6d49a89
SHA1 0b9e5c909810c2d2b40df3fd4c8feacebad846c9
SHA256 217f48c637316cfba706de86339bbdb5f6d60c0fab701fc71ba2da01ea71bd99
SHA512 d3da9c250dd728af13e8eb1ee75f420b1857357e7afca9f93090d253fb6cba43bb52b1199725ce3683d7e0411af764333ad2293ada77638847d2526b1b363d3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\64.png

MD5 3c4bbde0c0ec7a7694b78ca833e41ba8
SHA1 e4afa932cecf06e03f59c9b6041ee723e10fcb2d
SHA256 4e0c7afe519c86da175dae1f069379a40694ae49391fdc3c7ccdf5c396e78ade
SHA512 523777c57a8c4d49faed221cbfea7dd589f9c576d2bb9386c6d84e47f5b30762a3012bbd702ea3c51b3f71c48e403b40b297928b94ce36e1a873047d27313006

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\48.png

MD5 eae9011cbfb45db3e8a6a5f5d4f45554
SHA1 6a45d862f6d6658e14a4c925f5a3e25baab6c875
SHA256 9962fe7bd4e81a0dc05e150a0a602db40bdd7dbff114f16adb712b8b749e1898
SHA512 cee11d79da34f767e1aff3771847b8008c0424825102decde2d0d51ea33f9a03262bdabd3938c5948bea95a4fdd46217cb81c1669ff5629e348265a40e30f9c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\32.png

MD5 a06bc120408cb7209f3ff0ba4b39d01a
SHA1 7b1df3b761840e87b484603da69837ec705cc082
SHA256 708b95af160bcdc6a17ca93f9b91158944cea75b743b4049a6e6ea299f8c7abf
SHA512 a3869426f4c5af3c225076454b2de0bb0f923eceba687ef7a82ae27b5384c90d03f1e6c1d50efdf8a1e51c1c7ab28ec4742fabe1cf75ef346a31f8037714c1f7

C:\Users\Admin\AppData\Local\Temp\73b048c5-0e3f-4f22-b38b-2fb88783a24c.tmp

MD5 541f52e24fe1ef9f8e12377a6ccae0c0
SHA1 189898bb2dcae7d5a6057bc2d98b8b450afaebb6
SHA256 81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82
SHA512 d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88

C:\Users\Admin\AppData\Local\Temp\69b7e486-adc2-4ed2-9b16-8eb2168f4599.tmp

MD5 6457b577795f5c8949055da3a8d3ab2e
SHA1 515b61672fe5f3b2a78b7a64d7b83fadaf43e4e0
SHA256 52434403b00cd4ad818162921eb958ab318f2eaed1041cc0eb7216f97a63e950
SHA512 da6f36047a99bfb7d3e942bc1ad5f935ef9913899765a39e0b29cb117ab706948ab38ad5fa468507aecfb39612da9c3c0e18c707496af498390b00184ce61622

C:\Users\Admin\AppData\Local\Temp\scoped_dir3520_308275659\CRX_INSTALL\_locales\en\messages.json

MD5 dbedf86fa9afb3a23dbb126674f166d2
SHA1 5628affbcf6f897b9d7fd9c17deb9aa75036f1cc
SHA256 c0945dd5fdecab40c45361bec068d1996e6ae01196dce524266d740808f753fe
SHA512 931d7ba6da84d4bb073815540f35126f2f035a71bfe460f3ccaed25ad7c1b1792ab36cd7207b99fddf5eaf8872250b54a8958cf5827608f0640e8aafe11e0071

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en\messages.json

MD5 91f5bc87fd478a007ec68c4e8adf11ac
SHA1 d07dd49e4ef3b36dad7d038b7e999ae850c5bef6
SHA256 92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9
SHA512 fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

C:\Users\Admin\AppData\Local\Temp\scoped_dir3520_1049687998\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.77.2_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.77.2_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 53126924c57cbcf11ddc8ca0e1d11bd0
SHA1 04df709928d2b80b2bb6472140193141f7545cea
SHA256 6f2aa32a879768e750e14250e450c9ddd3b1c427bbf844f68470d22007aa1d00
SHA512 d79d7bd77060640e296330f52e0faa651a711d26fb89deeb07be9fb6c52aa9c889c98238cc1d7e563d9a00e8aadf291dfab41de087d5e1b42ad7935d7e5828af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir\the-real-index

MD5 a1751adaeb9572be1d3829181ea2755c
SHA1 4581f581130aa035003d137d93d16a80312186e0
SHA256 807c4bd4169b4145c3cf0c2d4f065bccd8a286d4be5e013cef64a51a544eefdd
SHA512 bbee1785f8c95ae970583dffb04f198c637cc8795dfd733ddd7e97bedef88f4c5c848450788f55a3bfdb7f52b1c5375fecc972a576c40d4366f3413f4787df99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir\the-real-index~RFe62c0ab.TMP

MD5 185bc228ba4f1908badeb16b90d4569e
SHA1 e9492782a223ffedfea6be367cdb9123c1ed5ef5
SHA256 77f0dd5ac37d34ce8c4765cacd05e60a4e55a809ffe5d836aa89f577ddc65d00
SHA512 a9530df47e9b7cc7b9a6c4cca03ffbd4cd689323e78c087a8e7fd0ac3fb8873ef20fe29013e56df7c40bce6bbb5bf906b0c09a6c0db6a4b202895910ade7ed8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d3203460-0ce7-4f21-8512-ab2c73402cd2.tmp

MD5 3109a46ba0b9ba387e829da41953d862
SHA1 a5cd08a14766dd8977f90f183f1ab16e885f4248
SHA256 2c6b8f3ec652b490b742bd00a2c79989ec0d078a7c74c762c31ed31926381b11
SHA512 c16f43bc6a4b3b6c6f8a53842e88c6480264c5e79cff286c34a2d4e2103f3386d413978642b19e2e90c6396db5aeace67625ccbe2d1a2f9f68a0e78c98db831e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity

MD5 56e55c55db7614dc22bcf93fb700b816
SHA1 c55035518ec94d496f24b36832346e08a67f865b
SHA256 58a5cf630913f2652e996daadbf68672e6289ae9a1a2050804c6c01ebe2b6698
SHA512 61821ca333c23fa761cab95c8f8cecf6c349bfcb19fc8f45d4050e9af05ee37e7571f0392c71f66b3cc7ae3d2a031a3153096edb3fd4b142ea3c9901f64ee8e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity~RFe62d27d.TMP

MD5 73b129f52312c2e7446a1644ada073be
SHA1 d30c08491b003f329af505bf7c1e061169cf9620
SHA256 6fd060cd249d37c6788fbb55b0cca92e5d670e1c96c86c962c373888d4892188
SHA512 05f2bda2ff7902c8123bfa46f20906fa067399b5fe18d8dfa61e1025b973ba23cb0f23efb46055124d830063a38e65d9e498eccb0699826f8f86051e1c9a92fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\9017df0f-fdf6-4c22-8f49-8669ef6ed3a1.tmp

MD5 967f11df7333f43c479a34a7d161eab3
SHA1 aacb6612744680a87899c740b5118a4860c9406d
SHA256 2493780afb34a41d26599df159888b4ca662c0aec2b9df6bfee80479bb931fa5
SHA512 7f4832b24de7a59d3021a849b6c008817776631ff09e3d7af0c158727198942a1a9f1133eef938ed15e998b517c6f5743d1325d29ebab0cbf6940c0e96c4d34a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity

MD5 780a582ac4a34fec3bbb243bebb0d4bf
SHA1 ff4737287275b108346d2c543d5f0bd67303487c
SHA256 1979fb0f30e66c69f46e05c142cb0397c1e8de6d739f2442a244275e8096915b
SHA512 dc076d14a55bd15c33718c97048608bc2e63423d28cac86e2110aef831ccebda1fda2f9cc0351dc7f9fe3ccdae0fa8ca84ae8e491ce32ccc331c9cfdf484fd5e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\ae1e7005-15dd-4165-8dd2-51bebcac2f3c.tmp

MD5 5ac14e3fd272b9c68589d455c2ecfe33
SHA1 9ba3e71f5badda8a5b44f34e900e797d3c5188c7
SHA256 0a518d5aaf08a371671482fae6d658f66243964faa93c9d5a56aa656b41626d9
SHA512 a66b482a2143c2155088c01e1d4ab0fb33079921286e88f7ff85f73380846e030176405e12652653902dd17845d5c85f2895e99223223cd935e43eb35e726b66

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

MD5 b3cf2105a851905b89b473b268215d47
SHA1 22a5c3dbd7b3b3b31772854fdfd93da252e67e05
SHA256 704224b3ac500bae9adc1a1d6ab2a38e7b4e03f7782b5de20b44528be14a3002
SHA512 9a59e4df91acabb981e2fa9cf96fce070a39c45baa55129bb373bc386dc6277b372ca01c0a334d92b333a5f6c6aba3f6acfaeb3c1870a5373a75d94576abfa44

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

MD5 208f594f60acaaf38a65708e61df3c2b
SHA1 437f2728d9d070cbfc9a141427ddcee77deba78b
SHA256 1f026263c3c756e462dc4005dc88dddc1ac7d3c64259630a03970b8e84d5a278
SHA512 2b5865b7807b9bd423c773b433860b32eee2c65db1a6911b1344f5119a7850e559dec5ae10b027f6f76dab6386ae0d98042e82672d73aef617f1a901516d97d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\trusted_vault.pb

MD5 7b82fc06a92360166c9e3257092d6a51
SHA1 07b4f223153d32c9b10217bf78246037715f6017
SHA256 d9af1ff8f4be2d19e44c8d5763b97145406b5d5e45c341cc7635e57d2da6ebd3
SHA512 cd4e69f3b088a3a6dc9ab662aa0f71c6803518ce419d91f5fc2d03284b86ed12d18c7b9f1a749a31bf2e253eb14382c57eb7c8a525597eb76827d0bf842d97ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\trusted_vault.pb

MD5 c0b5aad8c48c8675b60f9ff67cf0f99f
SHA1 bf74bafec244d4496a680140dedde51ada905dbc
SHA256 8ddfb7c3873679dd6747693877ae92716083a73fdab904954827eb6d353d09d6
SHA512 5cdc784662fb0fd46e51b1f4927ed9cb5bcd380d9394c25c737c1d6b3975779283bcc413a90988936b74388393530f697fccc6ebfcf18baa3b849e8f7528085a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Google Profile.ico

MD5 ad848f56a43062f4a4eab1c83e351856
SHA1 8fad453db89f428b8cdeca0d0fc45df449090237
SHA256 980f57a42a53c5419349696e5e2c421d252921d79fdc0923bf66867576b1e175
SHA512 e0486a151b3f607346fcb624f25f0fedacc9060a5c2354688d5ce0b451e46274f79f5828db0659239620583b3cb5d5e21b191c263daa6205163bb36132b09043

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

MD5 f7cebc5f71c1fd30eb8fb96b2830ef5f
SHA1 0a33fd30f1c8f98ef70801f1e85040b87297b174
SHA256 1162bf53153ece9ace0f6c3d986bb6b064e3b613aa9178fac484e172cc9bce23
SHA512 1e2d22b0c7265268c284b979be5cf540a3f0677a43a67756f3463b8aaf4186fdfdf0e396f7bdd1c1d5851bcf7a8c076103f8b3ad8167aef2a559cd256375cbc4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity

MD5 287840c84ec5a1b69a857462a62f372e
SHA1 d52976a1c7dd27b7511af844f993bffc23011e4d
SHA256 b1a17bfdda5068c34808c932c23287c16044a584f96060cd391bd62f5bebb4e7
SHA512 de1566eb142834388a73207ed6229a7dfe0c50227c0ef41d22854d3f0974dd9319bbfc70e3850008f6c18c484ff100b27806b03c06032cd790264889fe6d48d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8ff6a80a1db4fd42e735ab79aef093d6
SHA1 0e65ec292d4755b0e149dc9560c2fd1d74f710a3
SHA256 f2466c2b6a80b88378a2768f685325e665dfe87003cbd80d58516307adcbf557
SHA512 0a116ce8ccb6145460ab5b2b75e111b298fe138e337ebf973b5e0a5066b7b213090612e759aee0c7d3c865a8e57a4dec60a050f4bebaf87c8955920164e3f841

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\js\index-dir\the-real-index

MD5 2668d40277b5e8d289ded49143bfa25f
SHA1 42f974b576988e05c54f79667d80a321c5e39243
SHA256 8c2d01496497d8b94a6e9a6700e30803aea9ee3e385d820fdefb1ac0b33a29ea
SHA512 d96f20e16537cf387c2081b780d68e2fd0c9f79a53db580aac7b5558d5ffc36a2ebfdf0030949bbdc4d7306ce55d11bd21a19f002f8ce409f8c5e09e457041c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\js\index-dir\the-real-index

MD5 c765c97246c35e34126097473029b041
SHA1 e8ad4e5d83f1c98930bc45c5c7142eec957219d0
SHA256 caee48bd574d37f02e0e069a9e9afbab064084dead0237afbe423c29fed159d0
SHA512 085e19caac131d13ef5bef06b9fd1e469b02962f2777b7395a8ac703eff6d1c532093e72458175a1e90e70f78a109feecb63f76d78c4177d153a31310435e9c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b527b320b90aafc94191961b222e3571
SHA1 d3d848869d04a4bc67be15e2f28c7930f5422b0f
SHA256 2601e7426ad5891662c6cc47730452f22b34872538daac8cdada4547d742f9bf
SHA512 67c9405c9c0ba66e364e42a3f9bd453a89faf667af76bfc84d617954a3faa7fe29b7b6de9365f6dea0d7cb0a1eac4ff129b0b5930125fc0fc69d89ae80455c37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

MD5 84dfdb3e1f225a4b16ac5f0f96dca05a
SHA1 dbc26bc62dc9db697ba5b61fbaec5daa8f8626d0
SHA256 6fcdb678e225f61bb26211350db195e173b05cbd23727016c637607f32c79851
SHA512 36ccf7e13989ee25f3ad820da871f6fd580791f161e40d1df1aba8c6ed5cfb7cb1bf773f0cfcbe0dced629abb4f6dd38cd62dd96e51afceaaeea3f5bea6993eb

C:\Program Files\chrome_Unpacker_BeginUnzipping3520_1078937946\manifest.json

MD5 4c30f6704085b87b66dce75a22809259
SHA1 8953ee0f49416c23caa82cdd0acdacc750d1d713
SHA256 0152e17e94788e5c3ff124f2906d1d95dc6f8b894cc27ec114b0e73bf6da54f9
SHA512 51e2101bcad1cb1820c98b93a0fb860e4c46172ca2f4e6627520eb066692b3957c0d979894e6e0190877b8ae3c97cb041782bf5d8d0bb0bf2814d8c9bb7c37f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules\9.49.1\Filtering Rules

MD5 6274a7426421914c19502cbe0fe28ca0
SHA1 e4d1c702ca1b5497a3abcdd9495a5d0758f19ffc
SHA256 ae2fd01d2908591e0f39343a5b4a78baa8e7d6cac9d78ba79c502fe0a15ce3ee
SHA512 bf1287f502013308cdd906f6e42998c422ef1e272b348e66122dc4a4e471d01333b418f48d1bb2198c72845bdc950612597e179e612aaa1ba6cf8d48fb8f0cf5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity

MD5 3733f1fb10916cf3c93bac96dbd125a2
SHA1 e9026616f32ff9da344e1579bdc546b9e07312df
SHA256 924dc8811e59945152c2c2ae0a7a369a9f60798d61431f32f6db377a0761a649
SHA512 bbc1f7641a1b0fc6c45990f75a841175abe08a2a16530ab4d107aa04760fe28b10f0371d2624bc37f105259e9bfb7a879b1c227249efcec3371984953a237b7d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Cache\Cache_Data\f_00001a

MD5 5ce7bdeeea547dc5e395554f1de0b179
SHA1 3dba53fa4da7c828a468d17abc09b265b664078a
SHA256 675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9
SHA512 0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\2ca50a05-2b62-42c0-95c1-35f94b3f3e0e.tmp

MD5 3460368841df18d42a33506fc5bb17af
SHA1 42985a11cca2660b2af9c664e11d6eba99a9b168
SHA256 c6094fe32188df246c8591e47a359c1ff12c44901e8101fa7c4acbcb2a0cc701
SHA512 ce365c5b494dbfa7f025f00166bea9ce3aebcb5fabacc7f07b788b439dee59a20fa188dc4fd256370267f1ac90ab572a48a597ca95dec10a2f2298433a544ce7

C:\Program Files\chrome_Unpacker_BeginUnzipping3520_1096938642\manifest.json

MD5 6ae296a93fc8ee88eaf799655677540e
SHA1 572f980137b2359eae3fb3b7d7afbbd49956a2eb
SHA256 e724c985f35a6787020cc3a624733b1873b8adc7159e05f1f53fd9685ba8ee49
SHA512 7901489d0667ec6d83eb93ef3d88110efaf716f21611a1f7edeaf6d4aefd521abd0f0d619eb82a729b7405cd592575748be40e146ac930d0eb810b8376f359e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CertificateRevocation\8782\crl-set

