Analysis Overview
SHA256
9bb9b429599af896e15e17f93bd828d8917cffaff40b6107b47dfb6972b59145
Threat Level: Likely malicious
The file Firework Stars.png was found to be: Likely malicious.
Malicious Activity Summary
Manipulates Digital Signatures
Modifies Installed Components in the registry
Sets file execution options in registry
Blocklisted process makes network request
Reads local data of messenger clients
Reads user/profile data of web browsers
Checks computer location settings
Registers COM server for autorun
Executes dropped EXE
Loads dropped DLL
Checks whether UAC is enabled
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Enumerates connected drives
Installs/modifies Browser Helper Object
Checks installed software on the system
Drops desktop.ini file(s)
Drops file in System32 directory
Checks system information in the registry
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Command and Scripting Interpreter: PowerShell
Modifies data under HKEY_USERS
Modifies registry key
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Uses Volume Shadow Copy service COM API
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Modifies registry class
Suspicious behavior: LoadsDriver
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Modifies system certificate store
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-24 18:59
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-24 18:59
Reported
2024-05-24 20:28
Platform
win10v2004-20240426-en
Max time kernel
2700s
Max time network
2054s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\System32\rundll32.exe | N/A |
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLVERIFYINDIRECTDATA\{9FA65764-C36F-4319-9737-658A34585BB7} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\CERTIFICATE\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLREMOVESIGNEDDATAMSG\{9FA65764-C36F-4319-9737-658A34585BB7} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\MESSAGE\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\SIGNATURE\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLPUTSIGNEDDATAMSG\{9FA65764-C36F-4319-9737-658A34585BB7} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLCREATEINDIRECTDATA\{9FA65764-C36F-4319-9737-658A34585BB7} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\CERTCHECK\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\CLEANUP\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLGETSIGNEDDATAMSG\{9FA65764-C36F-4319-9737-658A34585BB7} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\FINALPOLICY\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\DIAGNOSTICPOLICY\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\INITIALIZATION\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{A6EADE66-0000-0000-484E-7E8A45000000} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\125.0.6422.113\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --channel=stable" | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe | N/A |
Sets file execution options in registry
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoasb.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoadfsb.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\orgchart.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32Info.exe | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excelcnv.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordconv.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sdxhelper.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RdrCEF.exe | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msohtmed.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setlang.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosync.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosrec.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenotem.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RdrServicesUpdater.exe | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clview.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\graph.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\selfcert.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msqry32.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Discord\Update.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Windows\System32\rundll32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Apps\Rec Room\Recroom_WindowsPlatformless.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads local data of messenger clients
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5CEF5610-713D-11CE-80C9-00AA00611080}\InprocServer32\11.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{490D6966-005D-36A5-B7EF-521A24207E7E}\InprocServer32\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DC67E480-C3CB-49F8-8232-60B0C2056C8E}\InprocServer32\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3BE786A0-0366-4F5C-9434-25CF162E475E}\InprocServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\InprocServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E185-0000-0000-C000-000000000046}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E187-0000-0000-C000-000000000046}\InprocServer32\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{32CDF9E0-1602-11CE-BFDC-08002B2B8CDA}\InprocServer32\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{97A2762C-403C-4953-A121-7A75ABCE4373}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020812-0000-0000-C000-000000000046}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020820-0000-0000-C000-000000000046}\InprocServer32\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{355822FC-86F1-4BE8-B5F0-A33736789641}\InprocServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32 | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8A683C92-BA84-11CF-8110-00A0C9030074}\InprocServer32\11.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{000D0E00-0000-0000-C000-000000001157}\InprocServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{805B7F91-C9CF-4EDF-ACA6-775664FDFB3E}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{91493441-5A91-11CF-8700-00AA0060263B}\InprocServer32\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9800F18F-3D86-4744-A7D0-540989C86D7B}\InprocServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3BE786A2-0366-4F5C-9434-25CF162E475E}\InprocServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E132-0000-0000-C000-000000000046}\InprocServer32\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E174-0000-0000-C000-000000000046}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1EB89D6-0A9C-4575-A0AE-654A990A454C}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{909E0AE0-16DC-11CE-9E98-00AA00574A4F}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E3C66D5-58D4-491E-A7D4-64AF99AF6E8B}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DDFE337F-4987-4EC8-BDE3-133FA63D5D85}\InProcServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5CEF5610-713D-11CE-80C9-00AA00611080}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D7FAC39E-7FF1-49AA-98CF-A1DDD316337E}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{91493441-5A91-11CF-8700-00AA0060263B}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E119-0000-0000-C000-000000000046}\InprocServer32\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{367E582C-F71C-4BF9-AA1B-9F62B793E9C5}\InprocServer32\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CD7791B9-43FD-42C5-AE42-8DD2811F0419}\InprocServer32\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{91493448-5A91-11CF-8700-00AA0060263B}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3133A7FE-BC5F-4D81-BF02-184ECC88D66E}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A37BBB42-E8C1-4E09-B9CA-F009CE620C08}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EE84065-8BA3-4a8a-9542-6EC8B56A3378}\InprocServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E178-0000-0000-C000-000000000046}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{91493443-5A91-11CF-8700-00AA0060263B}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A249E9F6-5B28-4ED1-8AF0-C9B9C5195486}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F09D237B-3FD1-4900-BEF2-3471CA68142D}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3956DCF-D1C7-4375-AAAA-22FF8191C479}\InprocServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20E823C2-62F3-4638-96BD-90F4F6784EBC}\InProcServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3BE786A0-0366-4F5C-9434-25CF162E475F}\InprocServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05}\InprocServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{33154C99-BF49-443D-A73C-303A23ABBE97}\InprocServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{35C5242B-7455-4F9C-962B-369EA43ED6F3}\InprocServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6F3DD387-5AF2-492B-BDE2-30FF2F451241}\InprocServer32\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8A683C92-BA84-11CF-8110-00A0C9030074}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{312AB530-ECC9-496E-AE0E-C9E6C5392499}\InProcServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E187-0000-0000-C000-000000000046}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE39F3D6-1B13-11D0-887F-00A0C90F2744}\InprocServer32\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{367E582C-F71C-4BF9-AA1B-9F62B793E9C5}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5EC4D34-77DA-4F7A-B8C4-8A910C1C1CFE}\InprocServer32\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5EC4D34-77DA-4F7A-B8C4-8A910C1C1CFE}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{82B02374-B5BC-11CF-810F-00A0C9030074}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{83081C08-382C-4ED4-ACCF-DCBECA021010}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E119-0000-0000-C000-000000000046}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1E886174-DC88-4B83-8BC5-66409EC75F16}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E17C-0000-0000-C000-000000000046}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1C3B4210-F441-11CE-B9EA-00AA006B1A69}\InprocServer32\11.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1C3B4210-F441-11CE-B9EA-00AA006B1A69}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8A683C93-BA84-11CF-8110-00A0C9030074}\InprocServer32\11.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDEADEF5-C265-11D0-BCED-00A0C90AB50F}\InprocServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F90DFE0C-CBDF-41FF-8598-EDD8F222A2C8}\InProcServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{42089D2D-912D-4018-9087-2B87803E93FB}\InprocServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe" | C:\Windows\System32\reg.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Google4248_1089879319\bin\updater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Videos\Captures\desktop.ini | C:\Windows\system32\svchost.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\addinutil.exe.log | C:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.bak.db | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.bak.db-journal | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.bak.db-shm | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| File created | C:\Windows\SysWOW64\Elevation.tmp | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\integrator.exe.db | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\integrator.exe.db-wal | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\integrator.exe.db-shm | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.bak.db-wal | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_hiContrast_bow.png | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\core_icons_highcontrast.png | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ru-ru\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\caution.svg | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\nl-nl\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\inline-error-1x.png | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\sl\ | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_sortedby_hover_18.svg | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fr-ma\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\root\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-j2se-1.3.2.jar | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source1936_1009422985\Chrome-bin\125.0.6422.113\VisualElements\SmallLogoBeta.png | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\arrow-right.png | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ro-ro\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\check-mark-2x.png | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\Close2x.png | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ja-jp\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themes\dark\close.svg | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\ | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\hy\ | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dummy.dic | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_invite_18.svg | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\rhp_world_icon.png | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\plugin.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\fr-ma\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\require\2.1.15\require.min.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\dark\faf_icons.png | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_ko_135x40.svg | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\illustrations_retina.png | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\da-dk\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\hu-hu\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\pl-pl\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\sat_logo.png | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\visualization\libvisual_plugin.dll | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_backarrow_default.svg | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-gb\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\improved-office-to-pdf-2x.png | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\sv-se\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\be_get.svg | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\an\ | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\misc\ | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\next-arrow-disabled.svg | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fi-fi\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\eu-es\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\duplicate.svg | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\zh-tw\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\zh-tw\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\ro_get.svg | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\fr-fr\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\ | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\S_IlluCCFilesEmpty_180x180.svg | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\css\main.css | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ja-jp\AppStore_icon.svg | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\illustrations_retina.png | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\pl-pl\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\back-arrow-focus.svg | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\nb-no\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\SETUP.EX_ | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\125.0.6422.113_chrome_installer.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source1936_1009422985\Chrome-bin\125.0.6422.113\Locales\lv.pak | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-cn\PlayStore_icon.svg | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_copy_plugin.dll | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\msvcp140_1.dll_x64 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngennicupdatelock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngennicupdatelock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngennicupdatelock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngennicupdatelock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\reflow.api_NON_OPT | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\assembly\temp\0EEQBKG8SJ\__AssemblyInfo__.ini | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\assembly\temp\YGDY9ZN9ZH\Microsoft.Office.Tools.Common.Implementation.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\assembly\temp\H6P7W2CZDM\Policy.14.0.Microsoft.Vbe.Interop.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngennicupdatelock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\TURKISH.TXT | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\assembly\temp\NGGK9I5G9C\Policy.12.0.Microsoft.Office.Interop.Access.Dao.config | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\assembly\temp\2LHS195TKK\__AssemblyInfo__.ini | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngennicupdatelock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC700.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\assembly\temp\RQLZFKB85P\Microsoft.Office.Interop.Graph.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\pubpol41.dat | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\assembly\temp\8LBQIOWPY3\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\assembly\temp\N40U1VVXR2\Microsoft.Office.Tools.v9.0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngennicupdatelock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\displaylanguagenames.en_gb_e | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1DD1.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\assembly\pubpol27.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngennicupdatelock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\CROATIAN.TXT | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\APIFile_8.ico | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\vcruntime140.dll_x64 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\assembly\temp\BJRXYOU936\Microsoft.Office.Tools.Excel.Implementation.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngennicupdatelock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngennicupdatelock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngennicupdatelock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\collectsignatures.aapp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\assembly\temp\YG1FXJ4Z8R\Policy.12.0.Microsoft.Office.Interop.SmartTag.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngennicupdatelock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI332F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\Ace.dll_NON_OPT | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\viewer.aapp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngennicupdatelock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\DigSig.api | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\pubpol36.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngennicupdatelock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000073c7eb973396fb40000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000073c7eb90000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900073c7eb9000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d073c7eb9000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000073c7eb900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD993BDC-06E0-4131-B889-DD3B9AEBE253} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76E2369A-75BA-41F9-8B9E-16059E5CF9A6} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AC06A6F-4C88-4707-8DEC-61017CB50E1E} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FBAF6E6-C64B-49DB-AB1B-F93C607EBC71} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C6A861C-B233-4994-AFB1-C158EE4FC578} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BD57A9B2-4E7D-4892-9107-9F4106472DA4} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D13E03F-8289-4c15-A84F-7A8F655C830A} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D13E03F-8289-4c15-A84F-7A8F655C830A} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B3FB63-66F4-4EFC-B717-BB283B85E79B} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FBAF6E6-C64B-49DB-AB1B-F93C607EBC71} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B723F941-52A2-4392-B500-60F3889659B4} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E1F80F4-953F-41E7-8460-E64AE5BE4ED3} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B7278BD0-7970-47D6-8954-99B2343EED88} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD993BDC-06E0-4131-B889-DD3B9AEBE253} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5054EC7-B9CB-4ad5-9F95-D8171A6D6BFA} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5054EC7-B9CB-4ad5-9F95-D8171A6D6BFA} | C:\Windows\system32\msiexec.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\VersionId = "uint16_t|0" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Printers\DevModes2 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Common\ClientTelemetry | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\integrator.exe\ULSMonitor\ULSTagIds0 = "18679566,5804129,7202269,23978014,39965824,7692557,5850525,34198423,41484365,17962391,17962392" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@%SystemRoot%\System32\fveui.dll,-843 = "BitLocker Drive Encryption" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|4" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "5804129,17110992,7202269,41484365,17110988,7153487,39965824,17962391,508368333,17962392,3462423,3702920,3700754,3965062,4297094,7153421,18716193,7153435,7202265,20502174,6308191,18407617" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\CRLs | C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\officeclicktorun | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Common\ClientTelemetry | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates | C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|10" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124 = "Document Encryption" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.3 = 63726f736f66742e4f66666963652e4964656e746974792e55736553706f436f6f6b696546726f6d53616d6554656e616e74222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e44617465546f5573654d6963726f736f6674333635466f72436f6e73756d657273222c20225622203a20227374643a3a77737472696e677c323032302d30342d32315430303a30303a30302e302b30303a303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e44617465546f5573654d6963726f736f6674333635466f72534d42222c20225622203a20227374643a3a77737472696e677c323032302d30342d32315430303a30303a30302e302b30303a303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e456e61626c6547726163655769746857414350726f6d6f427573426172222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e456e61626c654d6f6465726e41464f222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e486561727462656174446179734265666f726545787044617465222c20225622203a2022696e7433325f747c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e4e6f456e7469746c656d656e747353656c6653657276696365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e4e6f456e7469746c656d656e74735472794275794578706572696d656e7454726561746d656e74222c20225622203a2022696e7433325f747c3222207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e53686f77564e6578745369676e4f75744469616c6f67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e5573655265666163746f726564436f6e666967446570726f766973696f6e222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e5573655265666163746f726564476574557365724c6963656e7365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4d616e6167656162696c6974792e436c6f7564506f6c6963792e4e6f6e5075626c6963436c6f7564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4d616e6167656162696c6974792e54656e616e744173736f63696174696f6e4b65792e4e6f6e5075626c6963436c6f7564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4d616e6167656162696c6974792e5573654f637073563255726c496e57696e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4e616e63794f66666963655465616d2e7a686574616e34313232303231222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e416c6c6f7741626f7274517569636b436865636b45777353657276696365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e416c6c6f7741626f7274517569636b436865636b4f6d657853657276696365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4368616e6765476174652e496e766f6b6546657463684d616e696665737443616c6c6261636b4f6e446f776e6c6f61644d616e6966657374222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4368616e6765476174652e557365436c6f6e6564496e7374616e6365466f724572726f72222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4368616e6765476174652e56616c6964617465446f776e6c6f61645265736f7572636573222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4469616c6f6754776f5761794d6573736167696e67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e456e61626c654d696e43616368655265667265736820222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4964656e746974794361636865466f72636552656672657368222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4f7366496e7374616c6c6572526567697374657242675461736b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e506572557365724964656e746974794d696e4361636865222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e506572557365724964656e74697479526962626f6e4361636865222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e5765624b69743246756c6c4469616c6f67415049222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f4d45582e456e61626c65456e7465727072697365436f6d416464696e536574436f6e6e656374496e7465726e616c5570646174654576656e7473222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f4d45582e456e61626c65456e7465727072697365436f6d416464696e556e68616e646c6564457863657074696f6e4576656e7473222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6172742e456e61626c65496e736572744d6564696154656c656d65747279222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e4170706c652e43576f726b73706163655573657255736555726c46726f6d526177556e69636f6465537472696e67222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e4368616e6765476174652e53686f77494150456e747279222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e44656570426174636853746f7265456e61626c6564222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e52656e6465725570646174656457696e333252656458222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e53686f756c645573654e6574436f7374496e73746561644f664d736f426c6f636b696e67222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e4c6173744d696c6554656c656d6574727954726163657274222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e5063782e417474656d70744f75746c6f6f6b41757468466f7250726f66696c65222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e5063782e427567466978466f7255736572486561646572496e4964656e7469747941757468222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e5063782e4c696e6b6564496e4b32466978222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e5063782e5063784a756e65323031394275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e526970636f72642e33363134383230222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e526970636f72642e33393039323635222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e526970636f72642e33393435323833222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5043582e526970636f72642e56534f2e33363432383036222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572666f726d616e63652e426c6f636b696e6757616974732e4f737250726f63657373222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572666f726d616e63652e4368616e6765476174652e586c426f6f74436f6d706c657465416674657246696c654f70656e416e6453706c61736853637265656e222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572736f6e616c697a6174696f6e2e456e61626c65476574496e736967687473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572736f6e616c697a6174696f6e2e456e61626c6553656e645369676e616c222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572736f6e616c697a6174696f6e2e47657455736572466163747354696d656f75744d696c6c697365636f6e6473222c20225622203a2022696e7433325f747c3530303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572736f6e616c697a6174696f6e2e557365476574496e736967687473466c6f77466f724665746368696e67476f7665726e616e636544617461222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e4368616e6765476174652e436865636b56696577496e536c6964654a616e69746f724f62736572766572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e4368616e6765476174652e466f726365536f6674776172654d696e69617475726552656e646572696e67222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e4368616e6765476174652e4d657267652e5573655468726f77696e674c69666567756172645374657073222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e4368616e6765476174652e536c69646553686f772e52656c65617365536c69646553686f774d616e616765724265666f726547667853687574646f776e222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e48616e646c65434c524372617368222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e53756767657374696f6e732e456e61626c65436f6e74656e745265636f6d6d656e646174696f6e4974656d73222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e50726f6a6563742e50726f6a65637443325253657276657232303133436f6e6e656374696f6e426c6f636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e50726f6a6563742e50726f6a65637443656e74656e6e69616c53657276657232303133426c6f636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e50726f6a6563742e50726f6a65637443656e74656e6e69616c53657276657232303133436f6e6e656374696f6e426c6f636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e434c502e5570646174655374617475734261724f6e50726f66696c65537769746368222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e43656e7472616c697a6564457874656e73696f6e536166657479436865636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e49524d2e5758505644697361626c654c6f616454656d706c617465734f6e426f6f74222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e4973457874656e73696f6e496e4c697374557064617465222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e4d6f6e69746f72656446696c65457874656e73696f6e4c697374222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e50726f74656374696f6e536572766963652e4e657755784d6f64656c222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e53686f756c6452756e436c6f75645365637572697479506f6c696379436865636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e5573654e6f526566436f756e74416d736953747265616d222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e436c6f7564222c20225622203a20227374643a3a77737472696e677c5075626c696322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e46617374465445222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e4d53495442697a63686174416c6c6f776c697374222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e4d6f636861222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e4f584f416c6c222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e50657270657475616c4c6963656e7365222c20225622203a20227374643a3a77737472696e677c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e5365676d656e74222c20225622203a20227374643a3a77737472696e677c4e4f4e4652444322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e56657273696f6e506172746974696f6e222c20225622203a20227374643a3a77737472696e677c57696e3332416e64726f6964486f7422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e576f7264436f70696c6f74446f67666f6f64222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e416c6c6f775a65726f4c656e677468536561726368537472696e67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4175746f436f727265637455492e41637469766974696573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4175746f446973636f7665722e4275674669786573466f7252657472794661696c65645265717565737473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4175746f446973636f7665722e4c696d6974546f4f6e654175746f446973636f766572222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4175746f446973636f7665722e4f6e6c795573654874747073222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e426f6f7449646c655468726f74746c6572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4275674669782e506572736f6e61436f6e74726f6c4261636b67726f756e64436f6c6f72222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4368616e6765476174652e44656c617943757272656e745549416374697665506c616365557064617465222c20225622203a2022626f6f6c7c3022207d2c | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|13" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e\52C64B7E\@%systemroot%\system32\FirewallControlPanel.dll,-12122 = "Windows Defender Firewall" | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\integrator.exe\ULSMonitor | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|2" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|7" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0 | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Google | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@%SystemRoot%\System32\ci.dll,-100 = "Isolated User Mode (IUM)" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|6" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs | C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Property\0018C00DBE6209BC = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb01000000a594b7f639e26c4083b3b0da538f62c100000000020000000000106600000001000020000000be6f871ae09cf3efc97e2e783321c8876ba15a090319e7cd9fe44d0ed59cd38c000000000e80000000020000200000000b8624d6c5052c4e7bd372b94870e41cb56f75abc8b4a1911c2b02271227e914800000006a29e1a54ede5006a747af8ca17e8117c0ef3ee9127aab149101e175e0bc1947c6d11a422e3d49578f088f11a190f2347c194db1e27ab6a6a37ffacd3dced1ca99147f3bd3874e6630fb72614927f168af6e7ed43a54e9de8ae3571f6eb5c86ec95d5d41a4b15d255d5bb508124ee717c32e78f20d012ba2cd9190deb6b6fd8e40000000d8a76c405dafbfd974861391c102c980e8edf901f6c59f1467353cbbc7718ffe1e58996e1fde34e6f5f1e7cd1012a40a29a5ff106bb56da455e3625a68c67ee7 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}\DeviceTicket = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb01000000a594b7f639e26c4083b3b0da538f62c1000000000200000000001066000000010000200000006bada39d3f8c76fccb4de17fef6bbd192478f2add365e83ec328584679921e51000000000e8000000002000020000000462776fcc4e9fb35e1477c9ecf6d48db1af9e81e13f6cdc5a0bd6327629e32e6f0030000ac742015702db70b870ac7c9da7d8cbf2e19eb05bec357019d3cf73091920d0d58bd5ffd68c03ddf555936102ace7da7e74af38c28f2e26f3c7470f61a91cc982f279cd37109f75ed9a9d87b2f99df98603d91e79f2576927d03170be1a0f4b818b67b151529ff9e4896ae0be54a9f8e9f113bad887e759427d3d878de0bc02d0e8969098cdfebc13566d3424e7329229ea15fbb3d03055e190d824911a3d3f1339e734fcdea5b4acd66774acde8d4db094122589f5857c60b20775e7c350f378231b95ec5109838300e7749c9d384afe92463a9edaf716851c2cb9085320293aa8b2492a5e807495bac5abe5ddc3c536faf53a958d6db828b27204320cea46573c21d1926221b683840b54397d4ebf1f92f48d88b8c14341aac8d40e3a898c04df8204487b544459f3407ead0d95bb2917b995297b87b2f089e4a64515e89d839665252fdff87a34b4fefdd9e57a01cf7460955feb34014054103633d97e8ee29eede0af7115ee6eca6c6562335412e994da5ce8f903ad272bec87c7bdb38ffce64872df3a25e36c4ee35ddbd27d175d64d5233eaf8756fe8fe26971a6a5894f5b96cdd4d3f6c6a87cc711799e5468a02b212b0a1e7f885c6fa90895b3e0e622cf5cf1b548e356f831ce377a1203c02d68646bbd4570bd7caba3a485de88dcdda663c38f8d06359a419f4c4f0c98b1ff21806fa1e4350c5637aaa6bdb846c465d6514872bb56b275fc74452a8d51f4549f26d6ea2f64fe52c58a9dcf6dd10cf913cb41b8c9b7daeadc2fcf29c6ec4a2675a9a360d53672c8f8ab28567b686e149c3eb7e6bb7d1d7b47762356cedb4963ddde7d602ededba1a0016179c765ad69b3c1e4bc37ab90eaf95db720988b8a774fb24111031049afa97f81797b29d69f812967a29649f7ca345d9241eb52046caca8a580ecfd24e98d4c93105579844497227a48920aa60688655c5851e891cf1b47c13b7f1dc4852b35790a6e7dd012ed3ef5355ff00b333922822c652349785ec406b8a215994d1b52fe1cfc306aa3069bf0de5b8d28e67418ec731ef31e489b82ed76081a05d4ca671caa15408eeefeaf16e8fdc017a315bf597670ade7db70f15ed1a12503d1c3d4c5b8ddab371d25203f827593d5b53c95f6bac1fb23724efb4b86a77fb998471c10dc66a77b80e7920e3411af7b6c943a3b015b8d39b861226082ea6df2c5dd2c9587a4d92d726eb320a34f14cac3786b1dd45a3dfaab6f8a90cbd9401104811bd64d1807772c2d158e94781faccf7c77f9f3e08f29b3687b7fea18484cecd665faff6e3d669e3ef8060f5a2c9ce1c0bc3dd5de7dff0eff3ca5a02f7559e748bd69bb37a48427c46d34ba73d5aa08670d30bb538190d47e403a40f92c1cc77e18036f8faf19e10f1dbc6bda05acc4feed282e63779214000000092b72fa34b6aebafc271b9ba14f6b2e810ea95917564ecf0c460e8ef763afb21e61b2535a699c83e905d58e4eaa577aa1b86364af22f79b933e0d935668e7498 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Common\ClientTelemetry\Volatile | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\integrator.