MD5 c36b74969c62c43372b723427a3e683b
SHA1 8e77dfad2e3c08d5095281d6442163fdd6cfaa7e
SHA256 f64905596b87f3a7071bae04254eccc81cf702361129c4d8c06a8a1ada13452f
SHA512 930e5ce6096282001bf66b29d55838ad6ab84f4119f2997a87b346ab40dc9720d69ceadf20df01188e6985324dc4c5c9a40da6f5756b3015fd17627f79245f8e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\Network Persistent State

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\Network Persistent State

MD5 7740c4b175be84acd5c8f1f4d68d3097
SHA1 3153991a1efbbf244264403cfc859cbad0156556
SHA256 749d75fb329f4e8d7c017af025c6f4755be313c3e54e1921cd8a8f72de7824b6
SHA512 5b656ad11952f5e1536290580c310c7fcc57f9a1801e8c5aeee2ba710d4cda41496dd62894c87f7f6bf63cbf797c2c7439de4e52b5a03579a9e4aab2d4463466

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity

MD5 13c659642cd2a42d05e2fa9c5e31ed59
SHA1 f9a9175e701d6eabe00fc10e1966262bbd40c02c
SHA256 adef8ed9dfe361a00839f36723b491feca8085cccaeebb7a9a8a178aed83d579
SHA512 39185a727cd7703b77190a0a80320ef56bc5ced4ad45813728a683d6db334320df529bd1797a8287a9bbe46914a9364442456bdaecec1e8a0ff2893b5bef047a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\js\index-dir\the-real-index

MD5 dafdf5d478547766bfac59312c43060d
SHA1 11bc165c42c99e3b4a84b9b5e425a66816fd510e
SHA256 b3eee41b1b01664c819de72ac11d6b0010f5fc5f08c59d3ed64e336b470cde89
SHA512 6657072335d0f1e0632ad44a9d805964199733f7f95052d079fb47ed4bddb17bf6be37574fcc047c9ba7cacc3fe357b9d13a31181bc7ab14a26b16caf4771abd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f0ab56439a53b36f4e7e508a05ec1a89
SHA1 6eaa92d59b5977a8cf8511bcae14f88e9bd3a46c
SHA256 a7be9641f6314f218e152db3b66143fbd31e84e14ff32d3049525baab0b0a7d6
SHA512 e2953519d8c4b28bc1cb1038c020c6c90f1eefd790d28e23670d8856157b38f87c8d7c77458e409f764b2814a1bc2691ea37173c173bed69b9e058d15e623d25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\Network Persistent State

MD5 f159ece707d916c2614731fddeff9383
SHA1 47c9ead2ca2f92e6ce6f9ecaca17c7918aae854b
SHA256 ee3c53d0ca8ca7b7c5e3080699d6b665386f4425cf44e42d6c29af23b2646537
SHA512 5cdcd030dea27f519014b6cf6c86b9d9a4062cb2253b6965a603a625ebe9c23bd08889310844e4b092f2142cb3194952d7f4687ab018e87db2da86f6aa5dabec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

MD5 de9ef0c5bcc012a3a1131988dee272d8
SHA1 fa9ccbdc969ac9e1474fce773234b28d50951cd8
SHA256 3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590
SHA512 cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3bb76ec23c5506830ead56540e06159f
SHA1 94695e47d907e559e91e677cec4eb763dc0c5ca9
SHA256 6b40f4ae548688a472be3ca0c1b08ecf520b31e706fec0f9793b4666134eba06
SHA512 307f9bd06ca5ee753acdc450cf1599dfc8ed080d9a1b19d752dd9b7950377a5b04e44d374f12ed76abd74961c2b1f8ad6c93e4663ea77f5d6e066570c1aa6bad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 32b9dc9cc81d0682e78627c873fdd651
SHA1 46c486386d3e153c3e9b11d54cb52cf0064b71cf
SHA256 712196693e3527ac1131831f1a2108b6c0e5c68967b26d51a452611cdfb86e0c
SHA512 f18bc37f8b72411548da247aa1394cc5ac03c3bbd98e82eb8ba290ef239ef5b8625cf4835bd41ce7c52766d0bc3bfe9150dd22dbf62f0f05992ddde5fbfdc811

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

MD5 ad778be1790468709680dbf6cb3e6a9b
SHA1 483757fef03a2fafb70d3aaccf40a3ea6b2a8df8
SHA256 4322e7e69341075d336abeba3ce72aa14853e6e5695c64367dfc4be30b3cee0c
SHA512 af9a4b74ef12eb79229a07ca8c07b727f6a743801574daa6ff151893e78bec6eb485813e6979be44c67d2db95a0f87e318104da62fcac31fa84d6dc977160f02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9268495c7bc68783d09247af925ea14e
SHA1 6f2b5d24f8160c39552eaa5ed5a63e7a510446aa
SHA256 834a8d45a0d8d48da3bcd6a6861ea989fe4378a5e410059cbd3343605ee74fd7
SHA512 31c02010168b449698816a956384b898b2e37faf91b1c6d7cc7b064176639f46c0911beb3930ca2fb6c1b981c3d2f5dd281a3ce1c64bb5c42c242792796343bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 60b3828882e4e3b2a828eefedc5145f1
SHA1 aedc38f4c3e951797ec682db8d5df04702d23300
SHA256 2c2dc24aada94f1511683fda268b65aea0f40e05a8a5a0845179680df904ec4a
SHA512 08e14b6460602333aca1a000d8d06d20388c012e76b8b44dcd45b1ce65c819c4734d3e1d178213b139d5256431cc16e98cd4777cc5cbce31d6b51f2a5ad69013

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 8a2d8bed0b985fcc2114322aa7a9d1aa
SHA1 f0e22955f7010523b737bb5ef9f8960e162e8d3c
SHA256 2bec4e69d8d0f172c474ab23b9e1c9fce4bea9d69cbf40b6f8a24f8f425d0669
SHA512 d6b81c8bb6b2a9f56ac356e2b801db3158109ae34bb1f99f15911c72ae3ce642a1a61ea0a002d7e992dea6a3c90ee6f57fb1625aa122f01d43f7e7524069ddf7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8456b0e9dff4bf19e05b3accb0c4f42a
SHA1 0ab91a62ae5ee450cde88d74e1cadf0bcac3ce5b
SHA256 71f8b06d054f229a11b279b59a24aaac86a06176a3a28cdc81dc5bf58babbe9b
SHA512 fd59faf6bb0ad1e50fd8fa9d22638d603ad859b2dc56a7350c6f01458ac3e476127de28bc05acd01f4c41920ea5069983a143b0cee85db7b8ecc3b852e8f1a0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6eb1f1d6da55b397762338d685b6b6bd
SHA1 1c92ebdb4ea62cdc5ed89d22ad9d719183d0e7b8
SHA256 0488a899687f29f5e1edb422b342378447dfd59a5d211191122e80e5c767c37c
SHA512 0ccc1e2f00c9b8f67e1197866fef3702a32442ca28b33037b53a940ddeae9bd3f45c24d5e956f6e0bf86f399dfb95d913b8c286cf55c5f50a45105018c3ca21d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 09d0639b21d97e27c3251118c89c3fe9
SHA1 0a1a5c7040c01026af9c04cde4326a4430bbb178
SHA256 d7f87def85607a14eef3ef765fe8b515da7b9a9826c8642f8dac265e52e960ab
SHA512 301eb3eec8a78a7c0d741bea4de0390348d2c55f41e025640d0a4828a62f8f9070fffebb5ab612e0dcb46842141e27fc525c70b2b0d3057cbfe173df9cc3513c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile\Preferences

MD5 0c14568191c838eb97e86f6f4081265b
SHA1 85c3d413855b375a6ed36f51dd20be1f393f8001
SHA256 d77cb0416c20652636dcf32429428ac7763e385abfc5be6e4acabdedb0a6e977
SHA512 e7e6d8145783170f69eae70224e9c50053450fddcaf9d9328e838207ec1d07df296ea73243b2c62ea4436675f3411952e890d5f746ada70a6631754b50979eb6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

MD5 f05d84b4e7c6fd6f3fee6b2c948e586d
SHA1 63e581deb8fc9e8497caba8b700519279a09f6d6
SHA256 2cc5ef7d4d241c32dc82b56418c1e1b065153b4b9790a75199460aaa0ecf7cb4
SHA512 b6bcfa71922726be943b23c9b19cee7336cc611f8a9c61e3f0968b2eca94f77b6312c064238141ff9210f42d8a18bfb5afa041cd01ecee9aa84a8eb702bcfec8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences

MD5 c7621ad5a5db59a8e23cbbf2b27f80d7
SHA1 ab75b2f822ef0aab7d906753e8328dbb8fa1a8d6
SHA256 32727d7ff07c672ada6fb7ede8d2c29da590306b69390d5694f5a2f2e1012a1d
SHA512 c89d6ae190769d9a2183bf06e6e868be4f66ee95f00bffd55086725eceb308e8a1eb06b8d8567d260125e3266a2b5305551787d3a4f4392a10d40dfe09023d62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity

MD5 76cfde1c8ea93dc6bd213361dbcb0edb
SHA1 732384684ad45cbf0bdd6b3af3ab994c7e86c845
SHA256 7cf0d5628398e964f230a9d278ad619e761aeafcf308c981f6743ddfccc47032
SHA512 df50be5ee94ee03c1a89d15b146e3226ce76a099c0afd093854a11bc47248cabec8e58ad137004103fa789b05f24eb2661064bc0836d83d3a7ed64446cc9d699

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

MD5 7be5738fe0a98af5a6482477a45bfb44
SHA1 ecffb1f9c8cc4c8c692a3cb3bdf364a695dced7a
SHA256 f87633031761063b1401dc32e260a11df56fb29b515ff219bcd1415f4ee954ba
SHA512 f302ad15c529bb5fe6f42526105f93575c9f4d3998730fa5849e48f7e1b450edf47808ced885510b1db6d43ab6928aee4346c253c14202bf15d2a674354bb13f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity

MD5 9436ccddfcda3d63260311348260fef6
SHA1 2a0448915c705e250373de0338e6cea0c1f5d5f1
SHA256 432acd623698cdb91c1c970b992adaf8fb5b067ad3a0d0798acf8111529f3dfc
SHA512 c7d962251f7d20fa476acad3298bde43150f98529585303cad20363a2b8b42a6871c8971f833465ddc1264f5d643c9acaad15d2891d892d0a46d6a9d96283354

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity

MD5 aeea8aafbde7dcec2451e1d8e88449f5
SHA1 3f0b9c9a49cd0bdadadf9dd457fd8a2673b6a907
SHA256 7b9a405db53dad7c4736b02f715667952927a98156c49c8c505f3aaad9c99421
SHA512 a8a296af2015acb2561e143a29e6eb87221a927da4d49c1a7816200ff944e45cdcbd97cade9be75bd57fb0e50e50e662dcde134faad3ca9e07130d4f28d015e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

MD5 bb9b9b6e1b6ceae07333db310366d3c3
SHA1 7764c8a91c6f04c9a57b6b78f30b31f307b6b444
SHA256 c79dba07823ec6f6e1e5e873fe62298f5d3eb982de0064ea91f3c718c230d1fd
SHA512 7b84c807ebb0c280acc8b3d96a15b4d7133b31e5026b567384e60bb494a65b7f0b08422794bfb228faff3332acdfc512f87d3008f9c864299df65a63274a7d64

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Cache\Cache_Data\f_000048

MD5 9527449f04670b12c4fad09e69bc84d5
SHA1 c2aaf72dc006b2f1fd385034130cea117d7213b0
SHA256 e0c62faae58a8f159db7f3bfa843ddd8de166751b0c55d0a580a7bacd1713629
SHA512 4f337f2743ba7b08ffe512cad86c3a71a282c66d4904ed901abb52a011f7a42b33ec3bd4e6e6672815f9dcd5e16ef19b0acba04e658c07fc1223488024207976

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0faa66e844086d728f92dba640d16c37
SHA1 77787835f198f18fc425472061b5fa5f039174c5
SHA256 96f369c471309d81279d0dac7126a1fa2f4dbad8e09e466baef689f54ee4c856
SHA512 87ac1fa7458e472474a145592f6eeea87aff409ca0192df2821af1c3e0258f80f5afd89368c3e53c3c9f6c71828d24001e660c3d0b6b887ef075beb5f0f0a0df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

MD5 d48d9f3e490f7d60b3b6a28d2f29a11b
SHA1 d938ab1ad0bf02e14038dabcb242d691a410b273
SHA256 4e4a2a0d27cd1f47d9c5121c109a5e1cca5237d9fb4aadc15fc8f7d220ebce48
SHA512 7e5ed51a9b7e0b2fb1a519922c8fc21fe923bf51f3b207938e705344184e32f38d5fe9cc594c78ec16395399f15ccbf8f29b6183c34d6b828a216f59014f14a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\Network Persistent State

MD5 db95e6f4c2b7a180b8d9d2a18d71f3b9
SHA1 f340493a5274afbf0b2b0d9a1525bc783cef707c
SHA256 5cf98ea96fa72afa686d35b7ed5ecd9ecbb9bfb67c8a91080b25f22b9508d72f
SHA512 61f2787ceb483094c340b634e896dc6e643faf8d2e831c1acb795d9958d4b5cc93ee52d73131469c4559fb37cf9b20dd90c1e9e5b3ae4b960bf389ce84c8b79d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity

MD5 fa017cb0f40489cf56cadf0a8d928a79
SHA1 e98588c2cef4b3e2c2c2d7186973223532c43df3
SHA256 c3222fec1ed45ddd5c09ec123cbebfd2eb6db53a501d57e9aee67de55bd73b68
SHA512 d27d8177dbd7aec2541f7dbe953a5002e7df88fbc82a6686a69afccfadfa5264d5fd24d5a59d478fd508aa04848e3946ca38cb81071df5c685667c92c48f53fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity

MD5 9fbceebccc44040afb60ab436180e495
SHA1 2f1dd51e3b09aa1885e3d372950f253d6e173503
SHA256 89bc468795337f8669005890f8df49d4936160ce149c49cfb4acff4a4a0ed4e6
SHA512 4a7c675855d603500ff3b1f01105a2ddbe892ba6d83513aff57c70d572ef2e67ca6d6c7b065acbffe02b5a6acb543cf2602ca3e07bd5abcef1533f4a976239ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\js\index-dir\the-real-index

MD5 f01b7ad8cf93da99867ef6b986031e4e
SHA1 1eb3ac26fdf3b66914540acb210183d63462e700
SHA256 75dd017fbb5a5d6635d2d5774c48cd0e40bf477a2e69aaf6086e9e1b8648c1d4
SHA512 0fdc9893de6174101417c12a14bb74b53d39a76a80fe099020c6f974caa4a1505dc2e9f837f58cc47cad2c5071df32358a76c2eb4f087934a325a3b1c22cbce7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity

MD5 ba2630c79da07b45a75103376f8135c0
SHA1 372d2c2897d03c0e3d85c926306da5c8a92caa09
SHA256 822c70f9b8e6055057916a24cff7f7ddc6379307dc88bec37b8a6a2c70273573
SHA512 e2fca4f3f3b1a2f18af8fb07b08567f95c1b935961b85e066cd5b424495cd2ffba96704e58dc593342523afde2495a6143a09fde37baf98e0e5c204afe4351f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

MD5 d925d51a524ef6d246b0ed722269dbf7
SHA1 61a331712041af857860dc6b9c64f04bed4b4416
SHA256 82b79b6f5f565bf8014f902f0e3c440794845d290aed0ab8057b9680e359436c
SHA512 52857cf76a620397bc299d663eb3e84f9cdb7f8d085f4e546f3942918abdbcd49715df1fa4e43e7bbf1196bc2ed3960f26841e1801d672e5d87b30bf717d1138

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 8e48b91396d227c02dca169e9b2e62b2
SHA1 babb05aad1deecfb3fcca6332f3de676c5f73566
SHA256 0dd5ab2b5efe85cef4b54ddb6ccb0d627b5d28d1d75627d85e0e99639a939119
SHA512 77cfe5467b43325c2c4de4b1c0d167c616496819641b273fabba0d48b46d4a33a55d265fdb578795826209b04e5c3575f726a6ee1533e68d18299ccb4c451beb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\js\index-dir\the-real-index

MD5 2671149a4f977f5e57819dbc918bf11b
SHA1 2e1a6be395767758c6241781797a788f1ba0765f
SHA256 34adcf5d240c2b913c4b3d11d0ba827154a915baf2b9f98cdad778c9e78d755e
SHA512 060df44307d0a1f8c5c6b54a267b82f9aadfe3163bd76bfd9b09358100d0a8010d10e0be630a854f5cad472adf536d74edf15c19f06299af7a25d5869627290b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity