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.5 = 6c656d6574727944796e616d6963436f6e6669672e446961676e6f7374696373222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c22436f6c6c6563746f725c22203a207b205c224576656e74735c22203a207b205c2253746172745472616365436f6c6c6563746f725c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e446f6373222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22536861726564436f6d6d656e74735f447261667443617264556e6d6f756e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224544502a5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22456e74657270726973654461746150726f74656374696f6e2a5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d736f456e74657270726973654461746150726f74656374696f6e2a5c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22536861726564436f6d6d656e74735c22203a207b205c224576656e74735c22203a207b205c22436f6d6d6974436f6d6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469736361726444726166744173796e635c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469736361726444726166744e61746976655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22447261667453746174654d616e61676572456e644472616674696e675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22456e644472616674696e675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22506f737444726166745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244656c657465506f7374416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244656c657465546872656164416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2245324550657266547261636b65725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224472616674436172644d6f756e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244726166744361726452656e64657265645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d61726b436f6d6d656e744372656174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2252656f70656e546872656164416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225265736f6c7665546872656164416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536d6172745265706c79506f737465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224162616e646f6e44726166745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469736361726444726166745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6d6d656e74436f6e746578744368616e676564416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f6164436f6d6d656e74416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368436c6f7365566965774576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368436f6e74657874437265617465644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244697370617463684f70656e566965774576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368566965774368616e6765644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368426567696e44726166744576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244697370617463684361706162696c69746965734368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368436f6d6d656e74734368616e6765644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368436f6d6d656e7453656c65637465644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368437265617465436f6d6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368446f634368616e6765644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368456e64436f6d6d656e7453657373696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368456e6444726166744576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244697370617463684576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368466f63757350616e655472696767657265644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368496e6974436f6d6d656e7453657373696f6e4173796e635c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368496e697469616c52656e646572436f6d706c657465644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368496e76616c69644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244697370617463684c6f6164546872656164735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636850616e654368616e6765644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636850616e65466f63757353746174654368616e6765644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636850616e65546f52656e6465724576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636853656c656374436f6d6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636853657448616c6650616e65446973706c61794d6f64655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244697370617463685468656d654368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636844656c657465436f6d6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c656172436f6d6d656e7453656c656374696f6e416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22446f63756d656e74416374697669746965735c22203a207b205c224576656e74735c22203a207b205c2241637469766974794c6f6744697363617264466f72446f63756d656e744368616e67655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67547269676765724173796e635461736b576f726b65725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d697451756575654c6f61644173796e635c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565496e697446696c65506174685c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565437265617465496e73616e63655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565417070656e644173796e6342617463685c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565577269746541637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756552656d6f76654173796e6342617463685c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d697451756575655772697465446f63756d656e74496e666f4865616465725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756554727944656c657465456d70747946696c654173796e635c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565496e7365727441637469766974794e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67456e717565756541637469766974794e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f6741646441637469766974794e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f674372656174654c6f675c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67536176654e657746696c655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f674469736361726441637469766974794e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67456e71756575654c6f63616c4e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67456e71756575654f7574676f696e674e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d697451756575654469736361726441637469766974794e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224170694f70656e41637469766974794c6f675769746853747265616d5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f6741646441637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f674361636865446f63756d656e74496e666f5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67456e74727946696e616c697a655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f6746696c7465724f757443757272656e7455736572416374697669746965735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f674c6f616446726f6d53747265616d5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f6753617665546f53747265616d5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565436865636b5265766f6b65644544505c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565526570616972436f7272757074656446696c654173796e635c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f674d6f64696679436c6f6e655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756546696c654f70656e4572726f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756546696c65526561644572726f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756546696c655265706c6163654572726f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756546696c6557726974654572726f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565536574456e74657270726973654461746150726f74656374696f6e4173796e635c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d697451756575655472756e6361746551756575655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67456e7472794372656174655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f67456e74727953657453746174655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22536572766963654163746976697479526573756c745c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f674f6e436f6e74656e74416374696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f67456e717565756541637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f674469736361726441637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c225472616e736d69745175657565496e7365727441637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c225472616e736d697451756575654469736361726441637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f67456e71756575654f7574676f696e675c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f67436c6f73655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736d6974517565756548656c706572456e737572654469726563746f72795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736d697451756575654d616e61676572437265617465496e73616e63655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2241706943726561746541637469766974794c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224170694372656174654c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736d69745175657565536574456e74657270726973654461746150726f74656374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2241637469766974794c6f674173796e635461736b5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22436f6c6c6162436f726e65725c22203a207b205c224576656e74735c22203a207b205c22436f617574686f725570646174654c6f636174696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f617574686f72476f546f43757272656e744c6f636174696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c6572795573657252655265676973746572436f6e6e65637469766974794368616e67654e6f7469667949664e65636573736172795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f666669636543686174436f6d6d616e6443686174427574746f6e497356697369626c654e6f7744617461706f696e745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c65727955736572436c6f736553696e676c65466c796f75745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f666669636543686174436f6d6d616e64497343686174417661696c61626c655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c6572794f6e436f617574686f72735265747269657665644173796e63506f73745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c6572795265747269657665436f617574686f72735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c6572794f6e436f617574686f72735265747269657665645c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c6572795265747269657665436f617574686f72734265666f72654173796e63506f73745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c657279496e6974464d5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c657279436f617574686f72577261707065725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f666669636543686174436f6d6d616e64436f61757468696e6757697468416c6c4775657374734f724d697373696e67456d61696c456469746f72735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22476f546f4c6f636174696f6e416374696f6e487562416374696f6e4a756d70546f417574686f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c65727955736572557064617465417574686f724c6f636174696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c65727955736572557064617465456d61696c416e64436861745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6e7461637443617264416374696f6e487562416374696f6e53686f77436f6e74616374436172645c | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.10 = 203a2032207d2c205c225469746c654261725361766555694d616e616765725772697465537461747573546f5469746c654261725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f6164437369446c6c466f72436c69636b3252756e456e7669726f6e6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2249735365727665724361636865645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d616e75616c5361766555736167655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2246696c6553746f72655c22203a207b205c224576656e74735c22203a207b205c22465344436f7272757074696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2247617262616765436f6c6c656374696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c225a65726f4279746546696c6555706c6f6164417474656d707465645c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c2252756e74696d6550726f706572746965735c22203a207b205c224576656e74735c22203a207b205c22496e636f6d70617469626c6543736956657273696f6e44657465637465645c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c224f66666963655c22203a207b205c225375624e616d657370616365735c22203a207b205c2246696c65494f5c22203a207b205c225375624e616d657370616365735c22203a207b205c224353495c22203a207b205c225375624e616d657370616365735c22203a207b205c2253746f726167655c22203a207b205c224576656e74735c22203a207b205c2243616368654f707469637356325c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d2c205c224d6f6373695c22203a207b205c224576656e74735c22203a207b205c22557064617465486f73745469705c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4772617068696373222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22415243457863657074696f6e53636f70655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2245326f5669657752656e646572506572666f726d616e636541637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224172745669657756616c69646174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224175746f6669745368617065546f54657874436d645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546f704c6576656c456666656374447261775c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224372656174654269746d617046726f6d506c6174666f726d4269746d61705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e6b496e70757453757266616365426173655570646174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250617468576964656e657246576964656e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250617468576964656e657246576964656e53696d706c65506174685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224776697a536d61727441727450726f7065727469657354656c656d657472795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243726561746544657669636544334431305c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22537065637472655472616e73636f646541637469766974795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e73657274496e646976696475616c4d6f64656c334441637469766974795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f61646564496d61676550726f706572746965735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e736572744d6f64656c334441637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22537065637472654372656174655363656e6541637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224d6f64656c334452656e64657241637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4964656e74697479222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22456e7375726550726f7669646572496e697465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574506572736f6e50726f66696c6553657475705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224964656e74697479536e617073686f745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657450726f7669646572466f7241757468536368656d655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472794964656e74697479506172656e744d617463685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526f616d696e6750726f7879496e69745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536861726564437265645265667265736846726f6d53746f72655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526561644f6e6546726f6d43726564656e7469616c4c6973745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22435265616453796e635461736b52756e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f6d61696e4a6f696e65644f72436c6f7564446f6d61696e4a6f696e656453657373696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744164616c416363657373546f6b656e46726f6d4372656450726f76696465725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574536572766963655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574436f6e666967546f6b656e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574426c6f636b696e67536572766963655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22506f70756c617465536572766963654d61705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657441757468656e74696361746564536572766963655469636b65745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526566726573684964656e7469746965735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765745365727669636555726c466f7246656465726174696f6e50726f7669646572416e616c797369735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225365727669636555726c5374617475735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2241637175697265536572766963655469636b6574466f724144414c5c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c2253697465735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e496e736967687473222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c22496e73696768747350616e655c22203a207b205c224576656e74735c22203a207b205c22415c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22445c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2248746d6c5072656665746368526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22535c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436163686546696c654e6f7456616c69645c22203a207b205c224576656e74466c61675c22203a20323536207d207d2c205c225375624e616d657370616365735c22203a207b205c224f66666963655c22203a207b205c224576656e74735c22203a207b205c2253797374656d616c69645c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22496e7369676874735c22203a207b205c224576656e74735c22203a207b205c22496e73696768747350616e655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e73696768747350616e65305c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e73696768747350616e65725c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253797374656d5c22203a207b205c224576656e74735c22203a207b205c224163746976697479715c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224163746976697479735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d2c205c22536d6172744c6f6f6b75705c22203a207b205c224576656e74735c22203a207b205c22415c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f7079466561747572654761746573315c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f7079466561747572654761746573325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573315c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331305c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331315c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331335c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331355c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573335c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573345c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573355c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573365c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573375c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573385c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573395c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22535c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2248746d6c5072656665746368526571756573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225265667265736843616368656446696c65735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446f776e6c6f61645265736f757263655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2241757468656e7469636174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22526573756c7447726f7570546f52656e6465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253656e64576562536f636b6574526571756573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22576562536f636b657450696e67506f6e674c6174656e63795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446961676e6f737469635c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c2238564d65686c6c5c22203a207b205c225375624e616d657370616365735c22203a207b205c22356b69614b3747426b7a505746675c22203a207b205c224576656e74735c22203a207b205c22373139305c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c22385c22203a207b205c225375624e616d657370616365735c22203a207b205c227a424b387872415553554e52497859484e4b55415c22203a207b205c224576656e74735c22203a207b205c22393133335c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c224f66666963655c22203a207b205c224576656e74735c22203a207b205c2253797374656d644d617463685c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22496e7369676874735c22203a207b205c224576656e74735c22203a207b205c22536d6172744c6f6f6b75705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536d6172744c6f6f6b75705f5f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536d6172744c6f6f6b75705f5f5f5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253797374656d5c22203a207b205c224576656e74735c22203a207b205c2241637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253797374656d68633863674f6a46515c22203a207b205c224576656e74735c22203a207b205c22383635335c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d2c205c22556952756e74696d655c22203a207b205c224576656e74735c22203a207b205c22437265617465576562536f636b65745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2250726f636573735265717565737451756575655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e74656e745365727669636550726f78794f6e436f6e6e656374696f6e436c6f7365645c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f6e436f6e6e656374696f6e436c6f7365645c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4c6963656e73696e67222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c224c6963656e73696e67427573626172416374696f6e5c22203a207b205c224576656e74466c61675c22203a203439343038207d2c205c22487244697370617463685375625461736b53746172745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22517569636b56616c69646174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253617665416c6c536b75696473546f52656769737472795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2257616974546f52657472794865617274626561745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536561726368466f7253657373696f6e546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224e554c56616c69646174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2256616c696461746553657373696f6e546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2243616e52756e4665617475726543616368655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22506572666f726d4c6963656e73696e674e6f74696669636174696f6e735c22203a207b205c224576656e74466c61675c22203a20323536207d207d2c205c225375624e616d657370616365735c22203a207b205c224c5655585c22203a207b205c224576656e74735c22203a207b205c224e6f456e7469746c656d656e74735c22203a207b205c224576656e74466c61675c22203a203439343038207d2c205c224e6f456e7469746c656d656e74734578706572696d656e74547269676765725c22203a207b205c224576656e74466c61675c22203a203439343038207d207d207d2c205c224f6666696365436c69656e744c6963656e73696e675c22203a207b205c224576656e74735c22203a207b205c224c6963656e7365436f6d706c657465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6567616379416374697669747953756363657373436f756e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c656761637941637469766974794661696c757265436f756e745c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22436c69656e745c22203a207b205c224576656e74735c22203a207b205c224653686f756c6441637469766174655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c224865617274626561745c22203a207b205c224576656e74735c22203a207b205c22577269746543616368655c22203a207b205c224576656e74466c61675c22203a | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\Expires = "int64_t|1716623525" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Common\ClientTelemetry\Volatile | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\integrator.exe\ULSMonitor | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@%SystemRoot%\System32\fveui.dll,-844 = "BitLocker Data Recovery Agent" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Property | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CDEC13B2-0B3C-400E-B909-E27EE89C6799}\TypeLib | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D5EC4D34-77DA-4F7A-B8C4-8A910C1C1CFE} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.iso\shell | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5007373A-20D7-458F-9FFB-ABC900E3A831}\ProxyStubClsid | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{DF1EC000-0822-3C47-8E22-E3AE308567E4}\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{1E1C4C4B-742D-40CA-8DD8-6E9B772D117D}\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\AppID\{521FDB42-7130-4806-822A-FC5163FAD983} | C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9E0BD17B-2D3C-4656-B94D-03084F3FD9D4}\TypeLib | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.asx\ = "WMP11.AssocFile.ASX" | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\AudioCD\shell\PlayWithVLC\command | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\SharePoint.DragDownloadCtl.1\CLSID | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{BD0E5FD4-BCC4-3913-82EF-19EE05B56F04} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D7FA6F5E-9122-4900-8846-5AB0A5499D52}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{91493443-5A91-11CF-8700-00AA0060263B}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.avi | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9B4CD3EE-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.qcp\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{033D10C1-80FA-40E2-B578-A800DF9A9316}\ProxyStubClsid | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{56B47D6C-2795-39D8-8B21-CDCC7BE7ECBD}\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{36DE898D-AD48-40A5-B4B2-123F916BFBAB}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0002E17C-0000-0000-C000-000000000046}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{CBCC669E-8D89-3F3B-AA13-4EB4FC3B34B5}\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\AcroPDF.PDF\CurVer | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{4ADEE80B-6697-30AE-B907-F63DC07322D5}\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{6299711A-E372-36AB-A8AB-129031BFD9B9}\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{B2EDC2A3-924D-3C82-B34C-DE7E8F03BD0E}\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.ram | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{417EC967-ACF1-3B68-9743-D9D104681FB3}\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDEADEF5-C265-11D0-BCED-00A0C90AB50F}\ProgID | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CA8A9780-280D-11CF-A24D-444553540000}\ToolboxBitmap32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F241-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{7BD721FC-E709-48B5-9358-18408F131030}\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CA8A9780-280D-11CF-A24D-444553540000}\EnableFullPage\.xdp | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3FD37ABB-F90A-4DE5-AA38-179629E64C2F}\ProgID | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{DF09291A-1712-3919-B144-B9CC016C28E6} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{5AAABB05-F91B-4bce-AB18-D8319DEDABA8} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files" | C:\Windows\explorer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\.vob\ShellEx | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\STSUpld.TitleDisplayElement | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{347CDE09-0CE2-3FBB-9BB8-7C9ECF5B750E} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE39F3D6-1B13-11D0-887F-00A0C90F2744}\InprocServer32\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1588C1A8-27D9-563E-9641-8D20767FB258}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0486745C-8D9B-5377-A54C-A61FFAA0BBE4}\1.0\0\win32\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\127.0.6490.0\\updater.exe\\4" | C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mov\shell\Open | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20E823C2-62F3-4638-96BD-90F4F6784EBC} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{9570E3C8-3B3D-3029-B960-AA478C2A65A2} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{796A2C2D-5B11-4FB5-9077-56D5E674972B}\TypeLib | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1C3B4210-F441-11CE-B9EA-00AA006B1A69} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{42F39CA7-B680-3CFB-8F67-5B3E2D276747}\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{301700D5-8B2C-37AB-A875-C8B763D7389A}\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{226CC8E6-1ED0-4770-A7F1-A80BB4DDF07B} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{2253A7C8-C563-386D-BDC6-B55E72015C02}\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{4179EEDA-0598-3CC3-85A8-2FC201D18FC6} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{93914D16-797F-3747-8421-54B51590CEF1}\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2A792539-9CEA-4A63-A80A-A645FEF2046A}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F2AB-98B5-11CF-BB82-00AA00BDCE0B} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5A1DCFD3-7982-48F2-8A3D-5C35272862DE}\InProcServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{0FE28955-0AC2-36E0-8AF2-4C841614704B} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{7177C219-3448-3232-BCCC-480DF7076FFA}\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B685B009-DBC4-4F24-9542-A162C3793E77}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7CD069A0-50AA-11D1-B8F0-00A0C9259304}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.ifo\shell\Open\command | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\reg.exe | N/A |
| N/A | N/A | C:\Windows\System32\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\System32\reg.exe | N/A |
| N/A | N/A | C:\Windows\System32\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\System32\reg.exe | N/A |
| N/A | N/A | C:\Windows\System32\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 5c000000010000000400000000080000190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0282000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD | C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Apps\Rec Room\Recroom_WindowsPlatformless.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Apps\Rec Room\Recroom_WindowsPlatformless.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Apps\Rec Room\Recroom_WindowsPlatformless.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD | C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0280f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Firework Stars.png"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
C:\Windows\system32\dashost.exe
dashost.exe {d522108e-206f-4b4d-a5ba3115fd951556}
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" TroubleshootActivation
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" shwebsvc.dll,AddNetPlaceRunDll
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
C:\Program Files\7-Zip\Uninstall.exe
"C:\Program Files\7-Zip\Uninstall.exe"
C:\Users\Admin\AppData\Local\Temp\7zC113EDFC\Uninst.exe
C:\Users\Admin\AppData\Local\Temp\7zC113EDFC\Uninst.exe /N /D="C:\Program Files\7-Zip\"
C:\Program Files\VideoLAN\VLC\uninstall.exe
"C:\Program Files\VideoLAN\VLC\uninstall.exe"
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Program Files\VideoLAN\VLC\
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s /u "C:\Program Files\VideoLAN\VLC\axvlc.dll"
C:\Windows\system32\regsvr32.exe
/s /u "C:\Program Files\VideoLAN\VLC\axvlc.dll"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 8C5F401395F9BD32514E77C05F389B0A
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding C8129A1B1D387A67027F689B9D543DC8 E Global\MSI0000
C:\Windows\Installer\MSI2B2A.tmp
"C:\Windows\Installer\MSI2B2A.tmp" /b 3 120 0
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" ClearToasts
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbf324ab58,0x7ffbf324ab68,0x7ffbf324ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2236 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4368 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4516 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4668 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4956 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4812 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4016 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4868 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4872 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5076 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4912 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5048 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5080 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4588 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4860 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4924 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4144 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4696 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5016 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5096 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4964 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5140 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5404 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5592 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5272 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5188 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5292 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4652 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6012 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5700 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5272 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5532 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6148 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5268 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6024 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5852 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5108 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5096 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5700 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5240 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5588 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5300 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6216 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4908 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5080 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5664 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6284 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6472 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6256 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5424 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5108 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6684 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6700 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4904 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6828 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6920 --field-trial-handle=1932,i,3853186554531700957,7802015904856535055,131072 /prefetch:8