MD5 0270d1b4f3766371ca8d7c75226f999f
SHA1 7b87b0270c147a338a55c942e08eb19d86083004
SHA256 c0c522de9a7f19e2a0fafeb3d3a1630c65c4f9d2a55d86511fd4eb9be5b79a35
SHA512 704b83a16f817c2e8b5272cb5d7e6888d243e467f244e9aa7b33e71386b2e02516a6239d6c83e7fe8fe550c7f44cad1e780e04ba9589aea5a20471589d59f2a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

MD5 f320f2389597857bae33b2e852a4047e
SHA1 7c0cbb141b3d0bcf6947ee609195d5886b27898f
SHA256 1de7ad22a494027e1a55974c6f4a697af7cf6affb00bcbe9f2204269a727e505
SHA512 1f571e5515f01b9b8954ca788a5eea778faae1c6452f080bcba4a93061296e5b8aff858125514f97b9b56f3671b51d4f489c0056c9eec893856bc1b972613c5f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4e57230c95241acc25e4f21a5cf79755
SHA1 465fe72817016bae393de5d24dd915393cf9c40f
SHA256 19298c6edb100a13e76201166b755810b8ec028aae6f79e4579628a391ad50b2
SHA512 c0afc590992bc24477e144970de2088f0642b79a0741a413152abac65041a5cf482e5a8c3ad074a26844fcd1fdaddb184546be2378af127df63b5fb4d54a4fe8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Cache\Cache_Data\f_00003c

MD5 852b0b2c2d8124eb0074ebcd068910b3
SHA1 d5725c2f174673a1a71d22d54e36c485cba702ba
SHA256 4bbe4f392079c9f4fea1a49a2fcfd9c67c2f55ed93e55db68ab050912855e06d
SHA512 5078fffab1191cd15220eb2d840cb7feb4bce697b11374a3a856f970496dffe3c01d1eccc8c06dafaae171274efbae052a89e4d57d9ff1149153269e31e71dfc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity

MD5 760c690d6749da9ceeab2c21f66581ba
SHA1 1c3c04562849ac261b40f355eac2121db640b7c8
SHA256 2194f2851a866b23ec86ff3bebce638d8be82d84df389fea541c13795273c12e
SHA512 d664135cfd38542c462c5936b77d789fff7415d739dd57cd0ddc7ba56db8e9178270b7e97db12f1996abfd5529f2e211d303c58ca02d2fd04e7d1218098de328

memory/3328-5411-0x0000000000DA0000-0x0000000000F16000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

MD5 7c1c870923628627f35e727dc3e6316c
SHA1 fe057a94cf8209d3b1301118c9f194b7cfaf4b6c
SHA256 e91879441ab35a075dd6a93d148b1a90334fc798ab21a2b9fbbe333cce72827c
SHA512 a5095987a11ab11a771092d3798c67d742ac718fa58e01512158e9e3d73ac6890e3776e5eb7ac056527ca41ce04172ededc2953c0803e055d92551a8367c516c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f4d97d8a77e45820555a8c9771df6ecf
SHA1 bd63e63790200a1e667a62be4763eb72ab8ed6b4
SHA256 a7d86273733786c78f4902ed38b29e28f971a034e991b14f8da9779d34a23ccc
SHA512 83bc0e69bce7e3ccd2224896fc9a0f75e5bc91a0f8f939a0c201ae612a7686c48b43c97f6319d2908669bac049972ecbf723f8514651e34c63b41f78ecfc4941

memory/3328-5620-0x00000000078C0000-0x00000000078C8000-memory.dmp

memory/3328-5621-0x0000000007940000-0x0000000007978000-memory.dmp

memory/3328-5622-0x0000000007920000-0x000000000792E000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

memory/3372-5653-0x00000000034C0000-0x00000000034E0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity

MD5 aada43052acadc9f4fc3e15a3ff5dc28
SHA1 824d1283034aa83d8f487d3485da822c3da45dbf
SHA256 7f44239d43ca9f5e1a193e961fc05550823b8b00183a1a004e361bca4d45b001
SHA512 3a631fa19bddd8d5219eb8119aeb44aeabde0cae6694c1d4b75c73127c387b68e847ae3334365b3b2459ac60a6800e024c1f0e4cee18a4fec46e3e88f4e86c34

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

MD5 45dc85f0078bfd046a3a57591c4156eb
SHA1 e081abc775aff80d3dec7b259781ff40c374b4cf
SHA256 d42f6bfbc8cef701f7f607e0f45f6fdb0547cef0e6230d58a7c09421c46549ae
SHA512 e095b05b038b41e5b126a208af0bd82ddb956f9cd46624fef6fedbdb2767fa676642639dad62412dfdc26455ea9a3659a3079a784c44a77a53b9d33a091ae57d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\js\index-dir\the-real-index

MD5 42cd7732fb453a8d4dbf59c8dcfc2bb7
SHA1 8943c93b6a1eac4694c54006ddf5afc275e2a2ab
SHA256 7c800a6e26d2f51efb25ad94c3d1ec549c41a46736bc85ad7e7d9dec3e0f7c48
SHA512 1a72e900d2c92fae6692a3afaa4940429b4720bb919a0e545ba02a5ebc66486fa0baa83d0aab183674bd688e58e6b1e8d67b6c154c86a9a7137678749b4b487d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences

MD5 6d5c39a650e1afdae12778902fc28f14
SHA1 a15dcff940c8b82ab43803138e4825b082af4f6a
SHA256 e0d210e5976cfe2bac9125575aba02e915a2b850979661a9488eb587c624a268
SHA512 d5a2cb1295d90e080fb3886ce60cac4874bc39dd8bf9bba53e0d59da5c29a4abd05a7bb1213c0910ac1efa960d92add36e93a62f9a9af41e78d19530f76bdf87

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9c12bf762b94205a467fd56ab50ebf7a
SHA1 af52c04516e55f5de687ebde6ac812b95ff2404c
SHA256 af3c3f3dcf8e9c649a8e815fa241708b09e1c48284e19aac778b64b1645ef00a
SHA512 fd1b33f933fe7153facc06bfdba89138ec35696945ff8428b238bb854e18d5ba557d17b6ddedcf6c31b023eb9e72052fad8089cfe536280349a9976d3a5ee36b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\Network Persistent State

MD5 697030b559dd6cc9644cceffa092317d
SHA1 1a67587973216c107312e00c79022e556af0eeb2
SHA256 6ada436ebeb282065cf1ab9501b0c04e97e7e90aaaa49910088a5eee5747a922
SHA512 ad18c45517213741dbd0e4955c2232ee0fd9d28601f8e4d48b7321f7863f855451a7614f4121426a268a797b020f78950a9b98c2d443cff3eb3e32c437342526

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

MD5 5c1483ac23e1b5c8d8af81b5e9e0e742
SHA1 fc7e47af89b03eb983a57d3b66512ce0c49873c7
SHA256 509e6f68abc86dfd2931fb401803ea91e949549401da0fb66f4eb31093665784
SHA512 b1ba0863e55d24863d151244ca5e17f0c0351f1c059dd56032f8c9b4b5f613d5acccb1f638151cf9b3b5297296799e17d057765a4575f79a62074ddc6c0b40c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9badcc751a877af485279d53c106cc6c
SHA1 9ac350ecf2ef8ad5ec886f09e12d0c95a7c28d5f
SHA256 1512f1f71544cfcf7e31115b460711efe21bb058de9fb23cd20e41044e2f3b56
SHA512 cf5b1e89a26f7d59fdc8dfd7ad6d62788004c293f95d865a4a39586bffef30d765241241a7f36a68e5cbe76ae2d4bca8c4bfe80206a84d3e2d418cddef874ab4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity

MD5 da189850315ee2e8f23626e6ef169d25
SHA1 a450894201523dd5a0916fa45372be2bfdccd6e5
SHA256 ed97b01f789e5546e7f58cff22b737a04b356e9f29d2e17a18ea25d28464a39c
SHA512 d72ddced21884d0d86bcf9c9d2642b05ee6dced1220f21566ca7589235707d744055449a3fa90c39eb752320483a7a811ff8b2366437e6a0b3e4362e26fa1960

C:\Users\Admin\AppData\Local\Discord\app.ico

MD5 084f9bc0136f779f82bea88b5c38a358
SHA1 64f210b7888e5474c3aabcb602d895d58929b451
SHA256 dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43
SHA512 65bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb

memory/1616-5857-0x000000000F030000-0x000000000F031000-memory.dmp

memory/1616-5856-0x000000000F030000-0x000000000F031000-memory.dmp

memory/1616-5855-0x000000000F030000-0x000000000F031000-memory.dmp

memory/1616-5883-0x000000000F030000-0x000000000F031000-memory.dmp

memory/1616-5882-0x000000000F030000-0x000000000F031000-memory.dmp

memory/1616-5881-0x000000000F030000-0x000000000F031000-memory.dmp

memory/1616-5880-0x000000000F030000-0x000000000F031000-memory.dmp

memory/1616-5879-0x000000000F030000-0x000000000F031000-memory.dmp

memory/1616-5878-0x000000000F030000-0x000000000F031000-memory.dmp

memory/1616-5877-0x000000000F030000-0x000000000F031000-memory.dmp

memory/4712-5889-0x0000000010830000-0x0000000010831000-memory.dmp

memory/4712-5888-0x0000000010830000-0x0000000010831000-memory.dmp

memory/4712-5893-0x0000000010830000-0x0000000010831000-memory.dmp

memory/4712-5902-0x0000000010830000-0x0000000010831000-memory.dmp

memory/4712-5901-0x0000000010830000-0x0000000010831000-memory.dmp

memory/4712-5900-0x0000000010830000-0x0000000010831000-memory.dmp

memory/4712-5899-0x0000000010830000-0x0000000010831000-memory.dmp

memory/4712-5898-0x0000000010830000-0x0000000010831000-memory.dmp

memory/4712-5897-0x0000000010830000-0x0000000010831000-memory.dmp

memory/4712-5896-0x0000000010830000-0x0000000010831000-memory.dmp

memory/4712-5895-0x0000000010830000-0x0000000010831000-memory.dmp

memory/4712-5894-0x0000000010830000-0x0000000010831000-memory.dmp

memory/4712-5892-0x0000000010830000-0x0000000010831000-memory.dmp

memory/4712-5891-0x0000000010830000-0x0000000010831000-memory.dmp

memory/4712-5890-0x0000000010830000-0x0000000010831000-memory.dmp

memory/4712-5887-0x0000000010830000-0x0000000010831000-memory.dmp

C:\Users\Admin\AppData\Roaming\discord\MediaFoundationWidevineCdm\x86\1.0.2512.1\_metadata\verified_contents.json

MD5 63fd59fa0add028e500cdf294bb34159
SHA1 ac599d27abf1bf2c46155c50ea4aa77a8f3c172b
SHA256 c6d75c54b38c882c4b8d904d8c818fcd91715c584720e4c2d27260190e06994d
SHA512 d23ae1729982e84e4e39301d15e41e46771cc58072362bb3e931c64e5b5b20d7391127e49629f70169e8daea4fbc52f090508ba26abea0069b10f97e2f8c5dd9

C:\Users\Admin\AppData\Roaming\discord\MediaFoundationWidevineCdm\x86\1.0.2512.1\manifest.fingerprint

MD5 868a4446a941658e98d1818d39dfc5b6
SHA1 261582b02b9053a77185c49e0343956906aadef4
SHA256 4611bd1a14d4a37a0c62686b18460dc50ac2b5f6b8a6408a17473e28320a2d50
SHA512 15c075196cb1c7c04501cfdde94fbf80dcd381881fd14b26cde48f524648e6642baeaae3ed87f013d3e01650dedca83da99a74a65344d24b1cf2ff4b0638f914

C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping2488_1118122894\manifest.json

MD5 96b854d7b26505b3a8027ef5095fae96
SHA1 d8a502671b5bb289dede8622d36cb1ce9b914291
SHA256 4668f92272960dea1ed7627a579ddbb2245e905bbffb32e0ba995d2e555ff544
SHA512 b5ee716d7fabbeea2162dd7e8cf1273ee9ef3f47bc2f51ed30bdbf23809be0000e472f04fb313b5bf22e236ff3b6482c1e3a2505c54be08dce43b94adf42bc04

C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping2488_1118122894\Google.Widevine.CDM.dll

MD5 03de6bb50fc3a491210b05f4e372b5f8
SHA1 ccb57a391a86e09595662cd34e2ce1c734aa4428
SHA256 5271174e70abe59a386f9270b64f92b76ee42ee12dafa709842432d757b0a437
SHA512 35bfac017b66a28d8e243c7ab3573e32259685550cd8f2c2b3d2c81ee7ff1dda60759a260bea90065634a3560ebbb81e6ec3c0ede9b4ab78a3f82b691f89575a

C:\Users\Admin\AppData\Roaming\discord\component_crx_cache\neifaoindggfcjicffkgpmnlppeffabd_1.aa7a88cfc4e7ccd45b4cf3aec4e741da4c0cf6141574f4c31f9b5aac225978bc

MD5 7bb4917013cdae84a77bd72ca8f18b36
SHA1 b68016d1491a974d6fc11e27591cb84ab4001693
SHA256 aa7a88cfc4e7ccd45b4cf3aec4e741da4c0cf6141574f4c31f9b5aac225978bc
SHA512 2c700e5769e3dc92efb788a253625db4c4df01132d08ae9a4f7dd4f3970ac7627e010a1f69b0a3a1d21477a5dafaf0bb1bca7d80e78eb5b28b46d5156d33c657

C:\Users\Admin\AppData\Roaming\discord\component_crx_cache\oimompecagnajdejgnnjijobebaeigek_1.2903aec9f77378fa19280af8ff89294fb9ce2caf8e0092c69e19973c0a9cc6fe

MD5 5d9ad58399fbef9be94190d149c2f863
SHA1 45f3674f0425d58d9ffc5d9001ff6754f357543c
SHA256 2903aec9f77378fa19280af8ff89294fb9ce2caf8e0092c69e19973c0a9cc6fe
SHA512 9a9532cce2de086d5934235d21d27b8a0863ae902a81151a728364aebe044faef5e5805d64efe68d67a5a5aaf408f74954d08f10c6a011dc9ea82c629339d3b0

C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping2488_1677434105\manifest.json

MD5 0359d5b66d73a97ce5dc9f89ed84c458
SHA1 ce17e52eaac909dd63d16d93410de675d3e6ec0d
SHA256 beeab2f8d3833839399dde15ce9085c17b304445577d21333e883d6db6d0b755
SHA512 8fd94a098a4ab5c0fcd48c2cef2bb03328dd4d25c899bf5ed1ca561347d74a8aab8a214ba2d3180a86df72c52eb26987a44631d0ecd9edc84976c28d6c9dc16a

C:\Users\Admin\AppData\Roaming\discord\491659c0-b297-47cf-93da-111e79adc9bc.tmp

MD5 58127c59cb9e1da127904c341d15372b
SHA1 62445484661d8036ce9788baeaba31d204e9a5fc
SHA256 be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA512 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

C:\Users\Admin\AppData\Roaming\discord\Local State

MD5 890f9f3fcff99e026b7436f95619cd45
SHA1 d2de64ecea099363ccc3ccb9af51c00fa1296f1c
SHA256 2d739d27878ce851beaa7fee8f2f54fd8bf647d4002f1b6241f4f105954deddd
SHA512 3b17f7262e55734fb83f48f0bc1900f6206a04b0c3be0e60e1dbc732984ce2354426a90a10380b5b4a83274356f386a30e45cdaa0d41296b9e329ce8dbec1f68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\js\index-dir\the-real-index

MD5 0834c0f5e32fb68c72e37944de87cf23
SHA1 991b5a2c367e674bef399832b93a0e910bacc587
SHA256 218edf1ab8bc526b06c6580892766f6d33600cf547aae3759ac5c0ecafec374e
SHA512 8be8619da9c90542007b96a6cb16a29f9c3b24e7fc20221744711744a72ad6a817f54bfbe6405f5884eaeadd3cec4953909ca978a0eef5beaf3dec25b1e3d7e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

MD5 f47f3abea3458a9fec6ee4e496e2a2c3
SHA1 60dd35afb82354720c9ab7dc007ddf49f9787472
SHA256 fe584257e4f6b70790ac00f65dc2cb724a93730cae74644fa9c7606a830166d4
SHA512 42e8232642fd0f39e2ff880783f0187fd9654cc3a805ad21922dcbea0ae6bb5808a7127c0f2a60e9afb7281bdd63537e4459e05ba3dd4337597b819b6c8e00aa

C:\Users\Admin\AppData\Local\Discord\download\ffe1ca1b5326153a1647e82be805c87cf0caf0a21ea4b87ef30374fc612fbb7c