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" scenario=install scenariosubtype=ARP sourcetype=None productstoremove=ProPlusRetail.16_en-us_x-none culture=en-us version.16=16.0
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe"
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
integrator.exe /U /Extension /Msi /License PRIDName=ProPlusRetail.16 PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root"
C:\Windows\system32\schtasks.exe
schtasks.exe /Delete /F /tn "Microsoft\Office\Office Feature Updates"
C:\Windows\system32\schtasks.exe
schtasks.exe /Delete /F /tn "Microsoft\Office\Office Feature Updates Logon"
C:\Windows\system32\schtasks.exe
schtasks.exe /Delete /F /tn "Microsoft\Office\OfficeTelemetryAgentLogOn2016"
C:\Windows\system32\schtasks.exe
schtasks.exe /Delete /F /tn "Microsoft\Office\OfficeTelemetryAgentFallBack2016"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding CC0D8E36D2C455A6D77F5A1C65DA3355 E Global\MSI0000
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 97FD039C3CA461B34924EE609FA51418 E Global\MSI0000
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"
C:\Program Files\Common Files\Microsoft Shared\Source Engine\ose.exe
"C:\Program Files\Common Files\Microsoft Shared\Source Engine\ose.exe" -standalone:temp
C:\Windows\Temp\ose00000.exe
"C:\Windows\Temp\ose00000.exe" -standalone
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.v4.0.Framework, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.v4.0.Framework, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.ContainerControl, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.ContainerControl, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime.Internal, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime.Internal, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe update /queue
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe update /queue
C:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe
"C:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe" -PipelineRoot:"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\." -Rebuild
C:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe
"C:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe" -AddInRoot:"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\." -Rebuild
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding A2BF116BCD2F691D06B491716834CCF8 E Global\MSI0000
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /standalonesystem
C:\Windows\system32\schtasks.exe
schtasks.exe /Delete /F /tn "Microsoft\Office\Office Automatic Updates"
C:\Windows\system32\schtasks.exe
schtasks.exe /Delete /F /tn "Microsoft\Office\Office Automatic Updates 2.0"
C:\Windows\system32\schtasks.exe
schtasks.exe /Delete /F /tn "Microsoft\Office\Office Subscription Maintenance"
C:\Windows\system32\schtasks.exe
schtasks.exe /Delete /F /tn "Microsoft\Office\Office ClickToRun Service Monitor"
C:\Windows\system32\schtasks.exe
schtasks.exe /Delete /F /tn "Microsoft\Office\Microsoft Office Touchless Attach Notification"
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf324ab58,0x7ffbf324ab68,0x7ffbf324ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1900,i,12050025954994525686,16913640659583626693,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1900,i,12050025954994525686,16913640659583626693,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=1900,i,12050025954994525686,16913640659583626693,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1900,i,12050025954994525686,16913640659583626693,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1900,i,12050025954994525686,16913640659583626693,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4368 --field-trial-handle=1900,i,12050025954994525686,16913640659583626693,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4484 --field-trial-handle=1900,i,12050025954994525686,16913640659583626693,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4652 --field-trial-handle=1900,i,12050025954994525686,16913640659583626693,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4652 --field-trial-handle=1900,i,12050025954994525686,16913640659583626693,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1900,i,12050025954994525686,16913640659583626693,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5008 --field-trial-handle=1900,i,12050025954994525686,16913640659583626693,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1900,i,12050025954994525686,16913640659583626693,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff780eaae48,0x7ff780eaae58,0x7ff780eaae68
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf324ab58,0x7ffbf324ab68,0x7ffbf324ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2268 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3132 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3160 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3588 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4488 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4492 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1660 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4488 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4892 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2744 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5156 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5192 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5236 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5328 --field-trial-handle=1956,i,9353126630314638864,16729271939196524659,131072 /prefetch:8
C:\Users\Admin\Downloads\ChromeSetup.exe
"C:\Users\Admin\Downloads\ChromeSetup.exe"
C:\Program Files (x86)\Google4248_1089879319\bin\updater.exe
"C:\Program Files (x86)\Google4248_1089879319\bin\updater.exe" --install=appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={76D06516-4F7D-D71C-9575-DF3CF5EFF77F}&lang=en-GB&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-statsdef_1&installdataindex=empty --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/updater/*=2
C:\Program Files (x86)\Google4248_1089879319\bin\updater.exe
"C:\Program Files (x86)\Google4248_1089879319\bin\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0x7a758c,0x7a7598,0x7a75a4
C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --system --windows-service --service=update-internal
C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0xac758c,0xac7598,0xac75a4
C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --system --windows-service --service=update
C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0xac758c,0xac7598,0xac75a4
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\125.0.6422.113_chrome_installer.exe
"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\125.0.6422.113_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\e2f11544-0faa-46ac-be04-dae8486ee6b7.tmp"
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe
"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe" --install-archive="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\e2f11544-0faa-46ac-be04-dae8486ee6b7.tmp"
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe
"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=125.0.6422.113 --initial-client-data=0x27c,0x280,0x284,0x258,0x288,0x7ff699ef2698,0x7ff699ef26a4,0x7ff699ef26b0
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe
"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe
"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping5756_942679232\CR_8687A.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=125.0.6422.113 --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0x7ff699ef2698,0x7ff699ef26a4,0x7ff699ef26b0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffbf324ab58,0x7ffbf324ab68,0x7ffbf324ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1904,i,11986969737998208179,15727918139085421063,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1904,i,11986969737998208179,15727918139085421063,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\125.0.6422.113\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\125.0.6422.113\Installer\setup.exe" --rename-chrome-exe --system-level --verbose-logging --channel=stable
C:\Program Files\Google\Chrome\Application\125.0.6422.113\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\125.0.6422.113\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=125.0.6422.113 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff725ac2698,0x7ff725ac26a4,0x7ff725ac26b0
C:\Program Files\Google\Chrome\Application\125.0.6422.113\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\125.0.6422.113\Installer\setup.exe" --channel=stable --delete-old-versions --system-level --verbose-logging
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --flag-switches-begin --flag-switches-end
C:\Program Files\Google\Chrome\Application\125.0.6422.113\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\125.0.6422.113\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=125.0.6422.113 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff725ac2698,0x7ff725ac26a4,0x7ff725ac26b0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=125.0.6422.113 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc01981c70,0x7ffc01981c7c,0x7ffc01981c88
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2044,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2036 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1900,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2060 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2300,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2316 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4536,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4348 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4768,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4772 /prefetch:1
C:\Program Files\Google\Chrome\Application\125.0.6422.113\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\125.0.6422.113\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4780,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4880 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4540,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5084 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --field-trial-handle=5124,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5164 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4888,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4700 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3268,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5028 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4808,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5436 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4796,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5476 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4784,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5612 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4832,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5752 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=5408,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5880 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6504,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6540 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6484,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6492 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6812,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6836 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6952,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6956 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=7104,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6672 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=7136,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=7268 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6848,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=7424 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=7548,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=7576 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7592,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=7728 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=7688,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=7552 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6568,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=7964 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7080,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6628 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=7720,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5016 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=7996,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=7988 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=7312,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6968 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=8112,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6992 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --field-trial-handle=7056,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=8124 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6988,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=8268 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=8276,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=8284 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7564,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6836 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=8268,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=7160 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=8592,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=7244 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=7252,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=7452 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=7540,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=7500 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5596,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5616 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=7428,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=7780 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=5660,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=5692,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=732 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6468,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5796 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=8780,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=8684 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=7172,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5656 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=7820,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=7760 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=3520,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3868 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=4632,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2544 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=2592,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2576 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=3404,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3368 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=4400,i,12888041534845862045,3272741941730817177,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5708 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=125.0.6422.113 --initial-client-data=0x118,0x11c,0x120,0xa0,0x124,0x7ffc01981c70,0x7ffc01981c7c,0x7ffc01981c88
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2072,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1908,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2116 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2132,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2236 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2600,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2700 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2604,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2740 /prefetch:1
C:\Program Files\Google\Chrome\Application\125.0.6422.113\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\125.0.6422.113\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --field-trial-handle=3864,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3880 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=4848,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4860 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4156,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4412 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4528,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4200 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4484,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4032 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4228,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5040 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=2504,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5304 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5328,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5488 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=3132,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5624 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5824,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2888 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5200,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4280 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=2956,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2964 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=5088,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5144 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --field-trial-handle=5072,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5108 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5112,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5568 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=2980,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5492 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2888,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5460 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x378 0x150
C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --wake --system
C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x25c,0x27c,0x280,0x254,0x284,0xac758c,0xac7598,0xac75a4
C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --system --windows-service --service=update-internal
C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x280,0x284,0x288,0x25c,0x28c,0xac758c,0xac7598,0xac75a4
C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --system --windows-service --service=update
C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x280,0x284,0x288,0x25c,0x28c,0xac758c,0xac7598,0xac75a4
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5608,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3704 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --field-trial-handle=2716,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2856 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --field-trial-handle=5716,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5900 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5860,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6024 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5924,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2696 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5944,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3016 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6236,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6220 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=5264,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6228 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=5848,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6200 /prefetch:1
C:\Users\Admin\Downloads\DiscordSetup.exe
"C:\Users\Admin\Downloads\DiscordSetup.exe"
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe" --squirrel-install 1.0.9046
C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe
C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9046 --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=28.2.10 --initial-client-data=0x534,0x544,0x548,0x53c,0x54c,0x88f6284,0x88f6290,0x88f629c
C:\Users\Admin\AppData\Local\Discord\Update.exe
C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico
C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1992 --field-trial-handle=1996,i,17978107259643489289,402416930706581911,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --mojo-platform-channel-handle=2244 --field-trial-handle=1996,i,17978107259643489289,402416930706581911,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe\",-1" /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe\" --url -- \"%1\"" /f
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=6212,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4884 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=5036,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6260 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=4400,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6292 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=5972,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5996 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=6540,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5652 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6532,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6380 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6800,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6680 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=6556,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6364 /prefetch:1
C:\Users\Admin\AppData\Local\Discord\Update.exe
"C:\Users\Admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe
C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe"
C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe
C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9046 --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=28.2.10 --initial-client-data=0x524,0x528,0x52c,0x520,0x530,0x88f6284,0x88f6290,0x88f629c
C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1936 --field-trial-handle=1952,i,16506792906759348743,14102841930008623430,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=2272 --field-trial-handle=1952,i,16506792906759348743,14102841930008623430,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=0 --gpu-device-id=0 --gpu-sub-system-id=0 --gpu-revision=0 --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2280 --field-trial-handle=1952,i,16506792906759348743,14102841930008623430,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3252 --field-trial-handle=1952,i,16506792906759348743,14102841930008623430,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe\",-1" /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe\" --url -- \"%1\"" /f
C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=3452 --field-trial-handle=1952,i,16506792906759348743,14102841930008623430,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9046\Discord.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=4212 --field-trial-handle=1952,i,16506792906759348743,14102841930008623430,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe query HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9147 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=28.2.10 --initial-client-data=0x4f4,0x4f8,0x4fc,0x4e8,0x500,0x7ff731073108,0x7ff731073114,0x7ff731073120
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1924 --field-trial-handle=1928,i,688912946692706251,14574758608370234209,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=2156 --field-trial-handle=1928,i,688912946692706251,14574758608370234209,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=0 --gpu-device-id=0 --gpu-sub-system-id=0 --gpu-revision=0 --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2260 --field-trial-handle=1928,i,688912946692706251,14574758608370234209,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3200 --field-trial-handle=1928,i,688912946692706251,14574758608370234209,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe\",-1" /f
C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe\" --url -- \"%1\"" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "chcp"
C:\Windows\system32\chcp.com
chcp
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=4048 --field-trial-handle=1928,i,688912946692706251,14574758608370234209,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --enable-node-leakage-in-renderers /prefetch:1
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=4108 --field-trial-handle=1928,i,688912946692706251,14574758608370234209,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4136 --field-trial-handle=1928,i,688912946692706251,14574758608370234209,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --enable-node-leakage-in-renderers /prefetch:1
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=3436 --field-trial-handle=1928,i,688912946692706251,14574758608370234209,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=4348 --field-trial-handle=1928,i,688912946692706251,14574758608370234209,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=4356 --field-trial-handle=1928,i,688912946692706251,14574758608370234209,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\modules\discord_voice-2\discord_voice\gpu_encoder_helper.exe
"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\modules\discord_voice-2\discord_voice\gpu_encoder_helper.exe" nvidia
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\modules\discord_voice-2\discord_voice\gpu_encoder_helper.exe
"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\modules\discord_voice-2\discord_voice\gpu_encoder_helper.exe" amd
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\modules\discord_voice-2\discord_voice\gpu_encoder_helper.exe
"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\modules\discord_voice-2\discord_voice\gpu_encoder_helper.exe" intel
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Windows/System32/nvidia-smi.exe""
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discordapp.com/handoff?rpc=6463&key=b141f82c-1427-4cd1-b196-b35265c97fda
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbee0646f8,0x7ffbee064708,0x7ffbee064718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,16996443260802497510,8500974861844249815,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,16996443260802497510,8500974861844249815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,16996443260802497510,8500974861844249815,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16996443260802497510,8500974861844249815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16996443260802497510,8500974861844249815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16996443260802497510,8500974861844249815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,16996443260802497510,8500974861844249815,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4348 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,16996443260802497510,8500974861844249815,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5072 /prefetch:8
C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe query HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord
C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=6040,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5704 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=5976,i,13098382717362723672,13313534846007104752,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5616 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Profile 1"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=125.0.6422.113 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc01981c70,0x7ffc01981c7c,0x7ffc01981c88
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2032,i,16219177339817476565,12699994400049000634,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2024 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1860,i,16219177339817476565,12699994400049000634,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2052 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=1668,i,16219177339817476565,12699994400049000634,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2516 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,16219177339817476565,12699994400049000634,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3108 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3228,i,16219177339817476565,12699994400049000634,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files\Google\Chrome\Application\125.0.6422.113\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\125.0.6422.113\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3552,i,16219177339817476565,12699994400049000634,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4548 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=3716,i,16219177339817476565,12699994400049000634,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4576 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=3720,i,16219177339817476565,12699994400049000634,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4820 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4832,i,16219177339817476565,12699994400049000634,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4836 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4824,i,16219177339817476565,12699994400049000634,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4940 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --field-trial-handle=4984,i,16219177339817476565,12699994400049000634,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4844 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4504 --field-trial-handle=1928,i,688912946692706251,14574758608370234209,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Profile 1"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=125.0.6422.113 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffc01981c70,0x7ffc01981c7c,0x7ffc01981c88
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=1940 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1812,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=1956 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2300,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2460 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3112 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files\Google\Chrome\Application\125.0.6422.113\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\125.0.6422.113\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4564,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4552 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4684,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4712 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4680,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4584 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4504,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4932 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4928,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4836 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --field-trial-handle=4892,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4932 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4392,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3716 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3912,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3700 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3132,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3716,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3840 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4532,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4932 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5492,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5452 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5484,i,612704102495914727,2708053006310963517,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5440 /prefetch:8
C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Program Files (x86)\Mozilla Maintenance Service\
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" uninstall
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Profile 1"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=125.0.6422.113 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc01981c70,0x7ffc01981c7c,0x7ffc01981c88