MD5 c048e1158577dc09d01fc5db7e6a1d56
SHA1 ab67664f6f9686b32cf2063d858424480385d662
SHA256 ffe1ca1b5326153a1647e82be805c87cf0caf0a21ea4b87ef30374fc612fbb7c
SHA512 e26fd580daac19950c513da0bd74972ba82af9319afa19abf7d192c709f84bc7c4e22efa775f04d8cb1209cce67dd99bf7f2cf759b8b75a94979af1eb51ebade

C:\Users\Admin\AppData\Local\Discord\download\995585af791559893d29b9462ccc52d7e41678d0f03a7bda3cb81c75a51f1f7c

MD5 22a6f90ce46de2429aad0c175a1e6d72
SHA1 6742f204464e729a1fc4bbe447f8bb2ea6933303
SHA256 995585af791559893d29b9462ccc52d7e41678d0f03a7bda3cb81c75a51f1f7c
SHA512 ede3c6d3aed5bbac8c1a125debfc09e822465aa8e1f5f0b3e50f17287fb2909124ca0377771573890a63c21115eeb2a9c9b35ccacd0cf8f0dd7a18abf0b8f2c1

C:\Users\Admin\AppData\Local\Discord\download\7bfabc198efa2db829ac4388a164ac5925d6eb24061643d6d64c93a80f3b7b9a

MD5 6ea8d761a7eedaeda91d5fb91acb75bd
SHA1 ad486e8de4c0757408021463e44e33bbefb63f8d
SHA256 7bfabc198efa2db829ac4388a164ac5925d6eb24061643d6d64c93a80f3b7b9a
SHA512 78622e934b915f968906b9c9c7a560927086c568ef1a8c0b5aafb0c44981b7aed8f5e2e5904a4805a54974e74ae12d6dcdaef7e166d48d2f79b1b1218e9e42e1

C:\Users\Admin\AppData\Local\Discord\download\c5d20a611266d3b000d4aa6b7050be09a0398d7b3613012bbf2ce6a2d5ee24a4

MD5 6101db32b65d382df90357ba7bfc9492
SHA1 cd61cb9546da7a2125eff74a245fcc495dbce84c
SHA256 c5d20a611266d3b000d4aa6b7050be09a0398d7b3613012bbf2ce6a2d5ee24a4
SHA512 aef6020f0d320e8a3c56f978b6c3e3d3da572fe940227e2190ee515335a80c518189ab5d8ef373124b67bbc179f8e3df6c09ad11067fbae4266d948670678290

C:\Users\Admin\AppData\Local\Discord\download\3c9228576941a18242cb54cbb255b5f577d7998ab147d25c39bb93d21dbb739a

MD5 2462752e0d08f97d1f7b62c728435d81
SHA1 62ccc0bcbf1222530804edf4e8f1390880e83c8a
SHA256 3c9228576941a18242cb54cbb255b5f577d7998ab147d25c39bb93d21dbb739a
SHA512 2f8a0754f58070924bc70600ee4d4b16a342d219c8c54b2f8e3d93d561bb488e918d1dd8ebc281b42fd2c4e473e87676d59134974ed294e429c80e54c3105187

C:\Users\Admin\AppData\Local\Discord\packages\RELEASES

MD5 627bf2613ff34c1714e15a1d6c191a8c
SHA1 d7d91bfaf36f1ff178bbe70598cb7aa3868d07df
SHA256 bd48aff278078a054ba12e8b3c96c51d60027d2fbdee1445c966af8babd9c5e2
SHA512 c78bc72f288f5f2efe740ad380e07ba638e12971fe2914eab75a16dd0fe2132c98bd69af3b7715f16df538d2c194a002b66b172fa223f446af51480f9324ea0c

C:\Users\Admin\AppData\Roaming\discord\.win_arch_transition

MD5 b326b5062b2f0e69046810717534cb09
SHA1 5ffe533b830f08a0326348a9160afafc8ada44db
SHA256 b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
SHA512 9120cd5faef07a08e971ff024a3fcbea1e3a6b44142a6d82ca28c6c42e4f852595bcf53d81d776f10541045abdb7c37950629415d0dc66c8d86c64a5606d32de

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 75e8e2b2714245001ef3dbc999cc4823
SHA1 0a400a7e746ac4c1f1bd07c9a33f1914d0a119b4
SHA256 aedf206e31c710361aa2a2d2cf781179a1e0fe73f169b13d868439416c163c09
SHA512 d16c45ed839e1d75f13aa40588d037b525dacac2d9b47cb65237b303a4a6d9a76ae74d00a47860d4d45be30f712fe0d92d6e315de2d817fa7b645a64544f28d3

C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

MD5 8bf305d9ccb698c4790504708c4b6f31
SHA1 272321786165a709aa92d98c995da42689df5522
SHA256 4aa579df2097027b7c2ea282df9600b47a48ec5a4ef9815563f360887ff9d845
SHA512 24c99284bc714a83735dd834a68839278e9fd4f41b71c3b4b1c7c0cf49aa9ba35cc97f6b68177c64b555b5259c0a891abe356f6068ac3da7bc8b0a01b1cb629b

memory/6156-6944-0x00000293228B0000-0x00000293228B1000-memory.dmp

memory/6156-6943-0x00000293228B0000-0x00000293228B1000-memory.dmp

memory/6156-6942-0x00000293228B0000-0x00000293228B1000-memory.dmp

memory/6156-6941-0x00000293228B0000-0x00000293228B1000-memory.dmp

memory/6156-6940-0x00000293228B0000-0x00000293228B1000-memory.dmp

memory/6156-6939-0x00000293228B0000-0x00000293228B1000-memory.dmp

memory/6156-6934-0x00000293228B0000-0x00000293228B1000-memory.dmp

memory/6156-6932-0x00000293228B0000-0x00000293228B1000-memory.dmp

memory/6156-6933-0x00000293228B0000-0x00000293228B1000-memory.dmp

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping6764_1033960215\Google.Widevine.CDM.dll

MD5 477c17b6448695110b4d227664aa3c48
SHA1 949ff1136e0971a0176f6adea8adcc0dd6030f22
SHA256 cb190e7d1b002a3050705580dd51eba895a19eb09620bdd48d63085d5d88031e
SHA512 1e267b01a78be40e7a02612b331b1d9291da8e4330dea10bf786acbc69f25e0baece45fb3bafe1f4389f420ebaa62373e4f035a45e34eada6f72c7c61d2302ed

C:\Users\Admin\AppData\Roaming\discord\MediaFoundationWidevineCdm\x64\1.0.2738.0\_metadata\verified_contents.json

MD5 3e839ba4da1ffce29a543c5756a19bdf
SHA1 d8d84ac06c3ba27ccef221c6f188042b741d2b91
SHA256 43daa4139d3ed90f4b4635bd4d32346eb8e8528d0d5332052fcda8f7860db729
SHA512 19b085a9cfec4d6f1b87cc6bbeeb6578f9cba014704d05c9114cfb0a33b2e7729ac67499048cb33823c884517cbbdc24aa0748a9bb65e9c67714e6116365f1ab

C:\Users\Admin\AppData\Roaming\discord\MediaFoundationWidevineCdm\x64\1.0.2738.0\manifest.fingerprint

MD5 d30a5bbc00f7334eede0795d147b2e80
SHA1 78f3a6995856854cad0c524884f74e182f9c3c57
SHA256 a08c1bc41de319392676c7389048d8b1c7424c4b74d2f6466bcf5732b8d86642
SHA512 dacf60e959c10a3499d55dc594454858343bf6a309f22d73bdee86b676d8d0ced10e86ac95ecd78e745e8805237121a25830301680bd12bfc7122a82a885ff4b

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping6764_1033960215\manifest.json

MD5 bbc03e9c7c5944e62efc9c660b7bd2b6
SHA1 83f161e3f49b64553709994b048d9f597cde3dc6
SHA256 6cce5ad8d496bc5179fa84af8afc568eeba980d8a75058c6380b64fb42298c28
SHA512 fb80f091468a299b5209acc30edaf2001d081c22c3b30aad422cbe6fea7e5fe36a67a8e000d5dd03a30c60c30391c85fa31f3931e804c351ab0a71e9a978cc0f

C:\Users\Admin\AppData\Roaming\discord\component_crx_cache\neifaoindggfcjicffkgpmnlppeffabd_1.c900ba9a2d8318263fd43782ee6fd5fb50bad78bf0eb2c972b5922c458af45ed

MD5 f265d47475ffd3884329d92deefae504
SHA1 98c74386481f171b09cb9490281688392eefbfdd
SHA256 c900ba9a2d8318263fd43782ee6fd5fb50bad78bf0eb2c972b5922c458af45ed
SHA512 4fd27594c459fb1cd94a857be10f7d1d6216dbf202cd43e8a3fa395a268c72fc5f5c456c9cb314f2220d766af741db469c8bb106acbed419149a44a3b87619f1

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping6764_432809062\LICENSE

MD5 f6719687bed7403612eaed0b191eb4a9
SHA1 dd03919750e45507743bd089a659e8efcefa7af1
SHA256 afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59
SHA512 dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping6764_432809062\manifest.json

MD5 2648d437c53db54b3ebd00e64852687e
SHA1 66cfe157f4c8e17bfda15325abfef40ec6d49608
SHA256 68a3d7cb10f3001f40bc583b7fff0183895a61d3bd1b7a1c34e602df6f0f8806
SHA512 86d5c3129bec156b17b8ebd5dec5a6258e10cb426b84dd3e4af85c9c2cd7ebf4faea01fd10dd906a18ea1042394c3f41a835eae2d83dc8146dfe4b6d71147828

C:\Users\Admin\AppData\Roaming\discord\component_crx_cache\oimompecagnajdejgnnjijobebaeigek_1.d9a253514b6a010dfc1916c55246797e5773f13844ea3ec2d25078e845fef760

MD5 17c227679ab0ed29eae2192843b1802f
SHA1 cc78820a5be29fd58da8ef97f756b5331db3c13e
SHA256 d9a253514b6a010dfc1916c55246797e5773f13844ea3ec2d25078e845fef760
SHA512 7e33288afd65948a5752323441c42fcc437d7c12d1eaf7a9b6ae1995784d0771e15637f23cc6bc958e40ea870414543d67a27b4c20331fde93d5b6dc6a59cbaf

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 a45a8d831d831c05b24a14635b5eaf3c
SHA1 2f0edc1854180a89fe27c5e6135adc4df59ba15b
SHA256 4cd94e7c4c6d7029b1d30e2206b63b0b4b021be6deda318e242da427ef8cb882
SHA512 1c56c199f2bb641bb6e0595101193e9b38cc7034eb82583ddd0de87652adacf46d8daf31455a7c9f6969538f752fdbab51c02a7dec583372ff0472fbe2834e60

C:\Users\Admin\AppData\Local\Discord\installer.db

MD5 b37d19e0fdb00e20ce159975ff58acc6
SHA1 aa68fff65be216199e51c5d9a57d8206a246074d
SHA256 758f6b9c9edcd255bbc21de45a6ef0921aa615d05e646e69e415998c0e4c74e9
SHA512 46fc3e1a74fd19d12c26915249bdee70875ec7b843857bc6c795dcfdae8d17d997884420554aa655b18f25420e2a3cc30b97173109dc1389442b61acf07a206e

C:\Users\Admin\AppData\Roaming\discord\Preferences

MD5 0ad2f05d2d86345ed4fb0ef922f8ee1c
SHA1 7bb733b0401789acedbd87bf1e20a7640f989ca1
SHA256 de389ba8aef4274827511372985ce5fd3702e5d2bf4945e4a7a9184a11dcfc3f
SHA512 2478813c6ae427c522b0c01b63dc2b981aadb1458cf6de767b83cb275ceb72f1df91fb292bf876d438156e3c53fc002d534310683dcf12da92516e5057141736

C:\Users\Admin\AppData\Local\Discord\download\73af21b0816e5e1daa879a0a11c558d8b934b87adf96e125fc41f9f32a990b54

MD5 385b21c17b4424183a262529f0479047
SHA1 8cb552604109502258b84cbaa0467a95ccb4f54b
SHA256 73af21b0816e5e1daa879a0a11c558d8b934b87adf96e125fc41f9f32a990b54
SHA512 cfef7fc2cbe0eb176b0dc3f21699f492b0c7f761e8831f2cae35db0e374bf78dc7d1430cbb2343253a9c26737197212223df3816ab111177037df23d9031ee1b

C:\Users\Admin\AppData\Roaming\discord\Local State

MD5 b906b571db761e3b62cd766237b139eb
SHA1 848f3e15efb881a10c69e95c785c131d191e7732
SHA256 1b8d702239781b64f9a5ae42942e974f15b4b9af6d522db334b8309b31313042
SHA512 89f289585fe13e879af1bf61c13ce1abf35655ca6a8fc912591fa487706f1f3bb1e56f23a8d9d8ebd8aec9b03c67cde5db796dfc91dfa7ed0a3bd74c0c5e99f4

C:\Users\Admin\AppData\Roaming\discord\sentry\scope_v3.json

MD5 335cfd93226dc0ea76fadefe30107458
SHA1 2721ca8213be9cfaba6606f25d54d90e6ede9b54
SHA256 06924d220826f4fb32028b404f8d480a61a674705d76ddbd59c87f579fa51526
SHA512 8fd62d7deebf7b3c64ed311d8cfa2104230b888e626fa2af43cf505a039e90f79d60153382881ca31bd92c1c713c9a05bdd0a4caa18420b19fe1c9c17a0d46fd

C:\Users\Admin\AppData\Local\Discord\download\7b8ed591d272c850af59428d0fbcd5b1e2e033d1cbd668c99c50fc2fc765cbcd

MD5 029101c04187ac9d50f0326cee7d3f05
SHA1 a8bd247efb263b3449aeeba25ca0d29f0190a291
SHA256 7b8ed591d272c850af59428d0fbcd5b1e2e033d1cbd668c99c50fc2fc765cbcd
SHA512 68ea4ca3dd8c93eb6aebbfe4787e056595520c3b30d6681075c55d379120f8aa8e9234fc3ced41f6159f0cae3068904de324f91e01b87c7bef12f0fc9b0f8301

C:\Users\Admin\AppData\Local\Discord\download\c4dc673f63ffcf1f5f67d485f534bafd02f252adf5b0a784288e357e61f79f4c

MD5 6f8d54d5693f1ef2337abbaa96a318f1
SHA1 ef8c6d72bc31e34c8c64512f2dfdc49f3f24770d
SHA256 c4dc673f63ffcf1f5f67d485f534bafd02f252adf5b0a784288e357e61f79f4c
SHA512 0fb7cb5e86f188bbc4923a3bf126b5ad06d1d6a29d198a2eb30ca86fa392435ec11e1e7889d232817ac2940b170ba8b797e85f7044d9b56945fda67d47a37966

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 d0d48732bf510faa68710f22153dc1ec
SHA1 f17027a81a27f2a6ba3fb7faef48b26653563bbb
SHA256 d9b7b5b9e4a87a8c74eea1097b2fcc5d0c22eb381c18ffcb6c0b91aa46e53509
SHA512 7c3622101b962185972b35c4be6efdf0a77e1c885637f3720161a3d6c70c3ccdbfa16096c114a66a7f79fb6e59ef8e5c2cae6d0ae0741484c5e394bc259decca

C:\Users\Admin\AppData\Local\Discord\download\60822bfae4f1b0489d624fd12b69f15fec2b4e5d5087c5fe885b36bb3efaf1ab

MD5 7a200a07c3822638a5a6fb53c4ede1ed
SHA1 bcfe8e09f8368cb2bf56990665627d54da1ecc03
SHA256 60822bfae4f1b0489d624fd12b69f15fec2b4e5d5087c5fe885b36bb3efaf1ab
SHA512 a26b1db7b7b17258ea7d6ccbe5563080b6172aa2696f6f341d9ff5b6f8d78ff60c620d20cb31c1935836c24f94f1f34ac3b427b62566525a2bd2376b9120431b

C:\Users\Admin\AppData\Local\Discord\download\f52e83e5aac4c71bbc6f27bf19df85dc17960155500f3497b14c9b4f9e177580

MD5 13786fba662fa9fff4ee94c35d8bd0ae
SHA1 98a830e52e9d3acc8b2c54e30402d70b205fd43a
SHA256 f52e83e5aac4c71bbc6f27bf19df85dc17960155500f3497b14c9b4f9e177580
SHA512 cdcde736ece78ab26ec72c44569ddf70200a4a2254bdc357f4ede0d9830ea4f757f0728ca69080ad8ee32cf938be033830baf226d8bb38f93808f57d1058bf7a

C:\Users\Admin\AppData\Local\Discord\download\ea968ff9512cb6b20905687d4ffc0173f26735c6904eb03de0fdafde30f573a9