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1964,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=1952 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=2144,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2164 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2288,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=2472 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3088 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3212,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files\Google\Chrome\Application\125.0.6422.113\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\125.0.6422.113\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4572,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3704 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4720,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4708 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4840,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4028 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --field-trial-handle=3816,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4832 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4456,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5160 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4044,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5392 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3336,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3300,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=5220,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5224 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --field-trial-handle=5608,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5240 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5800,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5780 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5980,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5156 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5836,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5044 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --field-trial-handle=4992,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4916 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --field-trial-handle=4904,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4828 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4700,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4824 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=3188,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6108 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5144,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6328 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6292,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=6448 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=patch.mojom.FilePatcher --lang=en-US --service-sandbox-type=service --field-trial-handle=840,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5472 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=1164,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5212 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=3204,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4708 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4444,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=5624 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --field-trial-handle=5168,i,3583349130712528940,12729828428718030865,262144 --variations-seed-version=20240523-210831.182000 --mojo-platform-channel-handle=4428 /prefetch:8
C:\Users\Admin\Downloads\RecRoomSetup.exe
"C:\Users\Admin\Downloads\RecRoomSetup.exe"
C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe"
C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe" --type=gpu-process --field-trial-handle=1660,16455386052927794794,10774032728220302029,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1668 /prefetch:2
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1660,16455386052927794794,10774032728220302029,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1896 /prefetch:8
C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe" --type=renderer --field-trial-handle=1660,16455386052927794794,10774032728220302029,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\recroom-launcher\resources\app.asar" --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Programs\recroom-launcher\resources\app.asar\window_preload_script.js" --background-color=#fff --enable-spellcheck --enable-websql --disable-electron-site-instance-overrides --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3000 /prefetch:1
C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Rec Room Launcher.exe" --type=gpu-process --field-trial-handle=1660,16455386052927794794,10774032728220302029,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=MAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAIAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=3920 /prefetch:2
C:\Users\Admin\Downloads\DiscordSetup.exe
"C:\Users\Admin\Downloads\DiscordSetup.exe"
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
C:\Users\Admin\AppData\Local\Discord\Update.exe
"C:\Users\Admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe"
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9147 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=28.2.10 --initial-client-data=0x4e4,0x4e8,0x4ec,0x4d8,0x4f0,0x7ff731073108,0x7ff731073114,0x7ff731073120
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1844 --field-trial-handle=1848,i,3364100434142125110,17012424070029545726,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --mojo-platform-channel-handle=2168 --field-trial-handle=1848,i,3364100434142125110,17012424070029545726,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Apps\Rec Room\Recroom_WindowsPlatformless.exe
"C:/Users/Admin/AppData/Local/Programs/recroom-launcher/Apps/Rec Room/Recroom_WindowsPlatformless.exe" -RunFromLauncher
C:\Users\Admin\appdata\local\programs\recroom-launcher\apps\rec room\easyanticheat\easyanticheat_Setup.exe
"C:\Users\Admin\appdata\local\programs\recroom-launcher\apps\rec room\easyanticheat\easyanticheat_Setup.exe" install 502
C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
"C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultb97e25e7h4adch414eh9948h8df82bd10915
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffbee0646f8,0x7ffbee064708,0x7ffbee064718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,2467947275133667011,12177083863101597154,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,2467947275133667011,12177083863101597154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2596 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,2467947275133667011,12177083863101597154,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.94.73.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 114.66.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.33.209.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | support.microsoft.com | udp |
| BE | 2.21.16.124:443 | support.microsoft.com | tcp |
| US | 8.8.8.8:53 | 124.16.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 79.239.69.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | shell.windows.com | udp |
| US | 2.17.251.20:443 | shell.windows.com | tcp |
| US | 8.8.8.8:53 | 20.251.17.2.in-addr.arpa | udp |
| N/A | 239.255.255.250:3702 | udp | |
| N/A | 239.255.255.250:3702 | udp | |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| GB | 142.250.187.238:443 | ogs.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| GB | 142.250.187.206:443 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.206:443 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | tools.google.com | udp |
| GB | 172.217.169.46:443 | tools.google.com | tcp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | tools.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.35.104.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 84.206.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | accountcapabilities-pa.googleapis.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| GB | 142.250.187.234:443 | accountcapabilities-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| GB | 142.250.187.238:443 | accounts.youtube.com | tcp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | accounts.youtube.com | tcp |
| US | 8.8.8.8:53 | securitydomain-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 188.206.125.74.in-addr.arpa | udp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | optimizationguide-pa.googleapis.com | udp |
| GB | 142.250.179.234:443 | optimizationguide-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | udp |
| GB | 216.58.204.67:443 | update.googleapis.com | udp |
| GB | 142.250.179.234:443 | optimizationguide-pa.googleapis.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | myaccount.google.com | udp |
| US | 8.8.8.8:53 | e2c49.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| BE | 142.251.168.84:443 | myaccount.google.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| US | 35.211.148.231:443 | e2c49.gcp.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| BE | 142.251.168.84:443 | myaccount.google.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 192.178.49.163:443 | beacons.gvt2.com | tcp |
| US | 8.8.8.8:53 | 84.168.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.148.211.35.in-addr.arpa | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.187.234:443 | optimizationguide-pa.googleapis.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 163.49.178.192.in-addr.arpa | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| BE | 142.251.168.84:443 | myaccount.google.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | memex-pa.googleapis.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 216.58.212.234:443 | memex-pa.googleapis.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| GB | 142.250.179.234:443 | memex-pa.googleapis.com | udp |
| GB | 142.250.179.234:443 | memex-pa.googleapis.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | assets-global.website-files.com | udp |
| US | 162.159.128.233:443 | discord.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | global.localizecdn.com | udp |
| US | 8.8.8.8:53 | d3e54v103j8qbb.cloudfront.net | udp |
| FR | 52.84.174.87:443 | assets-global.website-files.com | tcp |
| FR | 52.84.174.87:443 | assets-global.website-files.com | tcp |
| US | 104.18.4.175:443 | global.localizecdn.com | tcp |
| FR | 52.222.153.27:443 | d3e54v103j8qbb.cloudfront.net | tcp |
| US | 8.8.8.8:53 | uploads-ssl.webflow.com | udp |
| FR | 52.222.201.64:443 | uploads-ssl.webflow.com | tcp |
| FR | 52.222.201.64:443 | uploads-ssl.webflow.com | tcp |
| FR | 52.222.201.64:443 | uploads-ssl.webflow.com | tcp |
| FR | 52.222.201.64:443 | uploads-ssl.webflow.com | tcp |
| FR | 52.222.201.64:443 | uploads-ssl.webflow.com | tcp |
| FR | 52.222.201.64:443 | uploads-ssl.webflow.com | tcp |
| GB | 142.250.187.234:443 | memex-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | 233.128.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.174.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.153.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.4.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | remote-auth-gateway.discord.gg | udp |
| US | 162.159.134.234:443 | remote-auth-gateway.discord.gg | tcp |
| GB | 142.250.187.234:443 | memex-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 234.134.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.19.230.21:443 | js.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 104.19.229.21:443 | newassets.hcaptcha.com | tcp |
| US | 104.19.229.21:443 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | api2.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 21.229.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.230.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| US | 8.8.8.8:53 | imgs3.hcaptcha.com | udp |
| US | 104.19.229.21:443 | imgs3.hcaptcha.com | tcp |
| US | 104.19.229.21:443 | imgs3.hcaptcha.com | udp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| GB | 142.250.187.206:443 | www.youtube.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | clients4.google.com | udp |
| GB | 142.250.187.206:443 | clients4.google.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 142.250.187.206:443 | clients4.google.com | udp |
| US | 162.159.128.233:443 | discord.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.179.234:443 | memex-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | gateway.discord.gg | udp |
| US | 162.159.130.234:443 | gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 234.130.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.spotify.com | udp |
| US | 8.8.8.8:53 | status.discord.com | udp |
| US | 35.186.224.25:443 | api.spotify.com | tcp |
| US | 162.159.128.233:443 | status.discord.com | tcp |
| US | 35.186.224.25:443 | api.spotify.com | udp |
| US | 8.8.8.8:53 | 25.224.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.212.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | dealer.spotify.com | udp |
| US | 35.186.224.39:443 | dealer.spotify.com | tcp |
| US | 8.8.8.8:53 | 233.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.224.186.35.in-addr.arpa | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | dl.discordapp.net | udp |
| US | 104.18.52.172:443 | dl.discordapp.net | tcp |
| US | 8.8.8.8:53 | 172.52.18.104.in-addr.arpa | udp |
| US | 162.159.134.234:443 | gateway.discord.gg | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| GB | 142.250.187.238:443 | ogs.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 172.217.169.10:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| GB | 216.58.213.10:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.238:443 | ogs.google.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | updates.discord.com | udp |
| US | 162.159.137.232:443 | updates.discord.com | tcp |
| US | 8.8.8.8:53 | 232.137.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dl.discordapp.net | udp |
| US | 104.18.52.172:443 | dl.discordapp.net | tcp |
| US | 104.18.52.172:443 | dl.discordapp.net | tcp |
| US | 104.18.52.172:443 | dl.discordapp.net | tcp |
| US | 104.18.52.172:443 | dl.discordapp.net | tcp |
| GB | 216.58.204.67:443 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| US | 162.159.137.232:443 | updates.discord.com | tcp |
| US | 8.8.8.8:53 | discordapp.com | udp |
| US | 8.8.8.8:53 | discordapp.com | udp |
| US | 162.159.133.233:443 | discordapp.com | udp |
| US | 162.159.133.233:443 | discordapp.com | tcp |
| GB | 216.58.204.67:443 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 104.18.52.172:443 | dl.discordapp.net | tcp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discordapp.com | udp |
| US | 162.159.130.233:443 | discordapp.com | tcp |
| US | 162.159.130.233:443 | discordapp.com | tcp |
| US | 162.159.128.233:443 | updates.discord.com | tcp |
| US | 8.8.8.8:53 | 233.130.159.162.in-addr.arpa | udp |
| US | 162.159.134.234:443 | gateway.discord.gg | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| N/A | 127.0.0.1:6463 | tcp | |
| N/A | 127.0.0.1:6463 | tcp | |
| US | 162.159.134.234:443 | gateway.discord.gg | tcp |
| US | 162.159.128.233:443 | updates.discord.com | udp |
| US | 35.186.224.25:443 | api.spotify.com | tcp |
| US | 35.186.224.25:443 | api.spotify.com | udp |
| US | 35.186.224.39:443 | dealer.spotify.com | tcp |
| US | 162.159.129.233:443 | discordapp.com | udp |
| US | 8.8.8.8:53 | 233.129.159.162.in-addr.arpa | udp |
| US | 162.159.129.235:443 | tcp | |
| NL | 35.214.212.66:50001 | udp | |
| NL | 35.214.225.26:50003 | udp | |
| NL | 35.214.229.162:50003 | udp | |
| NL | 35.214.221.167:50002 | udp | |
| NL | 35.214.169.198:50001 | udp | |
| DE | 66.22.243.53:50004 | udp | |
| DE | 35.207.110.97:50002 | udp | |
| DE | 66.22.243.47:50002 | udp | |
| DE | 66.22.243.191:50003 | udp | |
| DE | 66.22.243.187:50004 | udp | |
| IT | 35.219.231.247:50004 | udp | |
| IT | 35.219.247.14:50002 | udp | |
| IT | 35.219.230.140:50001 | udp | |
| IT | 35.219.254.233:50003 | udp | |
| IT | 35.219.248.230:50004 | udp | |
| ES | 34.0.212.55:50001 | udp | |
| ES | 34.0.206.55:50004 | udp | |
| ES | 66.22.241.158:50001 | udp | |
| ES | 34.0.207.21:50002 | udp | |
| ES | 34.0.199.158:50003 | udp | |
| SE | 66.22.237.153:50002 | udp | |
| SE | 66.22.237.160:50002 | udp | |
| SE | 66.22.237.25:50004 | udp | |
| SE | 66.22.237.16:50004 | udp | |
| SE | 66.22.237.145:50003 | udp | |
| US | 8.8.8.8:53 | 235.129.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.212.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.225.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.229.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.221.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.169.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.110.207.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.243.22.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.243.22.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.243.22.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.243.22.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.247.219.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.231.219.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.230.219.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.254.219.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.248.219.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.212.0.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.206.0.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.241.22.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.207.0.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.199.0.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.237.22.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.237.22.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.237.22.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.237.22.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.237.22.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | optimizationguide-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 172.217.169.42:443 | optimizationguide-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| DE | 142.250.185.163:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.185.250.142.in-addr.arpa | udp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| GB | 216.58.204.67:443 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | ogs.google.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | memex-pa.googleapis.com | udp |
| GB | 142.250.187.234:443 | memex-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| GB | 216.58.204.67:443 | update.googleapis.com | udp |
| US | 162.159.130.232:443 | udp | |
| US | 162.159.133.232:443 | udp | |
| US | 8.8.8.8:53 | 232.130.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.133.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 162.159.130.233:443 | discordapp.com | udp |
| US | 162.159.129.235:443 | tcp | |
| US | 66.22.227.56:50004 | udp | |
| US | 66.22.227.56:50004 | udp | |
| US | 8.8.8.8:53 | 56.227.22.66.in-addr.arpa | udp |
| US | 66.22.227.56:50004 | udp | |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 172.217.169.42:443 | memex-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.234:443 | memex-pa.googleapis.com | udp |
| GB | 142.250.187.234:443 | memex-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.204.67:443 | update.googleapis.com | udp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| GB | 142.250.187.238:443 | ogs.google.com | udp |
| GB | 142.250.187.238:443 | ogs.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| GB | 172.217.169.42:443 | memex-pa.googleapis.com | udp |
| GB | 172.217.169.42:443 | memex-pa.googleapis.com | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| GB | 142.250.187.238:443 | accounts.youtube.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.238:443 | accounts.youtube.com | udp |
| GB | 216.58.213.10:443 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | clients4.google.com | udp |
| GB | 142.250.187.206:443 | clients4.google.com | tcp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| GB | 142.250.187.206:443 | clients4.google.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 162.159.133.233:443 | discordapp.com | udp |
| US | 162.159.133.233:443 | discordapp.com | udp |
| US | 8.8.8.8:53 | optimizationguide-pa.googleapis.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| GB | 216.58.204.67:443 | update.googleapis.com | udp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | 188.110.250.142.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.187.227:443 | id.google.com | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.204.86:443 | i.ytimg.com | tcp |
| GB | 216.58.204.86:443 | i.ytimg.com | tcp |
| GB | 216.58.204.86:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.204.78:443 | www.youtube.com | tcp |
| GB | 216.58.204.78:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 86.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | recroom.com | udp |
| GB | 216.58.204.78:443 | www.youtube.com | udp |
| GB | 216.58.204.86:443 | i.ytimg.com | tcp |
| US | 198.49.23.144:443 | recroom.com | tcp |
| US | 198.49.23.144:443 | recroom.com | tcp |
| US | 8.8.8.8:53 | images.squarespace-cdn.com | udp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| US | 8.8.8.8:53 | assets.squarespace.com | udp |
| US | 8.8.8.8:53 | static1.squarespace.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.kidsafeseal.com | udp |
| US | 151.101.0.238:443 | static1.squarespace.com | tcp |
| US | 151.101.0.237:443 | assets.squarespace.com | tcp |
| US | 151.101.0.237:443 | assets.squarespace.com | tcp |
| US | 151.101.0.237:443 | assets.squarespace.com | tcp |
| US | 151.101.0.237:443 | assets.squarespace.com | tcp |
| US | 151.101.0.237:443 | assets.squarespace.com | tcp |
| US | 151.101.0.237:443 | assets.squarespace.com | tcp |
| US | 151.101.0.237:443 | assets.squarespace.com | tcp |
| SE | 184.31.15.40:443 | use.typekit.net | tcp |
| US | 151.101.0.238:443 | static1.squarespace.com | tcp |
| US | 172.67.75.106:443 | www.kidsafeseal.com | tcp |
| US | 8.8.8.8:53 | 144.23.49.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.0.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.0.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.75.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| SE | 184.31.15.40:443 | use.typekit.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 216.58.204.78:443 | www.youtube.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | udp |
| GB | 216.58.204.78:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | video.squarespace-cdn.com | udp |
| US | 151.101.0.238:443 | video.squarespace-cdn.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | p.typekit.net | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| SE | 184.31.15.57:443 | p.typekit.net | tcp |
| GB | 216.58.204.78:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| GB | 216.58.204.78:443 | www.youtube.com | udp |
| GB | 216.58.204.86:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | rr5---sn-aigl6nzl.googlevideo.com | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| GB | 74.125.168.170:443 | rr5---sn-aigl6nzl.googlevideo.com | tcp |
| GB | 74.125.168.170:443 | rr5---sn-aigl6nzl.googlevideo.com | tcp |
| GB | 74.125.168.170:443 | rr5---sn-aigl6nzl.googlevideo.com | tcp |
| GB | 74.125.168.170:443 | rr5---sn-aigl6nzl.googlevideo.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | 170.168.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rec.net | udp |
| US | 172.214.116.196:443 | rec.net | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | udp |
| US | 172.214.116.196:443 | rec.net | tcp |
| US | 172.214.116.196:443 | rec.net | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 172.214.116.196:443 | rec.net | tcp |
| US | 172.214.116.196:443 | rec.net | tcp |
| US | 172.214.116.196:443 | rec.net | tcp |
| US | 172.214.116.196:443 | rec.net | tcp |
| US | 8.8.8.8:53 | performance.squarespace.com | udp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 35.186.236.0:443 | performance.squarespace.com | tcp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | 196.116.214.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.236.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.177.19.104.in-addr.arpa | udp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| GB | 216.58.213.10:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | featuregates.org | udp |
| US | 34.128.128.0:443 | featuregates.org | tcp |
| US | 34.128.128.0:443 | featuregates.org | udp |
| US | 8.8.8.8:53 | api.rudderstack.com | udp |
| US | 8.8.8.8:53 | 0.128.128.34.in-addr.arpa | udp |
| FR | 13.249.9.111:443 | api.rudderstack.com | tcp |
| FR | 13.249.9.111:443 | api.rudderstack.com | udp |
| US | 8.8.8.8:53 | recroom-dataplane.rudderstack.com | udp |
| US | 52.22.248.30:443 | recroom-dataplane.rudderstack.com | tcp |
| US | 8.8.8.8:53 | events.statsigapi.net | udp |
| US | 34.128.128.0:443 | events.statsigapi.net | tcp |
| US | 34.128.128.0:443 | events.statsigapi.net | udp |
| US | 8.8.8.8:53 | 111.9.249.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.248.22.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 104.18.32.137:443 | privacyportal.onetrust.com | tcp |
| US | 8.8.8.8:53 | gsght.com | udp |
| US | 8.8.8.8:53 | cdn.rec.net | udp |
| US | 34.214.69.148:443 | gsght.com | tcp |
| US | 34.214.69.148:443 | gsght.com | tcp |
| US | 152.199.21.175:443 | cdn.rec.net | tcp |
| US | 8.8.8.8:53 | 148.69.214.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 162.159.133.233:443 | discordapp.com | udp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| GB | 216.58.204.67:443 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | api2.patchkit.net | udp |
| FR | 18.244.28.36:80 | api2.patchkit.net | tcp |
| FR | 18.244.28.36:443 | api2.patchkit.net | tcp |
| US | 8.8.8.8:53 | 36.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn-cf-ae.patchkit.net | udp |
| US | 18.245.175.28:80 | cdn-cf-ae.patchkit.net | tcp |
| US | 18.245.175.28:80 | cdn-cf-ae.patchkit.net | tcp |
| US | 8.8.8.8:53 | 51.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app-catalog.patchkit.net | udp |
| US | 54.191.234.124:443 | app-catalog.patchkit.net | tcp |
| US | 54.191.234.124:443 | app-catalog.patchkit.net | tcp |
| US | 8.8.8.8:53 | 124.234.191.54.in-addr.arpa | udp |
| US | 54.191.234.124:443 | app-catalog.patchkit.net | tcp |
| US | 54.191.234.124:443 | app-catalog.patchkit.net | tcp |
| US | 54.191.234.124:443 | app-catalog.patchkit.net | tcp |
| US | 54.191.234.124:443 | app-catalog.patchkit.net | tcp |
| US | 54.191.234.124:443 | app-catalog.patchkit.net | tcp |
| US | 54.191.234.124:443 | app-catalog.patchkit.net | tcp |
| US | 54.191.234.124:443 | app-catalog.patchkit.net | tcp |
| US | 54.191.234.124:443 | app-catalog.patchkit.net | tcp |
| US | 54.191.234.124:443 | app-catalog.patchkit.net | tcp |
| US | 8.8.8.8:53 | api2.patchkit.net | udp |
| FR | 18.244.28.12:443 | api2.patchkit.net | tcp |
| FR | 18.244.28.12:443 | api2.patchkit.net | tcp |
| US | 8.8.8.8:53 | 12.28.244.18.in-addr.arpa | udp |
| FR | 18.244.28.12:443 | api2.patchkit.net | tcp |
| US | 8.8.8.8:53 | ip2loc.patchkit.net | udp |
| FR | 99.86.91.14:443 | ip2loc.patchkit.net | tcp |
| FR | 18.244.28.12:443 | api2.patchkit.net | tcp |
| US | 8.8.8.8:53 | 14.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn-cf-ae.patchkit.net | udp |
| US | 18.245.175.86:80 | cdn-cf-ae.patchkit.net | tcp |
| US | 8.8.8.8:53 | 86.175.245.18.in-addr.arpa | udp |
| US | 18.245.175.86:80 | cdn-cf-ae.patchkit.net | tcp |
| US | 8.8.8.8:53 | cdn-cf-ae.patchkit.net | udp |
| US | 18.245.175.28:80 | cdn-cf-ae.patchkit.net | tcp |
| US | 18.245.175.28:80 | cdn-cf-ae.patchkit.net | tcp |
| US | 8.8.8.8:53 | cdn-cf-ae.patchkit.net | udp |
| US | 18.245.175.28:80 | cdn-cf-ae.patchkit.net | tcp |
| US | 18.245.175.28:80 | cdn-cf-ae.patchkit.net | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 162.159.133.233:443 | cdn.discordapp.com | udp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 233.134.159.162.in-addr.arpa | udp |
| US | 162.159.133.232:443 | udp | |
| US | 8.8.8.8:53 | cdn-cf-ae.patchkit.net | udp |
| US | 18.245.175.29:80 | cdn-cf-ae.patchkit.net | tcp |
| US | 8.8.8.8:53 | 29.175.245.18.in-addr.arpa | udp |
| US | 162.159.134.232:443 | udp | |
| US | 8.8.8.8:53 | 232.134.159.162.in-addr.arpa | udp |
| US | 18.245.175.29:80 | cdn-cf-ae.patchkit.net | tcp |
| US | 8.8.8.8:53 | cdn-cf-ae.patchkit.net | udp |
| US | 18.245.175.29:80 | cdn-cf-ae.patchkit.net | tcp |
| US | 162.159.129.233:443 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | udp | |
| US | 18.245.175.29:80 | tcp | |
| US | 18.245.175.29:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| FR | 18.244.28.12:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 52.222.201.22:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 52.211.40.47:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 52.212.240.101:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:443 | udp | |
| US | 162.159.134.233:443 | udp | |
| N/A | 162.159.136.234:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 2.17.196.177:443 | tcp | |
| BE | 104.68.66.114:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| GB | 2.21.189.164:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| BE | 2.21.16.124:443 | tcp |
Files
C:\Users\Admin\Desktop\ApproveSplit.ico
| MD5 | de5b6697063997dfd4eeb2c607db27c6 |
| SHA1 | 1ab6bf1904f39caf043ee2fe2f9bf623bd2bf7a4 |
| SHA256 | 2a792d5507e73d1c6d0597cff9a2a49a60056fac185b6040c60e1aae4cd1a346 |
| SHA512 | bbc2dd5647840f57019ba2f0d63d58696534fc32feca3cfb27d8dd5207f4775c9e2b4a49919e39ae6ee19a6e23e1a554fc85c165f0470e62ff8f704dce7a359d |
C:\Users\Admin\Desktop\BlockPop.midi
| MD5 | 1cd9cd035058391c545d73cd0955e916 |
| SHA1 | c7fbcacf280b7d300b7e9a87d6d4203fd30f4a23 |
| SHA256 | ce6997a6931f7ceaf9886547a38ab2539898e773dd4f285ff059c0f0b0aa0c53 |
| SHA512 | be88d2b6dd0a5d67897ef26c58e5f527d2ce7f25d7a7b172530089e9fed2b12962f373b986c3173c37ca95a6380649e033020f2257d117d1ac2d01a140152a04 |
C:\Users\Admin\Desktop\ConfirmOptimize.xls
| MD5 | e997acb37be8cd31b08f0eeb02579ba1 |
| SHA1 | 13e637b39103864c75c90337f240a4c3b28b85f0 |
| SHA256 | 5fb841f5561fbabd9c80409a8c0c0abf434f4c4347e643c313e851517597f3ef |
| SHA512 | 62484120d146738432ee784e459f271ff0552bfe53fe0d7f04f2553bf4551c88476767fc284254c3cc7b84006d54619f11e8c356927001f0174d49b9656026ac |
C:\Users\Admin\Desktop\DenyProtect.html
| MD5 | be20a99d09e79941af310064f0c9cc69 |
| SHA1 | 54c970f7ed8a8ecd0c4da871716b5e0890b506b6 |
| SHA256 | 9f7a93eabdc469ada4678ad3ea63533e78f490b6179b7ec9bc7e85efd483cd3a |
| SHA512 | 7940741ddd39deef9b871519934ac6cf8572827bc6ef1733b82f31782f66c6d84d9190ed500a1bb61506a0dde58aeb256a2a3eec9b642f25ec47b60827943540 |
C:\Users\Admin\Desktop\DisconnectRequest.DVR
| MD5 | 26156561d27b5e8bd7fe11d2c9f7d59b |
| SHA1 | 9df225a79b310900679db44fa533ce0815513848 |
| SHA256 | f087f21a777afe1ffcbbe04a43042884c9c9e5f678527eeeca587ac64903dad8 |
| SHA512 | 28b790b6402a712c39145a2898e64b3ef64ef6bef95dadf02bf44fe499419e8129850c1bcc4b6bc98656fbfe5576c91f90a8bf8a0b6c3b828d2294bfb20634dd |
C:\Users\Admin\Desktop\DismountInvoke.nfo
| MD5 | dd5db567f295046d34d8d0ce8798de21 |
| SHA1 | 0f03f47b1c82eec37f49227df887c1035840904e |
| SHA256 | 415c8a72e25bdf425be2dcbd3487944c82aad7586515431d66583d2adbb690b0 |
| SHA512 | c0ec994a8e4ea579e374be6ed4126dc3d4a36e47f2637671d30c0b96d36c9c04e99af58325be9447d915da10ae47bf9184506d3d9a2d591bdb9e9f761015dfcc |
C:\Users\Admin\Desktop\DisableResume.vdx
| MD5 | 2d07e50130dacde07c71ce5273c910be |
| SHA1 | 5470d6ce7287c3e7935d18920f9096b88b5b40e7 |
| SHA256 | c7c1e4a9d8d94a9463f0b7a315cdbb100ea2bf621d1b47bc6aae970115b74d51 |
| SHA512 | d1c7ec3c81337ad01e7ac8ae586213bfd8ad9b82eebff1a3f89118d0d54f21ba92c38eadffe665b95611ae323626fa43f57b8eea2e0149815473199dd98334cb |
C:\Users\Admin\Desktop\GetRepair.gif
| MD5 | 25c0e89b17b010ec9c9f0508664f7b66 |
| SHA1 | 5bf22d719f14f0e802079b1097f9ac3ed6bb5b82 |
| SHA256 | d3bba35923fb5313c40a7b734792b3f06b69c7d2e1103982821555ca176ab2c0 |
| SHA512 | 7c02c70a571c336f0ec13ee2e664d904b527f56cc018f240c16321e22deb10ee791ccd01835a0a32220ff41d16fb023b3bd0711f40020ad9013993abbf41ff6c |
C:\Users\Admin\Desktop\HideUpdate.dot
| MD5 | 11366630986515c1580415619889b043 |
| SHA1 | 6988752c6422a73503fa7cc083ced1e7a01bbb13 |
| SHA256 | 916d5c4aa97be01fbde5b384de3649d4123bd62144a2715a1e5c033feebf1c99 |
| SHA512 | 5b57b1b32a995636f7218d53f4496ee779e472e1de55d9043f160fc3a4cdd2c198083f3509101c7b9b1c54ab26ff917f4ce1d093b1376204dcea0e808578f7d8 |
C:\Users\Admin\Desktop\PingConnect.html
| MD5 | f6ab496ca48cb711b4b1ee5b125f1dcc |
| SHA1 | 9f23bae1aae85333a65e61b640c704311c1b8445 |
| SHA256 | 4ec6e7150889bfcbc90110fbc1681c0966e46bb69d27ae95e41bdc3c31fe233b |
| SHA512 | a811da881bf8c977e3985ef492e509374fd6d07cc64e0a90bebe74cfea2043d48bfe185a0a895d59bcebd8e156540968b8e3b3c37c6291c3d5381202997e129b |
C:\Users\Admin\Desktop\SplitImport.js
| MD5 | e1f5108da2e825caa08502503c503113 |
| SHA1 | e0baecb92f35ea355d62eab09d86418cefd87bfb |
| SHA256 | 2cbb53b88e74efbe3990458f62ca3894187ee491804b7934521d591c16fdd524 |
| SHA512 | 3a38b9074e2b4210e613b48f8bd52421869809d93bce197b444c5fada901467371676b05d5b55ba39a96b00afa0b88aa782ac76c2635d6763ae79e5f2bd109ad |
C:\Users\Admin\Desktop\InstallGrant.mpeg2
| MD5 | d399dcb4e20b4688834481d5cc499686 |
| SHA1 | bbcbdd73c524249571a063388f8456da81376509 |
| SHA256 | d70fc6609b410953395abb09cae692d2068aaf17755ce496b8495b40e652a29d |
| SHA512 | ad49985c26860ca79b91ba2f7537263b762017d289d9139c207830fe0581f985b992eac76522e0b679adccc36dd5539e3e748e3f6c74414a2840e1d319ebe629 |
C:\Users\Admin\Desktop\WatchConvertTo.odt
| MD5 | fb9bf12eff8ec109f6e66efebfa52963 |
| SHA1 | ad01e093d54db4f6eb7d73dcb59eaadf4545d986 |
| SHA256 | 05c520d42024a1b7658998451b449301263acbcf2c1c35e9558c145d0f844267 |
| SHA512 | 86ce34c3efddae8019a8bd8a1665341a04a4c8eb349a3edeec3d3bfe41b39175d3cea6c9934f15b53be2850997d8742bd9bf0410d52c78bcbd3703f82b58162e |
C:\Users\Admin\Desktop\TestDebug.mht
| MD5 | 3aad1c79aff5225f7dbbe96b4e3e289d |
| SHA1 | 8063668e518fe900b26c93bba8a3e3bfaf39400e |
| SHA256 | 5b5a3203ba77997674ddb6c1c6a9ad5e72e36c92c7327b0691be37c9596c0f15 |
| SHA512 | 42ecf77f1146c9e645f1e5cf38e155a9e7e52ce7da2baf1f3cea503e7bd0f3e2020bb28ecc2e47f6b7c8cdadec1ba3cb19f11415c74ab1459eb7c5d4a76502b9 |
C:\Users\Admin\Desktop\SwitchPing.vb
| MD5 | 55e0a634ce85cbe6b2d0bb7d3020af1f |
| SHA1 | b8905d40f0bd63beed5ee0de518dc6a40c8bdc18 |
| SHA256 | 6f839bac855aa47dcee483c5131c234300ceea8ec7dbae82e7b401d81a42abdd |
| SHA512 | 5497e12c29870673f9bf81b5757fc39546bf7298c3d859fca091d76c96bef0f97fff5a05f6787391a314f0332ce11fa97a4bf5bf1864dc0c3285dc3c3e1434b5 |
C:\Users\Admin\Desktop\SuspendHide.sql
| MD5 | adfe19c4e0d29b424d0aa5eb4faaa598 |
| SHA1 | 5f8b4a132159e8d4b57e7fe815406edc129a3c95 |
| SHA256 | 18cefb5c21b28dabac56391c507f8c5914814a590c151d0cecccc4d4fe4e4773 |
| SHA512 | cdbf1b8244b3ad5f6b354bb74f52de3319df08f9dfb657823e8e43a970a8f6b8306aff60584183ae6c73a01cb0dc004bb995a342854c0f6e2c119f22c5a30e76 |
C:\Users\Admin\Desktop\SkipOptimize.mpg
| MD5 | 9c2a2ff8bad33eaa2a6063cff997cf72 |
| SHA1 | 9254324a4513185d17a9adac5050adfeec459390 |
| SHA256 | 626304eb0fa55bf93e5e9f8da17ba85ad75ec1859ec1b93b904f7523e9ac3d83 |
| SHA512 | 4e4944f9dfaf401b511b0faafa75cc0247b6075cf0d0675160088476ba063e8bc1a9a3dbc276f1da28d7de951e087c4e9699460a473e79fd62933bfe147828f3 |
C:\Users\Admin\Desktop\SkipConvertFrom.docm
| MD5 | 4dd66c087bba8f70b5807b89bd5f98ee |
| SHA1 | 244d5a649886843f398e3886de9fdac90e3f71d3 |
| SHA256 | 75ed43d0b6c34bfbda711664a016e3f34e9dfe35c379292cce46ae4d14993738 |