MD5 ed44a93671ab824cbf983613300f3c3a
SHA1 43c6debbade134b532386cc89508ef4bb8bf823a
SHA256 ea968ff9512cb6b20905687d4ffc0173f26735c6904eb03de0fdafde30f573a9
SHA512 ac2ee91c4941df959dbe1b0887b98c36ad96b33c798854c4a36422b7574abe40b23d1dbc8c3760855e09e0a20751163835d60484de09e8537750a67c534b630f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4dc6fc5e708279a3310fe55d9c44743d
SHA1 a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256 a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA512 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b626493997f3f9a6fc385ac7e586a3df
SHA1 3d63bb6fc82b7b56cb2d330f64f97cc95e31580d
SHA256 6c49e41c1e160d9e5f4438522a9571140adc81ab2ac20a7cd33597fae4dba3ad
SHA512 775edf55158f484f9ac6b9dfb0ee9b862fdc28915ab3e70ea9cde18dddf9081b384c908bf56e5ee4392258be5ff2d630dd8cd603b2191b92c61100b433238101

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 3d6549bf2f38372c054eafb93fa358a9
SHA1 e7a50f91c7ec5d5d896b55fa964f57ee47e11a1b
SHA256 8e401b056dc1eb48d44a01407ceb54372bbc44797d3259069ce96a96dfd8c104
SHA512 4bde638a4111b0d056464ce4fd45861208d1669c117e2632768acd620fcd924ab6384b3133e4baf7d537872166eb50ca48899b3909d9dbf2a111a7713322fad4

C:\Users\Admin\AppData\Roaming\discord\Cache\Cache_Data\f_00001c

MD5 71d3e9dc2bcb8e91225ba9fab588c8f2
SHA1 d7e38ee4c245f64b78eb18e6ecd7b9f53b3254a8
SHA256 ae99aaede2f373187a4fe442a2cb0ab9c2945efbab01cf33e01be517c0c4f813
SHA512 deda05ebd575d413aa2277876991ecc2ea238907390753485ba1b487ede2f432363c46daad5f3f240eaaf8d3258150829a3ae3d2d9c420ea59567cfd440361a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c9c4c494f8fba32d95ba2125f00586a3
SHA1 8a600205528aef7953144f1cf6f7a5115e3611de
SHA256 a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA512 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 473bedd5af2b4dd3486f79ed24e5a3e1
SHA1 b17864276f3a17f6f106fdfa89c1b24cd6a49eba
SHA256 8854c26bcfb9b58331a7b078c9621973dc81364e03701350e8b276c8043ffbb2
SHA512 8096af1aa5d46b638d6116b1351004d5c3efa84922fafbd5d645ef3cb2ca6fca88853f5493829e004ca63e1604c8e0676d8d444a484d9bb22e6f4c19167432d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f2d5cff5c09793fe46ecf444e1e40898
SHA1 c7364b59057bf5d69f2d7cf02dcd7a469556dd2b
SHA256 bb6105e9bc73a4bff2f65f05f741efb07c287c8eb385b8301f88312e455b56d8
SHA512 66e63cb3f5bbd5759d4fdeeae0c2b49402ec24bf57a335d2e69a80974afcc8c3b18cf642d99d5b443a54425749039de7bc3d13170f17cfea152c48e9d6eae466

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 00412acb08f14f6d90845cd042ee6b3d
SHA1 30e0363151decd6f922d5704de4db1c345459d1b
SHA256 264b7e09d4fbf1dac3375ccdcee8197f6f5d905dd5d10a15c3d3d325e017fbad
SHA512 715005dd41c4c24507e88555cf0e16f5c96a3d128e3a86fcfb270d7d752083b1b397a6aa09be2cdb9f17b042f3aa2890b2c04ca62e19ca502248fe29ffa5ed9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2b888d7f7f574da0a851404e2c3c3117
SHA1 4592249f049f5aed045c8acf6770e91b24278d3c
SHA256 6d914d1ddb4c5788216f5787efb5e94a9a3928e2953829857108ba0892021170
SHA512 1367659f249b3112ec96b2fba99219da9b3d3a5630fda59266108ee86029871774aa4f6a25d5c23c4190fc3825a5679bfaa6c69660756acafc6508850b7a837f

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 1adf1e22e2e1e0f7f5946e2036ce46fe
SHA1 fdd22c002daf7f0f6d73a001843938c2ef5e46ef
SHA256 22d80a21c0b5ad4b01681a62dc812a0eb360006d16199ef13299bc12f336883a
SHA512 6c76373324db47e1511ca3f0ee39bcd059db788864f11b27a53f17f3f6a3b438480255155d926252ba76e87d830805a8cdcc2431a4f52168f49bac833b12a2ae

C:\Users\Admin\AppData\Roaming\discord\Code Cache\js\index-dir\the-real-index

MD5 9620938660dd84d574b2950635693e6d
SHA1 4074cad46f25590af3f0e56158b824c635615a8f
SHA256 a2a468b1fa690d701da4c8dcc9cf4bb99c2516aeb88636d1dd5db90155d60a53
SHA512 deaef096ef16bd9bdbea9967489924c4536a35748f48cc2d0076a7db2665279b0ad1470df5ec36415bafe449f69fdf7297b4c176a2582b50a7b505ca87cb2dbd

C:\Users\Admin\AppData\Local\Discord\download\d727b2d25835d2ce6ceca28f115285ce6a735214eff8ed7e51c3778f562aacb1

MD5 7d545fd2a4912ca0fd1416c65e7a4f30
SHA1 3f41946d434382ce9e0cc5ae01e394f1b2b7c728
SHA256 d727b2d25835d2ce6ceca28f115285ce6a735214eff8ed7e51c3778f562aacb1
SHA512 b3a88561fbb17998488b116cc1cfcd1a21fa5fe29a829bd1cccb5fb8c8160c08f50661c9b03a9710c0974049b5de5fce257efea98857d3391e16cb1110005d59

C:\Users\Admin\AppData\Roaming\discord\Cache\Cache_Data\f_00001f

MD5 3b0d96ed8113994f3d139088726cfecd
SHA1 1311abcea5f1922c31ea021c4b681b94aee18b23
SHA256 313818d6b177a70fbe715a5142d6221ac1a1851eff5a9f6df505670ddcd73074
SHA512 3d78c250029069e1850b1e302a6d8a5154f6e7bc5cd58f449b8824ccf418e80dba2d5569a9cff72f51ccc9de140dc91148f93ec4717f4a880e2ba94898fbdb24

C:\Users\Admin\AppData\Local\Discord\download\d47d579edd1705dd598cb51212d54ee2bc386a7428035a85d751ae2625a9f7d5

MD5 1d9f78ad1fb7e64d83af78abe2130a64
SHA1 6d81cee657a96a430eafec273ffd49f4dfab25b7
SHA256 d47d579edd1705dd598cb51212d54ee2bc386a7428035a85d751ae2625a9f7d5
SHA512 f8c2fa99bfcac54511d9d1072d2d8e0b7638da63a170b4d04211c8c4247168b29bcad6b0e5067f2a46dba871f14aa6a103089b1e37053ed624f67fe75159992c

memory/6200-7716-0x0000019264F90000-0x0000019264FB2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_oi3mxxpd.r3m.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Users\Admin\AppData\Local\Discord\download\602a31a6abd6b11d0a3b7eec4705276ee765df43731e16338bb7fee7165bb4b1

MD5 5a2aa7e8c26bd67bb50c44428c1fdd73
SHA1 a669e97876935e3793ae48e583ab3f4bb9503ac6
SHA256 602a31a6abd6b11d0a3b7eec4705276ee765df43731e16338bb7fee7165bb4b1
SHA512 531a8542520698a31d65f5dce5a6b2bef3a939f9af891b19acb20af7585fb0955798d13fea411aa7b23948685cbf4eb3ccedc46b208cbfec7658fe9596039fca

memory/3988-7792-0x00000248EB370000-0x00000248EB3B4000-memory.dmp

memory/6616-7793-0x000001CFEB640000-0x000001CFEB6B6000-memory.dmp

memory/4812-7802-0x00000212EFE10000-0x00000212EFE34000-memory.dmp

memory/1048-7801-0x000002217A890000-0x000002217A8BA000-memory.dmp

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 6230c928eb50b16b76edeb3eed1b95e6
SHA1 2a01f99d3c6cf560db44448fab2ee02d33c605e7
SHA256 8f6cb6d2a5f25b438019ef411a7a73c6e148ffbbf8cde7817077759c3304b5fd
SHA512 060e0ff8a4dcdb7c4a439fd47ebc1318ec91392a2863327de01a03b075c50ddfab81950ef914a265ef4c5947fdc8c451930ea29b82749d77a44bdb68e9a7bb5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

MD5 81a06520d02a9b16a113b2076599dd69
SHA1 e540095926069df91b4adf60e97255244297f8a0
SHA256 46ee50be5af64f9a5c9c21d65642f02d5fbabdda444c595be30820a212cc07b2
SHA512 1b0c0b83e5e553a0cd993289f485055e329ba67b8654bb23d26fbce8838e7b782d3727dc2eaa69e7c66f4cf101b573f3e1e1bf94c09a06a5d3eafdc19b6eb4be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Cache\Cache_Data\f_000073

MD5 c4133173e7880983fab8babbccd7b123
SHA1 59f8327bd9d74b8d1fe7b9febe2e03694caf497c
SHA256 d270187bce8766a459b8eab16519f718afdb014bde0a59d7b62ba9de9f9d1956
SHA512 95031550c2c5ec9031a898c9e5733981224ccdc198dc28305f2176e3189433d41852e738068914797f77cda60c462476b90b46ad0911b03020d2dc709d29a6da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Cache\Cache_Data\f_000074

MD5 387ed93f42803b1ec6697e3b57fbcef0
SHA1 2ea8a5bfbf99144bd0ebaebe60ac35406a8b613e
SHA256 982aac952e2c938bd55550d0409ece5f4430d38f370161d8318678fa25316587
SHA512 7c90f69a53e49bad03c4cefd9868b4c4ba145e5738218e8c445ff6ae5347153e3a2f2b918cbe184b0366afd53b984634d2894fea6f31a4603e58ccb6bfa5c625

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Cache\Cache_Data\f_000075

MD5 291256b7c907159efc75c23698ce47e5
SHA1 5d8095567b508c463c4838bd8f8fa503913143b0
SHA256 809c72a63189cdb1420504cf8e7965ff26557cfd3e75071b74a58624a5093c87
SHA512 713aaca5e838e6f1efed642af2c50c4d62704064c397b3b1680c66a254ed843f62e5b5616c5ce34c80f8824e55f4b3bcf4a40b40d8b1ca2a638362406c50e305

C:\Users\Admin\AppData\Roaming\discord\Code Cache\js\index-dir\the-real-index

MD5 fdc5579b9ce72fc304de9c40c1d45666
SHA1 45de5d46f90f4c4665b63868a60d84c46b1491fc
SHA256 97299f7c9d1daecadd1d7368fe345a2ca3e584622d13a4fe3cf04aba730e6a14
SHA512 99e1780f53216b6bbb70d2b672ad5859ef2495f372f20849fc2711beb030ce4ca7925032d61a2190018bac0c45a6f12fa191479a4a91a2c64bb17cd577460326

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity

MD5 54e75dc5f46bff34ae5ace7c3a92c405
SHA1 4b0437034c91fc43215e7bf3dc12decb65609d60
SHA256 0b0aa5584f93a1d018d3c2cc1f7b1e6d4a3321eeff980c60b77b09f248e774b8
SHA512 f3f03f92f2857d6cc7f1652d3923f5bc5dc008c4c7626cedacd0eb4475bed9c1b0abe9c6e8292fdeaacac4bfd921ff57760bf993b6a3517e919acfa1b7d2c1eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\js\index-dir\the-real-index

MD5 b91742c63610a0d39611e7ef1403afd9
SHA1 6caa6fc13d21975c942a7a47f0720766c7732f1d
SHA256 af17c9f4cd4ea0fa10f86dfc0882bfb7b42b71fbb44e711f05601d237bff2122
SHA512 3af26bba6509f365baa36caf815ab8886dce6e0facd6bb44e75ed559d8650f399e43fb73002f6d0a2653fea3e843a4c8c0d9ecc9968d442a45c6769bfc4d822b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0f3a3b14f438df934205b080bbc2040e
SHA1 dc0fa74b55f2faa56a30ae31b4d2df4acff5f83d
SHA256 1162630ff6cda7427e9e21cddd99b169c59deb47c5462f443c9b49ec799f62c1
SHA512 1cf8ea1653fac2894ce235921c03358f1820105bbfce9aae10aa7b20001f99b5696cc0ed440f4f2045f7e82b57ad3c5116f7d38dc245fbb0a27e5b394a37f179

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\Network Persistent State

MD5 72ead1f0b033828ac3e10bc3bf311368
SHA1 11190153546a27569b8b2af6bb167bfcb2cf9d98
SHA256 5e43b2af88e9ad253cdacdcf7d0706a05423d93eb8e63636411a6b3568c6d619
SHA512 0b0b4bbcb0d1ce4336693f961dc32294e98813a1a5888659800b28c1cac3ec4615897e6e0495c982e42a43e47675fa0d6f985650ee0dc5ee00f01db3c7d9d420

C:\Users\Admin\AppData\Roaming\discord\Local State

MD5 f42b988e59853cef4269f058969b280e
SHA1 1598f5c12b56d1e4f2a0d0771ac637c8122e107a
SHA256 1b928197bb277549ab6e237c22e7129ae71f3abc6123df11eeb185e344f995d8
SHA512 f1ee3586cc7c25162e3387aa5d2db59cf44391710841496f9b5b024af23272ec9ed02f7c1ef03076737ed1505886d4a58373b386926f1af22bc3abae0de88137

C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

MD5 45603f4cbfa6174e617c0352c39ee7ad
SHA1 0eda96b45b5631d2666164dc47dd210bc5115253
SHA256 fdeef3d4f947de93ba7ad29690cb4782d5e4c793b14973ee6681f2b3a6ee829c
SHA512 1f7cb20fc4f5bff3d7c4614427325463bf5a8ee52836a718a9ca1c330059ee7f96168af04d6049b1aea1f8d7782df1e03c246fbaaea08981ac9432c2cbe7cf2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3db536a7b742dd53a2590aa04381a18f
SHA1 41f27a51b842fe638ab4708193b0bcaa1e02b34c
SHA256 a84817272f11c6057fd0a240329e8239d3a4f1a10610a4c0c76add54c9b17386
SHA512 d9cc5184a3a5318a49ad980cb67a015beb566f8accbfc4e80ad2d8c009f5c96817ba8e38434751e58f84090d211638c2479a29beb52c443e324ab87075da8b30

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

MD5 c2287955dddb30eda441bddf8af61b36
SHA1 7a60a4f78bdba775601cfd6a7536869d756544de
SHA256 c39448645ab1a8c8f3aa4d1d1afafbbf468dceb0a6b661fbc7eb6b81a2d8713a
SHA512 e3da35dc76099ce7f91daafc21aeea2a2e84cdaff4032ce7581ad1a034a072889a14dd2f73da63855a102924b4cb0e1fa1f5976221923864bfebfea42dc9bf1d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\Network Persistent State

MD5 7c76698afba381cb1c1bd5d1cb80a420
SHA1 7fa3d0af07e788a2f9d46e696ab0bbef403b826f
SHA256 ccab0c16c6941ddb57e1eb11cbc3fb4d649a32e07c8b3ca3c54167ad754a6838
SHA512 e714e1d6cdba6f7fc6907c484ed9a4511eadb4f00b4bd90e52bab467d399123871b017d7e34ece7b83a623dfec2b64e77e2cf8b5074a32f5fc7aa8224436996f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity

MD5 34ae62a242d7775f1ba0fbb661294669
SHA1 cd05917c838836d892915a3339c2953d1501d82a
SHA256 23d98709b25eca5f0ba97dd7fb11d1eb6b650bc311d04d502490f52a09493ee9
SHA512 29ef96cac3d38424491cde11eba1deb6fcd856c39f0994e4a4e22c549b295b24e1bc2d4a374ceead3c29c9e21954d8fb77cf2be9cfae9e6a6e8e471e48ed08d1

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 5b2b4d4d21b97b8439316b669ffb403d
SHA1 46c2ebb0d74ab910d863e77da99059b33e9e6cbf
SHA256 b6b9ed0e4ec8fc25cbadd5f6efbebd65b85e33c2b39ecf18aa3f230d71da1752
SHA512 709cdb2cf9418b41534563c5a002671abbcb482aee2d2b8942b3b0b7fe7899789a8282c89c4b40d67fad8b94c9f06d37c4716e884ad4a52fe279dd34215e32ed

C:\Users\Admin\AppData\Roaming\discord\Code Cache\js\index-dir\temp-index

MD5 1f04d646c56b07a626fd4658b7f900b8
SHA1 89a94519622cdf286c0ecb110781606b24dba7cb
SHA256 94b77a1a7d4cf84675f8345053df43fad691d41b4ab8ded7cdd5d00960f96c99
SHA512 47c3e21151ec28fb7def4cf33b4da15d3c5c69a7ada1d38fcc194fe27f3c02c466133a7e27d360a0017b07e9004b960427f6efb6de7c061ce7f351b97bf1af51

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 84710c38b5e56751bd993e1ec5c859b7
SHA1 67854553763062238463e9425934fd9fa662b822
SHA256 a09920f0b7cdc508b202583100f3f42d014f89563767d956f68a37ca45c9f601
SHA512 f2d435f00b1a1c4e044fa801276f71b908a1d1755cd7fc3b36dbb07c65dc7a1a42d281d97b6d8e15c5ffac7242a8a4c082d8dd772362dc6e1f59b0742fa64466

C:\Users\Admin\AppData\Local\D3DSCache\93e7f05821b87c7e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 def8e2bad89ab5365a8b165ad135d0fb
SHA1 c76436fa0274553bc98612ef861c901d01ff0b9c
SHA256 70cddc94629dcddde3b071dc0e917c18bd44f7bb30f8489f1198d7c6fa67e85b
SHA512 ba53101d836cc776069f092dc809ad1e4b6c530e61ce0491f0527d321f609be80a9da45e4cce73e42e57a1f0b20499cc2e5029a45f673a3628cf1d87fca2c008

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 0770aaf2191174fce622803c9b7d7bbb
SHA1 acd3143284512d04e402bc0b16a5ea2101b259df
SHA256 61121d8f8be5c601519d96968210981d0afa0b0707694870e99200c89ed9af52
SHA512 6f5b22d9a2c71428cf64413a3c8c5f627fe2128cfaf1f84ee202b6487a960f86dfd959fd2e1b9551da8c34f42a6b62c6a0940690f2f003841a081ea2bf306b2b

C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

MD5 85b89c8ee90b97effccda39e2ba8cc58
SHA1 dc21221283a04ecca403e4afcfa7250d3bc8217e
SHA256 4d5111a229700d5eed54bb015ff82dc919e2525d51d39919fc4a2c09b9a41656
SHA512 bd7935b37ff51ca556d822838daad7364ae20fa6bf76185fea2db0ed3a38dbc95ae702a9ded4efd07c95bc332cf921c79aab83dd34894fe559402ba0515a0597

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 12ee415107267bec329b9b8e6dc596a3
SHA1 1c125eca318ce403b5e6f807e0d42108df429588
SHA256 6aa0ea20555d3a7f395f864856c9608ac921bb58d2082cbc6869cbe614bb5dc0
SHA512 330cbff981d3e99c52ca87f5f3d6d9ec154dd6acf518700b964867814cf40a76a7fdad74693eb6c397411ceb2b4c9faf8cf0dfa81faf5b6e60c6a4155b103d0d

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 47a3013c65d9e36c7d53446e1f132dde
SHA1 d95122acd6d2ce981c25e411095b86ffba22bc8d
SHA256 a73da903e55c679121005f342e5286c6ea434d2d094de1968efb5e40ac799254
SHA512 afe95159486f3365d0dbbc4c403f7db5cd835ff62b3388f683d556f530b60c46670941dd0c6de0e26fe805311ea5869d6659e33f872d487143925d3f34a5ecb1

C:\Users\Admin\AppData\Roaming\discord\tray-unread.png

MD5 501fc444768f499ecfaf5befe1b090ae
SHA1 8c63e33140492b2b64a6512ccf6d4f0cfd379435
SHA256 ec242dec681372df01ce1eb96aecf9a1638f8e7a067966f45ab83bc8acdcaab7
SHA512 a63256aa5cdc3b2d3829afabcc44699ef40703c6cb8a014b5820fe050b04a1f09169edb9852bc54f72f047419651a163ca5886acb7270081c31de05bcf67dcec

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\modules\discord_dispatch-1\discord_dispatch\dispatch.log

MD5 81b33a0b34aec16ece3b1fbb7b49f124
SHA1 fc7e0380fed687ca4c2b39a2bb1c274ca13510ca
SHA256 c2a61ac6134ec38f445cae0b54ab4da3d00d9bbb4f4efaf596d70952b748d8fe
SHA512 3239f5b83b37a75fb3d2dbdb4f26b176e89c719cb34e94255d0d00c5bfc3ec5d59a731800c875f76af706bc804674f734a6ad4cfbd1b7a08d9ee482c14fe3274

C:\Users\Admin\AppData\Roaming\discord\tray.png

MD5 08e3872ede2967f3ccf2c4a3eee511c9
SHA1 aa604f49406d8617c03e306a889931813f4b479c
SHA256 a44bbb3d84b73c628714f3ff805e94fd524943963c1740d4b59b53f422ffbea8
SHA512 fc0e14c8ada9ef43421a7e69d98887c06e01e1ed9f117902c06b4609ede02709de40de08b5f3f583a29fff45a80fa075e51680d2960088d13e4c236c379b9585

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 568814fed873a13716fbe99f60704edc
SHA1 ecb63b1219253430ef03dddda5d4eefeec1c3fc7
SHA256 3f09dd27e6abb56ad37dff35d956ae7025aa694d39aebde73e829ddf82b7022f
SHA512 62f5171e3e31de6ac28117100a8c97010599119fa481a142b06df5866da5b9468707a90e48abb7cce268e4267dedeba13cd39635b5dc7a2a9d71e0b6b030139c

C:\Users\Admin\AppData\Roaming\discord\Code Cache\js\index-dir\the-real-index

MD5 d2d651436b02e95b97547b8df03e5bb6
SHA1 0fc206969a236388ab4ea49a146c06baed7706c2
SHA256 70c0b7e3f5d118456ebc1322c7960b2ee44b4a880f10e6458610bb8fad2d0038
SHA512 d79b9e49730e3b516dfe06e61b9137935eae4f92591d1a2b777d8f85ab65d369e17a805f51b7dda08cadf9a3f7147031ffe6af160f204749a9ab48ba97295e2b

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 c2fe2a9745a6deedab18a2a5a440e2e5
SHA1 5d67da8e3de2812d240d9dd7cfccabfec829668a
SHA256 f4c023e8fef40f352911e49dd3bf9490014fda07c7f309bf896d8b844a141665
SHA512 18dd5cbd48014e16edc148c3967a7eba3617482d29c0faffcc0a891334aeff0434ead778b7d3ef21c2718e9cf9b3c408bc244cf76bd8c8faab49469ba7a6c7c9

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 f85d62f6c5ccf4bdc8b6613bc44bcdb9
SHA1 da3d4f60a3206e002ae1c57cc2535dbff6585479
SHA256 51e6c7e9216b50c7120732dd8c9fcc7e69b817eb1be8a28a09771415ed069401
SHA512 912fef0da5d32c4d09b4f42c6ff4546ea739f6e24e78b7eab5455e5638d383a31df5bddd0ba45b45898015c88d8cd31131efb906107d153de01584a5a04ac317

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 28e7b3005041c80415c79d3fbe2490d7
SHA1 6c393093a03879a2d2c9d8afee2d026c5c1b9469
SHA256 9c964bc97f933263bd359346768bb34123f01dbcb77e7a16af4d4effa176ae7b
SHA512 1ba474de95b707519beaf9a54d0dff56e2f8178422ce1723a84abd3055195f701e60cb6ea1fa54d0f6ec44b715b17aef19119ed70d5957c6df7a762cd3671e29

C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

MD5 1798d4906fe64415e8bb77a4711cf865
SHA1 249d54f4637fc1b68057cff00106526373888208
SHA256 9cbf0f70c736c1755e0002a32ecdc9e83e08c46f3bc9d7bea16f297b1765078e
SHA512 6866dd067acddbd017d601faffc87b5941e1f4a93ba755b97a62931a88bba88a3f86a3662e2e6a389dde5991fbd886df23ceb3216f2a27c10d85fab84966deb0

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 1c4474d896fed1a19ca92ce1f27b3730
SHA1 19f40bdd99641ff9022fd256260e707515f16fdc
SHA256 43e79a108008180c4c370cb92743694c2da438bde1213f48525fea6d0c221f9d
SHA512 bb34ba0e1136c0ba206c314d74cd9cfce0c5ceab9493bcea6b0d2d2e919095499ede5e84c444cdf59f7dd2fc8941540a24ecd7601c443a4bb5cc56b55c6db470

C:\Program Files\Google\Chrome\Application\SetupMetrics\5c4c62bf-3dba-483e-a3d8-ec4c2b52ca76.tmp

MD5 d7bdecbddac6262e516e22a4d6f24f0b
SHA1 1a633ee43641fa78fbe959d13fa18654fd4a90be
SHA256 db3be7c6d81b2387c39b32d15c096173022cccee1015571dd3e09f2a69b508a9
SHA512 1e72db18de776fe264db3052ce9a842c9766a720a9119fc6605f795c36d4c7bf8f77680c5564f36e591368ccd354104a7412f267c4157f04c4926bce51aeeaa1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

MD5 3ccfeccdee2534524c37d1c00c8f36e6
SHA1 dbf462b92f4a57b617efdb826975fc3110cfa5bf
SHA256 5f5433876e5ac2499b7c5cccb43c4eb695980a9bc001cd9b9b83c9479ba45c53
SHA512 27258df9b134e19f4dc8b4e2b9093b2b3a1c94ff06eaab22aa7b22bff2230da67bce19631cac4e749459bce8ca4fe704dcbb07976295ee742b4ecbe2e6fcc952

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e7ce7de746e8b590fae94e84cf9a4c52
SHA1 cb97028392b9ad68272cded3000d588a69bfbc2e
SHA256 2b9d980baa71c8b13399f76ac56da923a181e21a32a1e540d543ebd8d933d6f0
SHA512 a8e6491de636a6e4e5a111fe3cf0b92dbb908a81d574be45fe083e50cc6df0b1dcd93ecfdd241eb57d9e2f31ba16ae77ff0c97e96a068da7ef922a5eb74844f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity

MD5 da92f0bdb22f3982767282515c62ab3a
SHA1 ad58cb09178099a361a06dc1fc641c7a535affcf
SHA256 b20234e213f2e2eebda72ba0a64d64463a372c91ad606862c1b595e52b3c591a
SHA512 ee26c6a23901ab485ad1571474f200d68f5e1e5f37f627a1447314458d9ee6af67da54c314f397573fe6d79879061da5d9f780cbca6ece46247e32cc92cf6a4d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Cache\Cache_Data\f_000083

MD5 7626aade5004330bfb65f1e1f790df0c
SHA1 97dca3e04f19cfe55b010c13f10a81ffe8b8374b
SHA256 cdeaef4fa58a99edcdd3c26ced28e6d512704d3a326a03a61d072d3a287fd60e
SHA512 f7b1b34430546788a7451e723a78186c4738b3906cb2bca2a6ae94b1a70f9f863b2bfa7947cc897dfb88b6a3fe98030aa58101f5f656812ff10837e7585e3f74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

MD5 527027105f135b0ede6d89c30609c52f
SHA1 70134a1780bf606df787ce563f719d7666a0ca84
SHA256 a58447957cc260f39f3f1f4d21ee9c1b4396a0cb781e7be3674dc31edbcf6194
SHA512 7ac986d71ee822312d55ab6428aac81a7de149829eb37778d3dcf0b1b68fd72135ef304b5a5bace92e681e3132f5e3a642c5fa104697de6b76882361c7677e98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bce7c5cd945275bc02002e79f4dc937b
SHA1 3a8aeb2166cbb589395a2f30d15dc647bcc057f6
SHA256 efd43034be397d381949433fc326ceb390c80dbc6b183b909ebc6583f28b4da5
SHA512 cfb30d77ea0fbd2a781d4c05bb7204887701a27e0b8cc92d9e0566db6bc2ee16c3d92408389e7ad774f3d7cbfeb6b0f32f9b90257a42207775b71df7f4412fb4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity

MD5 4ee55eb948d817b38dd38b65d35e2dac
SHA1 acde8421b36b91b528f9d6798b38726fe5d58c68
SHA256 9b100d380e00b5026fdff3e6735261c4fb379a6da87971fddea1ed5d0319122e
SHA512 574fec53b1dc0200695bb64a43577b756e78d2ba057a00c2eeda8fa308af4169c72efa4a86362373d769902f7e8647b827ac3caa682445c788f6e54a82509031

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\js\index-dir\the-real-index

MD5 46e5715169d99bf3aceb78b083e93be6
SHA1 a02da310dff5f2b2fa3afd5a7680e496fa2c88d7
SHA256 4337a4dee213f0ab821de2d2042cb7ded37cbd03dedbfe5f07b3d6f2cea12df0
SHA512 9d5f6ca4c611c030af3b18ed817c926f6d32aae366432d37f252f3e596f5dd7f761638bfd7cb8f3d73a6e78b1fc7a6f01b1e434a381cfe9cdc423b043ae0da4e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

MD5 b4508f542b40ab73ae16a9db1e254065
SHA1 8f7874f9cf3dd5556346f0f4130a9bdb89c24df4
SHA256 08d5c0e91b573944d2842a5f60003946a01fc6b8e40ef087e3923030aa69bf65
SHA512 158ad6e41818f13cd57d1fe62c505276030871070feccbab06cf720dc703e7af177161fc8f96a2f2575215cb13b35e2217d4974f62775c2071030f06075b38b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 91bdb58975cf30ee9862b98b8f94e851
SHA1 de50d311a8e649e2fd57639624268654a945e226
SHA256 c8d2e58aca6ba797d20f716602afd82cebff20622f8239f8d81fbcf729fdb49e
SHA512 3d993ff6b2f94d1af18b318637035eb4ec8036be14f5d148f9ba8277f10fbe2431d325526ccb206f9506a11fcdf152f7b03d2b88a208c7ca3b397144236712b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c8ff26ce27eb91c82745a1b2cc12be13
SHA1 19c93151ff3012fd652bae115d82949ab948e702
SHA256 89c0bdf7f1741a22bae60ddac09f1b9e9b156551de8999413942673ed5f92824
SHA512 3ab815435a31d9f91261d53627a368c143f048f389651914bb0ae59bdaf4ee08441cf63edbc957a07df329a37794f4753dfa9d29c9b1f9a260579b3b1ad7988e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\Network Persistent State

MD5 adc18bad8fe63a07a5936d4836511625
SHA1 4fdb9a969e8ecef00dd573a1dbc57cd1d664f762
SHA256 8c039416e710d7ab8d538447458859e8280af2fbe43eb7208e84970bdd257d46
SHA512 5cfb19ec3246253fb929db41ab94e796a0fba871980ade48c2a82a579b161b1c66017403ba25b9ca5418688a1b47db55bfc06832a062b1ba9cc14d60a33bb3be

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 3816e1517aeb00522d656937a9fed954
SHA1 256f587f26d080a036f96b725f4da17ba2e6cabd
SHA256 6160813b90a20392eb1b1cae7ec71042f90ff7ec0e7413ab70edc153487e26a3
SHA512 eae2dd26b3acf5eddf9cf8ef73d0e2156a682200bab8feab160342e0a3fd412ce5e858af222176c392b264916166cff5e2decce4acb0adf016c83ea025ec41c2

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 1000f200e94648f7bb6ea459c95fb08b
SHA1 614f5edc08ef1312d47f36f1b2916fda63315b32
SHA256 975179e334dcc8e916df3196e323c4000eea243889660b3bb39577eaf56e36a5
SHA512 b3e696148d40805db42505105d2edaacb3270d812ad52ef5b299411df96c7f8e3d0811c4b6c2f0ea05dffca47372fbe5e01d8c43ff21840ab8df0d43df8675c4

C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

MD5 e0ab933153888b1ff4889027c865dbf4
SHA1 9edeeac73ea20a1a15b1236a33c45f053d803382
SHA256 202971b6c94a5c09f529b27dc8d88b8ba939cc0d5b2cbdc2406bce50947f5141
SHA512 538b73ff7923af35b756c31839ba2ba09d3f87bca2de982af60edad8f7e5970e75ddf0ba1dc7250bc80e247f94ba301a2f474faeba2b65e18d0ad57efb994cbb

C:\Users\Admin\AppData\Local\Temp\nst5402.tmp\System.dll

MD5 b361682fa5e6a1906e754cfa08aa8d90
SHA1 c6701aee0c866565de1b7c1f81fd88da56b395d3
SHA256 b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04
SHA512 2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 bd18986fa5e973d204931b9fbd8546d9
SHA1 8936aaa1896c5a53434dec66139abcda1159beb4
SHA256 b6ab80c71f32664bde59ca34ce980f965ac1f0e29ad36329df09637c4fd4a376
SHA512 d6393e20f07a27c770163f563417ee117c41c9a8cc6cc91732b9f119739c06ca21b3b26dce31c298c35001c4e291b83f5d252b7e75ce70547dbd842d473288d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 b10e4b89549e7d0ad58bf6e8f4f7f83f
SHA1 9fe3dde41a969c694f3e7c8cf6dea1f1570dbc9c
SHA256 82c022975c6c225dff66b921078511cf3640cdcc3fbc528bf4fa07e5eebdf377
SHA512 20aa7021a811b77f2e13261e26125056a11d5a02377a02c252e39f5618cb32efb64e7218b8fcdbfb90185aa732e7c5bd644a28852926ad5f922e5e9dab633bc3