| SHA512 | 17d655a0090a3c50386586efa642a048c22c784c54bdf9479b9880124b1c7b2f06993da0f05a1bd3c6085b650ee5719406e2d57a91e854b4c4fb8346d3a00772 |
C:\Users\Admin\Desktop\ShowPop.mpg
| MD5 | 26b1acfe1567310d9addfe03e10d6c14 |
| SHA1 | 33da87cf82488c2a3e41137aeacb978f25e9a28e |
| SHA256 | 0603bd37ecf494d88c2e753202835dcd4b9bd44ab42bc55f472924c72bd69e29 |
| SHA512 | 690c48d483f7a772d0cdba89e591d43e26e2df0108db922095babe6cfaf0af533443fde7b0374453e890811423c6090f3a6ed01b38eda09a330505be4b5989c3 |
C:\Users\Admin\Desktop\RevokeReset.rle
| MD5 | 80b5da5720fe7faed561e9ac8004aa41 |
| SHA1 | 687ea5ac6f43af05ce379b82e43054843fb9ca37 |
| SHA256 | 86acfbeabd86149bc433e735310db652af1e91b9e15738515a02e1f79e3c6a94 |
| SHA512 | 51ad36749254e4ec481d8b8305cb7d8d0879b4785e6fee379dddb7cf52fde5dbe78439ef395c8550723ad7a2e70aaeb5172d06edc8845a3a331b634aad45ddd6 |
C:\Users\Admin\Desktop\PopPing.wps
| MD5 | 9b6803ae493c9c9bd585feae42d3951b |
| SHA1 | 8aa310243c94b3923afc7004a2daa8329fe75c22 |
| SHA256 | 897135f7744aff5588bbe8b37f7c567bb4a490f4b1f92366fb964057261c6ee8 |
| SHA512 | 6a161a07b2274bd1bb1eea08922763c1c4dfa917ab396edc2fceba818840d9e5e51a5cbf62f08a950f4fe333c6c649c5f8f7b620cf999046c24c4f1d897ac0e6 |
C:\Users\Admin\Desktop\MountUnpublish.jpe
| MD5 | 7c4f530b36dd6ca6b5252e505de95d5e |
| SHA1 | ac61401b7c77226de04e9e8b6a373e0b5cd0b019 |
| SHA256 | 572efa8f6d8e1b1ecedc6ab79a1ed4e74bc13dcee556077b75d403b0339d1fa3 |
| SHA512 | 0b893e28e36ee3967c2d7b337be410cfff2715e82ac646e9814a5baa868403391b103151b2f91252a4a6602f86e6ca7f9a5585c0e1f369623ae4855f1efe0937 |
C:\Users\Admin\Desktop\MountTest.ps1
| MD5 | dd13767b69694bb2ab56c9db8be5f501 |
| SHA1 | d849e8c32c84f3730ebec57a420c5ed83af95d0e |
| SHA256 | 9503aa04944d0d342a3960bd988a8eec97ab32e801468f2475cf6f18d9e27b42 |
| SHA512 | 7bdfceeb6e37b5e95f1d54178e4c671acfb7853d6592109db111ad616ddccb8fded0d4f7e7baee593bf154c9b83a4e16b3426f170e8bf710a17fa7ae28699537 |
C:\Users\Admin\Desktop\ImportBlock.M2TS
| MD5 | 4724d9ab3f4acb986061c4fa13561da1 |
| SHA1 | 42712557f41699c626d1ad2b708d772f3cd7e2d7 |
| SHA256 | 48278f8710ae9d53257a90abbcfe4fdb5abe710111c4be97ae83970bd55968d8 |
| SHA512 | e5d74dc4d279e4beba64ce73adaeb33dbfd9f387c81a42d12a08ee59d99317d200f3813df0f087cffa6cfccadebb24e0b0cce018f84a2f1f79adddd5f4801c16 |
C:\Users\Admin\Desktop\InvokeResize.odp
| MD5 | 4488b8b3615c8ac7d362613ee6c99d1c |
| SHA1 | 1dd80918a947600a507d43503002b78674c66727 |
| SHA256 | 7eab02ff49f6ee418b98c241e790e1df7492e7b35f0c09789b858265b46ca03f |
| SHA512 | 515bcbfbfd1d84fd23a7d57214fc67628b812d41768bec8a04022b81be018894e64840c03bee84a3b78af1de365f5c88bcbba392a58f72de8f486528742ec37a |
C:\Users\Admin\Desktop\MountSubmit.rtf
| MD5 | 94fc9ea761ed274eb41792f76fced2f2 |
| SHA1 | adadd7f007fe6006b4ce67d8831549cbb4715ea8 |
| SHA256 | 1d866dfc5e5bd15d95ca5e78c5093fb177ee578053b2404bcd6425d7ba997951 |
| SHA512 | ad8f399a7c24629500988a693c7f1253854a35ce1ac121d95c868dbf4454856b6b61c49cec78a7ebe37d9587ef19b8fc4dbef4b3d939f057fac1021c9a18c367 |
C:\Users\Admin\Desktop\UnprotectUnlock.3g2
| MD5 | 747868b65cc3901e208afe4fcd4fdd54 |
| SHA1 | 98126b498696ca99cf6d29c3d6ead42ddf071a2a |
| SHA256 | eb2391f7081f282229a861098103a1dfc8a9818e01db0b6eb5c607ab934ea6b8 |
| SHA512 | e0fbe93ad502504d250e83552e04a4713b18cf2825e2d130561c0d1213b429117cfae8b4b38bbb590d21db949f0b6d850ed4d0d0dd10e27fbbaf591115c1e9b9 |
C:\Users\Admin\Desktop\UnlockOpen.mpg
| MD5 | cf6e0f4be71aa257a8c6382401ebe46c |
| SHA1 | f7c03919b7bcdefde9d8b8e17828ffc270c2cca5 |
| SHA256 | fd0d66702b96a85c6d161fa162313ecf97b52620cb81fd0cabeca8d9a3b4b63f |
| SHA512 | 22e6735566c893af741c9addb44553157ec921b621139d2c93056786995a76b7b8d5eee8676412a2288cfa369357ede9e2c9e1576fa5a2442f14faaddf028ab0 |
C:\Users\Public\Desktop\Acrobat Reader DC.lnk
| MD5 | a642ce9cd936644b11644212466d56f8 |
| SHA1 | d72c36d2f0e20574a9ee06ac4140a8583d260438 |
| SHA256 | 5efc35cc146809198c02675f88725ba9195a9dbdba1d842a63f5766036b31050 |
| SHA512 | bf6ba31de7d7abf2d550fdf14cdbdc8e84364957badc0ae562dfb528850fd9ccf60cc62c068285c7eb1e3ec7ae092bc835d517afba2d71817650431ae17cec5d |
C:\Users\Public\Desktop\VLC media player.lnk
| MD5 | fe0185200f58d45aafe80c6d3d63b494 |
| SHA1 | 1989a806738d73240499ee3294b8ad6af44ca19f |
| SHA256 | 9411eda708617491c76fc8577652935547ab294c832b8d01926e5571b021faf5 |
| SHA512 | 2d7b649541cc4e5fc6dde3191cec456aa17889df73243c87c217598894b9b13242631e4cb2b70bc4ae5d83683522ca6d119a7d2f6022f39bf9bd8cd7e9749d03 |
memory/1856-30-0x000001D759760000-0x000001D759770000-memory.dmp
memory/1856-31-0x000001D759760000-0x000001D759770000-memory.dmp
memory/1856-32-0x000001D759760000-0x000001D759770000-memory.dmp
C:\Users\Admin\Videos\Captures\desktop.ini
| MD5 | b0d27eaec71f1cd73b015f5ceeb15f9d |
| SHA1 | 62264f8b5c2f5034a1e4143df6e8c787165fbc2f |
| SHA256 | 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2 |
| SHA512 | 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c |
C:\Users\Admin\Downloads\CheckpointMeasure.svg
| MD5 | 65ef4977fc726d466b93ee3cbc3a9369 |
| SHA1 | 72ac9ed300c13a7799fbdb99d684c9fc6ee82775 |
| SHA256 | a2483f499568b2bb4de9dbb7e86cf4e06f5571e49e734bceda8299c752a592e5 |
| SHA512 | ef122d2a2dfe7f533b19c5159055b4250fd44e09d38d24a83509e53dc131ff22608263f88c5abb2eb94ed5af9122269467928f5b87c04c4562dc76d6e76ea19f |
C:\Users\Admin\Downloads\RedoDisable.mpp
| MD5 | 0ae858476ff3b8bd9ae8231dff69a553 |
| SHA1 | 742df0692f53f8f59abcfcb2f1584f86fca84b7c |
| SHA256 | 6db968b669c60132cae75907256389bf3a4d9bc178b6fceeff6944382c6cffd6 |
| SHA512 | 337209b75092b855bb1ae9085b9acbe2d8388ebbade0e070381dcb7361c244a2bbb415d1f4cab004860542319404bdb318adb901b200c58c1f9ffe0cffae02bc |
C:\Users\Admin\Downloads\SkipUnpublish.DVR
| MD5 | e23fbf2ae670e589f4c3b4254c783213 |
| SHA1 | da193238931ba3475c02055c209bff5019855996 |
| SHA256 | f16d634bd02811bbfc25338e02306dd3e914d1fbd5e49cd658187290d7efc08b |
| SHA512 | 8960bbdacd955aee0fbad980013eca930e57fcf89e8ccdd6d15b19ea1b085465cf9e7c60131f183d19c24227c1e33e06a2316a9ebc9c77ab0c5295cd44bfe30e |
C:\Users\Admin\Downloads\EnablePing.js
| MD5 | e39bd4aa14e2e72e4dbe68bd9227ac8f |
| SHA1 | ebffef7850e1acee75e4198cd45a785aa5bdef59 |
| SHA256 | d1a022e0ad6bc775eff5f6402e417b9998d79bcde2b5b40b72bb8037a69cffb9 |
| SHA512 | 7e4c42e40095e84c034dbabcd229363194f177b807aea9d1dfd9dca467f0ec60c34fdbb335dc7780fefbd3b195dff4e60bda853dfff86e953131eeba4cfaac5c |
C:\Users\Admin\Downloads\SearchWatch.gif
| MD5 | e6f4805395848d1aad20148daddbb6d8 |
| SHA1 | 66dd49779866778291ddbb94c86f4b94d5404e50 |
| SHA256 | f52c2fea597a4677b0dad51c7a07efb5048a9184989242404e1001a6a2b72c83 |
| SHA512 | 8a2a8693f0a42416c11d541fdb49753f11492250efe075696896ec669212af734965a4fbde8af06006b025dce3aac08714d98ea28e1877c69e4d59d65fa77137 |
C:\Users\Admin\Downloads\MeasureDisconnect.xhtml
| MD5 | f41938e5e2e05900b191ed6cbd0c60d3 |
| SHA1 | 2d624557a0287bb4cf2d71e23b8664a3b17c0235 |
| SHA256 | 975a5e276f88f783bb2276d6158ff6fa5789662e35e192d856b66cffc91307df |
| SHA512 | 365fb6aaf19e8c15e662ded5a264897f59e95e53ea6a4b62a3fcb01c5456d2de81150920c26970edcf0e57665faae9dedcbab6ac372b54ca2e24c899ca345499 |
C:\Users\Admin\Downloads\BackupClose.exe
| MD5 | 6ff7a3ac4c5170e239fbd7d8052f4dc9 |
| SHA1 | 0c60479e7a59acf71a700429472e567dd8724336 |
| SHA256 | 885cccfb1060a639ac47fc4eac4b02e628bacd07580b7e213ae4294f037e8bf9 |
| SHA512 | e4f311a9bc017eae695db0f741654e0783cc4399b4d3149910bc9ba9a09c1cc702f5d087ad0ecf0e6ee4b733569e2797865c3b8f485f8504c8ee1eaa2a4d1a37 |
C:\Users\Admin\Downloads\RequestSearch.xlsb
| MD5 | 6b20401c4a3d8022d27fa73bcbc1ced4 |
| SHA1 | 99ea5a35e036883d2acafc346c041c09991d32ab |
| SHA256 | df8b3c64761c0f2712c4863944c4f0c9849ecd6e40a0f83debb53eaacb1b21df |
| SHA512 | 702a0d34f709cc24852be3f9dbdb26e87f705661fc719d6d0e815551c967363953649bde058626b4d295d353c72fa551fc7c3853fa3d620574c7a39c3d0e417f |
C:\Users\Admin\Downloads\InitializeEdit.bmp
| MD5 | befd7a0640c1b8aa63c9f9ed7dd82eb8 |
| SHA1 | 34f76ce95514baf89df0ec9a2b1756974f5232ff |
| SHA256 | 67c4dc3aebbf14e06584db0925963b0217206848d8ce4ba4a9c16a4d9219752e |
| SHA512 | 4c1eb8819212b6ba297fa8838ce1fc1d07c59ffa7b121efd32068aa65c0f175fe222d0c58e67de0634e9a80c3a5c0d33b38d727b673fbcbd87adc2cc24477e51 |
C:\Users\Admin\Downloads\StopRevoke.mhtml
| MD5 | a80e0152ab65326709b1e05ef5f13c0d |
| SHA1 | d32d3e5ab6bd708b6a5b74b77267248b13017380 |
| SHA256 | f59f86f3f0f113efdaf1ef118eab91a1feffae0b741f6ca73c36e2539c539756 |
| SHA512 | 1335a0c8847f0f0cfa53273d59360d8df47cdb4d72934c73077c7326108c63ba36f4b83fb4302b7e46b3c23359450352c2d2efe1400332e7111a80d19b5f94f8 |
C:\Users\Admin\Downloads\ImportResolve.zip
| MD5 | 80d690c25e18337b3ceb09c15dd478a1 |
| SHA1 | 484bc73ef11a531e7f0c4d245f86907f54e5708b |
| SHA256 | b2d582e53263de6eef8c115b1d15a54997a8842b10cb931e53a38a343767314e |
| SHA512 | 2c5a8f943ceed3c8bd50ecb86a4dfd2cb2ff54f0e846b6400b71ad61afe7e887c57e6ec7d4c2603d3a68e7662c48b93f4a629abf0ae6d9d4ffd1a10f355d74c9 |
C:\Users\Admin\Downloads\ConvertToInstall.aif
| MD5 | 673c407f0277168a787225cca9f70fe2 |
| SHA1 | 2de36de9063cc80c4a00b1b6b3d1e80fb3d8dbc5 |
| SHA256 | a9806a21e93f9fad7c247fbed96016745a1a980fb382eec5059a362f34a36531 |
| SHA512 | f1cf7a8971e3d6cbc9594b56691b217bb677e6bde469163a2ad5068584c3e6885d3988590e87b3aa308563aa6f4d613eec905a2c1e8abb292b8a96a779388d6d |
C:\Users\Admin\Downloads\StopRequest.emz
| MD5 | 4d8f159918595188572ef1202bd0da90 |
| SHA1 | fa7afe06c744ca8455fcbac93260aff06d963af7 |
| SHA256 | ca13f205be4a8519ee9c2cae09bdd3bc226fe99450f0e28344294cafeb85155a |
| SHA512 | 89be009a23d1008560a53d474fcafc5208513381456c0664ed34da520014447287e8f6222029ebf6a8efbf1faf94a1fcc5384bf2c8157a4e045f2f51811e3fb8 |
C:\Users\Admin\Downloads\SplitRepair.raw
| MD5 | 78a6cb764003dd3f80e2ea2346660406 |
| SHA1 | bb1f106dfcb16143e6d1b5138998acebd72f5923 |
| SHA256 | 52bfc45cf16cb00e444bd44eff5948174e305a0253b8cd31dc7b572d343f1b22 |
| SHA512 | 0a6a580f83a4f674973917ac8c7eb018b2d998cf65140db00c37d754fca94c8b5d91e494a1ef5a96207e7f978e2abd1d058f9f4fc315c35e7cdd48d4bb6f1b76 |
C:\Users\Admin\Downloads\DismountAdd.mhtml
| MD5 | fae91e5fcd91bf1feed13540a8762d59 |
| SHA1 | c5c0f58f6179734ceffbc268d089339f85303d20 |
| SHA256 | 15d01dfd7c0a7d4a86941fc6b62e5552fda0c168c3715493e3528f0613d11656 |
| SHA512 | e8014edf2864b62afa8aa15183f5919d3034ee376b6d0788f6c5a57bf545a88ca09b75eb71a0c627234aab6e59c3aaf978bc4c580913505791464c59195cc632 |
C:\Users\Admin\Downloads\ResizeStep.mid
| MD5 | 37a5e3738a0634423b5438b840991b2b |
| SHA1 | 8cdc62c53ac2a704a2c74667fedabd55d5ff9173 |
| SHA256 | f83579f5dc304193c4d4ef11acf6044516b481b67ca81351bab394da69406d07 |
| SHA512 | 700e9f1aa6a46b1e0278c7b9f042f6a6fd37c1b0b6527c4cd94a1db4b2e8807a83e6b1867ceb84e28257512adf6d040b0dee53b7fa79483ed01233784313b250 |
C:\Users\Admin\Downloads\CompressUpdate.asx
| MD5 | 27b0ae19f5e080c4f5121ba9ee02a35a |
| SHA1 | 7795471068fe8827076aa808aed91a1cb9e2750e |
| SHA256 | eea97d3e8a0f3b85a7866c4bbd93c704f551f2e47f7f1823148f1aac5f8441b7 |
| SHA512 | 0e42cfcaf3d7f6b8a42d18bdb55d18711570f6088def2626479bff75bb2f65fd5a753c8691641dd6bcee5e123e2941a44dd49459822d8017b98fbf17e35e0fa7 |
C:\Users\Admin\Downloads\SelectRename.vsdx
| MD5 | 43574fe1bf1820176cc7d571b3116655 |
| SHA1 | 6fc4d23109907fb17664155bd8d556f9975ffc18 |
| SHA256 | de04b9885d0aa1de20ac1e64424c31fe077de0657c688f45a0e78b47f7a236ac |
| SHA512 | 4dce8f0aec99d007bf91714ba052192eb516e0dec92fb89768d8fba3befa9f8e0cd11d7f655f55e088a96373e85e1a437aa3bf91ebec6d44b89d235156f2efef |
C:\Users\Admin\Downloads\SelectImport.midi
| MD5 | 68432bfafc6ac010b7357ea53c006442 |
| SHA1 | ac15662717412b91bdc7c8bdad03df48e590459d |
| SHA256 | 046de520f4786cdd5a0f795b27db7c3db93528b3e4ae4b63c954f6baeb986490 |
| SHA512 | 5aa48d516e8e092a704220b8e4e5b0ce0f920b659a79911b063e93bbb69c311ae33781d2c122fbe63111ee652247af566576140d5b403a11b7877adb8ce02b1b |
C:\Users\Admin\Downloads\DenyApprove.xlt
| MD5 | 4371227de2474cfe0cbb966df06b7ad7 |
| SHA1 | deb6100a1b3e0463ab1844dd1d8369020b880e1b |
| SHA256 | b2b23bd8ec701031f1cf64efdb879b1bd56d001060f7e3125e2da9304e5145f2 |
| SHA512 | d7d6794903b49636b38e0b4e2a42ebb16b1bb4225995ed66faf896f7c80f8f614c0497071d92effcc84d835a53ea7e7500d50ec8c15afaedf8f243beba55fba0 |
C:\Users\Admin\Downloads\UnblockOpen.mp4
| MD5 | 4bae3b6a6ff803720dd4b7d469dac64a |
| SHA1 | 22bcd5107e5e37eae430e0adb5a17f0fa2736b6f |
| SHA256 | 100b6579d82b79aee292f318d8e75c6c5a1190c0710504c23f2e6746b3d4cdbd |
| SHA512 | 6fc1fd80c4834698acc6e0f12a96c0fb9ccd320548bb307cbee6fce0027a64484727e4620833c3b7986d857c9498e49fc5fe19c0f3db14a828d55d68adb4905d |
C:\Users\Admin\Downloads\BlockFormat.mov
| MD5 | 509eecd29099a6344131a3252eeae14f |
| SHA1 | 3bc1188d02292562c0f0fbb03d65b91cfd9b84d6 |
| SHA256 | 3bbe10fb111aaaa9275041678a5c4a9cb5a490ef5d299f13c3b4653fc8189edf |
| SHA512 | 0bd14ea21916d483ef6ee82cc3c264c825c5adf1ea7ef37a6ed014357af78a9d20ed4ed4ab45c9485986b263b4bebcc098ad5a32b2767f6f7538ff2a592fc26a |
C:\Users\Admin\Downloads\InitializePush.cab
| MD5 | 6d5cc4ce3ebd4918a1204ec6e3bdab69 |
| SHA1 | b60bf3e87ff028923fd85ea06ed35cbfd8dfb35b |
| SHA256 | 53c667e640bacfe1661f85835ea215ed5b09f042b97452fee142a58778b62a36 |
| SHA512 | 42ad4e866233391fec79e310a1d9efb95f92f357e7a36c3dc9b4462ab216c531686d59ec77e43ea88bc50a0869d714df2fe144fb98997431ffbda115820f94e8 |
C:\Users\Admin\Downloads\SaveDisconnect.txt
| MD5 | 950f805d414d792bf2285573b9db9646 |
| SHA1 | 402e7d07489819a11408520d1c084ffef88f2f63 |
| SHA256 | b56b1e3de03b7ac3016558e2ae91a5a10837e1af81c34eba7fe4bfc6c537439e |
| SHA512 | ed549cf73c5b780e89e98d5a71e7f9161d1ef4d9c76d5f9f59394a3055fed472be1a836c8681b3e9b88ad364d38ba65b61544ecc8a88c34662d3501cb56df21f |
C:\Users\Admin\Downloads\ResetConvertFrom.MOD
| MD5 | 548ea415943595986e80068055998c91 |
| SHA1 | 9900a6045b29e1055a62854cfa404d26a2042243 |
| SHA256 | 57d4939085d1f6d6e199567851091b5565e50b7adad419e8a290e89f6a2579ef |
| SHA512 | eed665bd4bc6b72669707fefd265e5e0845986cd0941e625a495941571569ca6f34cedcabb39498252f560a277c5375b341b787c431d4b0f3bc57db8f6c611fa |
C:\Users\Admin\Downloads\NewBlock.xsl
| MD5 | c1b9f817d50d70de3f4fa2696a7c21a3 |
| SHA1 | 66715383a091fb59d6d82e22e097cd06a3d4e72f |
| SHA256 | 6487d70e17a8d3d8a4d72ecb6604a324fbaf71f30b43daf6f2b81c398c08e6d8 |
| SHA512 | 25f176f9b30d94d2d3e2cf7eda3d63961a40ce1bb30027e7dc3582124578c294366ca03a64ace1169db9011eadd5e40574ce27d15138903382c91b7ef6831e99 |
C:\Users\Admin\Downloads\ConvertToUnblock.tiff
| MD5 | 5c823d32351485792525a78c8abe4fbc |
| SHA1 | cae333e4625d5ce924251bb575cbd38f1e0dfecc |
| SHA256 | ee7075825ff7428d95e76438902a39bba93786147076860d499139735be0b9ea |
| SHA512 | 2c64831bfcb9df1e91a3f20e41eb3b1a5a54fc1e403e980c33c8fffba49f29a12d0c9343dd70ea3c6013dca4c53370932f6490e174c08d3b6358804f057cc27d |
C:\Users\Admin\Downloads\PublishCompare.vsdx
| MD5 | e9615d4df9e49972b5c3cadee063a1b6 |
| SHA1 | 124b531905187a78f969acccf8daefc16232ae6a |
| SHA256 | b59025213fe41a1def317806badad36abfe6e5221a619eac9596038b150f3da2 |
| SHA512 | a09399a8d8dfae8f9d086de972b7357e2321e609312bcf8e8ec4d8f45786131d5dcb3634c72d62396beee38fff15bb4e327b9471733a4f915a64281ad5a2d3ef |
C:\Users\Admin\Downloads\ExportMeasure.vdx
| MD5 | daf3816b9fa98c72e9f2403175cd7d2b |
| SHA1 | dfba4012368e4aaa7a13dfb39f18e8641fa63307 |
| SHA256 | af773dc3d251215fda34706689d3763187f5f0fdec240e43ea5472b06be5199e |
| SHA512 | f2e8d7b2f17f5432969d4830098c3cdb47960f3a28d9e01c3b37c016b3db3d68e1b3a78d28a7dcb2ff1111d449a5bdc533dcacdcde165e4cd909479a3284bb74 |
C:\Users\Admin\Downloads\UninstallPublish.cmd
| MD5 | 5d4dcf022ddf44ad4b9205a5aacb41c4 |
| SHA1 | df7c36edb7f7d023cd5bdfaed3eb391aaf4ea234 |
| SHA256 | 7c4594ecb4024afa4308fd10b16a6e9c75d8e5e61aa7b43ab63f24973c68a614 |
| SHA512 | 4daa885d43fd3f7fe6b3366ccc3fa0184613de4c2448d6a2a7c37c91bdbc176617d45583d7060a8013cc1e39dfe7905d2afd2064d09e262603ebd3f08a74ce46 |
C:\Users\Admin\Downloads\OutStart.ogg
| MD5 | f40fdfb10ba827539548c4a08e3fd6c1 |
| SHA1 | 3cc29a43e443d7e4cc0bff7dbb7c379ac76cba18 |
| SHA256 | d98dbb55b7a1ccb709b68314aff5e19faed8b6f9127d8b428d721cca6cb21ee0 |
| SHA512 | 6bcba062a9d3491173544f17a303000c0fd0e52b1ed4ea738c83d953c0f6338ef900496e4b7f41c97113e18f471c73c9bd9fb4562d4f220d51a8dda1b4e83470 |
C:\Users\Admin\Downloads\SelectPush.3gp2
| MD5 | 63589f2f2d26b45f033a2e8ea5f54a2c |
| SHA1 | e4e6ee9abf4a7b98192f2180af2d9b4d24cc4bb3 |
| SHA256 | 58d7308d59b5f754713904a622a749f5b5c2d9f77eee4f69bd94e343117b62e7 |
| SHA512 | c767cd3048fbc73de2eca9289dea6350b1a486bd3257f2258eea303c9a82cad33de006c08be9bf0c09645c4842191ada878ab4f1f5d316acceb21a203dcb329b |
C:\Users\Admin\Downloads\InstallOut.jtx
| MD5 | ea3afa9e999a966fac512202a507204e |
| SHA1 | b9bbe0811fe48e19e109b485aa54afe7ef1f3753 |
| SHA256 | ae2c978f1c884b7aae07241ecf4895f5bd2f7027c17b6f3873cd727d5030dfd2 |
| SHA512 | 87d5332bf2a7d57bca12123dfd304c431ab2e22146616b3cf2d78ff856ba960a06f80c0b4a8a5b3079d2f1fe7785224e97225fa627ba4f3b979b827382c6f4f5 |
C:\Users\Admin\Documents\SelectAssert.xls
| MD5 | e981f700d1266637c159e0d4af8b8a0f |
| SHA1 | ac44ee6505695224e9dc1b4e2f7d0605e024d2eb |
| SHA256 | 0eabf862553e480049d5d5b3c49569d075fc85e2c2220a9fab7693741ddd8dfb |
| SHA512 | 96a96743c87b567fcc886b5ec2a2a26ccd6699bdfd8aedb5d4edf7d671e8d047880d86c7d34b761cbd6934fbf175d053b8cea75f3b595ef0e70aa255cc144ec8 |
memory/1784-93-0x0000000000400000-0x0000000000481000-memory.dmp
memory/3760-99-0x0000000000400000-0x0000000000481000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nso799E.tmp\LangDLL.dll
| MD5 | 20850d4d5416fbfd6a02e8a120f360fc |
| SHA1 | ac34f3a34aaa4a21efd6a32bc93102639170e219 |
| SHA256 | 860b409b065b747aab2a9937f02d08b6fd7309993b50d8e4b53983c8c2b56b61 |
| SHA512 | c8048b9ae0ced72a384c5ab781083a76b96ae08d5c8a5c7797f75a7e54e9cd9192349f185ee88c9cf0514fc8d59e37e01d88b9c8106321c0581659ebe1d1c276 |
C:\Users\Admin\AppData\Local\Temp\nso799E.tmp\System.dll
| MD5 | 4f25d99bf1375fe5e61b037b2616695d |
| SHA1 | 958fad0e54df0736ddab28ff6cb93e6ed580c862 |
| SHA256 | 803931797d95777248dee4f2a563aed51fe931d2dd28faec507c69ed0f26f647 |
| SHA512 | 96a8446f322cd62377a93d2088c0ce06087da27ef95a391e02c505fb4eb1d00419143d67d89494c2ef6f57ae2fd7f049c86e00858d1b193ec6dde4d0fe0e3130 |
C:\Users\Admin\AppData\Local\Temp\nso799E.tmp\nsDialogs.dll
| MD5 | 2029c44871670eec937d1a8c1e9faa21 |
| SHA1 | e8d53b9e8bc475cc274d80d3836b526d8dd2747a |
| SHA256 | a4ae6d33f940a80e8fe34537c5cc1f8b8679c979607969320cfb750c15809ac2 |
| SHA512 | 6f151c9818ac2f3aef6d4cabd8122c7e22ccf0b84fa5d4bcc951f8c3d00e8c270127eac1e9d93c5f4594ac90de8aff87dc6e96562f532a3d19c0da63a28654b7 |
memory/3760-118-0x0000000000400000-0x0000000000481000-memory.dmp
C:\Windows\Installer\MSI1D24.tmp
| MD5 | 67f23a38c85856e8a20e815c548cd424 |
| SHA1 | 16e8959c52f983e83f688f4cce3487364b1ffd10 |
| SHA256 | f3c935cac911d9024c7797e8ffe4cce7d28154b236ad3e182f9efb85cd5a0a40 |
| SHA512 | 41fc1b4e2f47d5705861ee726c8d5d7b42191e7d586b370981da268414f207f6dea00a59dc53012cf6510c44651fec4a3a33bf69e501d85fd2efd66517e4169d |
C:\Windows\Installer\MSI2C46.tmp
| MD5 | be0b6bea2e4e12bf5d966c6f74fa79b5 |
| SHA1 | 8468ec23f0a30065eee6913bf8eba62dd79651ec |
| SHA256 | 6bac226fb3b530c6d4b409dd1858e0b53735abb5344779b6dfe8859658b2e164 |
| SHA512 | dddb9689ad4910cc6c40f5f343bd661bae23b986156f2a56ab32832ddb727af5c767c9f21f94eec3986023bae9a4f10f8d24a9af44fa6e8e7e8610d7b686867b |
C:\Windows\Installer\MSI3821.tmp
| MD5 | 0e91605ee2395145d077adb643609085 |
| SHA1 | 303263aa6889013ce889bd4ea0324acdf35f29f2 |
| SHA256 | 5472237b0947d129ab6ad89b71d8e007fd5c4624e97af28cd342919ba0d5f87b |
| SHA512 | 3712c3645be47db804f08ef0f44465d0545cd0d435b4e6310c39966ccb85a801645adb98781b548472b2dfd532dd79520bf3ff98042a5457349f2380b52b45be |
C:\Config.Msi\e5d1f5e.rbf
| MD5 | 21438ef4b9ad4fc266b6129a2f60de29 |
| SHA1 | 5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd |
| SHA256 | 13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354 |
| SHA512 | 37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Config.Msi\e5d1daf.rbf
| MD5 | 66faffb88b5f052bc3f569c1cff63df9 |
| SHA1 | 7efc9c11c51993a1da2e3eb1329c72f8553e2a51 |
| SHA256 | 34bdca264469ccf8ad439f3d5f8f10c80a73d361b0462440d70dcfd37678ff84 |
| SHA512 | 923ae7c122ba5e9569190b7fd5cb3e711ddeba7142db6494f700294124f9b138b7508d3da7c4a14dc74b81ca040ad8597ffc27d4a7e66dbc8e685dfacd6d0128 |
C:\Config.Msi\e5d1dae.rbs
| MD5 | 790298661ebf8a96dfc2074e90d9e27c |
| SHA1 | a886d263618009e2d664c4a6f124d62c7e244d72 |
| SHA256 | f2a721e5d0608c8d8b4d0334e211f187c1c0b407d52693d786546142dd38a939 |
| SHA512 | eb417aae72a9a7eb03e5e8304e889e5251bd4d140d6d9f70ced9622e3488476f3211276b5e4e09cb1e43ddf16ca7e8384161e032126d474e030b972918eb1836 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b3de73181b6362c99e0e4a1ced32d9fd |
| SHA1 | 9cf1b10c99a3efaf507230b3436bcc105b03ca19 |
| SHA256 | 47a2eff3f4c4598f26090c2fca67b297b78908226a1e2d8af0f7835cb692362b |
| SHA512 | 293455213d6b1d67ae924217d873f1e3dfd927c17f640ebe7794f253ef9bf0b019f7a3ef1c2f0f7c01d69a210632889f877539219ca6db10b4c3d7b7a5ba7c3c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1d799b09b5fd9c74632a4e2640b69f73 |
| SHA1 | 502d967fd23eb5b9252b468d0f55642782bcf129 |
| SHA256 | c2ba8087f7428c8a70e03eda2c68b135d0867f2d3f44d778c192869ed2c57e20 |
| SHA512 | 73ae21dc799a3f0047027a811d87b633704af8ecfe15af29f47b82923ca0fef9a9659424e1fa93323af3d58e32156b4e366f9be859bcf6e402534a64ff1c4466 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e60adcd08d4dd776e1219867377648c3 |
| SHA1 | 3b6cd8a2835c5befdb0af050ab9329beec6dd33d |
| SHA256 | af5f44bd6fc2b867efd3e878e735f330461dbf3c7e755200516cb01d5e735643 |
| SHA512 | 3eb42d10780b1b50f166bc273cea5168d16188c7f9892a4882855d63fbb5bd23c1575998001bf15c89132ce4fa15151c997e279e28278e027d298387f0c50e1c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 8699a6277beb3591f6975eab6387666b |
| SHA1 | 2ba7399e3f0319e548f817626b3352f874659539 |
| SHA256 | 8591dc7e8cc27c4083029938249b59032930a81e714c65d6d4c39449353cb40b |
| SHA512 | 967eaf34dd0924243e644c5bb20aa4ce3001dbee3e44c44a42c7e59961b3719f52acc20b21a03e057afe2a2bc22d956a73b1eed479420a28cd9bf0e249e3ba83 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 29f557bbacc14a89a23f85bae323210f |
| SHA1 | ed67050d838109c98b855f52c6ceb36c1d83c4e4 |
| SHA256 | 0742b7e1c239d2770d271b73e23be5dbaa7f705328d7c4c405cb05ac1258608c |
| SHA512 | 36897e08a82ea98ba85ad930d380b38e2acde7d5d84ce75fe6abc0f4e1ff8ae3d93f258538676f1d9ab77bc36a5a895c66025d1114d762bb1939c3804b65f4dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a073c66035ad18830bba2abade9adc98 |
| SHA1 | 690d896d970f271f43b1648d847a83fcd501af48 |
| SHA256 | bfec89743557124d94a423f0abdac8bef4bef839d8dd2d142ffbdd239c7cc09f |
| SHA512 | 5e5c5bffb9b79e0cc9dfd7a31196fc65577e62c6e74b463becfe584bb886104b823a998d50db03c200279cce4b9096ac15ab422a2dab6fcadd9c71b5ce2f40fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 51b3ffcb058921ac8406c95cfb9650c9 |
| SHA1 | c2ca11b9391966833cc3089e0d282984df01d82b |
| SHA256 | bd0d86938b9e5cb2d34972d8dbc39559e3b11bcba663cdcc898e30bea2bdf538 |
| SHA512 | b44fa4596448382b42d173a73b5b9d086209a6f8d448017936c8cde6ab39854207135d2c5788cb859c30b7bc6db4d155073f59515d6802fab01c33c6413b418e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3202502a5d598d600931d9f5c1d16273 |
| SHA1 | 6a0144cf73b27583ad1726105c8838bf90c9fd39 |
| SHA256 | 6ea5aeddb3285d5c28f35687d31ebfe35244ba5cc51db09680a6cf9ca49f4f97 |
| SHA512 | 0be781e7173df9bd08c0ef7a0f04c57389c9dc2942dfe699fa0d33a7dcbc33f4f7df7f27bcac4c236dc276c7e6e789c394d45a3e1daf9c1c1a26b8cb144e7d2f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 09c796cc9177b075489bc476b17197d8 |
| SHA1 | a7b4c10934f0e315989c8e73f1058af3810cd2b7 |
| SHA256 | 232036f64ecf93997e6cb34dab003cd6b3a016b879e10024e0d202a664ae68c6 |
| SHA512 | fdc60a8249886906a6144d8eea3e93cda1b75d02f578f49ded16f34b8f909d0e57efaefec00b1d0eeada2ba72b6c6afa5cab04b3ac1bc850242886a21b36a655 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 4e41ed67c9d23a8f1d87f0e44cf892ee |
| SHA1 | de15d809c50bfe6812feb0f2fa58d22591ac848a |
| SHA256 | e5d8d30328d5a5ca2c5936820796368642c6b4d2a3fbb5f04cdb0a5e90b9b5bb |
| SHA512 | 39c0f3debb6af8bd277fa5f54d3d58334697cea8435a3635cf0b2789d7cb9d2d995e1aef6cea2619b52367a426279347b1271129f28f7072891ff54807d80690 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0c746df07cbedd0b064344fb688d1ca5 |
| SHA1 | 22061b336a8e69574f294ffafaa88fee555ea56b |
| SHA256 | ec87fc7ba99c8687157a2629d41c57ae1fae14f043ae29454c1062578c9e878a |
| SHA512 | 7db21808e380b2bbd3c119880d7ea8e13f6698e68bd6003a44432a4315f1d64a3a79fa8c363931e05ff1eb47dac48ee2e0c750439b129357e86e32fad29a3849 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\nslist.hxl
| MD5 | 05ea4d7d3fcfc5ed4b76b0c3e1c7cda0 |
| SHA1 | bb2dafd5cf78979a83e31cfe85055104dff5e01a |
| SHA256 | 2a2c3bfac69ed00267b3bf1f78752b0207a11fb721634ef209b387dc01495cbc |
| SHA512 | a5c159ff09f5f2f426eff2981802ad860c918cae21630f9b946391e5baf9e8ec8c806e5dca85f41ebf7d8a36cb405803903f8222f88893d5f2556dfaf37f72c5 |
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log
| MD5 | e80c895f4ee2aa707ef2cdc2ab4470b8 |
| SHA1 | 7b5fd61c5e0dbfa3c224e69662465e55b9e1346c |
| SHA256 | cd452b5f2f8a49bb8099e5ce1a876bc28866f623faadf5e22f6c387212a91139 |
| SHA512 | 547b54166b0893a910dcfb7ed002d32860022381de8640b15c6865cb85e36fd0ff0f237c4ff86de624d5a6ced5d424ce0e4fc0c163b47d5d3acb4a52f3078ff1 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
| MD5 | d641a9828abd189035757b53be9a8edf |
| SHA1 | ed5becf7761fc792a6f7774b93eee7ac18b02633 |
| SHA256 | 7ae483ce505af4ff62052810ab0ba503b96c5a0a10211212f5546f64a94cdea3 |
| SHA512 | 30edc4582082c357db5e7eb2984f14b9efb93b65f648feafd0669d19216f4deca572c8fc353ba1159285a70cf9be07680a06f4ea103cee4f7974f47052c02a54 |
C:\Windows\Installer\MSI6077.tmp
| MD5 | fccdc45ca17e5180b40efc28052bac39 |
| SHA1 | cecb5a7e8807e619956183897a64930ce56294d6 |
| SHA256 | 4ab37b0f9c5fe3505e1ecfe0764aaa04838cf81f9e0a402425e057f7a251e621 |
| SHA512 | 67a9cd2066155b35a4b11e7917c2b6dd1d39828bfbe2972b22eea79c1891fd142f50273dde0cbf0a500259fb468f7636db05131a70b3c54a143f945d037da1ce |
memory/3520-1246-0x000000001B8F0000-0x000000001B91C000-memory.dmp
memory/3520-1247-0x00000000013A0000-0x00000000013AE000-memory.dmp
C:\Config.Msi\e5d1f90.rbf
| MD5 | 745897fc2816625a0e5f1ac0f9af16a2 |
| SHA1 | cfa9d4dbd1a5bc728ed712cef8b3fadc903d111b |
| SHA256 | 5512cabd57b6e1fbd2b96c298d804a3795cd317f61e154aedb335f6c119eaf62 |
| SHA512 | 7053e9c95b943a30006065a66830bfeb0f37dfb185fcc27019c205e3cea358a0f71ff8007cb6aa39bf61e3406e989ac8366226d83dea5e37c429a5242d1786d2 |
C:\Config.Msi\e5d1f91.rbf
| MD5 | 485f3cd5a94355f8e6b0aa101abd9f04 |
| SHA1 | a91650f4f103fdf08c8c261cdb1746aca658229e |
| SHA256 | ecb94457c6327a56138dee83fcd82e61352c45e7097309a2effc694e5e78d1e8 |
| SHA512 | 31b1746d7491d4be907bfe966cecc43f9fac099f897f423cf0b85bef4846a325d209ab64408edfbbd110ca3d3d61644d0cd547e431ae6e6ccd5a74cd9dcaa794 |
C:\Config.Msi\e5d1f92.rbf
| MD5 | 7e23e2abf1e03fd0d3c0ed71d3e67201 |
| SHA1 | 77e9ff622eb2b07d4eb908146251d2061895fd47 |
| SHA256 | 588aa09f39b70d191b92c2414217429a2fd21c4fb7c3f21fa1d57ece2f552209 |
| SHA512 | 14496dcaaccd6b00b156d26691465f6fb85da94b04d0a804ad22a8f42d992ef201c4c92b87e2c9d6e5b80ffe53049ed8b44d67ec304bd604d18f6204590c7bb3 |
C:\Config.Msi\e5d1f93.rbf
| MD5 | 57626036538c8abbf5bc761c8ecbb274 |
| SHA1 | f3dc829a302cd7e268b566eff47b9c5b3badc33c |
| SHA256 | aeb0afc185056f716552564e277ef8a6740a4e7f1600032153eebffae18b3ed2 |
| SHA512 | 2d508dc1d441187d18502f3d470a27cc8a34af5b16a97db713a2c34801ad65eaf4e15e7b13fb216c11ef4ce505e438e4dd49c326e8217341735ecfbedbdcd330 |
C:\Config.Msi\e5d1f94.rbf
| MD5 | 642d05fef3999b47e67a3b979395d87d |
| SHA1 | 0806dda798421528f8e61e81ac4aadd20cc101e7 |
| SHA256 | 53bb64373a30ee2b7b2d2fca25f1d0047fee7d932f351d902041b3d5fad6016b |
| SHA512 | 7f362c47552e0e31c1361f5cd81c94a7e3b1755b4c336b36275a4f42b77ddc775ad5c46e5aed5659f10beef92f228d52882b1fc421bba093373df82f110e2b2e |
C:\Config.Msi\e5d1f95.rbf
| MD5 | fd580865ff5b65ffeead3da78f9d244b |
| SHA1 | f26c08181b87d1a6979f97293413d25f6f2862e3 |
| SHA256 | 5256b74f3447a7fdbaab2ebe6442160dd617fb10800fd0045895b280f603604a |
| SHA512 | 5c7dd9a96db711627e4e2f0bc57bc56a1ebd22d8063cc6b8d5d10ad86104b0aaef52fc17e84ebd07d902d345931aeb33e8ba1dfc334e8da251b538e5e8fb10bd |
C:\Config.Msi\e5d1f96.rbf
| MD5 | 1c213c5e8828353641cef6d74ee6838d |
| SHA1 | 6e16eb31f642327afbed7b8d4ca56e791b799cca |
| SHA256 | a1cbfc3eca8b075ce204c629bf0cf36b0add593c8a28040018319e5e2533ffdd |
| SHA512 | 7b7a222c49a95cea34d8ea005302295572a9955a396bfb51e929a83fd351a67c55c4b8c1647eeb0d4d7bf5e9b0c9502d7f4f4e75970e5b004bb72b4c5c2abf43 |
C:\Config.Msi\e5d1f97.rbf
| MD5 | b4c6016286bdce7c51c3634999f2ea5e |
| SHA1 | c446378afc6b12c372bf4dbf33efa61e9f7fbbda |
| SHA256 | a8f8ab6c63c8d4471d158010f18cb24d4d2ccea495a160cdcef95a96183ffc6a |
| SHA512 | a121b4df2348ef53413b82c69a66ad3654aaec7d40011dfa4968f9a6b9a5e1252089f39f4961f2305a678c227abc14bac88a3674ab960fc52f71f7c3776c928d |
C:\Config.Msi\e5d1f98.rbf
| MD5 | dcc6434e76ccc91fa6c35df0d0d6f5ce |
| SHA1 | ed1d50016a7db340208145d988a82ce7c126cc94 |
| SHA256 | 45526926c328fd96d9be162238b22694fc496d7a946c0e5a085b83257e7e25e8 |
| SHA512 | 90e08c83dfc95cac80150ebda86085ed2dc86fbc1b2f1112de15638f548e2eb4fc954e3ecc17d828a1a6ed549acde8a1f8ded666865d46ef30eb026127c8b102 |
C:\Config.Msi\e5d1f99.rbf
| MD5 | 2317370717a6bf28b9af805dc45ae5c4 |
| SHA1 | ae6876ee8672be7ef18ea64af2293e0d4bf8703a |
| SHA256 | 01cd704e1fb542c10b368985c57204b1f78f1d61b07ae6cb193b47aab12cf663 |
| SHA512 | 5257384b0e7d49852786f81b03d5cbf4026705c1ddf0c533faac970d92cc9e7b9f3a954bde5eefda6c883bbaeb7feda50292245fed9fd1e5914a404d66357ec4 |
C:\Config.Msi\e5d1f9a.rbf
| MD5 | f35d405459f10fd3d1f52f6dd64252ca |
| SHA1 | 5f3bf4ab1c25ec54e79afe7f92390a624ae5cf14 |
| SHA256 | 384f7c7d81020a72029972324ec6d8b84dbb3f342418c15e0833db02174416c7 |
| SHA512 | 2bf358ed9e7c09f49280bffb7e200d93ecd3de99d0a842bdbb468b808383aa16f444ad8888f030d1bad5e00fd49c7c3d01a72a256c96aadcab04dba59fbe0a7e |
C:\Config.Msi\e5d1f9b.rbf
| MD5 | 3e3b6511ef707e9d2344b320407ca1da |
| SHA1 | af55e484ad47daeeaedc5efc0d301ed8d6a7be16 |
| SHA256 | 8b8be00e22af7c415c0086e48c6ce86ec5d146c75a43829ead4a82d25b5ff636 |
| SHA512 | a14250cf607d8d3bde7b9f118bdebcda8deb1b4866042be3aa4d266fcc4734f47f2398c6635d4884d16935c58df6e3a64c68a6196e9892c0c6e2195904cedb30 |
C:\Config.Msi\e5d1f9c.rbf
| MD5 | 5fe646e5f52a6183027c87160b922e2b |
| SHA1 | 53123095d2ff679db51a55961e7efa6f3c2cd09f |
| SHA256 | ff729c37c44b93705b3d7f3e07a35e1debb5deb6be7a00c0a82546d0fb88c0e0 |
| SHA512 | a8e7b4f06fd7a2f46d75ba2a43e924aec6d6e270a0ab7b6a3f6cb259d33f7ac78b00ecc6d6b39e8f0433dd35894972790c43d81c7177bfd72decff8a4a768ea7 |
C:\Config.Msi\e5d1f9d.rbf
| MD5 | 9473054628d25757f804cc2584a931ac |
| SHA1 | 1ec0e971be84d5e980988c16e1dba3b5323e7ca9 |
| SHA256 | 6c699e95e7a018673fe586f5b96ead5bff5861f22699049d72d92ecb53497a47 |
| SHA512 | 668ac3365f98ea2c6ba58d13017dd4a2f8ae28dc4bd8e8d72ee6fcfc3a7b51bf0b3f658e8a95c6f5bd2015000f3a347ca417915d99ca4fb7f4a98271a27ad1ae |
C:\Config.Msi\e5d1f9e.rbf
| MD5 | d80746b2f94a3a28e380735d4b8a9ea3 |
| SHA1 | adf85a8d951e2ef30100f88bd072d333839462ad |
| SHA256 | 45bdf89c40a35f2bb5e8a49a8fe3b67a9984adb4f65bc40ebf4e320c50194218 |
| SHA512 | cfc016d2f98385f407d660e276e31891939792d7de667dc8fe0faff37e38fa7f02b55526084682c75d474757c2dd790b714ac2fe1300f39f54fea61b4b3780d1 |
C:\Config.Msi\e5d1f9f.rbf
| MD5 | 5440ee9cd44616d60cde57ebdb286e95 |
| SHA1 | bb7635d6911311b2f3a637a2e9d8446fd0698678 |
| SHA256 | e3ba35c5572761c20eb59e25b2332a0cdfb726c48963d40291d7f977531e47a3 |
| SHA512 | 4600215bd9788b30aa5a5038d6749aa294ca0d6d0063335979d2f4acc29af09967a9160bfd8a2ae093f7fcb95c80fd51ce832cb639354360965d0202a044e1a0 |
C:\Config.Msi\e5d1fa1.rbf
| MD5 | 7ecb661f50f34a941a44dac7241f7d08 |
| SHA1 | 772b0df3ad4a89a078cd4ff8e5f45115778d04a2 |
| SHA256 | e2386b60a73fa7c95a8968161fb1c84dd9143462b2880133778a3027f75730f2 |
| SHA512 | aa007a71da51b145a7fc702a0cd8930d43e03a884c331afb48de01e82e06c20d2a5325aaa893d03a25e5b670e9e0a03f002b55d9620202b6b48045e4a79b577b |
C:\Config.Msi\e5d1fa6.rbf
| MD5 | 524014d39a54d3908de59807c09cae3b |
| SHA1 | cc166f76626f94cdbabd8095286a82a474af9f8e |
| SHA256 | f259988c45f54338d57175fcf4fb9f895d484a4eb0c4b861a3abe885c263be66 |
| SHA512 | 02bdff78beab753a58f46579e61ad4d2953475edb53b57f75ed4828ff04d9641f114357f11059ae28d82c1d28f7433a4eea7b7cc01c1fcf85bb5dc6d58261182 |
C:\Config.Msi\e5d1fad.rbf
| MD5 | ec5a78ba8d91e89c0d9b3683d0cfd5d8 |
| SHA1 | 0db33de0721fda2e302c39b98f3987ddb9267850 |
| SHA256 | b3d09766f50b21e4b825d1ec7908cadc7fd74625b4757dc7952344797c72ac07 |
| SHA512 | c8ed1321211aa260ad8fa7314cc4036a743c0bc1ac06defc9d061edd4c3032f1e42c6cb06f2fa8836e66a0a4816a921961a5379b0e20ced8fd4f398085b125d9 |
C:\Config.Msi\e5d1fba.rbf
| MD5 | df0c6bb7965a3dfce5f0f158e9d5251f |
| SHA1 | 5250b2c7d557a71dc9fb0823fdc0cc94f0a81e35 |
| SHA256 | 883e42e3319fa4c059623e4d5a937215ad2f2cb123e88aaec27955f258627c4f |
| SHA512 | 8b5f7cfb9d3d857b2396706cbcda445b9131abf79e84296ecbbffff0dc1588b19399b506e4e3110ac4782f60ddee081cd5243e598e0871738803512358efee04 |
C:\Config.Msi\e5d1fce.rbf
| MD5 | 9f8ecff52bd15cff2deeb91bd325e101 |
| SHA1 | c82a0eddc66f95f0bfe1fc984671837cf0b07a65 |
| SHA256 | aca44b663633d4785d4fca1ed45d2c1d58c994fd927374569b8b5bfcd7079170 |
| SHA512 | cf52103d480a589e88c909239dacf5add2467adf6f4ad52d89af16ffb9a5cb32d7e771fe005694d37189ab2ecac08cad9ca7cbcc7d971f17d384a959705f168c |
C:\Config.Msi\e5d1fe8.rbf
| MD5 | 75e8bc00ad7da1e7628f146dc33cc83a |
| SHA1 | b140b32eeb3cb2223efc7c92346e3c4ecf65eb7e |
| SHA256 | 5a35e93da45d610cebbdc4980e7a33b3d094039a49823561c8a3fb87e88f747d |
| SHA512 | b80522f835414b493c97715823902443088bd33c7e54a5fda665d73de7899df5e59c44aafdde33ffc9d71dc7c48036cee050dfdd87a24c29a9fff8ac1253acd3 |
C:\Config.Msi\e5d2000.rbf
| MD5 | d8a76dfe6188e600bd7a8480dcedcbdb |
| SHA1 | 40080e226be118c2a0a8f9dd70879467ec09f198 |
| SHA256 | a1254966826e2849b1ba2d630e93ca7b75105c8d3acd9be795d625edf835ac0a |
| SHA512 | 9a01c3290be7d309e23a6048731c541cd0c602669ace34779e1e69c29da154b378edf0cacfe92354996e293bad205c1bfaf6a003840cf53216100cd39bf6dd76 |
C:\Config.Msi\e5d1f61.rbs
| MD5 | e4bac1e5331d2a5ec44703879268370d |
| SHA1 | 303287c6d1adc531a14f9e1dcffeeedcd7df06a2 |
| SHA256 | 1a7750068b5d7398c85bbd9daa6451308c7814086bc9ca5f1ab38c22d94b8b73 |
| SHA512 | 63e6f68e524140f89dc668895d0fd5c445d82af9bb695bf5c04643caac0ef01e6b0871816cb3f3fef056415d618da57f8f10f8365162310cb1c91fa62d809597 |
C:\Config.Msi\e5d1fff.rbf
| MD5 | 1a063e60707636e76e61ad9784bb1eea |
| SHA1 | baf498bac402a29b1330fcd20cfbacbc5d245cf7 |
| SHA256 | 878566ee8a41806ee9b9c4cf590e1953881dde2127616a647fa31940a5096cc5 |
| SHA512 | 39e2bcd04f4ee4e6280b7723a628acfbceef254fbea62833a34d7f4cba566c9556bfcfe2424ada027112a8b722da8349331ca416d00d0e3d6afbec96e3d91a65 |
C:\Config.Msi\e5d2003.rbs
| MD5 | e50dd58913a5e2e03db8be760d187706 |
| SHA1 | 1613ac78a2e8a0c8906c800c114779fd1d94ce25 |
| SHA256 | 95e92011dc9cec1f88fb1a55c42d5c45e9dea2c609db1153aec7f8ab331572c1 |
| SHA512 | dd71234c1bf5710ff22cde8e002c5347ac0ee321484b38ace2a5993ce0deb2c83754332b1cfd3eb5c30eb5fb0f4cc7fda3f8a250467fed2cdb5c9b2ea91a8473 |
C:\Config.Msi\e5d1ffe.rbf
| MD5 | 683fc126a13b915b3ff36735ea5ca5fc |
| SHA1 | d1ccfdf78919f51b09fbde02c2cf0f332601bd74 |
| SHA256 | b8361411d7b7b0094669b0f74ce8afb488cfad61e2c26f76473db9ddae702929 |
| SHA512 | 4d88cbe5c42815940595b1c7d466ec84a9e753977fa234591c0b14d2d826423c5bef13aaf93e4f3637a669c56e040da53529dbc31339f18b0587b0c1270c14d9 |
C:\Config.Msi\e5d1ffd.rbf
| MD5 | 4b15c6de8b0cbeb6d4d7d6e14b9ca7fa |
| SHA1 | af3b589712be828302778a6e248ebd659fcdabfe |
| SHA256 | 7150db5b3af392a250b79f1078c87848a08b6c13448943d5a0478c2d37645b85 |
| SHA512 | 1f68f55cb4c32d0abf929b3382d9b773369f376853912829299c6386648c39807c6242eba037bb3988ebecd0e8b7197c91583243154c569bef1f70d0d958c491 |
C:\Config.Msi\e5d2007.rbs
| MD5 | 5db137c0e41895ff45193a6021b6e59a |
| SHA1 | 38f3f2275bf81e5374f2cde4ff627b8b69ccd4ec |
| SHA256 | fdd82b6ecdc41da8256aa2cdc99a5a1ee0c8b0ae9a4c7f79ce3b6c1f32ab91ae |
| SHA512 | 2c718a1791c4a4e9cf327bd95a277e7bffdd7707d1220814456f908b44b022e8f6dd57e99bd75bbd6d05326fb3d050ddf3a52a2e5b3c239b0ad1fc870d21fefa |
C:\Config.Msi\e5d1ffc.rbf
| MD5 | 9f735917c0bba0f42b40e719047eefd5 |
| SHA1 | d8c1ef036b9d841db86ffc76d9150064ee836cce |
| SHA256 | 7acd536b7e7fbbf4578ce24aa39740279e7ffb7477bb77f6a2c7afbc12f16c83 |
| SHA512 | 65522b77519efd6d43f17848ecf65d4bfed8f07d9f4212dce7f6c905650b4107396e7067c62802c7c953b02f78e924560c8ff151e195c0cab37606be69270a3e |
C:\Config.Msi\e5d1ffb.rbf
| MD5 | 54c12705dc6a32282762bbc4252e2b9b |
| SHA1 | 2d1fd38b5f3db7c7f0d7baee446a00099a506d50 |
| SHA256 | a5a600ca8a60a0af629047ef8b227feba5221c5697f820da69e274f40869a6cc |
| SHA512 | c4d96a8d8064ef917ddb98532360a8bf318535b310f908a384c0ca140ed058f5f3f24f34c3992da4399386f546381cbb1eef5432b3ff2b7c19e0491dec8d4aaf |
C:\Config.Msi\e5d1ffa.rbf
| MD5 | 18a9dd94b5112ea94f3fc9fc22ff8409 |
| SHA1 | 97a0b82343ef1599e517946a2c3c259b61e53ca7 |
| SHA256 | 55758341c4094ac4cbf26712f45f1ed17fc1f570197538ac2267bd896a9f854e |
| SHA512 | 7bac448be18324efd337c7cffbae2c6db763d9d7450e70dd33b214981266008b7e4d0a895c7fd214d908b3eecb9a7a0ac0aba1d57c9e1fdcee3f9e72c39de3f6 |
C:\Config.Msi\e5d1ff9.rbf
| MD5 | 32f2ac5f45b93b733cab1865affd588d |
| SHA1 | 5062e6d2a8c1e06e19c9f0b29164915286ece618 |
| SHA256 | 38f422c1c5751cf6796c44fec1c478a2a5379ddb6f3512004f1fcedad3b35cd5 |
| SHA512 | 8384c6aef7c32ac0f10aad8490d82b1553c3d194dd3f7821bbe2c75eb50a6e5ece195be6c09615f273d3d4935163c15d1c83e7bc4ef45fd1113a9f0641ae0bf1 |
C:\Config.Msi\e5d1ff8.rbf
| MD5 | 158f96bd130a9f3a1f7e91dc611e8b7d |
| SHA1 | 207264f61e8d8cd77c7dd82e7c8c38927bcdef85 |
| SHA256 | 89885cd48e706c533aeff66d45cfee67561db4708bef31367a546f685f30eb55 |
| SHA512 | 6ae9e17dddd7ae166fd195d202d73904bf6482d727f0a9d5cc01454d4a58f9da027acc9591dcfacafa039379bf151cb385ca4208ea70baf069516ff98fd31d4a |
C:\Config.Msi\e5d1ff7.rbf
| MD5 | d2d2a9e08ad2df5d73ca0aa0797cd96a |
| SHA1 | f6050bc38d27c805daa078383506b93c5dd854c7 |
| SHA256 | 1246532e2e335750fcdeb3c801f98eaca1ac6579d1bdcae1c5ca89f8b24fd879 |
| SHA512 | 197385ac8d349674675fb411cbd246b53b0860f8cbd47b79f6f05ebefda4563e75285cac2bef45ceb12cdfcd4b4d42c47050767608f96eaebc7111dbdbead1de |
C:\Config.Msi\e5d1ff6.rbf
| MD5 | facce237d5cc5e89d8e92a36289f588b |
| SHA1 | 5b91fe97781b107df2754a5d38807a597f1d99a2 |
| SHA256 | ed9b46fd9f3275639988cb71eccb7c3f31b48282ed78e4abc9ae303cab219bf9 |
| SHA512 | f0363e0c7414157dabf929fa9c4b49b74d86a0997481b48d29ec3f0708221d9fc4954f4ba93f4299e9ef0c31d38dd8a691b908cc6557864c1a4baf3f448286f0 |
C:\Config.Msi\e5d1ff5.rbf
| MD5 | 62faa6fe395c5810fe4fceffcba62966 |
| SHA1 | ed830d3d1156c3a5ea6502148f4347af0c4a8051 |
| SHA256 | 1db349e42e9c57afdefc29f18886a98290099b74210cb396ac5485247bcee099 |
| SHA512 | 4e876c4afdce30b29275eda6ecbb14aaf56bdaef4a1951e6ad09bbe2af5a37667d18f4358c895843010336f467e0bac3a7f8449a907011124d4e374c7b0c1e54 |
C:\Config.Msi\e5d1ff4.rbf
| MD5 | aa8ef0154efa83de1c2786ab1cb76f37 |
| SHA1 | 5e4fcdf55c34538dfdda172a985731019f74898f |
| SHA256 | db7364a16090f58ce23aeb0426b005b1d1a965307d7d4de117a553c190ba5d57 |
| SHA512 | 17d3c193a516bf56ee6a28ef708b01c618d5a159d7c389be6f54579638e3d9c0a9a3add7dc6e19c6f0b63b235c53bbc186d92e77c60ddc297e2df8c612332bbd |
C:\Config.Msi\e5d1ff3.rbf
| MD5 | fca2f9f00de26d0b5af4881836d6337a |
| SHA1 | b11dcad7c00c2c85354b131c796ae34bbbefdb38 |
| SHA256 | 19e6ec40e9a239b3b208eb3f7874a76e12adbfc8b865f43452296df66a14e501 |
| SHA512 | 7fae923c2a9c604991b172ac91e7e9e4298c01391940f23a190eb4bd3920c97af2476f1a4730cac350ddbd8956806e98870b46137b1711b224a6174c441af738 |
C:\Config.Msi\e5d1ff2.rbf
| MD5 | c30dfa5fbf9f2e6d18ceb7108923fdfc |
| SHA1 | 523c4b9043cd6d722c01215f64173b9287623d76 |
| SHA256 | ec383c0455491bdcab4a1e8692359543d96f82ad73602c171734ae8ce45449e8 |
| SHA512 | 075b726d3e37d9ba15db1aaca781502aff97b90dc6a80c4e1be20368dd1c9df13160b9d8bce09bfe467b406f7d0b698c6ace6aee5b0bf4149e4508d9ed74cab2 |
C:\Config.Msi\e5d1ff1.rbf
| MD5 | 93030b5af327ece3ddc3518410e1af59 |
| SHA1 | 4be27729a906169d2afcf025e10f308fce35056c |
| SHA256 | ea82d8bd8289e5892cad2443c1d586c0a311ddee52a8fda0f75072ef2317b650 |
| SHA512 | 247e2d5e63e6bb12dd826e452ce7a1e086152a170e7f15c0d7794a1588838c2b6dd4038f07dac42844356795b72b5aa357e01039e419c6c5d90b05ebfd74da4d |
C:\Config.Msi\e5d1ff0.rbf
| MD5 | 218e31b07c6e07633a84f0248730e220 |
| SHA1 | 47ee36529b741f3d52c487e6dad151f516c2eb5a |
| SHA256 | 241e01940f6f128aecc75d21f148468eccc2d368883f0f5a869fb7f58f57e5ec |
| SHA512 | e0481b2a424da192bd9ae9728a89f7c1496e887f198150016ed262b924b1634b414613bb80b969effadb3e34a108992768102f48da7a41ea87b9f2a459a2ddd0 |
C:\Config.Msi\e5d1fef.rbf
| MD5 | 9002a577c07ab2b99979435cd8b67acd |
| SHA1 | 5b3c6231c113b726ddd55fd8a8e3ae84b1526820 |
| SHA256 | c323b9ebba3aabb01111f281f604ec0555c6030134ca18422ac7f6c73721d9c1 |
| SHA512 | f4e066679e9c34cb44cb459ba178fd43ef2e600f94f86ded21af1583f182050178a57271f2a15967c2caa87fb6eea1f5409edcb87b95775245db45af6506bb47 |
C:\Config.Msi\e5d1fee.rbf
| MD5 | 4d4774a30da56119888490cdf3157b09 |
| SHA1 | 360221725daa9b7a14460fe6939d54b2173fb8d1 |
| SHA256 | 0ee427eaedbcd82bd07674c9793435443c5b1c0780092909cf791198f0ad85e7 |
| SHA512 | eca13baee14a633c3a193df85c28eb797c18063977cea410d6ca41d0aca87379d04e6d2850a032ae5264e536863186e96eb9dc8baf1440517d69e33d4de73130 |
C:\Config.Msi\e5d1fed.rbf
| MD5 | 7a016cec8851a57b2f0376ae6d1fc837 |
| SHA1 | f161f9d8d7b073c1f17f55719c37124969bd7d2a |
| SHA256 | 19e5e00b55a8b1fc36c33d0d4bd0fba24a03a0959e91f3ab59acb353fed9677b |
| SHA512 | f646fcd298b7a5d7b451219544ede8dc7e09aa3ea6f9a4256d336373d63b475281020ac70e5e08024e2dd8b8c886ff8607ae3139ada650eb8a6293aa0a141456 |
C:\Config.Msi\e5d1fec.rbf
| MD5 | 63a1e9cde10490008ba7ef47a12179d1 |
| SHA1 | 5299af182b7cf08f95fcb3815149d7c54e73187d |
| SHA256 | 9b151503214ef428ece37af31d3d8345f1dc27fd26d17b59c52b718e8fd08bc4 |
| SHA512 | dc4074fd0614212d54dad0370bb99d53dbf9078cd3d4981d96f5ecebe36c82df0406cb2c232d07a1928a1ddddef74d832db3e7f479d5d3c1292481143c382efe |
C:\Config.Msi\e5d1feb.rbf
| MD5 | bd3e2c28c647533a057b5cdf8bff2c5f |
| SHA1 | d36c80e460c5dde615ab1c268bd89309225ecb82 |
| SHA256 | f2742a96cb0a290ab71e316c086db449e6262a4614c70956f69165df8f9a0d3b |
| SHA512 | 14aba74084828f9710a1880d8ab55d7c76532d90ef6c9b8b5aa4cf7c67cbae1892b909b35e9239afba181a09f5bb59bf2607862d16330cae09fdcee0248a18cc |
C:\Config.Msi\e5d1fea.rbf
| MD5 | 2a9b706d83be29f32a28f29be397e533 |
| SHA1 | 31135de80dd7b7c4a27516806fbbb13d871548d9 |
| SHA256 | db47a4a99dc0cb5f558891ff552f75053122d04f4e4a2ff6165734cd456a0236 |
| SHA512 | cee9cf2576729b34f1352f63d9684695bd491586d31d3b3e81b11f2136b3843d513dbf59280b5aaa63b1cf085f0840040abcdd9d3d72dc15103987b2ad812e64 |
C:\Config.Msi\e5d1fe9.rbf
| MD5 | 775dac5f81248b14182c82013672c42e |
| SHA1 | cef7bba712b25da04f60f597cb614c7e4b87f24e |
| SHA256 | e95e6d348912c8bec21b006ba6ef77e52fe74287debea2864180c0511e68766f |
| SHA512 | 2d99dd61a4ede26a11e6f4c3569732c47911605543e7a72b0298ad25e0a573ba884bdd5719cb8b7cfae43b25f41ccb764c8a233d978346bd49bee1104e7cc97c |
C:\Config.Msi\e5d1fe7.rbf
| MD5 | 219c69df0c23fdaf84e4c9ea2835a628 |
| SHA1 | d3b091bfcaa8506d299cb1d7453fdce7fb27dafe |
| SHA256 | e9cb0016e439bab9d34038b15798cd9261640dec8c577a0035314de5d7892457 |
| SHA512 | e209df73a2dccfbc349657925ba9760dc2ea9b52e696f5159bbf3c729e768ebf43a1e6e86a28bf6b023dfc78fd217f03648513479956bfffcd4da04d1cadf8e8 |
C:\Config.Msi\e5d1fe6.rbf
| MD5 | e3c8239a97601bb203b9e9037eed89c2 |
| SHA1 | 75f0e5f417477d4c491e8ad81f498faf761618a1 |
| SHA256 | 27864727360196540664a55e1808db79f07303949156f843f0520106ebe047db |
| SHA512 | 71304187ca95a404d6d175d40be1dcf40d1744c644412e702a25fe7e9745977e3f826d7a9ba1f694c3da4382e8f97fcf41ec8dfdf40240dabee932619e26e7f2 |
C:\Config.Msi\e5d1fe5.rbf
| MD5 | f148286b321ed09c2d17e9e3637c807b |
| SHA1 | b0928429f52028b512dad9c7e0996ee7ade315d3 |
| SHA256 | 33fc291a41f38880549e72b23ec4598cb7404259a93775f59bf2be17f798a69a |
| SHA512 | d175430df339ae9b0f46d00aac752697f95ced9f7407b2d15505645bce313536c065ccfe2260787d4f387ad548f02a94457e662c32174f36ee97a76fa8e59f0b |
C:\Config.Msi\e5d1fe4.rbf
| MD5 | 03898441f5d9a8809c04fe746fd498b3 |
| SHA1 | 35cfba8e3600bd0a3389e96dd56ecd8efbf5ffc6 |
| SHA256 | 8da3b816828229f66334565432f12973529f0d594b685c919b753cf2f692b296 |
| SHA512 | dc2c0f6c8d4985770535962ad31e55c13abe248363c12cf55a14bf1fe9dbbb78a2c91eefd9a4711beb53606202b1c2d5648971339c4edb9a61dd271b61416b12 |
C:\Config.Msi\e5d1fe3.rbf
| MD5 | 5e1a793d9615d4d9e153ee416abc83ad |
| SHA1 | 27d231f4d1e2b473f9695daa21b22804db779826 |
| SHA256 | 8186f5e641a5b0770b635814b5cec2a5dff43158918bc1174edb328194b27090 |
| SHA512 | f54e786f2fab5324ce87be1d84ae69f63afa4ff5399e00248451375d2a56b5a0d30c74b27e5fd56b06976ec62688b09dfa39c4a1a02d47c3aa92da21b5e95876 |
C:\Config.Msi\e5d1fe2.rbf
| MD5 | 535d9d8441e0e22aa3f407c7197f8a0f |
| SHA1 | ec6d047e975c107a7ecdf78bf352a5a68f53392f |
| SHA256 | 6e6afa2d6e7c46b9c64406efaf23bfdd3f7fd7a25cb757580f70730f4096ddb5 |
| SHA512 | f5e051ef6af191d86797a55dcd114ae920f8a285191f3f09c3493497d381f9ec70921d712c93280b3c8e82fefa77c040cf51e8af3a1e52b040a7fd442d9ee95e |
C:\Config.Msi\e5d1fe1.rbf
| MD5 | c7fc5f01de9577403a1ea8aafad79e72 |
| SHA1 | 6422fa355184394ace02c0ba88e5b8af3db7fa6c |
| SHA256 | c778577e39211753844d5fcd2267464c043cea271c1477e866d40c9cbdbe49ef |
| SHA512 | b7af7af4aa1dbe92000722bad422af6d54c842af065427e1cf82f61b1a0f82e71f2a2c9b4b12d1642205dc54ca23ecd4ac61c8015076389907914b0cecd04e87 |
C:\Config.Msi\e5d1fe0.rbf
| MD5 | bc9a83d77cae33f9eb9bd538ab65b2a1 |
| SHA1 | 363fe5bb344cf1843d5f7eb2b0a725ac491ad6d8 |
| SHA256 | d0b2520c660959e388b3b24b1ebb7a6eca25dde878b0c0ce798657ae422a9c3c |
| SHA512 | 37ac66723c5bb78e45df3ae7175b497353343aec2eb5412213e3c6a1f3558e9cd68479728644643faac97c34ec3f3c43b7d01bb36b1e406613cb46ae4cef1c57 |
C:\Config.Msi\e5d1fdf.rbf
| MD5 | 9e877ffed2e2c9a013c59581f88786b5 |
| SHA1 | d3bbb3e2c36520ec267463916d3356bf4fcd8037 |
| SHA256 | 13f36534cf603cd722ac9078e51930cba190395d23d6688b65a8c788262759e5 |
| SHA512 | 5b4ff6de141bf2dc321dfa05fe8c93f64ca91eae6b41041264736c3c6db9d0520c135103873c5f32a47c742fb51317b3303e7656cd259331113f9b876ad17613 |
C:\Config.Msi\e5d1fde.rbf
| MD5 | d68368708be2b6dac797743e23dbf655 |
| SHA1 | e843b858d72359ecf6fcdfca328ed19a7f23210b |
| SHA256 | dff2dd57e4892ce613b160c935e2d0215d3357edb7791ceaaf880b5995c98361 |
| SHA512 | 2542ce485c0c630b09be44a4faa841a3ebf2e1b7bd794e0b3fda4e866d97361b014eb3895c70c6b7acee4e29dcfd46b76697a1602666d1febf9cfa62988ea86e |
C:\Config.Msi\e5d1fdd.rbf
| MD5 | 1f50737bb92b1f71b15824a0f113d3f9 |
| SHA1 | 4d78793ea921986d011a024b91ac59d6c02de6e0 |
| SHA256 | f48f267a6e081809bd5ae607aa649529849a6541ca303a5653f6515d865a6b57 |
| SHA512 | 89e6be6df11dd02896382a7cc9ee41ce74d5bbf845722531ff9a26fd2cb1a016925ea7d4948a4a652c079dafd084538b9b74c4a5dc0bfdd3cb2f0293796481f4 |
C:\Config.Msi\e5d1fdc.rbf
| MD5 | cad14a2ced4a556139097c1f716eae70 |
| SHA1 | 9552115b645c17165bacc2231725b3f8073105a3 |
| SHA256 | 35cd20b4567788e3229be61becd6ea1eb115a2b81bfacf3d65d81d0003ecb96a |
| SHA512 | df629a07c217880f174d52772090d49a5e88b73c0df45fccb714cd6ac4c01612e0aa755a1a0b9ba6c2a7a6701e6e94653e71a54c97a1076b7a5bde99d7f0c331 |
C:\Config.Msi\e5d1fdb.rbf
| MD5 | 6742f826c21773c933fc2a68ceecb99b |
| SHA1 | dc689d3fb31e7cab6a33cd2192d6114542173514 |
| SHA256 | a203989e4399f9443a8848486292dcf04d7c7180dc7d1b4af07030cb0532e036 |
| SHA512 | 4138836bf9561104facb88c175d9a1d29863110b7e0108149cc0ff32edddbd30ee1b0ba4b7ee8137ffe36c973aa2901f7c23a3dafc79a26b09a64a8b95b6db9a |
C:\Config.Msi\e5d1fda.rbf
| MD5 | 1c8e5ef9f86430fbda800e45c0a89aa5 |
| SHA1 | 4e18ee249a208dbf7d7b52d412fa0d402fd3ff2a |
| SHA256 | 6e18c01cb3fd1b795c062a00d2921e8e0eee8efd89fa77d50c5e16f2b7ce74b6 |
| SHA512 | 721f29dfd9beed272cbe213eadaba62aa1e1979828b23a226cb05eec536ac495eb33a01da05de82a23113a6d0ad4012032f453339499db3816abfecdecf19b66 |
C:\Config.Msi\e5d1fd9.rbf
| MD5 | a3ae8e892e025e479978fb07fb449784 |
| SHA1 | 71a1641ffb0da859af5e355c5bf4a9bcf1746e74 |
| SHA256 | a991c7d6fd80ce581f8bbeb7268032f06c9434cfa67298b0669c84d38be6535b |
| SHA512 | e39d58dc26f8710006fefb51cfe1adb34c8886b6b281a8ea3d87a89c116e255d39c028cc42fce05a8ed61dc0a7c602e344e6c0957bc4156f9a76677687591a54 |
C:\Config.Msi\e5d1fd8.rbf
| MD5 | d87310699e3baac5ecc0f64673fe3485 |
| SHA1 | 34460b0eb74977b98d9d3e683d5ffa2aec11059c |
| SHA256 | 4f9a3c48edbef17a0984c473d0d100e5541a26a92ed4ca3b336974c5eaabb4eb |
| SHA512 | 096196d3ff876b7cc5173e0d30125174e6fd1bb60432aa9cf64c3b22fd5ed2fa5a8bf35824e5840ab248b1015907eea0eddd964b4191f52454b03edf583e0b38 |
C:\Config.Msi\e5d1fd7.rbf
| MD5 | 6083b2909a6c1ab52ce84da1b435e7cf |
| SHA1 | e851ccddf1fcb0c2fd9cfb4a357f72633452f240 |
| SHA256 | 0ef563502d57298ab0962de24692931a32327fc1338cbd80b6b0b2cab067c956 |
| SHA512 | 53b8aad68d574e57f88fb3663b41455859b2c84ddbd152aa1f0973df15ad1ea1e72b57b54a0984ff8e4abbd1e4606833fb2e132d1d49d428f2e0ea4e7c4568f1 |
C:\Config.Msi\e5d1fd6.rbf
| MD5 | 86a1d818b679edbe94ab51b963ba79a1 |
| SHA1 | 2b9ee6b54aa2f709442e7e514335e2548c933318 |
| SHA256 | b36b011818770bafe044bd83826f38eb81093f529872a0b83e341f6863b3cfaa |
| SHA512 | ee1ee27bc740b4e4e29a11f4a428b5ccf7ef545444db972b64a8f4b7884462b8c589b5911d7d33e3f2a7b0d97dcea0b5d610a99a00b04d8b3099e695f9acf5b9 |
C:\Config.Msi\e5d1fd5.rbf
| MD5 | da7787ae5278031ef79441d29599dcff |
| SHA1 | 4e2a4c70035808dd8bffaeb6ded8fe2980566e0f |
| SHA256 | 06afbd06123031d3198a25ed0cbb7cfb08c1184cb58ecd7d12f42c235ebb5b39 |
| SHA512 | 2c1ac894e778aea4515be33b9e894f89a527a5106734a8ea6d6693557aff8417a7f7b340834dd1d207e85e250e718c1d0365332e77ffece2f9e1e81b0082bd7e |
C:\Config.Msi\e5d1fd4.rbf
| MD5 | 7173d17aa9ff4cda07fbfff21a584a67 |
| SHA1 | 37b04626e282aa6ae2a2dc96117dfc5b0b1f25cc |
| SHA256 | 972595aefda400197282647fa6d6e40b58ac15591443213682a87d1ac80cb867 |
| SHA512 | b583058ce0a7bac48042d63142342a430701f96bb8c8c0f00e2bdb168cf431e2f98a58bcb889623f6e6775195a9d4bae8f37686a48a2cd0034e426d6089a4167 |
C:\Config.Msi\e5d1fd3.rbf
| MD5 | 91ceea551937cb5da627f33ef7995ee8 |
| SHA1 | 4e7483605c4027381e4796345f0a0e6aa9342a5b |
| SHA256 | 4256104f1e0eb69836f00b38813ae62f79abed1724e0b07f8aca908e7bb74806 |
| SHA512 | 2d720c8a331278707913fc064d7a0c2727ef13b3f8cd46aa4e4a2936aab2b1228d78c1662856739964a87a33c312be2d3f65170f38d65545f3a3184c0ad635f9 |
C:\Config.Msi\e5d1fd2.rbf
| MD5 | bc959a160882b0de0583047b1b5b93a6 |
| SHA1 | 78bda837a0fcc25623b54e95f3eff76c3bd79332 |
| SHA256 | b9ffa79403a9c57e5a36d6632bf8ebf8da0f6256c0b71fe4dba50390df17702e |
| SHA512 | 7cd370afe9903daf36543a2d57ffc869f2ab324fc4ef363119d4923eb3b6079485d6f1a0304b94b928aace18900d034d74ffa0d1cf8382301f6e22f4daf4f0cd |
C:\Config.Msi\e5d1fd1.rbf
| MD5 | 3fd311d5a5cab694d93c6de5ab39adc6 |
| SHA1 | 2950e2cecaa45f46dcc443037c7a4db550533578 |
| SHA256 | 4e5cd2074b70b073ff9010a22f6e469fc08c93f63e14c85de93377c2d0e97fe3 |
| SHA512 | fd884db714d134994c1ef742ee85d5002b07e29b8bf1db2120a4139198f162ad67b093be3f232eeff3e05976ad243ef691af69db86ebcc8e2d6f0400245c6a35 |
C:\Config.Msi\e5d1fd0.rbf
| MD5 | f1e8d3b056eb17b33d6d23b5dd20eb56 |
| SHA1 | 7556e1bf214dca70ffec24768f3c549ab4ab1886 |
| SHA256 | e709b2b5901d6987b46febd4f3d5ba50b94e4ae4e0a6bde09ec981509b72000c |
| SHA512 | 914b340a8c175dfed4cdb99bf071e14ab787481517009ad92680725368dd7b7667dfe2ffcfbaa871b2a9edad6b8566828133dccbd0a0c7fb90cbabe4f812da87 |
C:\Config.Msi\e5d1fcf.rbf
| MD5 | 90891a2ac9ef19d26ddfae3dcb69fadc |
| SHA1 | 14af0ba5b5b4ed5dd82685c7e50a544a5c5e7a98 |
| SHA256 | dde3ccb81cfcc3eb4cc65752fe14bf0c7ffc6814d55f7c9bca4d9ae638b30f6d |
| SHA512 | 4f97ab143a719bd614a63a3b34bb6ab6931eedf310e2e077c361fd63d2d579e126a3a419256834b021d86250114ecf4c0ef120c9fb267be9aea004b252c17a49 |
C:\Config.Msi\e5d1fcd.rbf
| MD5 | a06591a7b689e5fe00f6755a180af130 |
| SHA1 | a581485fe2c6d9acf795e80c7d6b0f3a0e721584 |
| SHA256 | 6555b4dd2c4e4164c8e00c06f6108a9c1dcdf141a5ca54bbe5675e08750f63b4 |
| SHA512 | bc0195276fa8c7937c7c39d567a7f41cc4ef92521836515c11ef5b422d68aa791b96fed829900e998435eb5b719c3a21e58c94534ec1fe4d637e39d43407e4ff |
C:\Config.Msi\e5d1fcc.rbf
| MD5 | 070f18d93af687edf010efa343dcc983 |
| SHA1 | 16858f9fd0d8ed788ec49460ca2b596c193d2af1 |
| SHA256 | 89547b37ec7e20f96e1f1b9aeabbe86cac8a0372bf1520fbc2272eed16f8b4a0 |
| SHA512 | e7b9ca446b5ebf397e7c220e8a0f639ce20fb35a11010b641f6727ec1c9119093790d4f5521ebb28e8f6de4ed5c4c4f58a27355fb5d012ec949f0de3df5586de |
C:\Config.Msi\e5d1fcb.rbf
| MD5 | be6f4fd7365dfa124d60114095380602 |
| SHA1 | 66a41958ead9151d7e61d690f12006ca8a40df89 |
| SHA256 | 66d6f247e3cae875c3c86dd16ea1aa3512663b8aa8626984007bf5343326bbaa |
| SHA512 | e9f7d819714c905577a2603aa30cc72b87b7a66561c7cc6029dedf48de78fc3db580069602dedbc6b18496217da6b94bbe0c2734ba2dfa5f8b57b7fc6cbdb781 |
C:\Config.Msi\e5d1fca.rbf
| MD5 | 8b1132f4e0387a233497141cf30b1edf |
| SHA1 | 2afb866bc5093b1281b2ad0fc4a29bc2cab035d5 |
| SHA256 | 51063c0b520a9ab73aa3a0674c593c3c3de26fa9709175be085d2d8c456ab54f |
| SHA512 | f528da8cd45823fadecf870a348f605e8fa199c6bb139c7930392cf638289c794ea15746cb0f4b9d918a1fcfae7c6578261e7c20fced854e9afa20974e252490 |
C:\Config.Msi\e5d1fc9.rbf
| MD5 | a5c7d3197e0ac097600d2901ed4f6e77 |
| SHA1 | a459c50978c7e377f1130d7779f4a2fa41d0033c |
| SHA256 | 8d0b449684a977a3d81b8fad0663a20555504e8609c987e84364a6e232b51356 |
| SHA512 | f9d662be82e96ff035c7aa938a9de7f47162bd4564575eed4aaa42ed4ef49ced0fa4a9b6b2b789b5655c3ac6787f7b3c8439d82962d9668c1d31e62a54a804bc |
C:\Config.Msi\e5d1fc8.rbf
| MD5 | aef35350473c3e263b6d8d4a76616b7d |
| SHA1 | 265bf8cadf460109a3a2d0d8e23b7b1eb18d7660 |
| SHA256 | fe61442089ed613075613d0db818e9f1c87907dd5c76dbfa67e93abf7f24e135 |
| SHA512 | b4f966b9c921364283a6dc42d8b44ec10e8d032089dc157c23ecfda55fbb16f86b9c02cbb22fa0eee51dc784ed83876c9b29ee9cb1cbe823e3b99bf08e46cd76 |
C:\Config.Msi\e5d1fc7.rbf
| MD5 | 8a138a7c5f6826e2adec47162589bdc7 |
| SHA1 | 8ba9043cc728827655406126e46950e6a6bf35a1 |
| SHA256 | 9d4041b781a2fe7e677cbbb210497abce1c6e566047fe4592d6b2bd182768c43 |
| SHA512 | beb99a0c999a2e2b3bee93c32246826608d74c95b4aa1e5993228dc5af9e1a775035f52bacbd488d7589f9821fe17df2652f94bc5b66297963fc3f6062b8e0fe |
C:\Config.Msi\e5d1fa0.rbf
| MD5 | aaa2e20588e154a10747bf1b31b55125 |
| SHA1 | 03cf9f79b9cacda13aeb644a88180222240b6f0c |
| SHA256 | fd12cbad7d1155b311d97dd5da05869200c50e7698ce997cb96004f18018ad2e |
| SHA512 | 29df908a09bfd551c50a3c64074c88814065b5b4cdc0d8a1fda5b1d01cb1f1597f2b71b343b59b9fe99ec7123fe48f9a83f93c0880275c19969523a8bd56dcaa |
C:\Config.Msi\e5d1fc6.rbf
| MD5 | e9e2502356902589e8b0b86314294f30 |
| SHA1 | 44a972c0ccbd52ac6e21f2c0cc1dc81907b5e7dd |
| SHA256 | c1fb9faa66ac74fd4094538d83afa96c8c3a5bf7f30ec302b7ed1ad1f4d99b25 |
| SHA512 | 7e51bd97735028dd90e855d8e661e2aa8c9e859e2b4c02475d65ba67eab8cd99ce207795e9a6eb4b146483852bd90255feaabc7b50534a7efc43bbfdfdcc2849 |
C:\Config.Msi\e5d1fc5.rbf
| MD5 | 967be7e7a5e3cfc4902a4dcd26eda18a |
| SHA1 | f0b364113ccd380a256a3f6217b8795300d0fe30 |
| SHA256 | 071549c2a67ba11cb90362c3a60b904e339c66d33add4e0fdaf348f17365695a |
| SHA512 | db437ef46aae9b0f45bd21958397c163f2c55c85bda25215af041023c63531ae3e0b62fec62ba76b70c6a297b928fb7c8a79ce82463ade93d22a6501b756ccda |
C:\Config.Msi\e5d1fc4.rbf
| MD5 | f8354171db5fc4506cd0a0b9a3c9eaf6 |
| SHA1 | f155f11010d91896161a2818815a1dc32f183731 |
| SHA256 | 6131d4341986952f7343eeb984544a17bb5f121e1b24ad572ae93d928f9179fe |
| SHA512 | 10aa970372b956ee7d018b4d5d8bd7faedaef20b83ada551e7a260730d5a642c9ea13548743ebd470f5ecbc7a08ddead828c41e229c96538d93d3f0ea7cea52b |
C:\Config.Msi\e5d1fc3.rbf
| MD5 | acfd9dff068c374658366e397a5695d4 |
| SHA1 | bbd33c62b022d3592e0c2a67144070ff4e2709a8 |
| SHA256 | a4d8b8a525271bfa836744b7705f0993ab454d9a153f81b3502cc62d9284dbfc |
| SHA512 | b2ca941ee0d18bec576ba84e09403cd8dce41b9017134581f1a2e2babe25dff99e9f172a6e9764ca6c58d5ac679405883640e2b7bd108cc0308336098d9099ae |
C:\Config.Msi\e5d1fc2.rbf
| MD5 | 9184814c35561939e4b0ad91788441f1 |
| SHA1 | a5281447d62fb3acb7915e757c68b6c29ae69adb |
| SHA256 | 788f42981bf0bf25f0899d9e3c19a0d6edea44f9c1f9eb616160de99b82e8d27 |
| SHA512 | cdd744fa29b63922cb112d645badfe59176bed7a5c2ec12e3e8d095ca2401588565f356aea4a1f40157434fd8d20edbcfc92febc4fc33e4a13a20abcd38ed199 |
C:\Config.Msi\e5d1fc1.rbf
| MD5 | 6a5ee23e3d7b67dfc39ce1c085d8c654 |
| SHA1 | 6f9c0d88df3df2cf86cc543822b2e6196e849b15 |
| SHA256 | b40f265fe31c5dec0943b2d910e997ca1840ee290912b814eeab333af71fbd48 |
| SHA512 | 2d0cb3ada34426ec079933c96af4e3e67795cba52a6a78b520b7c7aa02a7e0eff53a33da206c7843df42a257474380b3014338c2063dc8848edbacbc6cadbbc9 |
C:\Config.Msi\e5d1fc0.rbf
| MD5 | 97cf058f86fa06f7e5893211dca28a42 |
| SHA1 | 17bc3e8fdc48c24ca60d7b1ca10acdbfbd8b5e9f |
| SHA256 | 742530e55d505236eae91ac26a923b2efa8b454fc0b449ba43f1d6a28ac5b52e |
| SHA512 | 84df980720e846a8a3651d62f2639108818d18db139c6e0b41acb0ef4642312e11689bb6971ef778c1638d8d53430571eb8d560061e6e8c0cc13c1f40b35fcbb |
C:\Config.Msi\e5d1fbf.rbf
| MD5 | af6ae18e360ffca6c0ceaeeebbf6d8d4 |
| SHA1 | 0b4ee1121e9070e95147f6c1664f23a9c772ac7a |
| SHA256 | 9ae57781418fef37b51dcbeabd4e26dd82a35c3aa2c15917cb98656889d3c7f3 |
| SHA512 | eee57abce64bd9b1514a5a3a074948547725e78aba19e085b53d9e8156613a1ee30e60fef77429844ec4abd22ef02c45fe9f31aebff0eb7925e0a62e2b4efad0 |
C:\Config.Msi\e5d1fbe.rbf
| MD5 | a9762e02d260a34b79fdea198f3e82d6 |
| SHA1 | 5023fc4a74ce1eb15893cf0f724e658c9c5236eb |
| SHA256 | 15cb74f02499b76c42faf72e6364392bfa997d0b2668016bec69dbd7d0571578 |
| SHA512 | 61aba378b6a2533b9f67b4f46a2873fb08be4fe55c0de18785cd1720f4041aaf003ab0310a1d7415d8153508789ceaa82fd1b0731827f75aab41c5962c905502 |
C:\Config.Msi\e5d1fbd.rbf
| MD5 | 2cf01239384af6de8b712278d7598e90 |
| SHA1 | 613cb264d8628008809878154f6eb17f35031c04 |
| SHA256 | 51a234186dd5e1087a7ecb79bb8538767bd4bf46c645e1a6e83f972de726e95e |
| SHA512 | 0e2dc0cf2d2925895af2e5fb918f0c171bcabc6dfb8c094dd63ff7df535f776ff2c3ab89038ca5bbff0f4c02d8474055adfe3609c70d97870c46504f7bb871e6 |
C:\Config.Msi\e5d1fbc.rbf
| MD5 | 15caac1ec79f05d8aa62aaeec6903e8d |
| SHA1 | 1990604b5491cc83a73f592d1e70b41be5a2d998 |
| SHA256 | e485f4d3468410e989c147c9abeef742c57650a794e0ff18c2902eb976d25cc2 |
| SHA512 | d418191828c8fca0a4d092d2101191fa5afdeff417cc4c9f1ba02795e3e4981a3ea3b0478c6abc00e284f95c5529a686411b90870569bfcbca15fba61372d402 |
C:\Config.Msi\e5d1fbb.rbf
| MD5 | 0da2f7810a668012c630db3fa8230499 |
| SHA1 | 9ca963ea4e3544609741308d71863bc86a0c0ceb |
| SHA256 | 4d997a3892a9fcee4bedb3f47b91f068d6ac823c5ee5f00d1887634e438f41c0 |
| SHA512 | 57e214fa9ea204094bed5086d6542a32774b3f234edd93d6f9eb364cb7a0825b2056bf2a299c65f8395545fe7f5e21869525575dbfa3c0b35c796f8de6c543ee |
C:\Config.Msi\e5d1fb9.rbf
| MD5 | 4f94bf5157da351f7d0089a0b72b1ad9 |
| SHA1 | c61d8fb8801a3362fcb8eb539003c996cd94e9fd |
| SHA256 | 257b042bbab38406cb720fb9b2275828b003c6be15933227ceac68e08b846412 |
| SHA512 | f75d0365f67ff6632c8d1a3745e8e8eab55b25a562841910320dfda967a5428a5afc469a211e90d7ac78930fd55e0597b11aaf15cec5e57c0f22c02da53881d5 |
C:\Config.Msi\e5d1fb8.rbf
| MD5 | 4667b1d3fe384b97a94deb1553af2174 |
| SHA1 | e14902922748fffc1f65cb299b52c114887b761c |
| SHA256 | 705b42f6a55a4cecd347ba954089148572ba9fa033e5a08dba176b652488457d |
| SHA512 | 3f2db08d7fbf8f6042f7ff1001f20df3879402a25e7d3b8bb7270ad3be7216ac07a8ded7cd62568d6292bcf3828286105e1d9b87f21dc3e1764d0bc20985a8bb |
C:\Config.Msi\e5d1fb7.rbf
| MD5 | 5062f0598bc909a99bd21ff77d3421eb |
| SHA1 | 4917cf83d7e3ebac3fbf3e405c4dd633430cb98f |
| SHA256 | e2e634f5552e5214c79cdc2a33672f2cefda7c73fb6d9c7b87916130a969c4b8 |
| SHA512 | ed1d812cdf867b963d0a9bebdb6d63698bb107409920ccdb770e197815f5d72b35cc8c1e3602d4b5c63adf06c0d9e125c5a5ad6eff2da22df373b06c7c88be2a |
C:\Config.Msi\e5d1fb6.rbf
| MD5 | da8a2cab1ddbd3fa6cfa43c0bff54348 |
| SHA1 | 45268d28d4e628781f65f08612394ff7e0d38720 |
| SHA256 | a19e7736666470a6eda6d00473cba753deb0e8fb40d3311daf3c50676040e200 |
| SHA512 | 18be388c509985137e34d4ccac72e60dd726f9c64b76e25988b7c91b3a306f1d15b21546face19ca087db02b0949306a554a889e3832a39c83f5f3686dbb5b10 |
C:\Config.Msi\e5d1fb5.rbf
| MD5 | de2943783e864e16eb161a507dedcd3c |
| SHA1 | 577774c71730c72d22a80e5d049073fc23f8023a |
| SHA256 | 6aa7490ae4134caf546322c9aafdf062082536e1b4c8ed063c8bb5f93cab8afe |
| SHA512 | 00abc7a380a864e808e2b0de3dfa5555b0bc691b0d8153bcf24935495b21722be21f9143edc67c7a0fe69f9e3d1e6ebb3fedd633efe439e6b58c1b5594c051ec |
C:\Config.Msi\e5d1fb4.rbf
| MD5 | 91d3ae6b71705330e73ca4159817ff4e |
| SHA1 | a941037aa373a426e73dfb853526f150ce4457b0 |
| SHA256 | 4d16c2bc77cc45c596dabbccf24e51b8d6b47c6582d540993856337d9c7dd6ea |
| SHA512 | 8866140622e9241bbc2a5f7f26f659b7d2dcae7890c6ad357f76afeb5b96e6b30914b2b223906cd1f2b29eea27e885e33774782cd2c3b688aa1da72ee61a56f5 |
C:\Config.Msi\e5d1fb3.rbf
| MD5 | 4da7266720463186401b1ee9ae625e09 |
| SHA1 | 040cf60bc1f52402d10e0b898e38b907dd9d9ba0 |
| SHA256 | 2ec5d00d46355af4cd7d06a00745e726b87c329d090e0acc02f767e75c60601b |
| SHA512 | da22f8e24f5d59232adf9e77914d65a82ec2bb1331a83f72c2d45f8e6e27de3bf113173ba56bcfa40e95851f105bfd941cf63392bd6d4fd4a9b1eba36087c091 |
C:\Config.Msi\e5d1fb2.rbf
| MD5 | e8013aaa8fea097b88d7021039154ed9 |
| SHA1 | 4866c788df4739c011e62f3634989e8959832730 |
| SHA256 | a3334e83a418db4f304a621c2a498db48c0f8fe21f21282cc61e5ee9b80c1370 |
| SHA512 | 8614a03a87b2c06d1d2e577def16deea927e010d0f269f37613b9b737edf72350a5457b22a82d96ffd6d02747bf70116be301f891a0b103214ea3a8263cce32d |
C:\Config.Msi\e5d1fb1.rbf
| MD5 | d78266c35a0ed4bb6fb2f6683c8a6e68 |
| SHA1 | 7ebda40cdb602b20323e6e7d24f28f25a931b11f |
| SHA256 | c68b82408df6d0e6f7c7ca0a5e7d1c80af6cbec57788570bea58efff8053f306 |
| SHA512 | e60ae6b2cd22614be134d06ce823bc5d31d0aaf1f01dcc4fd0f6021bd307609e8d2f47ebf8490d3bc33f0b225303b63e44f09384bc3804494f595e876e673854 |
C:\Config.Msi\e5d1fb0.rbf
| MD5 | 6d525c5be39dd69154fb0cf297fa9c1b |
| SHA1 | 48b89a8803b7020d7a0bc5dd760c261b2dbb87bf |
| SHA256 | 82a7761c6042176cf97947da1e910ce8a320fa7a17dadee2a115ac5f34cdc744 |
| SHA512 | 0a0416c8a7f967ea869ffe2fe77535cdfc9211d78fbff89e58cac0a4cbc38ba182fb3e88f4de3d38c010f6222ba52f8f10e3f58b4d13e5c7438f9a81a8f871ef |
C:\Config.Msi\e5d1faf.rbf
| MD5 | 2408534b8cefaf5362700e8afedf070d |
| SHA1 | f197be5f143eae025a5c40837b8432e89b8752a3 |
| SHA256 | e89e45dabc6a2422cd5f523d554d6314cf9ecec2238e26c6d8f63f040ed9b6c2 |
| SHA512 | 94b78d6d0b597fe9b69d438f4ac3d0855ccc9c684a28070bb9e2cc44d171b5047b8c3da03406a05405c74ab56081dffbfe84478064b0b0884bfb6e415c3159fb |
C:\Config.Msi\e5d1fae.rbf
| MD5 | 7273fe5d0ce6473e646ba240e3fffc8e |
| SHA1 | af11a7b48bde2b1046779147c84d3287a469639f |
| SHA256 | d4e738f4e3d39e7001830f71b52836a20707d14269cba22f34f3fdf0436981dd |
| SHA512 | 9efc625c42ce99028297b23c78226264c851d74d84158c2221c2ff9faffd37248a3977461e9fc021e25b903bbc11ec475178157bf9fae9512bfe39eb98404a6b |
C:\Config.Msi\e5d1fac.rbf
| MD5 | 224d8b3ed1cc4f5b32e295612f1c263d |
| SHA1 | d84f00249e43dcf21d4e68c1b2b21efed5f3c267 |
| SHA256 | 20e49d3119901517f055950021e922971cc65578c4ea2898593e29becafd2676 |
| SHA512 | 87f9a1d17331e85a3df58fcd92e65a60f7b1a74eeac6c6707aea56fe7dde578f1b09798dc3f7a7c0a4b65696524793d7121b19d27902ecfc215a3233128dccd2 |
C:\Config.Msi\e5d1fab.rbf
| MD5 | 846e77a9f3c6bb2ecf5518d470b2b908 |
| SHA1 | f16c73c5b7a4b0a596ab41472a246faffd9a9b01 |
| SHA256 | 17a9b9222850ce3e6786cedd7c698aa145453b37cf8f03d676fbd89f70afa072 |
| SHA512 | d94115b82c4abb4570a821919458fb2f322d939928fba6f00fedf139f489f358004de4db3b58b4fce05afcaabf7fcfe9e51c3cb7d0f6f43bebc56c2094086941 |
C:\Config.Msi\e5d1faa.rbf
| MD5 | 574d91266ee9fa03432cf50da30dd232 |
| SHA1 | b5c48a695fc376c174a79954a6d49280178eb4ae |
| SHA256 | 6f262bba82eed8a8d69fac44e491b99cca2d4cd448166291ce2186833e730a85 |
| SHA512 | f052ec088a703e50c893decd7f88c0af2b36251dfc70b08e513d55964d1be299f0d772d52e71bf0aeb9abb752eda156767b8be321320e1c60f78af285b33aeaa |
C:\Config.Msi\e5d1fa9.rbf
| MD5 | fda48714f6a291e25a1a219e89d59d9b |
| SHA1 | c1e8ddfc64995c0acc48623f30aadb1448bca62f |
| SHA256 | be2885e897470da3778a661158dc21f32a4aada769996abda082cc4bb6030086 |
| SHA512 | 8508ee381bfc5d2491fdd9b14603003264441222984762d14f06440afbc2cc88d80b95bdbbec4089127ec76402408a60b850e1f46ebb5bcda5aa3ef1b6ce70ab |
C:\Config.Msi\e5d1fa8.rbf
| MD5 | c1e58c73d935540d0673dffb303aca5b |
| SHA1 | 2a95a12c512a2aaf29587db1ec4271cb92846bed |
| SHA256 | 3d004ae76cdc99ece59a0dfb980182a727635459eefb4590d8e2c80ac3115b44 |
| SHA512 | 471b7f432369940d1854dfe50a71e06df25550704efc4f83c60815bc017dc19f875e2ee3733a9750de4e79c6413db59e762df42777b945d0bc045893604b23c3 |
C:\Config.Msi\e5d1fa7.rbf
| MD5 | d2bc82e2f203cc4778ff312475a1d37a |
| SHA1 | 2da7e8f3e8e4189acf5624bead6b7b983af17e5e |
| SHA256 | e34e79770b6a3a4ad1583c9a90ac12aa4348ad134366c0b0436f00162fa41734 |
| SHA512 | 976b018f717e45136be48ee8b4ba2593f88e5ca3c6d14602621d2a394d13bbbd6e707ee3a611442caadc3f5f1ac1a8de87b0407da8178a74d25404cee3d9657b |
C:\Config.Msi\e5d1fa5.rbf
| MD5 | 0ed609c8782c37c67a5ca7233f08d103 |
| SHA1 | c286345aae83608005c0e20aa000acdbfabbdac8 |
| SHA256 | 10913008d1befd194fc4c96cf0ea20112e9e075974ff5420557141b7ffd5198f |
| SHA512 | 92d4547b36cf76823bd9658cc8476afa33f1b20425fae2bd05ea353b6d4de6929c5b72f10100aa1b11493c177df0526aefd1e7d3fabc10d848b88d9f0a382d9c |
C:\Config.Msi\e5d1fa4.rbf
| MD5 | 5f0934c524364c1e1a77db8ccb832c5e |
| SHA1 | 848eec26bf024a7c350bdb02d0e92116a4882b76 |
| SHA256 | 82589b2d5ecae5ddcda39076a33180b6cddb7f54a0cffd4329087eb1f507bed6 |
| SHA512 | 1ac672272b16a6bfd3977886fb773a21d8606a873478ff036a462728d18b59e9c68a08606e1f869b7e6606416b74c90c72ff9be33036371282564b0d3723a222 |
C:\Config.Msi\e5d1fa3.rbf
| MD5 | f8d11c60b70acd2ec9154ee676f615ba |
| SHA1 | a869fc75f44438d9207511dc73bae976f558ba6e |
| SHA256 | b342088c8a4403092703bf40062041265e12edd204aff4f6532226478a65cbb2 |
| SHA512 | c4c324e22ff7570c6d9a6fcd5ea3bfc4917a404110b3e202be847355c57c189096feb5c37c0a36c541f4a9d9e80bb1f1bc5db3f4146e515ba34468c5547ba907 |
C:\Config.Msi\e5d1fa2.rbf
| MD5 | e1eeb7e26ab04075eecc7275239b20b3 |
| SHA1 | ba62b37d4233b88948fdc2ffed08f3c82e8627f1 |
| SHA256 | d6cdf961c6d2712fe1958815e51a30960d79fff1e97788b7741627dba972e8f7 |
| SHA512 | dd64909c983794c8ac6c33b74711a89b3b33e4429bb5a3a2a2b4e38f5d74902b1589a97014a35fbaf97b469fa57a11314c02d68e1db0934de5244308699fc262 |
memory/2584-1755-0x00007FFC077C0000-0x00007FFC077D5000-memory.dmp
memory/2584-1757-0x00007FFC02EA0000-0x00007FFC02EDA000-memory.dmp
memory/2584-1759-0x000002909EDB0000-0x000002909EDB9000-memory.dmp
memory/2584-1758-0x00007FFBF1210000-0x00007FFBF151E000-memory.dmp
memory/2584-1756-0x00007FFC02640000-0x00007FFC026DB000-memory.dmp
memory/2584-1754-0x00007FF74F200000-0x00007FF74FC99000-memory.dmp
memory/4384-1768-0x00007FFC02EA0000-0x00007FFC02EDA000-memory.dmp
memory/4384-1767-0x00007FFC02640000-0x00007FFC026DB000-memory.dmp
memory/4384-1766-0x00007FFC077C0000-0x00007FFC077D5000-memory.dmp
memory/4384-1765-0x00007FF74F200000-0x00007FF74FC99000-memory.dmp
memory/2584-1773-0x00007FFC02640000-0x00007FFC026DB000-memory.dmp
memory/2584-1775-0x00007FFBF1210000-0x00007FFBF151E000-memory.dmp
memory/2584-1774-0x00007FFC02EA0000-0x00007FFC02EDA000-memory.dmp
memory/2584-1771-0x00007FF74F200000-0x00007FF74FC99000-memory.dmp
memory/2584-1772-0x00007FFC077C0000-0x00007FFC077D5000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | d0df793c4e281659228b2837846ace2d |
| SHA1 | ece0a5b1581f86b175ccbc7822483448ec728077 |
| SHA256 | 4e5ceefae11a45c397cde5c6b725c18d8c63d80d2ce851fa94df1644169eafc9 |
| SHA512 | 400a81d676e5c1e8e64655536b23dbae0a0dd47dc1e87e202e065903396e6a106770cec238093d748b9c71b5859edf097ffff2e088b5b79d6a449754140a52ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1c40119360398d5128c622cc606d125a |
| SHA1 | a31203350eb4459d168fbf3671952677e7c360bf |
| SHA256 | 54cd1b9701b7f8cbdc686a08a11bc942383de7c0e8277a8bead9215e91e5f76c |
| SHA512 | 03018eed79ba02a3c0584826f6b973ba64f66364b07e7f66f21075396a99b554a73708579d3e610c8cc539bbc89957b8b5cbc82ece9bf9e6c8ae1bd9f9bbe4f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 33c1cb8f8317446199c2a34cab0eed1c |
| SHA1 | 657da3f08bab93762e74194f264ddc627b295b7a |
| SHA256 | 0ebe141e4415a760f37d5e2aefbf5d4e8dc96d25e8b9588a3f1699d63d69c7d2 |
| SHA512 | 5e56974d24e08a1ea9a22329ace71f893f314c2b09911348ab5675bb8e98b7de0c9d089ab4f99ab5ac035847421b044c9f00301a40dc19abce91a8b7638181c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ca48deb021926ca6ee8e9edfdf442197 |
| SHA1 | 6ac1a84f7e2937226e7879b8a9c50fa430db5752 |
| SHA256 | 919b6f64251052cbb374724e3c2cd435d5fd8fe031f6920ba5c14a773b1ae8c6 |
| SHA512 | 68f9f8b02cc1e76ede115a32a04ddc6a0f81f1a6c101cac81f5b57084a5d9a82b75182d8f072ad627c87daa63faab324445adcd4997920317a7d6ce58884744f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8d09cfcb801bb92c2c92e752c4ca784d |
| SHA1 | 24eef1a02c50a29f0c6b49960bbf16a9b8e6e03b |
| SHA256 | 345e1b9507b32c228f35ea8821eae6cbed09dc494495f12c2bfb03880d36443c |
| SHA512 | 1712998d15060981d62611f9e038c2a2e8db55bb27628abad2bcc1e209fb306864a0ff1278939daff3f975c7a864e8c374b50b6824d703be373aba1ad46afb9e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 51a88a4b3bfae884e181f90f8039d90c |
| SHA1 | 24904c37d9aa74798e22ebba0f0403721a847f8b |
| SHA256 | 54079d8d6e85504d24b1df56b9a5e6b93bb5946c3c7fb55e498ac5f0c4f9def4 |
| SHA512 | 8a171d98010bf83da844dc3c3cd55b1b220de5d655bce4848a49a0e17beacdc9d36914c3e4368b5b00732a23a999cb067bb58e817f9edaec2952c3472ed239f9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5cf0aeca-fb91-4ce0-b698-d03bd02a38f8.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4d1e8f9177b25a9472f0c1d0d54c6389 |
| SHA1 | 5503fcfddfcdc7fe448d977cc5a1baf90fc669fd |
| SHA256 | 4c5d0a04b7c70ddafbdc2522d525e8a5e94faced526b0351cb3f6459a5b85509 |
| SHA512 | ac9540e580d4512d499a3850be3742dab4c73bf00336fa524546b2ae088638db022e97380f9fac3091af84af3b9ac836eb1e103c77adf1908d3c163713f8f391 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e1351134a7565b7dbf194230552b50e5 |
| SHA1 | 0ffc2c5d7dad6935649a3e8b717ac76b7618333e |
| SHA256 | fbdefd686be9de740f417713a71966eb06856960e92c7da1805349a634fa3c12 |
| SHA512 | e390f3079c806ab26c2984e8b81d0917ae2711eb7abad4f81d8a5040e39d68d80968b335f02e066b55e816fbeb26ecca8140aca31df1a6d8cf5935d46d0c14d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e571149c405c574c57316d79b362d059 |
| SHA1 | 2ef90c17afc9a2a746cbb686f1be05a561eeb00a |
| SHA256 | 11d0dfd00a87cd918283d1a963d0f77ddf0057d61b167079179e3317a41a1628 |
| SHA512 | f5125ed52a39ab1f038c8019f5fd7fcde8dae11de25e39f46c6dfd28bc564da7c29ab227d39201d2e1efa330c1e7d9ff41df6b1208524c131ebdc415580737f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7aa157751fc09ecd2a1a43a96b088a38 |
| SHA1 | dfc51d1eb98587aa3f1ddf51b3a3f6930f26b098 |
| SHA256 | c4bac13f4f394294d3ec69cdc2f8e1848b4b04b9b5e6f8ae416c5af443cef1c9 |
| SHA512 | 92a4fa7897bf6e1ae7b8c0906998e8cc69e8487d34598586a36766e8954c504caf2a2b00753ba0543ed596b1a5a111586ab6778305ca6f927587e3a2bd4adb91 |
C:\Users\Admin\Downloads\ChromeSetup.exe
| MD5 | bb7b0398253a1aad58a8fedd4e5b0b6e |
| SHA1 | 8f8486b6ce62b5af6f67a4922036713ec3e5c0f1 |
| SHA256 | be8f3c1f53deab9832b7c5ad4b2e2140ce7bbb70d9d4f2cc24d6c749e77ec4fe |