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 008729bed4b81618bc2640cf4cb69de4
SHA1 723368cd4e03cf94289ea388eb98e8b11bfb4b6d
SHA256 9e946137854342fc51e62b67813a6aaa8eb8789bb83d2bebb66c3d78f5e53ace
SHA512 3c6a205e99e51c69111f43ab53ce781a18960c4741635188ce87b4226121320be6079d7662ad544b3833f1b71c30a82573d0604161a721ae545c292c4e17e311

C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

MD5 832f045eb479143ad73ad45f6341b0a8
SHA1 c252e08d577d82df5a099b8d9f762d8affb950ce
SHA256 af2f330e747410b7d73ee3ecd4a54c7ea0cbbe81bdf966754d8df91dffdb1d36
SHA512 e8c6b091b6a8a4c0d4053f63f50b578f97d20e77f46d7fed5658bddad3e3f74ce989a6e0c98efe0868c1edb6da72a1cafe0645c6f983f19e41865f6d139826fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f437769d68dc26ec3faddd74483f7bc3
SHA1 eb2534c5ccf360fe696cff0b734f174454014a4b
SHA256 0e551aa9297cb6eca8f90676d68e7fd8c85f7da0ddba6ae6fffa9a9e156b1f8e
SHA512 afb818d1a9d6cc6d5e7665349f9622e0961a460b1da5e7f880e43ca3f4f9f0c73354ec67f4eb25eaa5de754839f438aca7f6c3e5b60742803aec3ecced17b51b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

MD5 877146b0ffc68620bb99e93eccaa3774
SHA1 695f3023f12135196f8a2f4cfbb7f4b7396c9088
SHA256 4f3428a7b5b9cf3f54d169c666024275695cba94dac97de031369ff7c40d395d
SHA512 33cfd8a052fe6a65010d48d7b87ec5f747a22dc7b720b9bf2f43835c74dbdd90d19265bf22fa8af5aeee9ee906c6d7a7422a499e7461024177b8cf7bb6e92f7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity

MD5 cd565ac1204eb84c8d154a18fb8fe0ea
SHA1 b66b814b98564a80e51b1f747b60651c9d7ab168
SHA256 97353a355f6f5b145e8e4712db184afe0200698bb2cd8a50c2c2f86c2990d882
SHA512 fbce165b0ab4e37eaabb563a83c06735acb67864ce4a0f96e0dbfbbd3bcc976af601f08a585b2f20640242e2ceaea94571f1b5866d1e552130295c26e2a8fab6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Cache\Cache_Data\f_000086

MD5 0ed8278b11742681d994e5f5b44b8d3d
SHA1 28711624d01da8dbd0aa4aad8629d5b0f703441e
SHA256 354730711c3ca9845bf98ec5dfb58a16e50984f9edcf0e8f432742326334f8a2
SHA512 d296ab1f1b418b125f09598ca6645d984a1cf67092a914956b8879d285ee35521b408363b47da195de79086e3be3ed9b1709bc8f9cd2e32d5dccb720a010bc8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\WebStorage\1\CacheStorage\index.txt

MD5 901b698b3b8ebdc7acd1e2d7d9fc36a0
SHA1 df6fe169795fe05a630a2615a2248ce42489303f
SHA256 8f9dca2ef32a81a246fe21f0ab311e52ca770f2647fc8278b31b2aa571b4db9f
SHA512 ece370a877dff9607a3ad2cfb6c418cb1dc8455ff724c80e1e83e8e71548af0c7b083a2362ca6fd4f39fd5d83e2e634a10acb1cf3b07b54c44c247eb573af047

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\WebStorage\1\CacheStorage\index.txt~RFe6e6fd1.TMP

MD5 eaf859934ac0c1f1b0e2ea7459c176f2
SHA1 c801361a645fb29d0e4ebc38399a615e99eab55a
SHA256 10a0bbe5adc9de9d7979fadfa2d9ba467c306a5665ca3995dd06fa6e0df4cb11
SHA512 f3f0dc47c8449b0d91985eef0deb69860883c71cb8fb0f77b8d459aeb10aa6ee0ccacccbbe9cdb23a2b23cf0ebce4ac9ca78930e762024bf6fa63ae6d4d1a65d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

MD5 8f7733bbd890a17deb9cb0c496e37b65
SHA1 58e01068d25eab88de99144b309949a51ddb0729
SHA256 30d43ad4529489c757d9e29ec2d262bdcc08af03338d6d89522f96f9971469d5
SHA512 c7f5553889cd9f4a0886618de248badfd584609e22f32d127386768cfe0f4034b5a5c9f49c146117a045aaf1bf7ddf77e3c09a096652bbdc8b5a215a89f1051c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity

MD5 0adba547e1ab8248bd67d516990d2db6
SHA1 1f74eaec82bcaf0ff17ecd653c8d6e16988e96e6
SHA256 1aad1f210b6a16e1e359b8664e3ea271bc01148b9b5549650f0d60a20406774c
SHA512 7cd5311f81b47d65a092a8741c0f0a8016162a18670d39fa859a3d01d1e7fcf477a99aadb2b8dc81a535d871a26200665b5b2a2bc32628f0fb8ccf2cca3e822a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

MD5 34b453d9fcba41af2bf5a04c49f14e7a
SHA1 9f72fbab699e89324f331b7cedab6cb2e71bf853
SHA256 0d4f94877ba0e8d40637c71d3cb531c60c0c5df89e9e9b5659b5354fcc671ac6
SHA512 018f4bcc0b7d8f78e0b1ed0c25605161bf1ff8090de035e44f598014b4fd408c041b7bb6d93de468bff25099977b9925366308ae430f067e120444e358c0db83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity

MD5 59ffde7f8a30ae8455eaa01e2737b80f
SHA1 8aa505d1a06508f69095f636ff2739efab467b31
SHA256 b0943768871670fd5c9d612c791501509dd9a6a74890920fc291ac0bf5d7cc2a
SHA512 a1546dfcb8ba368ca3199bf97dbfc3c76a0d9521008bddcc51400b7df63f213f82304c3e245da7c1fdd85fbb9068ae5e7596d44cc5b87d6d2616ed55b298584a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

MD5 9b1c6a0feb95c3cbab00265f79ca9a28
SHA1 401b3de54b4fdf71ce12476648e966217ba19b48
SHA256 d0779963b6f19fd78020034d36de4591f9329ba91be5590345ffef3f907d09ec
SHA512 3eeb613d9d9562956c0fd4a6a8757e9f610c1b7ac34b4cb5c9bfdb1862ccea70f7126ce9ee2c6805bb72ded9b62b8a7431c50215e80e387059a62cdc2b6b278b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\js\index-dir\temp-index

MD5 cc3509884604013d9071f4da78f2a62b
SHA1 15e9ef4c1bb070743af5ed51dd9d9056e0edd157
SHA256 c681ebd49c96ea0354287587c975b0d4648e61e85b25647156ccafafd4563678
SHA512 2e58a6ae502bba5c80097454ccb0f8541e950a5fd7d5781c222a667d4ca626b2e274a2e7ab694ed510b4511858c7f1312df07aa226fa5b3116828d0fd0eb4035

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\WebStorage\1\IndexedDB\indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity

MD5 1de3ed45ec0a459422c93ffe80bf1ef8
SHA1 e7415b1068819dac2653d30eda22e3420a959442
SHA256 9a79cc9dc8a0a1f793170ca8a902a87541d69512d367709d8e69d1d416d903e0
SHA512 892610ca46bebaab5be009c87a8971fd4002b33ebcd2339159a20c1c24712bf227c789d7fd538945a4a3278b32b8240ed2601d9170a33a576a17676cf9784e02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

MD5 c959bf0aa43e80ef91186c506b167a80
SHA1 163c4124730738250f1de9c0fb2239191fd2e178
SHA256 abcbfe93e1169bafe96e5c4d1605ee19eb1b2e414c97ad7274de4b5f13a4de4a
SHA512 88be980e5cf4a25d17053357f66f7a9aa3e07d100d3e1d402558d049ea2fd43e24a14619e3b7ae77f6c7a87d4b266f50d95bd6051845bc39bde356e2cd89dd28

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 156ea708e3ab31034ccb2a784711dd48
SHA1 b853c5ee8dc725d4f6ca758a729447b54f09daa2
SHA256 9cc7a6e55a4b4e905cc453e05060663f5ece2e58b0a1157bf80d67b800a115fd
SHA512 42dc9ad76a0bdea01e914e3d934284743f3d41a4672b346f1968235b6474e17f3b567b7ebbf3fc18be56d5ab3ef7fcbba3ec14ad4541d63649eb45e1724f40d6

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 826fd522cf3af1587a1f6d75a853cbe4
SHA1 c7097108e8e06c0e1a25fb52731f5b3e9e90748e
SHA256 59c8ea288968f32f95bfd804fc6b5e310122d9750cf654fabda972442e3d5ae2
SHA512 550c9382c70229e89c33ec928c2865aa42c5d5297041086069bf2d2efed9b425a060b029468c323e7902ac317898df73e80ef663268a300e3dbece183d6024d6

C:\Program Files\chrome_Unpacker_BeginUnzipping6052_541726167\LICENSE

MD5 ee002cb9e51bb8dfa89640a406a1090a
SHA1 49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA256 3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512 d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

C:\Program Files\chrome_Unpacker_BeginUnzipping6052_541726167\manifest.json

MD5 045ac93715ddf76f3e860f41895f91fe
SHA1 84c3ae55ba4ec5ab3be1ecd452dce7ea5cd328fa
SHA256 50d601311612a7930ee878c622970a8e71975f292b5a07ef14d9b211c16c344a
SHA512 7c622cf6004be50bd748c9b3bc495775f0a4a092f4a8fdb272d28ec7118091769276007c3d657daae6e139d68c108feb9dfd31ba0a1e1710139911bcc009e1fc

C:\Program Files\chrome_Unpacker_BeginUnzipping6052_541726167\crl-set

MD5 6c801e92a4347fa679bc196a96485984
SHA1 76cc3341e34dbb305fcdb5a0fb1afeaadbb69974
SHA256 f2c302124f566f3dc5bb9a7e5b445af4fc6cc61684e39bb36e09b615643c636b
SHA512 e1e4d0aad3e0c3317686517f2c2e96c844110517ab3dffa928aa75916f3d807379a031e223b9a954fe2e8139133b1873aec79944874659f1ccccb9a5227cbeae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a769d5bd00aca5be51d19f144040e5ab
SHA1 88f7ead92bc3bd163260177d639f9a1c0991b6fa
SHA256 f756277c482f98e78f5b4d76f3595b0703e5b58c05a4929ab1519a78b9e1947d
SHA512 2c25dfa07bf85bd72a60f54c3baee956859882f2a32af7aad35266bbb8442f64d71ebe2aba4e287164abc3fcf9f04d148aad3d5d22d9b9c200e7d76111ce84fe

C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

MD5 01a185dd39ea71d1d823c465a5e4e78e
SHA1 69dcbf2a19d9db4b2e35424caee7ded616fac790
SHA256 a41fc499db9561d4bd67f6a1e80df870e0de13977b7406c8a7b155a581d7bc16
SHA512 40757aed2f644d7156c83d695927306631e889be98c2a890e98acdae9fa881e581e59b36ede0023a4aaa9e76043246a3dae471bd78591cedb41e275af2b22317

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

MD5 95ec8c0b130cc5417b23864251b004f2
SHA1 24765555b0579add588ee86dcdf9eaf5520ac649
SHA256 ffe60a6a8c49aac4e3479b85577b27c3a33c95147607e1695b0e66e72c084c9a
SHA512 d1362906093ba58f5436e3fd3e741dc2594924d586325841190181c3c689c627982632a06aa9f81209b0e27aa0f728bc35c6fde226b8c6922c4fe841e0ee90da

C:\Users\Admin\AppData\Local\Programs\recroom-launcher\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsg14A8.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\Network Persistent State

MD5 7b0121ce60a7a92ba7ea39878b7d1d06
SHA1 4c3b8d0aa8c4336459b3490fc8e998e62e56a05e
SHA256 37a691464675186f9a4d044ad866d7d766141aec9d5495be77dbb9d58e2b1c6e
SHA512 c6961e21ee1aece012b5f2e5cf582fcbbde98e3703fb5f4f3e69a0bffcde40b18723f5ee98b8cacfd2d40c2cfc8ddfdc00b45a756913a921dba93aadcec32921

C:\Users\Admin\AppData\Local\Temp\nsg14A8.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nsg14A8.tmp\nsProcess.dll

MD5 f0438a894f3a7e01a4aae8d1b5dd0289
SHA1 b058e3fcfb7b550041da16bf10d8837024c38bf6
SHA256 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
SHA512 f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

MD5 1de31ba3d08ee68f4743c1a3bd4f5bb1
SHA1 62357e2aa88bad1133247a38877356b971a651f6
SHA256 46f3ba50045ee0d7638e4b9d923a9234cc1ed974d7f580c2fad32fe9ed474ab7
SHA512 206922ec4d40fe6c185161db030e286657cb2710bbcb5a131c8f773a46b9bde36f7356d671fe9258c370e819d9a276be94726f5a1de9a711fbf360f33ea42427

C:\Users\Admin\AppData\Roaming\recroom-launcher\log.log

MD5 d6d9612fb053933824dd4d33674aa95d
SHA1 77ee01b4316f9706c6840da97e5472b5a55ade04
SHA256 b0a2e6e646c85ff65cf9b34a0221b230ef236031a0aa4868e0b2d0fb306651f2
SHA512 52d97fed8498fe42a7031b8fc3ca973b1fe83d37785cfd553f98eb24d98013c369d7dd60478cf3cb38fc71806f2bd0e8ca4c69b925cf84af56015d52cdc59606

C:\Users\Admin\AppData\Roaming\recroom-launcher\app_logs\app.log

MD5 bd173bb4de053fa9c6aa20c05ee61a52
SHA1 33ac9650e57c98bfd37f8406e2b3350328ee11a3
SHA256 b52352d3680681c93b916007689bb363256486e0299ade37f8a4298baf0f6635
SHA512 1a78efe6698a955f1ee74757e95e134b039ad2f06ebd887ddbb09f2c1a6072d55392ede259f986d03c6ea2f1427bd7e80a90a4fb949c72b96ca431fa74ff91e9

C:\Users\Admin\AppData\Local\Programs\recroom-launcher\settings

MD5 45455e3329e64fc2fad870d554be9787
SHA1 f3e626e9c0565b7540136816831348ee83e88d3f
SHA256 8cb05f0ce433a8bcd61e03974016c91bcecbb2b0165f3d3ddcf18a1d50058f85
SHA512 22462686af1099f08b4c6ce0af3284a5e28eb2a8b1de9c77934a3dd6befc7adb49c3b76de8bc7b2ddf2cbc3c22a6f46ab2a83555b95d86e707ce2053737302aa

C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Apps\Rec Room\app_data.json

MD5 410a849c515c8313430216ce45ff7828
SHA1 2bd2ffdd4b4a2b17ad22b00fd281347fc5ce7dc7
SHA256 df3a64e68a490c2c94cb9306172782d81c7068ba5541b0c9cff258153b22f7e5
SHA512 15ebaf6650825f3637a37744e6a546e395f6d95595bf6e2c2b0ba44b7166ce1fbebd45240e7b95b2d1065c548a3b7bd46629b7dc21124a000435db8c2a86cc10

C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

MD5 26f406cde833ced6faa09bdb4b3bea18
SHA1 fb86b000bd7126e0adec6270ce88448daba62d61
SHA256 c7b05a97d199ad93b70332d82d0288e6b4566822f85e384754f297f560232cf2
SHA512 0b3ee0659b96cc288d0c8aad2271d8dd4b33f3e0ae0ed7dce45cfa55f930e5e3d81b86d2acf624701b6a3c267c52db030fa65828ae7b88c943e1d61bc5fcff37

C:\Users\Admin\AppData\Roaming\recroom-launcher\Network Persistent State

MD5 d2dd509625e692c95fe3be48233f732a
SHA1 36b67ac439faac59791b493cdb458f67d52ab45e
SHA256 41c84e9ebddb6362e9b835c966ba7438fe44f1b8518c55eb5d2b65233ee8c8f7
SHA512 deebfbe095d9bfd4fe78b3f16cc040c67eaf207fe9efebf1d0477104295c80c827ef42be374be727ffc9b87256b464a31866ddcb7296b4841a657e42435a6388

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

MD5 7de367be95f2c5b3128a730546e72a18
SHA1 34e7c9849490bb3d0bf8da35d413396c3dcca64d
SHA256 91a8cdb6a3e332b96d84e064aa4d97651a4200aeac42ae88d7bacec83a2bb257
SHA512 792e89d8b9cb1cda819b13cadacc01b5e6ff8f6b4c0ab86d4e2357e149d0f0cfd4b36aa528d83cea5b7a82326dc59b6906cb8c199b31d057e03dc648981488b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