| SHA512 | 310bb8b2dbd9585382cb974cf54c6914fd7a8af43f2e463870ff08d7a772eb887e0112be44eff91d14e03da7a87de920418b49bb3b857f16553a2df55259ad34 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0a7c05a54e03e63aa722f48f03088c7d |
| SHA1 | a1ec2eb787323c91d08b7d433474fd786e35c8b7 |
| SHA256 | e768aaacd54f193f58fb640f17cc5b259d9d16739ce4a693730f56784a66791b |
| SHA512 | 266bd50ceed09a460d064105156f80d76a351a48ae78dc545b93de52dccbd2ac4cdcda19926e4158cf92bdf0b1556c072ea0dd2272b815188352ec08816ae9cd |
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json
| MD5 | 7136b45ffcac6b52d6873f2864471ea9 |
| SHA1 | 7afb956fccbfa48ec7fcac07cde0f6059a51a534 |
| SHA256 | 78f60448736dd9d298a2bc503571a91a8f0c342e95ff8cc589d546e84e7384c2 |
| SHA512 | 66755a95e16371a527df8b702ba8d686a08678aa0d3257ec4775c5fef8c81d422d7a6ce8aa1fa1c150ebe02f14a0df23776dabc42b6da5ed83b79be956fc2ac7 |
C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad\settings.dat
| MD5 | 496d4a726703ab9ce687346a24058ed4 |
| SHA1 | 602881e74ef717285ea4e7f53c0ac444e0b8d577 |
| SHA256 | 13804b4c2f1f039e306ca26a3385a8b269da3960e8b6fb53c4899e67e97ff3f6 |
| SHA512 | 2849033bd0995155972239172d28459aa440bf852497380496691d57b7de3b0f684bc39829ed93d8126ea19b854f3c30ef0d5d4710459da21a7b9d5909a97c65 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fd523a4940112a8f8024719dfd387cff |
| SHA1 | 5985f5be7cc0dd4ab34e3614827d28e58516c481 |
| SHA256 | c417e9aebc89617d1cb4c1e671b579f1ad25fac77fc3040f78d2c39826cba996 |
| SHA512 | 69495259d4dc95fb13e5a840b6fcef35dc77c52156fa606f2954a02f601565af3774bb2ab3f6adecbaf2e40a9d8f18c8e3260812a9dacb2c806352158c711df5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c4646cf36edcab5fe1a938cb24fda50f |
| SHA1 | 19201c058c67460c67f2d81fd3f2672dc326c25b |
| SHA256 | 836eb19c36f657a9991383feaaf6c258838915fd8af5716790342ca828959798 |
| SHA512 | 72e93de911a45d3cc52fc96ad3d5979830d049794b57d9f13e715fd2d2dc52ec7772d154dea6fee7dab5080509716acbfdfde9a8071abc359f50b618d016be43 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ad2ca338254f809888f8b4dde3f9c110 |
| SHA1 | 83aa912e0b7e33bd8f327d8f302142c875ff6bb8 |
| SHA256 | 773b9e251938f434adfdd2d531bddb9cba2920e111cd6a8a0ca559cc943467f5 |
| SHA512 | 69b57c9119de2f35d4cca1e2446e1401b3d2da7d89aa7ba68b25461dcc68cd5f2f8ef7118881b5d6bfe0a6c4c47dc1328269fead4f22fdb5929c9dd39282d3c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ec068fd88dfabd534671a910aa4b26d2 |
| SHA1 | 7056a7e29010eb0a413db8a67f487a3f5f1ed617 |
| SHA256 | 354b73659fb6f1950d6b35de14304485e608d750c91cb066200df264ee621501 |
| SHA512 | fa4794001a77021479597f4b69c3f23a05dbc65692f7d7157fea1ec4abdad73bbda68b8b75cdbfc0de836034a1f05c952f24d07e6d0d1dfcf318397008a8eaf2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8751c5ce8678f8d9b446643b79cb56df |
| SHA1 | 263702d8a1b8864e753be67043a9994278830fe4 |
| SHA256 | b82203ab8c749afdd4e65408fdc299f5ea14553de1a1c93fd9b4a9bf93371421 |
| SHA512 | dfede0edd8ada3fd7c4bc1c5aea7f5825e0ceed6e89e74c8dfbc8d761a94c3ce46f58d3438257ef310e1b7d89147ed3101dae7566c9813e6199323648240c529 |
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json
| MD5 | 4caf5d0f8d76777e821c67e5b203122b |
| SHA1 | e75091fac99cc03ee3a3e8a549bf7754400946bc |
| SHA256 | 239bc74d7c3c57160441a4338f269435bba9a3dfbd404bf995b84e7fd67a7327 |
| SHA512 | 3bb7eb07d6fb040053604752715e3b216a466bcd04f91e96dc043d1e3a0ea501d8b5989a7f5d32d280ec7cbb1fa3f73da0ff86512369215886321e19b350336a |
C:\Program Files\Google\Chrome\Application\125.0.6422.113\Installer\setup.exe
| MD5 | e8e4e8f66fa72b10eacc18ff5ce000ba |
| SHA1 | 9064de09632d155e2acf236d54c343f276bdf79a |
| SHA256 | ac03c7f78bc590bf6b400c5078a7fa6b1e61d3935cd591868f7f73fff930e4b3 |
| SHA512 | 7fa4768d6043a4fbe38ba70947e9b5bd8e4111606ce673f8b0ee7dd3d95ea9b3e6dcf0f96bc55634c85a1a3f6a4120ff7461a3463ca36133f57a607bef49b158 |
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json
| MD5 | 867a0be11b63337e930ce696e237a80a |
| SHA1 | a73055a00b0a1f7fddeea0c128bd3a48ed78e1f7 |
| SHA256 | c199b14484bb3a33a56e0e809de9be737fa68240ae5364551ef1594e2a108bad |
| SHA512 | 9e518ac145762dd8e89903b87122ac05d2adc3193788510043b6eb6ac94e787055c6e35133bc8e947619a0580736fc5728bfd4745a53a7de47347fa8ec098d51 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | fe5bfaff6705c536ccc3ae592950e155 |
| SHA1 | fbe8b797c59eab22d1a95d5beab9e0f23d4dbc37 |
| SHA256 | 8bd8532d0c48e662049e3b6dd4707a5e3bdec3a8b0f07a4e062678a8b212d78d |
| SHA512 | b8964699919b23672a05c1d50bb2f21f5abd99254575f46dfbaff066e85940bbed5f338c6e658953bb78200d8122c55071aa454acc0ae884a33742d5bd625a29 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 961e3604f228b0d10541ebf921500c86 |
| SHA1 | 6e00570d9f78d9cfebe67d4da5efe546543949a7 |
| SHA256 | f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed |
| SHA512 | 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b3b664fcf955d3fd971948f2fe38237a |
| SHA1 | cb1821c707293c8a1197ea1990ff0850136b5a14 |
| SHA256 | 1a652bc309d4cad853f7c1dba813cae2c9b13cbe33748639b0a6a9e9ba652911 |
| SHA512 | 86a127ccb9e75d01a822322893214872397a178e3154664079ceb8d5cd06b6f744e2305e3a23f33b5b1c4cb672a701076340339d05530ce47e036e4943623a0a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ad1ce7afc58969be514b76b943c17fa2 |
| SHA1 | e478c171b6c7f7c03ef7846c2710f235bc89415a |
| SHA256 | 9937f92e7d57a636a67ddcc00c3104e81a85719beaca4d689ded724d29c1b602 |
| SHA512 | 56698b6ca7fdf5bd215b19eaa838a44aed6a0fab9d808f7bc03b160b7940e4403cc55947bad31eece713735213a156fd96222dd355cb39669d6947b3d70ea9c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico
| MD5 | 505a174e740b3c0e7065c45a78b5cf42 |
| SHA1 | 38911944f14a8b5717245c8e6bd1d48e58c7df12 |
| SHA256 | 024ae694ba44ccd2e0914c5e8ee140e6cc7d25b3428d6380102ba09254b0857d |
| SHA512 | 7891e12c5ec14b16979f94da0c27ac4629bae45e31d9d1f58be300c4b2bbaee6c77585e534be531367f16826ecbaf8ec70fc13a02beaf36473c448248e4eb911 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb
| MD5 | 3433ccf3e03fc35b634cd0627833b0ad |
| SHA1 | 789a43382e88905d6eb739ada3a8ba8c479ede02 |
| SHA256 | f7d5893372edaa08377cb270a99842a9c758b447b7b57c52a7b1158c0c202e6d |
| SHA512 | 21a29f0ef89fec310701dcad191ea4ab670edc0fc161496f7542f707b5b9ce619eb8b709a52073052b0f705d657e03a45be7560c80909e92ae7d5939ce688e9c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 07bab8d0e6088fdabb9f35b689e8cea6 |
| SHA1 | 2bf2ede301f80494c7b6ecf5ca12ff4e8b0c4bf8 |
| SHA256 | 470377ab8ec868dfc1931e17d21b0e5448b59e265525195c1a618fba8da638e4 |
| SHA512 | 9ae44a167112ed6a67cbf275d19bfae36e362ebce34a2b7168beb56d7cd3ad979322206317a9065b1f83a67e38a21d73936dfca0dc01328decfa6e99e832a31d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9a0ddcadf44ef8bf2a3b4fc491a98f57 |
| SHA1 | ad922a4f936590a99167344d4a9cb76781abfce4 |
| SHA256 | 85f65213ef6641625da51c563bf071a49390c6969a3a6a8e8ee1fc1ee70a9e94 |
| SHA512 | 8cfee95ffe97d1ebfdf30f89160b4b0b067d825045bbc05c0a0be3009137c6c4a5d5f829be39060fe117dbc833632a48cd082ee109a5c61fb58bf5f2076620a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 02daffc6dcb07877051caff531c65fd9 |
| SHA1 | 53f971c6471031791fad581e101e383a4198b960 |
| SHA256 | fd5ff32c6f11c05af9cab999aefe9d4f8ae59f89c09b0e03517b2131615c74b0 |
| SHA512 | 154dfc2d02b38505d974c46c577d393869de86d75766fa9a86576cfd80e0e3ebb414422b0727729390bf36b3a873bcd62e62dc774b66850773e08de6506cedd4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4c0d8fd6ec4868ea30898159546e7aa7 |
| SHA1 | cc4394cd2029cac6f5b50ca34ebd0ae8e94200f1 |
| SHA256 | efcb52528a53fc0e531452e5c820fa6e41057cc4af02545aa59639550474b2ba |
| SHA512 | 865df43a3d79e9365fb23db25a6c35ee31f85743de36d54f1e0d34b83ab15cb8e033be8cd6f06abe812ab3f8a916d03c12c409f275a3e34f55632dbc697ec6e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\wasm\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\DawnWebGPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\DawnWebGPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\DawnWebGPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\000001.dbtmp
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico
| MD5 | c857bae5a9eab59c2f5080b798de919a |
| SHA1 | c2db3057371e0fdef3ccc33b511b76ac41bd72ee |
| SHA256 | 78a819cebbd01fe4fdd106df46172a0b254f6ed912bfa12ee8959f744feaaa88 |
| SHA512 | d6db75919dec2fe780822906ea4c838b7f2f0407dee66165b6a93e7a0338b0864056aa6a9421a06462eaf330149fade42fbf77ca714ce9b4a5318941a7724413 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\64.png
| MD5 | e6671b804d6013a6706ea598e2d854c5 |
| SHA1 | 40e4f401fe4afbf7bda49a02fe94f5308868460e |
| SHA256 | 57d5cd9fa59f944ffc78ec2a12633a79e2f923124fc50676ffbecaef5021b4a9 |
| SHA512 | 7b11a47497ae5810ec4c7038ebf8358f03d79126886feb6daffd92d116fd606f530ecced9c3d635c0f57b9f9eb80ed9e8fa4eb98b029f9fd798d9b89ccd279a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\48.png
| MD5 | 1625c1dd7bab831d8ab5308a1a71d525 |
| SHA1 | f1c145985a7c8c18891caaba0f46729bcbd1f63b |
| SHA256 | 9bdfc3aa03d4e41b0d83862ce02f9fe7fdb55a492280d86d551b91a24efd47ca |
| SHA512 | 75079bcb02482abd10b121d81fe39607dcac17bb3107ca274c549b570bb473260dfdbdd13df769b1745425ac5433a22fd392a2a1d815897e0c2091b787bada8e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\32.png
| MD5 | 60953b3aca67505c2c7ea1a902e84d51 |
| SHA1 | 5e6a8e04a96e36306c66409edd4775a606f13f54 |
| SHA256 | 3197a2ac164c5bacb65f02fd9a6eb9c0a533fdf3b24f43043bbe9af65ed6608a |
| SHA512 | 2e65ec84471c3f703617171aa32f1a0d6c57d73e1d5c074b92d20d580df78e7ac4eef5ce54ab7defd0027bb38e33c44a6602d3e123a2fd310e514af0f5b38086 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\64.png
| MD5 | f2222b9d8dea52f5ce7d75378de76037 |
| SHA1 | e3b266fca2e5bf8bd82a62791902e879af7ff6fd |
| SHA256 | e895cbcc424d6000a15b21d7cc9dec96deb2403a1469761ba3d9f11528c215b1 |
| SHA512 | 74b947bc915c89f27954b5d0c8c790316ace581a20f7031aa91af3d95303ff0dd8cb4c87d3746ef2b13f76e0e8bba1b5b4a6916f3230c0514164fb1700640f66 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\48.png
| MD5 | 815ddced6b03c8a62cb590ea4585fcba |
| SHA1 | 9f7e8cce2319b15ec63d89f837a173bd247e6998 |
| SHA256 | 3339af4538fdfa40bb438469e35f6b7668d5c5ac93db0ef4a9e2fbf9ae884446 |
| SHA512 | ec7069b51959572c40dfa02f380b081912053898b4d4f86166b90bd277f9e8271d0fb3f0627e82645052ebe021c2e24698785e5214e82190a2298f32dd879b3d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\64.png
| MD5 | 1efcc119d02c61752598ca121cd0babd |
| SHA1 | 6d0736581b02aee66d51fe29e68babca6a59fdb5 |
| SHA256 | 4fea2d966296665a3ae1d35c0eae541b0ef7b9b1a9890e9e65314f80db5a3e21 |
| SHA512 | 8d5554a167907f96720a126e901aa25f01e1f58f9469f8366e7f2352ce16da82fa3963845cdd586837c5aeafb3092a2aec6d3e755bec2031d12325b4799d44e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\48.png
| MD5 | 33da9ad751e4a3b21bfccca9e6727e8f |
| SHA1 | 05d5ceb6a2b80de82a2f70442f68ae803dad22f4 |
| SHA256 | a16b7fa466101581d443223247589ff21fdf73f1b09d43ac740fa128d0252931 |
| SHA512 | 5af9ef87eb7c050158b7add761ca06273094a5a2d5dba87991c7ab20fa2dfb7e7f7ebf1fbae21286781144ec1fe3531457deaedfd2a668975dc7184020c6f0a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\32.png
| MD5 | b422f26131f7d87105b2ef5bcc8996d1 |
| SHA1 | 5bebedb12720c3b09dbafe9204bdc8eb0f7971d4 |
| SHA256 | c0b2a99e82bfa9b629fc903c77bd36fd3b148b25fb67ae196cbda262c593efcf |
| SHA512 | 1a4b3406afb311ad824a1adfcb33f336de09efab34c66e058936a57d4f73ac33431eacf1fdb11f516f56107a93741aab3b9fa5c85d805466ca58c3e24bcc9c28 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\32.png
| MD5 | 26496798ba29a454042d60c9633c1e72 |
| SHA1 | 65977f9cc15dd73026c91b479f1bc678050c8c45 |
| SHA256 | af50d64bd3cc7c3d201cb5abf0d76f44737e2a4040741ce178d9765fe440bcc5 |
| SHA512 | a4a61f66c712fcd27681073c2f30fda3a98fb6348ac4451d8a8e181e525f4ad8491a09d19c17dfb8f01a53eecbfc3ba25f370afd9df5b2ecb9b613236ecdd3cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\64.png
| MD5 | 1f695a492ddf318b832bb48f5b9442fc |
| SHA1 | 81eb257fc22a30c4e75454ea0e4677043367a6f0 |
| SHA256 | a693bf9d32c7ec663b864a2faa9b99d8bb6cb76e332263f5e9a6e3fc2ba60ac5 |
| SHA512 | 0ad7e376288ec7a2d9314447f2649bb19bb703bedc9710a758e7a15e39083150aa34e2a2e6c22229b324cef4e41c09289c90b445a413336d6eed497f65d8bcb3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\48.png
| MD5 | 19f9c11e56103a25a50b9c33be84560b |
| SHA1 | 266f57c5a015281d4dd266a9b3dec9cb3a754653 |
| SHA256 | 2e201cd442e08720a6d4e38516ceea3e892dbc345db1835441e9eec005501c67 |
| SHA512 | 964e1e6d787450b837f130a4289906ac39277fcd4a98f6314e5aa0450fff81fae275f023c15eb58548ef3ada0b7363e4e6b3d61bb326246f3dc63336d68bb160 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\32.png
| MD5 | 166a9c3ecab6cfe73664f783d6d49a89 |
| SHA1 | 0b9e5c909810c2d2b40df3fd4c8feacebad846c9 |
| SHA256 | 217f48c637316cfba706de86339bbdb5f6d60c0fab701fc71ba2da01ea71bd99 |
| SHA512 | d3da9c250dd728af13e8eb1ee75f420b1857357e7afca9f93090d253fb6cba43bb52b1199725ce3683d7e0411af764333ad2293ada77638847d2526b1b363d3c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\64.png
| MD5 | 3c4bbde0c0ec7a7694b78ca833e41ba8 |
| SHA1 | e4afa932cecf06e03f59c9b6041ee723e10fcb2d |
| SHA256 | 4e0c7afe519c86da175dae1f069379a40694ae49391fdc3c7ccdf5c396e78ade |
| SHA512 | 523777c57a8c4d49faed221cbfea7dd589f9c576d2bb9386c6d84e47f5b30762a3012bbd702ea3c51b3f71c48e403b40b297928b94ce36e1a873047d27313006 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\48.png
| MD5 | eae9011cbfb45db3e8a6a5f5d4f45554 |
| SHA1 | 6a45d862f6d6658e14a4c925f5a3e25baab6c875 |
| SHA256 | 9962fe7bd4e81a0dc05e150a0a602db40bdd7dbff114f16adb712b8b749e1898 |
| SHA512 | cee11d79da34f767e1aff3771847b8008c0424825102decde2d0d51ea33f9a03262bdabd3938c5948bea95a4fdd46217cb81c1669ff5629e348265a40e30f9c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\32.png
| MD5 | a06bc120408cb7209f3ff0ba4b39d01a |
| SHA1 | 7b1df3b761840e87b484603da69837ec705cc082 |
| SHA256 | 708b95af160bcdc6a17ca93f9b91158944cea75b743b4049a6e6ea299f8c7abf |
| SHA512 | a3869426f4c5af3c225076454b2de0bb0f923eceba687ef7a82ae27b5384c90d03f1e6c1d50efdf8a1e51c1c7ab28ec4742fabe1cf75ef346a31f8037714c1f7 |
C:\Users\Admin\AppData\Local\Temp\73b048c5-0e3f-4f22-b38b-2fb88783a24c.tmp
| MD5 | 541f52e24fe1ef9f8e12377a6ccae0c0 |
| SHA1 | 189898bb2dcae7d5a6057bc2d98b8b450afaebb6 |
| SHA256 | 81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82 |
| SHA512 | d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88 |
C:\Users\Admin\AppData\Local\Temp\69b7e486-adc2-4ed2-9b16-8eb2168f4599.tmp
| MD5 | 6457b577795f5c8949055da3a8d3ab2e |
| SHA1 | 515b61672fe5f3b2a78b7a64d7b83fadaf43e4e0 |
| SHA256 | 52434403b00cd4ad818162921eb958ab318f2eaed1041cc0eb7216f97a63e950 |
| SHA512 | da6f36047a99bfb7d3e942bc1ad5f935ef9913899765a39e0b29cb117ab706948ab38ad5fa468507aecfb39612da9c3c0e18c707496af498390b00184ce61622 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir3520_308275659\CRX_INSTALL\_locales\en\messages.json
| MD5 | dbedf86fa9afb3a23dbb126674f166d2 |
| SHA1 | 5628affbcf6f897b9d7fd9c17deb9aa75036f1cc |
| SHA256 | c0945dd5fdecab40c45361bec068d1996e6ae01196dce524266d740808f753fe |
| SHA512 | 931d7ba6da84d4bb073815540f35126f2f035a71bfe460f3ccaed25ad7c1b1792ab36cd7207b99fddf5eaf8872250b54a8958cf5827608f0640e8aafe11e0071 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en\messages.json
| MD5 | 91f5bc87fd478a007ec68c4e8adf11ac |
| SHA1 | d07dd49e4ef3b36dad7d038b7e999ae850c5bef6 |
| SHA256 | 92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9 |
| SHA512 | fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir3520_1049687998\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.77.2_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.77.2_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 53126924c57cbcf11ddc8ca0e1d11bd0 |
| SHA1 | 04df709928d2b80b2bb6472140193141f7545cea |
| SHA256 | 6f2aa32a879768e750e14250e450c9ddd3b1c427bbf844f68470d22007aa1d00 |
| SHA512 | d79d7bd77060640e296330f52e0faa651a711d26fb89deeb07be9fb6c52aa9c889c98238cc1d7e563d9a00e8aadf291dfab41de087d5e1b42ad7935d7e5828af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir\the-real-index
| MD5 | a1751adaeb9572be1d3829181ea2755c |
| SHA1 | 4581f581130aa035003d137d93d16a80312186e0 |
| SHA256 | 807c4bd4169b4145c3cf0c2d4f065bccd8a286d4be5e013cef64a51a544eefdd |
| SHA512 | bbee1785f8c95ae970583dffb04f198c637cc8795dfd733ddd7e97bedef88f4c5c848450788f55a3bfdb7f52b1c5375fecc972a576c40d4366f3413f4787df99 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir\the-real-index~RFe62c0ab.TMP
| MD5 | 185bc228ba4f1908badeb16b90d4569e |
| SHA1 | e9492782a223ffedfea6be367cdb9123c1ed5ef5 |
| SHA256 | 77f0dd5ac37d34ce8c4765cacd05e60a4e55a809ffe5d836aa89f577ddc65d00 |
| SHA512 | a9530df47e9b7cc7b9a6c4cca03ffbd4cd689323e78c087a8e7fd0ac3fb8873ef20fe29013e56df7c40bce6bbb5bf906b0c09a6c0db6a4b202895910ade7ed8c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d3203460-0ce7-4f21-8512-ab2c73402cd2.tmp
| MD5 | 3109a46ba0b9ba387e829da41953d862 |
| SHA1 | a5cd08a14766dd8977f90f183f1ab16e885f4248 |
| SHA256 | 2c6b8f3ec652b490b742bd00a2c79989ec0d078a7c74c762c31ed31926381b11 |
| SHA512 | c16f43bc6a4b3b6c6f8a53842e88c6480264c5e79cff286c34a2d4e2103f3386d413978642b19e2e90c6396db5aeace67625ccbe2d1a2f9f68a0e78c98db831e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity
| MD5 | 56e55c55db7614dc22bcf93fb700b816 |
| SHA1 | c55035518ec94d496f24b36832346e08a67f865b |
| SHA256 | 58a5cf630913f2652e996daadbf68672e6289ae9a1a2050804c6c01ebe2b6698 |
| SHA512 | 61821ca333c23fa761cab95c8f8cecf6c349bfcb19fc8f45d4050e9af05ee37e7571f0392c71f66b3cc7ae3d2a031a3153096edb3fd4b142ea3c9901f64ee8e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity~RFe62d27d.TMP
| MD5 | 73b129f52312c2e7446a1644ada073be |
| SHA1 | d30c08491b003f329af505bf7c1e061169cf9620 |
| SHA256 | 6fd060cd249d37c6788fbb55b0cca92e5d670e1c96c86c962c373888d4892188 |
| SHA512 | 05f2bda2ff7902c8123bfa46f20906fa067399b5fe18d8dfa61e1025b973ba23cb0f23efb46055124d830063a38e65d9e498eccb0699826f8f86051e1c9a92fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\9017df0f-fdf6-4c22-8f49-8669ef6ed3a1.tmp
| MD5 | 967f11df7333f43c479a34a7d161eab3 |
| SHA1 | aacb6612744680a87899c740b5118a4860c9406d |
| SHA256 | 2493780afb34a41d26599df159888b4ca662c0aec2b9df6bfee80479bb931fa5 |
| SHA512 | 7f4832b24de7a59d3021a849b6c008817776631ff09e3d7af0c158727198942a1a9f1133eef938ed15e998b517c6f5743d1325d29ebab0cbf6940c0e96c4d34a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity
| MD5 | 780a582ac4a34fec3bbb243bebb0d4bf |
| SHA1 | ff4737287275b108346d2c543d5f0bd67303487c |
| SHA256 | 1979fb0f30e66c69f46e05c142cb0397c1e8de6d739f2442a244275e8096915b |
| SHA512 | dc076d14a55bd15c33718c97048608bc2e63423d28cac86e2110aef831ccebda1fda2f9cc0351dc7f9fe3ccdae0fa8ca84ae8e491ce32ccc331c9cfdf484fd5e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\ae1e7005-15dd-4165-8dd2-51bebcac2f3c.tmp
| MD5 | 5ac14e3fd272b9c68589d455c2ecfe33 |
| SHA1 | 9ba3e71f5badda8a5b44f34e900e797d3c5188c7 |
| SHA256 | 0a518d5aaf08a371671482fae6d658f66243964faa93c9d5a56aa656b41626d9 |
| SHA512 | a66b482a2143c2155088c01e1d4ab0fb33079921286e88f7ff85f73380846e030176405e12652653902dd17845d5c85f2895e99223223cd935e43eb35e726b66 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
| MD5 | b3cf2105a851905b89b473b268215d47 |
| SHA1 | 22a5c3dbd7b3b3b31772854fdfd93da252e67e05 |
| SHA256 | 704224b3ac500bae9adc1a1d6ab2a38e7b4e03f7782b5de20b44528be14a3002 |
| SHA512 | 9a59e4df91acabb981e2fa9cf96fce070a39c45baa55129bb373bc386dc6277b372ca01c0a334d92b333a5f6c6aba3f6acfaeb3c1870a5373a75d94576abfa44 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
| MD5 | 208f594f60acaaf38a65708e61df3c2b |
| SHA1 | 437f2728d9d070cbfc9a141427ddcee77deba78b |
| SHA256 | 1f026263c3c756e462dc4005dc88dddc1ac7d3c64259630a03970b8e84d5a278 |
| SHA512 | 2b5865b7807b9bd423c773b433860b32eee2c65db1a6911b1344f5119a7850e559dec5ae10b027f6f76dab6386ae0d98042e82672d73aef617f1a901516d97d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\trusted_vault.pb
| MD5 | 7b82fc06a92360166c9e3257092d6a51 |
| SHA1 | 07b4f223153d32c9b10217bf78246037715f6017 |
| SHA256 | d9af1ff8f4be2d19e44c8d5763b97145406b5d5e45c341cc7635e57d2da6ebd3 |
| SHA512 | cd4e69f3b088a3a6dc9ab662aa0f71c6803518ce419d91f5fc2d03284b86ed12d18c7b9f1a749a31bf2e253eb14382c57eb7c8a525597eb76827d0bf842d97ce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\trusted_vault.pb
| MD5 | c0b5aad8c48c8675b60f9ff67cf0f99f |
| SHA1 | bf74bafec244d4496a680140dedde51ada905dbc |
| SHA256 | 8ddfb7c3873679dd6747693877ae92716083a73fdab904954827eb6d353d09d6 |
| SHA512 | 5cdc784662fb0fd46e51b1f4927ed9cb5bcd380d9394c25c737c1d6b3975779283bcc413a90988936b74388393530f697fccc6ebfcf18baa3b849e8f7528085a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Google Profile.ico
| MD5 | ad848f56a43062f4a4eab1c83e351856 |
| SHA1 | 8fad453db89f428b8cdeca0d0fc45df449090237 |
| SHA256 | 980f57a42a53c5419349696e5e2c421d252921d79fdc0923bf66867576b1e175 |
| SHA512 | e0486a151b3f607346fcb624f25f0fedacc9060a5c2354688d5ce0b451e46274f79f5828db0659239620583b3cb5d5e21b191c263daa6205163bb36132b09043 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
| MD5 | f7cebc5f71c1fd30eb8fb96b2830ef5f |
| SHA1 | 0a33fd30f1c8f98ef70801f1e85040b87297b174 |
| SHA256 | 1162bf53153ece9ace0f6c3d986bb6b064e3b613aa9178fac484e172cc9bce23 |
| SHA512 | 1e2d22b0c7265268c284b979be5cf540a3f0677a43a67756f3463b8aaf4186fdfdf0e396f7bdd1c1d5851bcf7a8c076103f8b3ad8167aef2a559cd256375cbc4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity
| MD5 | 287840c84ec5a1b69a857462a62f372e |
| SHA1 | d52976a1c7dd27b7511af844f993bffc23011e4d |
| SHA256 | b1a17bfdda5068c34808c932c23287c16044a584f96060cd391bd62f5bebb4e7 |
| SHA512 | de1566eb142834388a73207ed6229a7dfe0c50227c0ef41d22854d3f0974dd9319bbfc70e3850008f6c18c484ff100b27806b03c06032cd790264889fe6d48d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8ff6a80a1db4fd42e735ab79aef093d6 |
| SHA1 | 0e65ec292d4755b0e149dc9560c2fd1d74f710a3 |
| SHA256 | f2466c2b6a80b88378a2768f685325e665dfe87003cbd80d58516307adcbf557 |
| SHA512 | 0a116ce8ccb6145460ab5b2b75e111b298fe138e337ebf973b5e0a5066b7b213090612e759aee0c7d3c865a8e57a4dec60a050f4bebaf87c8955920164e3f841 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\js\index-dir\the-real-index
| MD5 | 2668d40277b5e8d289ded49143bfa25f |
| SHA1 | 42f974b576988e05c54f79667d80a321c5e39243 |
| SHA256 | 8c2d01496497d8b94a6e9a6700e30803aea9ee3e385d820fdefb1ac0b33a29ea |
| SHA512 | d96f20e16537cf387c2081b780d68e2fd0c9f79a53db580aac7b5558d5ffc36a2ebfdf0030949bbdc4d7306ce55d11bd21a19f002f8ce409f8c5e09e457041c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\js\index-dir\the-real-index
| MD5 | c765c97246c35e34126097473029b041 |
| SHA1 | e8ad4e5d83f1c98930bc45c5c7142eec957219d0 |
| SHA256 | caee48bd574d37f02e0e069a9e9afbab064084dead0237afbe423c29fed159d0 |
| SHA512 | 085e19caac131d13ef5bef06b9fd1e469b02962f2777b7395a8ac703eff6d1c532093e72458175a1e90e70f78a109feecb63f76d78c4177d153a31310435e9c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b527b320b90aafc94191961b222e3571 |
| SHA1 | d3d848869d04a4bc67be15e2f28c7930f5422b0f |
| SHA256 | 2601e7426ad5891662c6cc47730452f22b34872538daac8cdada4547d742f9bf |
| SHA512 | 67c9405c9c0ba66e364e42a3f9bd453a89faf667af76bfc84d617954a3faa7fe29b7b6de9365f6dea0d7cb0a1eac4ff129b0b5930125fc0fc69d89ae80455c37 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
| MD5 | 84dfdb3e1f225a4b16ac5f0f96dca05a |
| SHA1 | dbc26bc62dc9db697ba5b61fbaec5daa8f8626d0 |
| SHA256 | 6fcdb678e225f61bb26211350db195e173b05cbd23727016c637607f32c79851 |
| SHA512 | 36ccf7e13989ee25f3ad820da871f6fd580791f161e40d1df1aba8c6ed5cfb7cb1bf773f0cfcbe0dced629abb4f6dd38cd62dd96e51afceaaeea3f5bea6993eb |
C:\Program Files\chrome_Unpacker_BeginUnzipping3520_1078937946\manifest.json
| MD5 | 4c30f6704085b87b66dce75a22809259 |
| SHA1 | 8953ee0f49416c23caa82cdd0acdacc750d1d713 |
| SHA256 | 0152e17e94788e5c3ff124f2906d1d95dc6f8b894cc27ec114b0e73bf6da54f9 |
| SHA512 | 51e2101bcad1cb1820c98b93a0fb860e4c46172ca2f4e6627520eb066692b3957c0d979894e6e0190877b8ae3c97cb041782bf5d8d0bb0bf2814d8c9bb7c37f3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules\9.49.1\Filtering Rules
| MD5 | 6274a7426421914c19502cbe0fe28ca0 |
| SHA1 | e4d1c702ca1b5497a3abcdd9495a5d0758f19ffc |
| SHA256 | ae2fd01d2908591e0f39343a5b4a78baa8e7d6cac9d78ba79c502fe0a15ce3ee |
| SHA512 | bf1287f502013308cdd906f6e42998c422ef1e272b348e66122dc4a4e471d01333b418f48d1bb2198c72845bdc950612597e179e612aaa1ba6cf8d48fb8f0cf5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity
| MD5 | 3733f1fb10916cf3c93bac96dbd125a2 |
| SHA1 | e9026616f32ff9da344e1579bdc546b9e07312df |
| SHA256 | 924dc8811e59945152c2c2ae0a7a369a9f60798d61431f32f6db377a0761a649 |
| SHA512 | bbc1f7641a1b0fc6c45990f75a841175abe08a2a16530ab4d107aa04760fe28b10f0371d2624bc37f105259e9bfb7a879b1c227249efcec3371984953a237b7d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Cache\Cache_Data\f_00001a
| MD5 | 5ce7bdeeea547dc5e395554f1de0b179 |
| SHA1 | 3dba53fa4da7c828a468d17abc09b265b664078a |
| SHA256 | 675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9 |
| SHA512 | 0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\2ca50a05-2b62-42c0-95c1-35f94b3f3e0e.tmp
| MD5 | 3460368841df18d42a33506fc5bb17af |
| SHA1 | 42985a11cca2660b2af9c664e11d6eba99a9b168 |
| SHA256 | c6094fe32188df246c8591e47a359c1ff12c44901e8101fa7c4acbcb2a0cc701 |
| SHA512 | ce365c5b494dbfa7f025f00166bea9ce3aebcb5fabacc7f07b788b439dee59a20fa188dc4fd256370267f1ac90ab572a48a597ca95dec10a2f2298433a544ce7 |
C:\Program Files\chrome_Unpacker_BeginUnzipping3520_1096938642\manifest.json
| MD5 | 6ae296a93fc8ee88eaf799655677540e |
| SHA1 | 572f980137b2359eae3fb3b7d7afbbd49956a2eb |
| SHA256 | e724c985f35a6787020cc3a624733b1873b8adc7159e05f1f53fd9685ba8ee49 |
| SHA512 | 7901489d0667ec6d83eb93ef3d88110efaf716f21611a1f7edeaf6d4aefd521abd0f0d619eb82a729b7405cd592575748be40e146ac930d0eb810b8376f359e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CertificateRevocation\8782\crl-set
| MD5 | c36b74969c62c43372b723427a3e683b |
| SHA1 | 8e77dfad2e3c08d5095281d6442163fdd6cfaa7e |
| SHA256 | f64905596b87f3a7071bae04254eccc81cf702361129c4d8c06a8a1ada13452f |
| SHA512 | 930e5ce6096282001bf66b29d55838ad6ab84f4119f2997a87b346ab40dc9720d69ceadf20df01188e6985324dc4c5c9a40da6f5756b3015fd17627f79245f8e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\Network Persistent State
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\Network Persistent State
| MD5 | 7740c4b175be84acd5c8f1f4d68d3097 |
| SHA1 | 3153991a1efbbf244264403cfc859cbad0156556 |
| SHA256 | 749d75fb329f4e8d7c017af025c6f4755be313c3e54e1921cd8a8f72de7824b6 |
| SHA512 | 5b656ad11952f5e1536290580c310c7fcc57f9a1801e8c5aeee2ba710d4cda41496dd62894c87f7f6bf63cbf797c2c7439de4e52b5a03579a9e4aab2d4463466 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity
| MD5 | 13c659642cd2a42d05e2fa9c5e31ed59 |
| SHA1 | f9a9175e701d6eabe00fc10e1966262bbd40c02c |
| SHA256 | adef8ed9dfe361a00839f36723b491feca8085cccaeebb7a9a8a178aed83d579 |
| SHA512 | 39185a727cd7703b77190a0a80320ef56bc5ced4ad45813728a683d6db334320df529bd1797a8287a9bbe46914a9364442456bdaecec1e8a0ff2893b5bef047a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | bc6142469cd7dadf107be9ad87ea4753 |
| SHA1 | 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c |
| SHA256 | b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557 |
| SHA512 | 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\js\index-dir\the-real-index
| MD5 | dafdf5d478547766bfac59312c43060d |
| SHA1 | 11bc165c42c99e3b4a84b9b5e425a66816fd510e |
| SHA256 | b3eee41b1b01664c819de72ac11d6b0010f5fc5f08c59d3ed64e336b470cde89 |
| SHA512 | 6657072335d0f1e0632ad44a9d805964199733f7f95052d079fb47ed4bddb17bf6be37574fcc047c9ba7cacc3fe357b9d13a31181bc7ab14a26b16caf4771abd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f0ab56439a53b36f4e7e508a05ec1a89 |
| SHA1 | 6eaa92d59b5977a8cf8511bcae14f88e9bd3a46c |
| SHA256 | a7be9641f6314f218e152db3b66143fbd31e84e14ff32d3049525baab0b0a7d6 |
| SHA512 | e2953519d8c4b28bc1cb1038c020c6c90f1eefd790d28e23670d8856157b38f87c8d7c77458e409f764b2814a1bc2691ea37173c173bed69b9e058d15e623d25 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\Network Persistent State
| MD5 | f159ece707d916c2614731fddeff9383 |
| SHA1 | 47c9ead2ca2f92e6ce6f9ecaca17c7918aae854b |
| SHA256 | ee3c53d0ca8ca7b7c5e3080699d6b665386f4425cf44e42d6c29af23b2646537 |
| SHA512 | 5cdcd030dea27f519014b6cf6c86b9d9a4062cb2253b6965a603a625ebe9c23bd08889310844e4b092f2142cb3194952d7f4687ab018e87db2da86f6aa5dabec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser
| MD5 | de9ef0c5bcc012a3a1131988dee272d8 |
| SHA1 | fa9ccbdc969ac9e1474fce773234b28d50951cd8 |
| SHA256 | 3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590 |
| SHA512 | cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3bb76ec23c5506830ead56540e06159f |
| SHA1 | 94695e47d907e559e91e677cec4eb763dc0c5ca9 |
| SHA256 | 6b40f4ae548688a472be3ca0c1b08ecf520b31e706fec0f9793b4666134eba06 |
| SHA512 | 307f9bd06ca5ee753acdc450cf1599dfc8ed080d9a1b19d752dd9b7950377a5b04e44d374f12ed76abd74961c2b1f8ad6c93e4663ea77f5d6e066570c1aa6bad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 32b9dc9cc81d0682e78627c873fdd651 |
| SHA1 | 46c486386d3e153c3e9b11d54cb52cf0064b71cf |
| SHA256 | 712196693e3527ac1131831f1a2108b6c0e5c68967b26d51a452611cdfb86e0c |
| SHA512 | f18bc37f8b72411548da247aa1394cc5ac03c3bbd98e82eb8ba290ef239ef5b8625cf4835bd41ce7c52766d0bc3bfe9150dd22dbf62f0f05992ddde5fbfdc811 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
| MD5 | ad778be1790468709680dbf6cb3e6a9b |
| SHA1 | 483757fef03a2fafb70d3aaccf40a3ea6b2a8df8 |
| SHA256 | 4322e7e69341075d336abeba3ce72aa14853e6e5695c64367dfc4be30b3cee0c |
| SHA512 | af9a4b74ef12eb79229a07ca8c07b727f6a743801574daa6ff151893e78bec6eb485813e6979be44c67d2db95a0f87e318104da62fcac31fa84d6dc977160f02 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9268495c7bc68783d09247af925ea14e |
| SHA1 | 6f2b5d24f8160c39552eaa5ed5a63e7a510446aa |
| SHA256 | 834a8d45a0d8d48da3bcd6a6861ea989fe4378a5e410059cbd3343605ee74fd7 |
| SHA512 | 31c02010168b449698816a956384b898b2e37faf91b1c6d7cc7b064176639f46c0911beb3930ca2fb6c1b981c3d2f5dd281a3ce1c64bb5c42c242792796343bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 60b3828882e4e3b2a828eefedc5145f1 |
| SHA1 | aedc38f4c3e951797ec682db8d5df04702d23300 |
| SHA256 | 2c2dc24aada94f1511683fda268b65aea0f40e05a8a5a0845179680df904ec4a |
| SHA512 | 08e14b6460602333aca1a000d8d06d20388c012e76b8b44dcd45b1ce65c819c4734d3e1d178213b139d5256431cc16e98cd4777cc5cbce31d6b51f2a5ad69013 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 8a2d8bed0b985fcc2114322aa7a9d1aa |
| SHA1 | f0e22955f7010523b737bb5ef9f8960e162e8d3c |
| SHA256 | 2bec4e69d8d0f172c474ab23b9e1c9fce4bea9d69cbf40b6f8a24f8f425d0669 |
| SHA512 | d6b81c8bb6b2a9f56ac356e2b801db3158109ae34bb1f99f15911c72ae3ce642a1a61ea0a002d7e992dea6a3c90ee6f57fb1625aa122f01d43f7e7524069ddf7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8456b0e9dff4bf19e05b3accb0c4f42a |
| SHA1 | 0ab91a62ae5ee450cde88d74e1cadf0bcac3ce5b |
| SHA256 | 71f8b06d054f229a11b279b59a24aaac86a06176a3a28cdc81dc5bf58babbe9b |
| SHA512 | fd59faf6bb0ad1e50fd8fa9d22638d603ad859b2dc56a7350c6f01458ac3e476127de28bc05acd01f4c41920ea5069983a143b0cee85db7b8ecc3b852e8f1a0c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6eb1f1d6da55b397762338d685b6b6bd |
| SHA1 | 1c92ebdb4ea62cdc5ed89d22ad9d719183d0e7b8 |
| SHA256 | 0488a899687f29f5e1edb422b342378447dfd59a5d211191122e80e5c767c37c |
| SHA512 | 0ccc1e2f00c9b8f67e1197866fef3702a32442ca28b33037b53a940ddeae9bd3f45c24d5e956f6e0bf86f399dfb95d913b8c286cf55c5f50a45105018c3ca21d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 09d0639b21d97e27c3251118c89c3fe9 |
| SHA1 | 0a1a5c7040c01026af9c04cde4326a4430bbb178 |
| SHA256 | d7f87def85607a14eef3ef765fe8b515da7b9a9826c8642f8dac265e52e960ab |
| SHA512 | 301eb3eec8a78a7c0d741bea4de0390348d2c55f41e025640d0a4828a62f8f9070fffebb5ab612e0dcb46842141e27fc525c70b2b0d3057cbfe173df9cc3513c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile\Preferences
| MD5 | 0c14568191c838eb97e86f6f4081265b |
| SHA1 | 85c3d413855b375a6ed36f51dd20be1f393f8001 |
| SHA256 | d77cb0416c20652636dcf32429428ac7763e385abfc5be6e4acabdedb0a6e977 |
| SHA512 | e7e6d8145783170f69eae70224e9c50053450fddcaf9d9328e838207ec1d07df296ea73243b2c62ea4436675f3411952e890d5f746ada70a6631754b50979eb6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
| MD5 | f05d84b4e7c6fd6f3fee6b2c948e586d |
| SHA1 | 63e581deb8fc9e8497caba8b700519279a09f6d6 |
| SHA256 | 2cc5ef7d4d241c32dc82b56418c1e1b065153b4b9790a75199460aaa0ecf7cb4 |
| SHA512 | b6bcfa71922726be943b23c9b19cee7336cc611f8a9c61e3f0968b2eca94f77b6312c064238141ff9210f42d8a18bfb5afa041cd01ecee9aa84a8eb702bcfec8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences
| MD5 | c7621ad5a5db59a8e23cbbf2b27f80d7 |
| SHA1 | ab75b2f822ef0aab7d906753e8328dbb8fa1a8d6 |
| SHA256 | 32727d7ff07c672ada6fb7ede8d2c29da590306b69390d5694f5a2f2e1012a1d |
| SHA512 | c89d6ae190769d9a2183bf06e6e868be4f66ee95f00bffd55086725eceb308e8a1eb06b8d8567d260125e3266a2b5305551787d3a4f4392a10d40dfe09023d62 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity
| MD5 | 76cfde1c8ea93dc6bd213361dbcb0edb |
| SHA1 | 732384684ad45cbf0bdd6b3af3ab994c7e86c845 |
| SHA256 | 7cf0d5628398e964f230a9d278ad619e761aeafcf308c981f6743ddfccc47032 |
| SHA512 | df50be5ee94ee03c1a89d15b146e3226ce76a099c0afd093854a11bc47248cabec8e58ad137004103fa789b05f24eb2661064bc0836d83d3a7ed64446cc9d699 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
| MD5 | 7be5738fe0a98af5a6482477a45bfb44 |
| SHA1 | ecffb1f9c8cc4c8c692a3cb3bdf364a695dced7a |
| SHA256 | f87633031761063b1401dc32e260a11df56fb29b515ff219bcd1415f4ee954ba |
| SHA512 | f302ad15c529bb5fe6f42526105f93575c9f4d3998730fa5849e48f7e1b450edf47808ced885510b1db6d43ab6928aee4346c253c14202bf15d2a674354bb13f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity
| MD5 | 9436ccddfcda3d63260311348260fef6 |
| SHA1 | 2a0448915c705e250373de0338e6cea0c1f5d5f1 |
| SHA256 | 432acd623698cdb91c1c970b992adaf8fb5b067ad3a0d0798acf8111529f3dfc |
| SHA512 | c7d962251f7d20fa476acad3298bde43150f98529585303cad20363a2b8b42a6871c8971f833465ddc1264f5d643c9acaad15d2891d892d0a46d6a9d96283354 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity
| MD5 | aeea8aafbde7dcec2451e1d8e88449f5 |
| SHA1 | 3f0b9c9a49cd0bdadadf9dd457fd8a2673b6a907 |
| SHA256 | 7b9a405db53dad7c4736b02f715667952927a98156c49c8c505f3aaad9c99421 |
| SHA512 | a8a296af2015acb2561e143a29e6eb87221a927da4d49c1a7816200ff944e45cdcbd97cade9be75bd57fb0e50e50e662dcde134faad3ca9e07130d4f28d015e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
| MD5 | bb9b9b6e1b6ceae07333db310366d3c3 |
| SHA1 | 7764c8a91c6f04c9a57b6b78f30b31f307b6b444 |
| SHA256 | c79dba07823ec6f6e1e5e873fe62298f5d3eb982de0064ea91f3c718c230d1fd |
| SHA512 | 7b84c807ebb0c280acc8b3d96a15b4d7133b31e5026b567384e60bb494a65b7f0b08422794bfb228faff3332acdfc512f87d3008f9c864299df65a63274a7d64 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Cache\Cache_Data\f_000048
| MD5 | 9527449f04670b12c4fad09e69bc84d5 |
| SHA1 | c2aaf72dc006b2f1fd385034130cea117d7213b0 |
| SHA256 | e0c62faae58a8f159db7f3bfa843ddd8de166751b0c55d0a580a7bacd1713629 |
| SHA512 | 4f337f2743ba7b08ffe512cad86c3a71a282c66d4904ed901abb52a011f7a42b33ec3bd4e6e6672815f9dcd5e16ef19b0acba04e658c07fc1223488024207976 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0faa66e844086d728f92dba640d16c37 |