MD5 5b8662bfcb2b41f5cd01e42d93c5cd53
SHA1 73b1b0239a68276f467cc83da1d0d2ef194cc766
SHA256 966b0242c7e8e226e0b5b2b46c501801c03eca973ac0a86274652a0b2ddbd1de
SHA512 5b58e8bd98390628680c5436a72997bf01565cc6467d2a0d22f14a8ecd43abe86bf0c13b451a05f293933aabe6ab366de4e6f75e7ddf5e5e6481326814598303

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences

MD5 5b5eb8fb05126c3d0f7ea7c41205500c
SHA1 e0e1e84bb567ed25507e6c4d64b22942de55e8eb
SHA256 781c9cb32dd043fd5eb66c9d8f7ce8c7779edd4a615ec899e5e5d8cd7de60d0a
SHA512 38def19f0318f1d776724a81173d375cb2a89a9547f375a14d37155a54851b9406090b38eed048ca7e12e9e0556ad5034a04f70c6e33bc311e3caf0f4aa0268a

C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Apps\Rec Room\RecRoom_Data\sharedassets0.assets.resS

MD5 b827a57657a5d35139dbb14ad97aade7
SHA1 ef4850d3446165b2eb9409dff8b21c650722d8b8
SHA256 458c20ecd7a3d08336692bc68148f6d2580a7a597e12a65c70f263821027d742
SHA512 2f5ff07bac051976c9b9b057144394fc74eb94058e3b4bc55f3d38c840bb208a2a2289637bbcd0e84f734ed382f03c6313379b4a3d4034717efb20a6eb3efa66

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 72af77dbf2625f9e775f24809013cd3d
SHA1 7fac99d1c18ce88cdf9983d4e1ed9a05955b7365
SHA256 6172e8dcb483dea58d0bee84c330f5a2fde3c792ea82365b093a9a488b29adc2
SHA512 bc17e0031adfe704c334c3e2a03d8c421420850cde7417894b356ae53eeca1f6c0ca964810d0232e85ae0ae1404ce6fd0377421b0a94f32694077da62a8167d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\shared_proto_db\000003.log

MD5 da9f5428ac10907be3ccc84336931d6d
SHA1 b824e0efd6d0dc68a55e0c6e08d924cbdcf125d9
SHA256 e6cceb7e2207730acd96035edaeff865d493065d00d3265a4222488e506785da
SHA512 909aa91c08f2ea305b7d205b8dcd1e913e5e75b2fd5b4e4a0fbaaf5410cd6c4222fe96be6075b64083e7d1d4fdb9a3d7d88e84fa63cfa4e2697ffe666097baf8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 02d4cdde733edf2e68c1a1b27ffd3f76
SHA1 5d15c2920c7272ee1672f3ee80bafe17046f4b6c
SHA256 ea5ed7840943980d6eb0bd57468728f6c3147f4fbcf30a8f7fff5874320de9b8
SHA512 77e5732661b53e28c93387ea7e8ed614d8567e8491ace8158b103f99fa52eb25cf04b2264288126a3315d67ec35bdf8f3c83f33367e1a175b5e630221c6897ea

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 605127d976fa40046ccdb8107332ed34
SHA1 516cd63673ec3fe1351f40d65c47a432f6aba1cc
SHA256 aa7962f485c61033ce2f6e8af4bffcfb08548e4f90c672d8dfbdd74fa601477a
SHA512 942cfdcda47501e12caf254c04a7ec7deed305fc358944c659c37e0d6a7afb09c5fd00e90f33cba40525a43d4aee77eb3ea798b862109ef3197be60c34d072d9

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 94ad503df3658e6d94bb056afc734593
SHA1 d41110004a2d10d6993bb40270e38a1d7cbda66c
SHA256 41ff62525a36335b8dbf933fe07f4ed8499ac726c8625dd96035f0f74cce84b9
SHA512 5c791b9acd1f3c0c3073456edcc75be520efcc3e6dca35e50df0ae1ad3e0c479ac513c77c43d1cb22af0427abc546ed832371cd0396a107dfa272a91e3bc2b98

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 8c9a09781ecc406d2861afdd92a3aac1
SHA1 8ffcd11f7c29090168443b28a70e008d96ccd1de
SHA256 9bb891b2814feccf1ec7310d42702a894714bfc448dd55fdfd4a5150fa3aedf6
SHA512 0a2609fe118100626bf0ce424e23d2eb31818996a6189a80f7453f99637f786114bb8eac05a3a47850d0c5e2c3ee1c8b5265dee961184e07a47f823f4b4f26a8

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 de3e6bd10e13e44b34d29c1a34312c31
SHA1 669235c2b77c17ffa7e2d838989300c84f3b9e81
SHA256 480d2b919435b1abe258117c5e7e705f40f3beb011ea695e3e9e9e1c27b11ea5
SHA512 94c2ffc586b23e31e7ce683bba303f44739bd5aa56371a9bb53d25cd0d60c012c3235f15703f22224fefd05351626c091c060e045803b293e33f902f31cd8cde

C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

MD5 78a7f0b29098e08ed69418f8ec1c954d
SHA1 9bd3d65ac5091659a9a17d0f0407325f85d8fc6a
SHA256 6e4fdaf3a17d73242b8d652e041a04238925fdc8bd4947a8a1e4df29a5076dc3
SHA512 82a80921c9e40489114a61fbe9ccdf07d8866ea79efc1c0361f661ca1ee9d442f18ae6f8fdcba05647d6e1566fda38546d9f8f18a6d3ab27ecaaf8beb3d798cf

C:\Users\Admin\AppData\Roaming\discord\Code Cache\js\index-dir\the-real-index

MD5 ec0d12a13266f3bb6ea124a78aae2b2c
SHA1 39be8d93e7243ebda64cc837e025ef955a688c98
SHA256 6ac03c79f015318fadd568c6f4a1bfb964d7d56a9c8f88a5e77a2c0b73a65409
SHA512 2e95a01f56e703761b9006be0124b7130e2589a4f23091a7142aa906e15b128fe293d2a3ece1afbe232c470698fd3e7d35f4dc02980b84cf297aa33c5a9535fd

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 ec449eda57301b9e54025704eff4f560
SHA1 2bfc15a467ce22ecab9bc5438c6abe681be0d8fa
SHA256 6ba2b0030cde0edd9f4c935625b4fdebc51203b9acf6d6daacc93bd50841ca11
SHA512 9d8b2f7cd0f6753d02137e9c433df1640c1e6691d0fa60b7bacd161a269d507af4c3d29cbb9390e8bed60ccc42fb59c8ec8065634a7a49116b7e046b7cb0a2ce

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 a8e1a048b0a2a233786930f067c0759d
SHA1 8cb81a517ad265a32d0be706cb28b79dc880f42f
SHA256 13b7436162e516bad5fceb8efc9356a330f4538d447fbab8086924b473046829
SHA512 0bf3b74d96436e3b47c5f99a3ac0b5b426e469d32ddaef47e960849fbfb7100b4657cd595bc3dd339cbf3e89ecf259fc20040dccacf4068ec88466bac19e117f

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 cdc33f4e91f22bd9b6fb90ce22bfc012
SHA1 aa166b0a08cc00a7e05a8ae4eb766b7d11269166
SHA256 cb64dfd970bab4dad557cc5e64b1044796ea2c9db4b60c915b0298817a3b5f68
SHA512 b0682c0491758808a6d81ebeeff797601f8afd2536b26e913fc8448ad8dba97259315d7c6048ee1e092c20ed6c6ebd8849132f7352363ce288ca48752f6e3191

C:\Users\Admin\AppData\Roaming\discord\Crashpad\settings.dat

MD5 1f16b1ff1c257e45843eb4e8f2ef3cc6
SHA1 375fe29c8974000bfd13e091050a7cf36c111374
SHA256 193300103a7198da9df6092bba8275cc23a2baadb27be5d1ae6ab889c8bfeafe
SHA512 f9cf3151cfc42ee539e807198311c9cbcde90ec7eea42c7367ba1a6c804bad053aca3b25384a6b338f95560a1b01e0858063a2574d7823f8bf1cc1eada51e2ab

C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

MD5 9eb68f74545d0b0c87dc123e51f61854
SHA1 fb7c02734344ffa76c7e88874d3498013f6caca7
SHA256 3383d64a8bb868ad080cb673ce7b87a1ec8b0186d7fe4140de796d5947e3230d
SHA512 e291a16f528ddea66588cdb9ada43a12ef4e1b9a402db78a319a72ef75e098bf60746f6059069f0fd59d2826ee688232f7e98bac5f445dfdab486cbaa7c5b1dd

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 962a08cf5e51d78278a22467fe138f35
SHA1 67d97decb91d4f6e3ea3c1a66e4f2fbebc6791ea
SHA256 8f6a8204c9c752e5218394cf1b6eda1cedf5ac06b7d00f1d0dfd8e098bedb556
SHA512 4d8b66a77d5611dad16690b1ff41140a66264996e9764c89c508e448c0440f56141551f9ed7392807ed9e506c6ccc8da1fdeb4dbe42891987a3b3b016cf6233b

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 bf3902ba24e4092924db22b6cbe22b97
SHA1 bf0938e83aaa9ee6f4816b4413d8f5c697e7a467
SHA256 be35f4e86e9a098ae11070c8839aa9352c6491c1170453f92bde8e8275ed4cde
SHA512 2c42f2088e453ed5db3ba6f0f4a60c4abf2558d2e641d2534f273e19cf8fac27e6a0ffe90746cf22642e98ca31a55e65595bd38b5b9f65c58479572624867829

C:\Users\Admin\AppData\Roaming\discord\Code Cache\js\index-dir\the-real-index

MD5 4abaa8514002f577881e62aea594a73e
SHA1 5433ed9524ed66b7d020554c78a8a85122bd88b7
SHA256 afb03a9f7807fb2c10b334c285f4b492264ccaa32a7d5c9a6905d2d6a1f07289
SHA512 8eab8587f82b16e8153dc05d935b0c6f0592bd6ccebd3315a55d27906e0c2baa2ba5d8d69a1233210d7db7eb0888451da88d5bb537be9af2e1f93097eff01752

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 ce9dfc71163d9a280c9e1cecea3db74b
SHA1 929c528b8eba27af6f7ea2f930dc4fdfd42c1ee5
SHA256 9331e8b3bd0486e110cbaef13bfc4cfc72cac304a3c4a064c97743496d5207cc
SHA512 16f1797f3a6173fff9c000823378701f7d03a3d6dcb50b780b106a02bce542944656ee9d01aa3ce9b3b2dc4b0adc2f6323980e131bc78b93b0158f992ba65a16

C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Apps\Rec Room\app_data.json

MD5 1981a9579d53652cfe843b4f52fcfdfb
SHA1 28f05a2f6a85d39931d70f6159f4d1298ea8d850
SHA256 29a6f982a132debf00fd5e2dacd2e2e3e0acf6bdf0afb1f42159f8bad1bdebb3
SHA512 7071e604a594d0a9998d724c93bdc315f17fa7f54613099de23ccd086670b86691672ef8deec4600e787289cce922c40e261b07a9df5a3066e9385244941824a

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 68ade0f0f21f60d76f9cc3ab694f6dff
SHA1 b3128163d2311e492463b14ffcd12c993396e2b7
SHA256 adacb278db4d49244ae10b416833af6445981703c712e54ff3cf9b3922641850
SHA512 1976bf388d5f2f3adff711fff72b8c1fce5d3ac081fd54db0a8a5f1d090cff97a22487e678a20f42062f9f1ea8a3d02bd48d15fe1aa310070f3253a6976c8df8

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 77b7001f7f96044db1328a6c7001d689
SHA1 6b7b6fc4ce1245a61deb19eff7e1f5684eed9c0c
SHA256 aad114a0b1a1e6bb012283cc7383b422728ee6431e16b7910f39fbdfcf76dfd5
SHA512 5a90aeffdf59073bab251b7d02f47308a395050c8d85563bfe2d9feb2179d63ef2fd2546b8e6db1f32e884b905f7edb6a2041b2cb362ba3b62541832dd5cbdac

C:\Users\Admin\AppData\Local\Temp\b34af373-e726-36e5-168f-d280ecd2e188

MD5 9de2f71650ac9eac04b52bf9b20ecc5e
SHA1 ef31449d1b2577ea98bf845b1adb18835ee38f8a
SHA256 ac730019ec9004b5d70756c4cce3621483b9090a606ae1938ce6bb4d2d1a124e
SHA512 4991a50b700c946e27add8d68a99d529ad7bc94ffb0d8af7422708d1a40acda2669ecab2bacd0d5e87823e15a8234a514d12eddf53fc42087aff4ea90ed4bfd0

C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.sys

MD5 2cdb9f69c44313f4fd5b7b0d8a70dd96
SHA1 b8958f3a2f0064cb70ca5bbdd4eaf45740b5469c
SHA256 b9824adc9a6d39de820461008e0eec0ad4ce3e2038c304725fce1f5c26c906ee
SHA512 95fde8a6d1cedb3354569d859a9a225b6e199b53c22112af874698a4925b108b1f249bbfdef9748d8ec859b9ce6c8212916911dc2d39c24560110face6bd8e08

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 95ab2ed527601a0315b600696c289918
SHA1 9fe90f0c05b3702cb1f0e3054e765945e02f43ff
SHA256 5a7316edd71f819d8f6e38f06d9bdc2e388c8629f589f6618b6808108feb8e69
SHA512 14ce54e58b8fb23b2c3f7aa40e2a13e01d3ab022e264cd2c28674e7d147e60af69a5c45fa5bc2554009b7b7efeb7cec81a558a6373c1de4dd1d0706dafd86c7b

C:\Users\Admin\AppData\Roaming\discord\Code Cache\js\index-dir\the-real-index

MD5 f2ea2050ef156ef34c191df654887c3a
SHA1 c2b8926fd4c7274e29ddb8ce649a3d6dd07c5441
SHA256 394563431aeb7f835378e511513fac42b27210ac6e381c372a4d0305115a2960
SHA512 8957d79586dd91cc3565663c1ee4aabe0adce366be539bef25212205e8745a0570a1528c35cb16b1b2c67a293dccaa31ede01f2ec66c7895f02bee21b0d3f2a5

C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

MD5 b86fc0f5817247558ae388a7123c57eb
SHA1 0b501d6c5555dba1755a2d2fe1e933916d405e0f
SHA256 b14bfcf6f8a3598b3fd8737d8da1c09892c8ccbd5238085082406a4fe9a118e1
SHA512 493ba9045494577e626901391d566f8af7325af5728b952a89bf14d209f4566fbebf660e9b575adc549a2c59165eef3327af7e6783fa7e7bd8424c62602ef755

C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

MD5 b6de04332cf14a8af64bfaa8e4926e1c
SHA1 3b960e5d59069080ae5fb9e950bfca2efa2ea990
SHA256 770301260e06630faafe093f8ef2cd609b59540fb0821c89f880f9000ae8833a
SHA512 31e6f5b33a3f4758d8365ceb5f2fc56655cc3587aa503631d2a01cf2f1a3aa1c31a75c078c11dd8401c0d2518560f26f9d418728d71678a440247b9e774dee3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b021f7257f27bc7302e115d35da43b7e
SHA1 aa461ff98fd6e2157448530bfb9398041fa5c032
SHA256 e38d23a4541466df64b01aad57b72c076305c1c8f5a8ec7e932aebdecc727abb
SHA512 33065fe27d3cc7921c9ee9da0c044d57d9ab13cd7ba56a9da8e29e1ce599673a0c938be35e05082ab4c48a1f96d3de2ef84f7fe5866de3d3a15ee725e932d5a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cba7854feb132ed62a76c0c0167fe405
SHA1 c95357617be2945c334c8895dc7c8c421a1043ab
SHA256 0e81dbcdcb889d639b4653e5257e2b6b181383764bcc9e9c39384365f945a73a
SHA512 f6bc158f091a551c5ec2c4dbeb1423db9ac777dfb28fa5679049f0b13342a5d84e1848d02443872046502ba81b60d6a07d6a0897d32f3ccec613fcd6e450c23c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 d3793b6c89c1f89fbdc7c8a9b0f1d231
SHA1 f1c4a68523c36e9b0b57d3ba4a142c727b5e53a6
SHA256 3b29bfed0dee8e8467211f01dcab878addab8eb0631717692e01e17e0a59979e
SHA512 2c17a1326b1a4bd205b49187266f684e776a057dfdc4b222c1a9a91ac74880066fe515d806cc6fd4a05446ddc96ac60fb2aebcb43a8d1de970d594bc25bd2d78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 df60de71eb1f0a3d66a1d236fd64f5d1
SHA1 7bc1c0d0cc03a14fa760010000f96d4fd4625f50
SHA256 3a8e38e14748babeda444316451eecacbde2d4f3d545a3b7d38ccb81241bb30e
SHA512 0d8363e74c2a51eaf98830c0ac045654c25d4c425aacdd8d9800e9baf99f3ebfad18536cd107422902ca734a810c6fe77827efc315e4279b164832cb192542aa