| SHA1 | 77787835f198f18fc425472061b5fa5f039174c5 |
| SHA256 | 96f369c471309d81279d0dac7126a1fa2f4dbad8e09e466baef689f54ee4c856 |
| SHA512 | 87ac1fa7458e472474a145592f6eeea87aff409ca0192df2821af1c3e0258f80f5afd89368c3e53c3c9f6c71828d24001e660c3d0b6b887ef075beb5f0f0a0df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
| MD5 | d48d9f3e490f7d60b3b6a28d2f29a11b |
| SHA1 | d938ab1ad0bf02e14038dabcb242d691a410b273 |
| SHA256 | 4e4a2a0d27cd1f47d9c5121c109a5e1cca5237d9fb4aadc15fc8f7d220ebce48 |
| SHA512 | 7e5ed51a9b7e0b2fb1a519922c8fc21fe923bf51f3b207938e705344184e32f38d5fe9cc594c78ec16395399f15ccbf8f29b6183c34d6b828a216f59014f14a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\Network Persistent State
| MD5 | db95e6f4c2b7a180b8d9d2a18d71f3b9 |
| SHA1 | f340493a5274afbf0b2b0d9a1525bc783cef707c |
| SHA256 | 5cf98ea96fa72afa686d35b7ed5ecd9ecbb9bfb67c8a91080b25f22b9508d72f |
| SHA512 | 61f2787ceb483094c340b634e896dc6e643faf8d2e831c1acb795d9958d4b5cc93ee52d73131469c4559fb37cf9b20dd90c1e9e5b3ae4b960bf389ce84c8b79d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity
| MD5 | fa017cb0f40489cf56cadf0a8d928a79 |
| SHA1 | e98588c2cef4b3e2c2c2d7186973223532c43df3 |
| SHA256 | c3222fec1ed45ddd5c09ec123cbebfd2eb6db53a501d57e9aee67de55bd73b68 |
| SHA512 | d27d8177dbd7aec2541f7dbe953a5002e7df88fbc82a6686a69afccfadfa5264d5fd24d5a59d478fd508aa04848e3946ca38cb81071df5c685667c92c48f53fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity
| MD5 | 9fbceebccc44040afb60ab436180e495 |
| SHA1 | 2f1dd51e3b09aa1885e3d372950f253d6e173503 |
| SHA256 | 89bc468795337f8669005890f8df49d4936160ce149c49cfb4acff4a4a0ed4e6 |
| SHA512 | 4a7c675855d603500ff3b1f01105a2ddbe892ba6d83513aff57c70d572ef2e67ca6d6c7b065acbffe02b5a6acb543cf2602ca3e07bd5abcef1533f4a976239ae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\js\index-dir\the-real-index
| MD5 | f01b7ad8cf93da99867ef6b986031e4e |
| SHA1 | 1eb3ac26fdf3b66914540acb210183d63462e700 |
| SHA256 | 75dd017fbb5a5d6635d2d5774c48cd0e40bf477a2e69aaf6086e9e1b8648c1d4 |
| SHA512 | 0fdc9893de6174101417c12a14bb74b53d39a76a80fe099020c6f974caa4a1505dc2e9f837f58cc47cad2c5071df32358a76c2eb4f087934a325a3b1c22cbce7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity
| MD5 | ba2630c79da07b45a75103376f8135c0 |
| SHA1 | 372d2c2897d03c0e3d85c926306da5c8a92caa09 |
| SHA256 | 822c70f9b8e6055057916a24cff7f7ddc6379307dc88bec37b8a6a2c70273573 |
| SHA512 | e2fca4f3f3b1a2f18af8fb07b08567f95c1b935961b85e066cd5b424495cd2ffba96704e58dc593342523afde2495a6143a09fde37baf98e0e5c204afe4351f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
| MD5 | d925d51a524ef6d246b0ed722269dbf7 |
| SHA1 | 61a331712041af857860dc6b9c64f04bed4b4416 |
| SHA256 | 82b79b6f5f565bf8014f902f0e3c440794845d290aed0ab8057b9680e359436c |
| SHA512 | 52857cf76a620397bc299d663eb3e84f9cdb7f8d085f4e546f3942918abdbcd49715df1fa4e43e7bbf1196bc2ed3960f26841e1801d672e5d87b30bf717d1138 |
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json
| MD5 | 8e48b91396d227c02dca169e9b2e62b2 |
| SHA1 | babb05aad1deecfb3fcca6332f3de676c5f73566 |
| SHA256 | 0dd5ab2b5efe85cef4b54ddb6ccb0d627b5d28d1d75627d85e0e99639a939119 |
| SHA512 | 77cfe5467b43325c2c4de4b1c0d167c616496819641b273fabba0d48b46d4a33a55d265fdb578795826209b04e5c3575f726a6ee1533e68d18299ccb4c451beb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\js\index-dir\the-real-index
| MD5 | 2671149a4f977f5e57819dbc918bf11b |
| SHA1 | 2e1a6be395767758c6241781797a788f1ba0765f |
| SHA256 | 34adcf5d240c2b913c4b3d11d0ba827154a915baf2b9f98cdad778c9e78d755e |
| SHA512 | 060df44307d0a1f8c5c6b54a267b82f9aadfe3163bd76bfd9b09358100d0a8010d10e0be630a854f5cad472adf536d74edf15c19f06299af7a25d5869627290b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity
| MD5 | 0270d1b4f3766371ca8d7c75226f999f |
| SHA1 | 7b87b0270c147a338a55c942e08eb19d86083004 |
| SHA256 | c0c522de9a7f19e2a0fafeb3d3a1630c65c4f9d2a55d86511fd4eb9be5b79a35 |
| SHA512 | 704b83a16f817c2e8b5272cb5d7e6888d243e467f244e9aa7b33e71386b2e02516a6239d6c83e7fe8fe550c7f44cad1e780e04ba9589aea5a20471589d59f2a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
| MD5 | f320f2389597857bae33b2e852a4047e |
| SHA1 | 7c0cbb141b3d0bcf6947ee609195d5886b27898f |
| SHA256 | 1de7ad22a494027e1a55974c6f4a697af7cf6affb00bcbe9f2204269a727e505 |
| SHA512 | 1f571e5515f01b9b8954ca788a5eea778faae1c6452f080bcba4a93061296e5b8aff858125514f97b9b56f3671b51d4f489c0056c9eec893856bc1b972613c5f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4e57230c95241acc25e4f21a5cf79755 |
| SHA1 | 465fe72817016bae393de5d24dd915393cf9c40f |
| SHA256 | 19298c6edb100a13e76201166b755810b8ec028aae6f79e4579628a391ad50b2 |
| SHA512 | c0afc590992bc24477e144970de2088f0642b79a0741a413152abac65041a5cf482e5a8c3ad074a26844fcd1fdaddb184546be2378af127df63b5fb4d54a4fe8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Cache\Cache_Data\f_00003c
| MD5 | 852b0b2c2d8124eb0074ebcd068910b3 |
| SHA1 | d5725c2f174673a1a71d22d54e36c485cba702ba |
| SHA256 | 4bbe4f392079c9f4fea1a49a2fcfd9c67c2f55ed93e55db68ab050912855e06d |
| SHA512 | 5078fffab1191cd15220eb2d840cb7feb4bce697b11374a3a856f970496dffe3c01d1eccc8c06dafaae171274efbae052a89e4d57d9ff1149153269e31e71dfc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity
| MD5 | 760c690d6749da9ceeab2c21f66581ba |
| SHA1 | 1c3c04562849ac261b40f355eac2121db640b7c8 |
| SHA256 | 2194f2851a866b23ec86ff3bebce638d8be82d84df389fea541c13795273c12e |
| SHA512 | d664135cfd38542c462c5936b77d789fff7415d739dd57cd0ddc7ba56db8e9178270b7e97db12f1996abfd5529f2e211d303c58ca02d2fd04e7d1218098de328 |
memory/3328-5411-0x0000000000DA0000-0x0000000000F16000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
| MD5 | 7c1c870923628627f35e727dc3e6316c |
| SHA1 | fe057a94cf8209d3b1301118c9f194b7cfaf4b6c |
| SHA256 | e91879441ab35a075dd6a93d148b1a90334fc798ab21a2b9fbbe333cce72827c |
| SHA512 | a5095987a11ab11a771092d3798c67d742ac718fa58e01512158e9e3d73ac6890e3776e5eb7ac056527ca41ce04172ededc2953c0803e055d92551a8367c516c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f4d97d8a77e45820555a8c9771df6ecf |
| SHA1 | bd63e63790200a1e667a62be4763eb72ab8ed6b4 |
| SHA256 | a7d86273733786c78f4902ed38b29e28f971a034e991b14f8da9779d34a23ccc |
| SHA512 | 83bc0e69bce7e3ccd2224896fc9a0f75e5bc91a0f8f939a0c201ae612a7686c48b43c97f6319d2908669bac049972ecbf723f8514651e34c63b41f78ecfc4941 |
memory/3328-5620-0x00000000078C0000-0x00000000078C8000-memory.dmp
memory/3328-5621-0x0000000007940000-0x0000000007978000-memory.dmp
memory/3328-5622-0x0000000007920000-0x000000000792E000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
memory/3372-5653-0x00000000034C0000-0x00000000034E0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity
| MD5 | aada43052acadc9f4fc3e15a3ff5dc28 |
| SHA1 | 824d1283034aa83d8f487d3485da822c3da45dbf |
| SHA256 | 7f44239d43ca9f5e1a193e961fc05550823b8b00183a1a004e361bca4d45b001 |
| SHA512 | 3a631fa19bddd8d5219eb8119aeb44aeabde0cae6694c1d4b75c73127c387b68e847ae3334365b3b2459ac60a6800e024c1f0e4cee18a4fec46e3e88f4e86c34 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
| MD5 | 45dc85f0078bfd046a3a57591c4156eb |
| SHA1 | e081abc775aff80d3dec7b259781ff40c374b4cf |
| SHA256 | d42f6bfbc8cef701f7f607e0f45f6fdb0547cef0e6230d58a7c09421c46549ae |
| SHA512 | e095b05b038b41e5b126a208af0bd82ddb956f9cd46624fef6fedbdb2767fa676642639dad62412dfdc26455ea9a3659a3079a784c44a77a53b9d33a091ae57d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\js\index-dir\the-real-index
| MD5 | 42cd7732fb453a8d4dbf59c8dcfc2bb7 |
| SHA1 | 8943c93b6a1eac4694c54006ddf5afc275e2a2ab |
| SHA256 | 7c800a6e26d2f51efb25ad94c3d1ec549c41a46736bc85ad7e7d9dec3e0f7c48 |
| SHA512 | 1a72e900d2c92fae6692a3afaa4940429b4720bb919a0e545ba02a5ebc66486fa0baa83d0aab183674bd688e58e6b1e8d67b6c154c86a9a7137678749b4b487d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences
| MD5 | 6d5c39a650e1afdae12778902fc28f14 |
| SHA1 | a15dcff940c8b82ab43803138e4825b082af4f6a |
| SHA256 | e0d210e5976cfe2bac9125575aba02e915a2b850979661a9488eb587c624a268 |
| SHA512 | d5a2cb1295d90e080fb3886ce60cac4874bc39dd8bf9bba53e0d59da5c29a4abd05a7bb1213c0910ac1efa960d92add36e93a62f9a9af41e78d19530f76bdf87 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9c12bf762b94205a467fd56ab50ebf7a |
| SHA1 | af52c04516e55f5de687ebde6ac812b95ff2404c |
| SHA256 | af3c3f3dcf8e9c649a8e815fa241708b09e1c48284e19aac778b64b1645ef00a |
| SHA512 | fd1b33f933fe7153facc06bfdba89138ec35696945ff8428b238bb854e18d5ba557d17b6ddedcf6c31b023eb9e72052fad8089cfe536280349a9976d3a5ee36b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\Network Persistent State
| MD5 | 697030b559dd6cc9644cceffa092317d |
| SHA1 | 1a67587973216c107312e00c79022e556af0eeb2 |
| SHA256 | 6ada436ebeb282065cf1ab9501b0c04e97e7e90aaaa49910088a5eee5747a922 |
| SHA512 | ad18c45517213741dbd0e4955c2232ee0fd9d28601f8e4d48b7321f7863f855451a7614f4121426a268a797b020f78950a9b98c2d443cff3eb3e32c437342526 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
| MD5 | 5c1483ac23e1b5c8d8af81b5e9e0e742 |
| SHA1 | fc7e47af89b03eb983a57d3b66512ce0c49873c7 |
| SHA256 | 509e6f68abc86dfd2931fb401803ea91e949549401da0fb66f4eb31093665784 |
| SHA512 | b1ba0863e55d24863d151244ca5e17f0c0351f1c059dd56032f8c9b4b5f613d5acccb1f638151cf9b3b5297296799e17d057765a4575f79a62074ddc6c0b40c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9badcc751a877af485279d53c106cc6c |
| SHA1 | 9ac350ecf2ef8ad5ec886f09e12d0c95a7c28d5f |
| SHA256 | 1512f1f71544cfcf7e31115b460711efe21bb058de9fb23cd20e41044e2f3b56 |
| SHA512 | cf5b1e89a26f7d59fdc8dfd7ad6d62788004c293f95d865a4a39586bffef30d765241241a7f36a68e5cbe76ae2d4bca8c4bfe80206a84d3e2d418cddef874ab4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity
| MD5 | da189850315ee2e8f23626e6ef169d25 |
| SHA1 | a450894201523dd5a0916fa45372be2bfdccd6e5 |
| SHA256 | ed97b01f789e5546e7f58cff22b737a04b356e9f29d2e17a18ea25d28464a39c |
| SHA512 | d72ddced21884d0d86bcf9c9d2642b05ee6dced1220f21566ca7589235707d744055449a3fa90c39eb752320483a7a811ff8b2366437e6a0b3e4362e26fa1960 |
C:\Users\Admin\AppData\Local\Discord\app.ico
| MD5 | 084f9bc0136f779f82bea88b5c38a358 |
| SHA1 | 64f210b7888e5474c3aabcb602d895d58929b451 |
| SHA256 | dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43 |
| SHA512 | 65bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb |
memory/1616-5857-0x000000000F030000-0x000000000F031000-memory.dmp
memory/1616-5856-0x000000000F030000-0x000000000F031000-memory.dmp
memory/1616-5855-0x000000000F030000-0x000000000F031000-memory.dmp
memory/1616-5883-0x000000000F030000-0x000000000F031000-memory.dmp
memory/1616-5882-0x000000000F030000-0x000000000F031000-memory.dmp
memory/1616-5881-0x000000000F030000-0x000000000F031000-memory.dmp
memory/1616-5880-0x000000000F030000-0x000000000F031000-memory.dmp
memory/1616-5879-0x000000000F030000-0x000000000F031000-memory.dmp
memory/1616-5878-0x000000000F030000-0x000000000F031000-memory.dmp
memory/1616-5877-0x000000000F030000-0x000000000F031000-memory.dmp
memory/4712-5889-0x0000000010830000-0x0000000010831000-memory.dmp
memory/4712-5888-0x0000000010830000-0x0000000010831000-memory.dmp
memory/4712-5893-0x0000000010830000-0x0000000010831000-memory.dmp
memory/4712-5902-0x0000000010830000-0x0000000010831000-memory.dmp
memory/4712-5901-0x0000000010830000-0x0000000010831000-memory.dmp
memory/4712-5900-0x0000000010830000-0x0000000010831000-memory.dmp
memory/4712-5899-0x0000000010830000-0x0000000010831000-memory.dmp
memory/4712-5898-0x0000000010830000-0x0000000010831000-memory.dmp
memory/4712-5897-0x0000000010830000-0x0000000010831000-memory.dmp
memory/4712-5896-0x0000000010830000-0x0000000010831000-memory.dmp
memory/4712-5895-0x0000000010830000-0x0000000010831000-memory.dmp
memory/4712-5894-0x0000000010830000-0x0000000010831000-memory.dmp
memory/4712-5892-0x0000000010830000-0x0000000010831000-memory.dmp
memory/4712-5891-0x0000000010830000-0x0000000010831000-memory.dmp
memory/4712-5890-0x0000000010830000-0x0000000010831000-memory.dmp
memory/4712-5887-0x0000000010830000-0x0000000010831000-memory.dmp
C:\Users\Admin\AppData\Roaming\discord\MediaFoundationWidevineCdm\x86\1.0.2512.1\_metadata\verified_contents.json
| MD5 | 63fd59fa0add028e500cdf294bb34159 |
| SHA1 | ac599d27abf1bf2c46155c50ea4aa77a8f3c172b |
| SHA256 | c6d75c54b38c882c4b8d904d8c818fcd91715c584720e4c2d27260190e06994d |
| SHA512 | d23ae1729982e84e4e39301d15e41e46771cc58072362bb3e931c64e5b5b20d7391127e49629f70169e8daea4fbc52f090508ba26abea0069b10f97e2f8c5dd9 |
C:\Users\Admin\AppData\Roaming\discord\MediaFoundationWidevineCdm\x86\1.0.2512.1\manifest.fingerprint
| MD5 | 868a4446a941658e98d1818d39dfc5b6 |
| SHA1 | 261582b02b9053a77185c49e0343956906aadef4 |
| SHA256 | 4611bd1a14d4a37a0c62686b18460dc50ac2b5f6b8a6408a17473e28320a2d50 |
| SHA512 | 15c075196cb1c7c04501cfdde94fbf80dcd381881fd14b26cde48f524648e6642baeaae3ed87f013d3e01650dedca83da99a74a65344d24b1cf2ff4b0638f914 |
C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping2488_1118122894\manifest.json
| MD5 | 96b854d7b26505b3a8027ef5095fae96 |
| SHA1 | d8a502671b5bb289dede8622d36cb1ce9b914291 |
| SHA256 | 4668f92272960dea1ed7627a579ddbb2245e905bbffb32e0ba995d2e555ff544 |
| SHA512 | b5ee716d7fabbeea2162dd7e8cf1273ee9ef3f47bc2f51ed30bdbf23809be0000e472f04fb313b5bf22e236ff3b6482c1e3a2505c54be08dce43b94adf42bc04 |
C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping2488_1118122894\Google.Widevine.CDM.dll
| MD5 | 03de6bb50fc3a491210b05f4e372b5f8 |
| SHA1 | ccb57a391a86e09595662cd34e2ce1c734aa4428 |
| SHA256 | 5271174e70abe59a386f9270b64f92b76ee42ee12dafa709842432d757b0a437 |
| SHA512 | 35bfac017b66a28d8e243c7ab3573e32259685550cd8f2c2b3d2c81ee7ff1dda60759a260bea90065634a3560ebbb81e6ec3c0ede9b4ab78a3f82b691f89575a |
C:\Users\Admin\AppData\Roaming\discord\component_crx_cache\neifaoindggfcjicffkgpmnlppeffabd_1.aa7a88cfc4e7ccd45b4cf3aec4e741da4c0cf6141574f4c31f9b5aac225978bc
| MD5 | 7bb4917013cdae84a77bd72ca8f18b36 |
| SHA1 | b68016d1491a974d6fc11e27591cb84ab4001693 |
| SHA256 | aa7a88cfc4e7ccd45b4cf3aec4e741da4c0cf6141574f4c31f9b5aac225978bc |
| SHA512 | 2c700e5769e3dc92efb788a253625db4c4df01132d08ae9a4f7dd4f3970ac7627e010a1f69b0a3a1d21477a5dafaf0bb1bca7d80e78eb5b28b46d5156d33c657 |
C:\Users\Admin\AppData\Roaming\discord\component_crx_cache\oimompecagnajdejgnnjijobebaeigek_1.2903aec9f77378fa19280af8ff89294fb9ce2caf8e0092c69e19973c0a9cc6fe
| MD5 | 5d9ad58399fbef9be94190d149c2f863 |
| SHA1 | 45f3674f0425d58d9ffc5d9001ff6754f357543c |
| SHA256 | 2903aec9f77378fa19280af8ff89294fb9ce2caf8e0092c69e19973c0a9cc6fe |
| SHA512 | 9a9532cce2de086d5934235d21d27b8a0863ae902a81151a728364aebe044faef5e5805d64efe68d67a5a5aaf408f74954d08f10c6a011dc9ea82c629339d3b0 |
C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping2488_1677434105\manifest.json
| MD5 | 0359d5b66d73a97ce5dc9f89ed84c458 |
| SHA1 | ce17e52eaac909dd63d16d93410de675d3e6ec0d |
| SHA256 | beeab2f8d3833839399dde15ce9085c17b304445577d21333e883d6db6d0b755 |
| SHA512 | 8fd94a098a4ab5c0fcd48c2cef2bb03328dd4d25c899bf5ed1ca561347d74a8aab8a214ba2d3180a86df72c52eb26987a44631d0ecd9edc84976c28d6c9dc16a |
C:\Users\Admin\AppData\Roaming\discord\491659c0-b297-47cf-93da-111e79adc9bc.tmp
| MD5 | 58127c59cb9e1da127904c341d15372b |
| SHA1 | 62445484661d8036ce9788baeaba31d204e9a5fc |
| SHA256 | be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de |
| SHA512 | 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a |
C:\Users\Admin\AppData\Roaming\discord\Local State
| MD5 | 890f9f3fcff99e026b7436f95619cd45 |
| SHA1 | d2de64ecea099363ccc3ccb9af51c00fa1296f1c |
| SHA256 | 2d739d27878ce851beaa7fee8f2f54fd8bf647d4002f1b6241f4f105954deddd |
| SHA512 | 3b17f7262e55734fb83f48f0bc1900f6206a04b0c3be0e60e1dbc732984ce2354426a90a10380b5b4a83274356f386a30e45cdaa0d41296b9e329ce8dbec1f68 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\js\index-dir\the-real-index
| MD5 | 0834c0f5e32fb68c72e37944de87cf23 |
| SHA1 | 991b5a2c367e674bef399832b93a0e910bacc587 |
| SHA256 | 218edf1ab8bc526b06c6580892766f6d33600cf547aae3759ac5c0ecafec374e |
| SHA512 | 8be8619da9c90542007b96a6cb16a29f9c3b24e7fc20221744711744a72ad6a817f54bfbe6405f5884eaeadd3cec4953909ca978a0eef5beaf3dec25b1e3d7e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
| MD5 | f47f3abea3458a9fec6ee4e496e2a2c3 |
| SHA1 | 60dd35afb82354720c9ab7dc007ddf49f9787472 |
| SHA256 | fe584257e4f6b70790ac00f65dc2cb724a93730cae74644fa9c7606a830166d4 |
| SHA512 | 42e8232642fd0f39e2ff880783f0187fd9654cc3a805ad21922dcbea0ae6bb5808a7127c0f2a60e9afb7281bdd63537e4459e05ba3dd4337597b819b6c8e00aa |
C:\Users\Admin\AppData\Local\Discord\download\ffe1ca1b5326153a1647e82be805c87cf0caf0a21ea4b87ef30374fc612fbb7c
| MD5 | c048e1158577dc09d01fc5db7e6a1d56 |
| SHA1 | ab67664f6f9686b32cf2063d858424480385d662 |
| SHA256 | ffe1ca1b5326153a1647e82be805c87cf0caf0a21ea4b87ef30374fc612fbb7c |
| SHA512 | e26fd580daac19950c513da0bd74972ba82af9319afa19abf7d192c709f84bc7c4e22efa775f04d8cb1209cce67dd99bf7f2cf759b8b75a94979af1eb51ebade |
C:\Users\Admin\AppData\Local\Discord\download\995585af791559893d29b9462ccc52d7e41678d0f03a7bda3cb81c75a51f1f7c
| MD5 | 22a6f90ce46de2429aad0c175a1e6d72 |
| SHA1 | 6742f204464e729a1fc4bbe447f8bb2ea6933303 |
| SHA256 | 995585af791559893d29b9462ccc52d7e41678d0f03a7bda3cb81c75a51f1f7c |
| SHA512 | ede3c6d3aed5bbac8c1a125debfc09e822465aa8e1f5f0b3e50f17287fb2909124ca0377771573890a63c21115eeb2a9c9b35ccacd0cf8f0dd7a18abf0b8f2c1 |
C:\Users\Admin\AppData\Local\Discord\download\7bfabc198efa2db829ac4388a164ac5925d6eb24061643d6d64c93a80f3b7b9a
| MD5 | 6ea8d761a7eedaeda91d5fb91acb75bd |
| SHA1 | ad486e8de4c0757408021463e44e33bbefb63f8d |
| SHA256 | 7bfabc198efa2db829ac4388a164ac5925d6eb24061643d6d64c93a80f3b7b9a |
| SHA512 | 78622e934b915f968906b9c9c7a560927086c568ef1a8c0b5aafb0c44981b7aed8f5e2e5904a4805a54974e74ae12d6dcdaef7e166d48d2f79b1b1218e9e42e1 |
C:\Users\Admin\AppData\Local\Discord\download\c5d20a611266d3b000d4aa6b7050be09a0398d7b3613012bbf2ce6a2d5ee24a4
| MD5 | 6101db32b65d382df90357ba7bfc9492 |
| SHA1 | cd61cb9546da7a2125eff74a245fcc495dbce84c |
| SHA256 | c5d20a611266d3b000d4aa6b7050be09a0398d7b3613012bbf2ce6a2d5ee24a4 |
| SHA512 | aef6020f0d320e8a3c56f978b6c3e3d3da572fe940227e2190ee515335a80c518189ab5d8ef373124b67bbc179f8e3df6c09ad11067fbae4266d948670678290 |
C:\Users\Admin\AppData\Local\Discord\download\3c9228576941a18242cb54cbb255b5f577d7998ab147d25c39bb93d21dbb739a
| MD5 | 2462752e0d08f97d1f7b62c728435d81 |
| SHA1 | 62ccc0bcbf1222530804edf4e8f1390880e83c8a |
| SHA256 | 3c9228576941a18242cb54cbb255b5f577d7998ab147d25c39bb93d21dbb739a |
| SHA512 | 2f8a0754f58070924bc70600ee4d4b16a342d219c8c54b2f8e3d93d561bb488e918d1dd8ebc281b42fd2c4e473e87676d59134974ed294e429c80e54c3105187 |
C:\Users\Admin\AppData\Local\Discord\packages\RELEASES
| MD5 | 627bf2613ff34c1714e15a1d6c191a8c |
| SHA1 | d7d91bfaf36f1ff178bbe70598cb7aa3868d07df |
| SHA256 | bd48aff278078a054ba12e8b3c96c51d60027d2fbdee1445c966af8babd9c5e2 |
| SHA512 | c78bc72f288f5f2efe740ad380e07ba638e12971fe2914eab75a16dd0fe2132c98bd69af3b7715f16df538d2c194a002b66b172fa223f446af51480f9324ea0c |
C:\Users\Admin\AppData\Roaming\discord\.win_arch_transition
| MD5 | b326b5062b2f0e69046810717534cb09 |
| SHA1 | 5ffe533b830f08a0326348a9160afafc8ada44db |
| SHA256 | b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b |
| SHA512 | 9120cd5faef07a08e971ff024a3fcbea1e3a6b44142a6d82ca28c6c42e4f852595bcf53d81d776f10541045abdb7c37950629415d0dc66c8d86c64a5606d32de |
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json
| MD5 | 75e8e2b2714245001ef3dbc999cc4823 |
| SHA1 | 0a400a7e746ac4c1f1bd07c9a33f1914d0a119b4 |
| SHA256 | aedf206e31c710361aa2a2d2cf781179a1e0fe73f169b13d868439416c163c09 |
| SHA512 | d16c45ed839e1d75f13aa40588d037b525dacac2d9b47cb65237b303a4a6d9a76ae74d00a47860d4d45be30f712fe0d92d6e315de2d817fa7b645a64544f28d3 |
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State
| MD5 | 8bf305d9ccb698c4790504708c4b6f31 |
| SHA1 | 272321786165a709aa92d98c995da42689df5522 |
| SHA256 | 4aa579df2097027b7c2ea282df9600b47a48ec5a4ef9815563f360887ff9d845 |
| SHA512 | 24c99284bc714a83735dd834a68839278e9fd4f41b71c3b4b1c7c0cf49aa9ba35cc97f6b68177c64b555b5259c0a891abe356f6068ac3da7bc8b0a01b1cb629b |
memory/6156-6944-0x00000293228B0000-0x00000293228B1000-memory.dmp
memory/6156-6943-0x00000293228B0000-0x00000293228B1000-memory.dmp
memory/6156-6942-0x00000293228B0000-0x00000293228B1000-memory.dmp
memory/6156-6941-0x00000293228B0000-0x00000293228B1000-memory.dmp
memory/6156-6940-0x00000293228B0000-0x00000293228B1000-memory.dmp
memory/6156-6939-0x00000293228B0000-0x00000293228B1000-memory.dmp
memory/6156-6934-0x00000293228B0000-0x00000293228B1000-memory.dmp
memory/6156-6932-0x00000293228B0000-0x00000293228B1000-memory.dmp
memory/6156-6933-0x00000293228B0000-0x00000293228B1000-memory.dmp
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping6764_1033960215\Google.Widevine.CDM.dll
| MD5 | 477c17b6448695110b4d227664aa3c48 |
| SHA1 | 949ff1136e0971a0176f6adea8adcc0dd6030f22 |
| SHA256 | cb190e7d1b002a3050705580dd51eba895a19eb09620bdd48d63085d5d88031e |
| SHA512 | 1e267b01a78be40e7a02612b331b1d9291da8e4330dea10bf786acbc69f25e0baece45fb3bafe1f4389f420ebaa62373e4f035a45e34eada6f72c7c61d2302ed |
C:\Users\Admin\AppData\Roaming\discord\MediaFoundationWidevineCdm\x64\1.0.2738.0\_metadata\verified_contents.json
| MD5 | 3e839ba4da1ffce29a543c5756a19bdf |
| SHA1 | d8d84ac06c3ba27ccef221c6f188042b741d2b91 |
| SHA256 | 43daa4139d3ed90f4b4635bd4d32346eb8e8528d0d5332052fcda8f7860db729 |
| SHA512 | 19b085a9cfec4d6f1b87cc6bbeeb6578f9cba014704d05c9114cfb0a33b2e7729ac67499048cb33823c884517cbbdc24aa0748a9bb65e9c67714e6116365f1ab |
C:\Users\Admin\AppData\Roaming\discord\MediaFoundationWidevineCdm\x64\1.0.2738.0\manifest.fingerprint
| MD5 | d30a5bbc00f7334eede0795d147b2e80 |
| SHA1 | 78f3a6995856854cad0c524884f74e182f9c3c57 |
| SHA256 | a08c1bc41de319392676c7389048d8b1c7424c4b74d2f6466bcf5732b8d86642 |
| SHA512 | dacf60e959c10a3499d55dc594454858343bf6a309f22d73bdee86b676d8d0ced10e86ac95ecd78e745e8805237121a25830301680bd12bfc7122a82a885ff4b |
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping6764_1033960215\manifest.json
| MD5 | bbc03e9c7c5944e62efc9c660b7bd2b6 |
| SHA1 | 83f161e3f49b64553709994b048d9f597cde3dc6 |
| SHA256 | 6cce5ad8d496bc5179fa84af8afc568eeba980d8a75058c6380b64fb42298c28 |
| SHA512 | fb80f091468a299b5209acc30edaf2001d081c22c3b30aad422cbe6fea7e5fe36a67a8e000d5dd03a30c60c30391c85fa31f3931e804c351ab0a71e9a978cc0f |
C:\Users\Admin\AppData\Roaming\discord\component_crx_cache\neifaoindggfcjicffkgpmnlppeffabd_1.c900ba9a2d8318263fd43782ee6fd5fb50bad78bf0eb2c972b5922c458af45ed
| MD5 | f265d47475ffd3884329d92deefae504 |
| SHA1 | 98c74386481f171b09cb9490281688392eefbfdd |
| SHA256 | c900ba9a2d8318263fd43782ee6fd5fb50bad78bf0eb2c972b5922c458af45ed |
| SHA512 | 4fd27594c459fb1cd94a857be10f7d1d6216dbf202cd43e8a3fa395a268c72fc5f5c456c9cb314f2220d766af741db469c8bb106acbed419149a44a3b87619f1 |
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping6764_432809062\LICENSE
| MD5 | f6719687bed7403612eaed0b191eb4a9 |
| SHA1 | dd03919750e45507743bd089a659e8efcefa7af1 |
| SHA256 | afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59 |
| SHA512 | dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56 |
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping6764_432809062\manifest.json
| MD5 | 2648d437c53db54b3ebd00e64852687e |
| SHA1 | 66cfe157f4c8e17bfda15325abfef40ec6d49608 |
| SHA256 | 68a3d7cb10f3001f40bc583b7fff0183895a61d3bd1b7a1c34e602df6f0f8806 |
| SHA512 | 86d5c3129bec156b17b8ebd5dec5a6258e10cb426b84dd3e4af85c9c2cd7ebf4faea01fd10dd906a18ea1042394c3f41a835eae2d83dc8146dfe4b6d71147828 |
C:\Users\Admin\AppData\Roaming\discord\component_crx_cache\oimompecagnajdejgnnjijobebaeigek_1.d9a253514b6a010dfc1916c55246797e5773f13844ea3ec2d25078e845fef760
| MD5 | 17c227679ab0ed29eae2192843b1802f |
| SHA1 | cc78820a5be29fd58da8ef97f756b5331db3c13e |
| SHA256 | d9a253514b6a010dfc1916c55246797e5773f13844ea3ec2d25078e845fef760 |
| SHA512 | 7e33288afd65948a5752323441c42fcc437d7c12d1eaf7a9b6ae1995784d0771e15637f23cc6bc958e40ea870414543d67a27b4c20331fde93d5b6dc6a59cbaf |
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json
| MD5 | a45a8d831d831c05b24a14635b5eaf3c |
| SHA1 | 2f0edc1854180a89fe27c5e6135adc4df59ba15b |
| SHA256 | 4cd94e7c4c6d7029b1d30e2206b63b0b4b021be6deda318e242da427ef8cb882 |
| SHA512 | 1c56c199f2bb641bb6e0595101193e9b38cc7034eb82583ddd0de87652adacf46d8daf31455a7c9f6969538f752fdbab51c02a7dec583372ff0472fbe2834e60 |
C:\Users\Admin\AppData\Local\Discord\installer.db
| MD5 | b37d19e0fdb00e20ce159975ff58acc6 |
| SHA1 | aa68fff65be216199e51c5d9a57d8206a246074d |
| SHA256 | 758f6b9c9edcd255bbc21de45a6ef0921aa615d05e646e69e415998c0e4c74e9 |
| SHA512 | 46fc3e1a74fd19d12c26915249bdee70875ec7b843857bc6c795dcfdae8d17d997884420554aa655b18f25420e2a3cc30b97173109dc1389442b61acf07a206e |
C:\Users\Admin\AppData\Roaming\discord\Preferences
| MD5 | 0ad2f05d2d86345ed4fb0ef922f8ee1c |
| SHA1 | 7bb733b0401789acedbd87bf1e20a7640f989ca1 |
| SHA256 | de389ba8aef4274827511372985ce5fd3702e5d2bf4945e4a7a9184a11dcfc3f |
| SHA512 | 2478813c6ae427c522b0c01b63dc2b981aadb1458cf6de767b83cb275ceb72f1df91fb292bf876d438156e3c53fc002d534310683dcf12da92516e5057141736 |
C:\Users\Admin\AppData\Local\Discord\download\73af21b0816e5e1daa879a0a11c558d8b934b87adf96e125fc41f9f32a990b54
| MD5 | 385b21c17b4424183a262529f0479047 |
| SHA1 | 8cb552604109502258b84cbaa0467a95ccb4f54b |
| SHA256 | 73af21b0816e5e1daa879a0a11c558d8b934b87adf96e125fc41f9f32a990b54 |
| SHA512 | cfef7fc2cbe0eb176b0dc3f21699f492b0c7f761e8831f2cae35db0e374bf78dc7d1430cbb2343253a9c26737197212223df3816ab111177037df23d9031ee1b |
C:\Users\Admin\AppData\Roaming\discord\Local State
| MD5 | b906b571db761e3b62cd766237b139eb |
| SHA1 | 848f3e15efb881a10c69e95c785c131d191e7732 |
| SHA256 | 1b8d702239781b64f9a5ae42942e974f15b4b9af6d522db334b8309b31313042 |
| SHA512 | 89f289585fe13e879af1bf61c13ce1abf35655ca6a8fc912591fa487706f1f3bb1e56f23a8d9d8ebd8aec9b03c67cde5db796dfc91dfa7ed0a3bd74c0c5e99f4 |
C:\Users\Admin\AppData\Roaming\discord\sentry\scope_v3.json
| MD5 | 335cfd93226dc0ea76fadefe30107458 |
| SHA1 | 2721ca8213be9cfaba6606f25d54d90e6ede9b54 |
| SHA256 | 06924d220826f4fb32028b404f8d480a61a674705d76ddbd59c87f579fa51526 |
| SHA512 | 8fd62d7deebf7b3c64ed311d8cfa2104230b888e626fa2af43cf505a039e90f79d60153382881ca31bd92c1c713c9a05bdd0a4caa18420b19fe1c9c17a0d46fd |
C:\Users\Admin\AppData\Local\Discord\download\7b8ed591d272c850af59428d0fbcd5b1e2e033d1cbd668c99c50fc2fc765cbcd
| MD5 | 029101c04187ac9d50f0326cee7d3f05 |
| SHA1 | a8bd247efb263b3449aeeba25ca0d29f0190a291 |
| SHA256 | 7b8ed591d272c850af59428d0fbcd5b1e2e033d1cbd668c99c50fc2fc765cbcd |
| SHA512 | 68ea4ca3dd8c93eb6aebbfe4787e056595520c3b30d6681075c55d379120f8aa8e9234fc3ced41f6159f0cae3068904de324f91e01b87c7bef12f0fc9b0f8301 |
C:\Users\Admin\AppData\Local\Discord\download\c4dc673f63ffcf1f5f67d485f534bafd02f252adf5b0a784288e357e61f79f4c
| MD5 | 6f8d54d5693f1ef2337abbaa96a318f1 |
| SHA1 | ef8c6d72bc31e34c8c64512f2dfdc49f3f24770d |
| SHA256 | c4dc673f63ffcf1f5f67d485f534bafd02f252adf5b0a784288e357e61f79f4c |
| SHA512 | 0fb7cb5e86f188bbc4923a3bf126b5ad06d1d6a29d198a2eb30ca86fa392435ec11e1e7889d232817ac2940b170ba8b797e85f7044d9b56945fda67d47a37966 |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | d0d48732bf510faa68710f22153dc1ec |
| SHA1 | f17027a81a27f2a6ba3fb7faef48b26653563bbb |
| SHA256 | d9b7b5b9e4a87a8c74eea1097b2fcc5d0c22eb381c18ffcb6c0b91aa46e53509 |
| SHA512 | 7c3622101b962185972b35c4be6efdf0a77e1c885637f3720161a3d6c70c3ccdbfa16096c114a66a7f79fb6e59ef8e5c2cae6d0ae0741484c5e394bc259decca |
C:\Users\Admin\AppData\Local\Discord\download\60822bfae4f1b0489d624fd12b69f15fec2b4e5d5087c5fe885b36bb3efaf1ab
| MD5 | 7a200a07c3822638a5a6fb53c4ede1ed |
| SHA1 | bcfe8e09f8368cb2bf56990665627d54da1ecc03 |
| SHA256 | 60822bfae4f1b0489d624fd12b69f15fec2b4e5d5087c5fe885b36bb3efaf1ab |
| SHA512 | a26b1db7b7b17258ea7d6ccbe5563080b6172aa2696f6f341d9ff5b6f8d78ff60c620d20cb31c1935836c24f94f1f34ac3b427b62566525a2bd2376b9120431b |
C:\Users\Admin\AppData\Local\Discord\download\f52e83e5aac4c71bbc6f27bf19df85dc17960155500f3497b14c9b4f9e177580
| MD5 | 13786fba662fa9fff4ee94c35d8bd0ae |
| SHA1 | 98a830e52e9d3acc8b2c54e30402d70b205fd43a |
| SHA256 | f52e83e5aac4c71bbc6f27bf19df85dc17960155500f3497b14c9b4f9e177580 |
| SHA512 | cdcde736ece78ab26ec72c44569ddf70200a4a2254bdc357f4ede0d9830ea4f757f0728ca69080ad8ee32cf938be033830baf226d8bb38f93808f57d1058bf7a |
C:\Users\Admin\AppData\Local\Discord\download\ea968ff9512cb6b20905687d4ffc0173f26735c6904eb03de0fdafde30f573a9
| MD5 | ed44a93671ab824cbf983613300f3c3a |
| SHA1 | 43c6debbade134b532386cc89508ef4bb8bf823a |
| SHA256 | ea968ff9512cb6b20905687d4ffc0173f26735c6904eb03de0fdafde30f573a9 |
| SHA512 | ac2ee91c4941df959dbe1b0887b98c36ad96b33c798854c4a36422b7574abe40b23d1dbc8c3760855e09e0a20751163835d60484de09e8537750a67c534b630f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dc6fc5e708279a3310fe55d9c44743d |
| SHA1 | a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2 |
| SHA256 | a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8 |
| SHA512 | 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b626493997f3f9a6fc385ac7e586a3df |
| SHA1 | 3d63bb6fc82b7b56cb2d330f64f97cc95e31580d |
| SHA256 | 6c49e41c1e160d9e5f4438522a9571140adc81ab2ac20a7cd33597fae4dba3ad |
| SHA512 | 775edf55158f484f9ac6b9dfb0ee9b862fdc28915ab3e70ea9cde18dddf9081b384c908bf56e5ee4392258be5ff2d630dd8cd603b2191b92c61100b433238101 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 3d6549bf2f38372c054eafb93fa358a9 |
| SHA1 | e7a50f91c7ec5d5d896b55fa964f57ee47e11a1b |
| SHA256 | 8e401b056dc1eb48d44a01407ceb54372bbc44797d3259069ce96a96dfd8c104 |
| SHA512 | 4bde638a4111b0d056464ce4fd45861208d1669c117e2632768acd620fcd924ab6384b3133e4baf7d537872166eb50ca48899b3909d9dbf2a111a7713322fad4 |
C:\Users\Admin\AppData\Roaming\discord\Cache\Cache_Data\f_00001c
| MD5 | 71d3e9dc2bcb8e91225ba9fab588c8f2 |
| SHA1 | d7e38ee4c245f64b78eb18e6ecd7b9f53b3254a8 |
| SHA256 | ae99aaede2f373187a4fe442a2cb0ab9c2945efbab01cf33e01be517c0c4f813 |
| SHA512 | deda05ebd575d413aa2277876991ecc2ea238907390753485ba1b487ede2f432363c46daad5f3f240eaaf8d3258150829a3ae3d2d9c420ea59567cfd440361a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c9c4c494f8fba32d95ba2125f00586a3 |
| SHA1 | 8a600205528aef7953144f1cf6f7a5115e3611de |
| SHA256 | a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b |
| SHA512 | 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 473bedd5af2b4dd3486f79ed24e5a3e1 |
| SHA1 | b17864276f3a17f6f106fdfa89c1b24cd6a49eba |
| SHA256 | 8854c26bcfb9b58331a7b078c9621973dc81364e03701350e8b276c8043ffbb2 |
| SHA512 | 8096af1aa5d46b638d6116b1351004d5c3efa84922fafbd5d645ef3cb2ca6fca88853f5493829e004ca63e1604c8e0676d8d444a484d9bb22e6f4c19167432d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f2d5cff5c09793fe46ecf444e1e40898 |
| SHA1 | c7364b59057bf5d69f2d7cf02dcd7a469556dd2b |
| SHA256 | bb6105e9bc73a4bff2f65f05f741efb07c287c8eb385b8301f88312e455b56d8 |
| SHA512 | 66e63cb3f5bbd5759d4fdeeae0c2b49402ec24bf57a335d2e69a80974afcc8c3b18cf642d99d5b443a54425749039de7bc3d13170f17cfea152c48e9d6eae466 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 00412acb08f14f6d90845cd042ee6b3d |
| SHA1 | 30e0363151decd6f922d5704de4db1c345459d1b |
| SHA256 | 264b7e09d4fbf1dac3375ccdcee8197f6f5d905dd5d10a15c3d3d325e017fbad |
| SHA512 | 715005dd41c4c24507e88555cf0e16f5c96a3d128e3a86fcfb270d7d752083b1b397a6aa09be2cdb9f17b042f3aa2890b2c04ca62e19ca502248fe29ffa5ed9b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2b888d7f7f574da0a851404e2c3c3117 |
| SHA1 | 4592249f049f5aed045c8acf6770e91b24278d3c |
| SHA256 | 6d914d1ddb4c5788216f5787efb5e94a9a3928e2953829857108ba0892021170 |
| SHA512 | 1367659f249b3112ec96b2fba99219da9b3d3a5630fda59266108ee86029871774aa4f6a25d5c23c4190fc3825a5679bfaa6c69660756acafc6508850b7a837f |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | 1adf1e22e2e1e0f7f5946e2036ce46fe |
| SHA1 | fdd22c002daf7f0f6d73a001843938c2ef5e46ef |
| SHA256 | 22d80a21c0b5ad4b01681a62dc812a0eb360006d16199ef13299bc12f336883a |
| SHA512 | 6c76373324db47e1511ca3f0ee39bcd059db788864f11b27a53f17f3f6a3b438480255155d926252ba76e87d830805a8cdcc2431a4f52168f49bac833b12a2ae |
C:\Users\Admin\AppData\Roaming\discord\Code Cache\js\index-dir\the-real-index
| MD5 | 9620938660dd84d574b2950635693e6d |
| SHA1 | 4074cad46f25590af3f0e56158b824c635615a8f |
| SHA256 | a2a468b1fa690d701da4c8dcc9cf4bb99c2516aeb88636d1dd5db90155d60a53 |
| SHA512 | deaef096ef16bd9bdbea9967489924c4536a35748f48cc2d0076a7db2665279b0ad1470df5ec36415bafe449f69fdf7297b4c176a2582b50a7b505ca87cb2dbd |
C:\Users\Admin\AppData\Local\Discord\download\d727b2d25835d2ce6ceca28f115285ce6a735214eff8ed7e51c3778f562aacb1
| MD5 | 7d545fd2a4912ca0fd1416c65e7a4f30 |
| SHA1 | 3f41946d434382ce9e0cc5ae01e394f1b2b7c728 |
| SHA256 | d727b2d25835d2ce6ceca28f115285ce6a735214eff8ed7e51c3778f562aacb1 |
| SHA512 | b3a88561fbb17998488b116cc1cfcd1a21fa5fe29a829bd1cccb5fb8c8160c08f50661c9b03a9710c0974049b5de5fce257efea98857d3391e16cb1110005d59 |
C:\Users\Admin\AppData\Roaming\discord\Cache\Cache_Data\f_00001f
| MD5 | 3b0d96ed8113994f3d139088726cfecd |
| SHA1 | 1311abcea5f1922c31ea021c4b681b94aee18b23 |
| SHA256 | 313818d6b177a70fbe715a5142d6221ac1a1851eff5a9f6df505670ddcd73074 |
| SHA512 | 3d78c250029069e1850b1e302a6d8a5154f6e7bc5cd58f449b8824ccf418e80dba2d5569a9cff72f51ccc9de140dc91148f93ec4717f4a880e2ba94898fbdb24 |
C:\Users\Admin\AppData\Local\Discord\download\d47d579edd1705dd598cb51212d54ee2bc386a7428035a85d751ae2625a9f7d5
| MD5 | 1d9f78ad1fb7e64d83af78abe2130a64 |
| SHA1 | 6d81cee657a96a430eafec273ffd49f4dfab25b7 |
| SHA256 | d47d579edd1705dd598cb51212d54ee2bc386a7428035a85d751ae2625a9f7d5 |
| SHA512 | f8c2fa99bfcac54511d9d1072d2d8e0b7638da63a170b4d04211c8c4247168b29bcad6b0e5067f2a46dba871f14aa6a103089b1e37053ed624f67fe75159992c |
memory/6200-7716-0x0000019264F90000-0x0000019264FB2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_oi3mxxpd.r3m.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Discord\download\602a31a6abd6b11d0a3b7eec4705276ee765df43731e16338bb7fee7165bb4b1
| MD5 | 5a2aa7e8c26bd67bb50c44428c1fdd73 |
| SHA1 | a669e97876935e3793ae48e583ab3f4bb9503ac6 |
| SHA256 | 602a31a6abd6b11d0a3b7eec4705276ee765df43731e16338bb7fee7165bb4b1 |
| SHA512 | 531a8542520698a31d65f5dce5a6b2bef3a939f9af891b19acb20af7585fb0955798d13fea411aa7b23948685cbf4eb3ccedc46b208cbfec7658fe9596039fca |
memory/3988-7792-0x00000248EB370000-0x00000248EB3B4000-memory.dmp
memory/6616-7793-0x000001CFEB640000-0x000001CFEB6B6000-memory.dmp
memory/4812-7802-0x00000212EFE10000-0x00000212EFE34000-memory.dmp
memory/1048-7801-0x000002217A890000-0x000002217A8BA000-memory.dmp
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | 6230c928eb50b16b76edeb3eed1b95e6 |
| SHA1 | 2a01f99d3c6cf560db44448fab2ee02d33c605e7 |
| SHA256 | 8f6cb6d2a5f25b438019ef411a7a73c6e148ffbbf8cde7817077759c3304b5fd |
| SHA512 | 060e0ff8a4dcdb7c4a439fd47ebc1318ec91392a2863327de01a03b075c50ddfab81950ef914a265ef4c5947fdc8c451930ea29b82749d77a44bdb68e9a7bb5c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
| MD5 | 81a06520d02a9b16a113b2076599dd69 |
| SHA1 | e540095926069df91b4adf60e97255244297f8a0 |
| SHA256 | 46ee50be5af64f9a5c9c21d65642f02d5fbabdda444c595be30820a212cc07b2 |
| SHA512 | 1b0c0b83e5e553a0cd993289f485055e329ba67b8654bb23d26fbce8838e7b782d3727dc2eaa69e7c66f4cf101b573f3e1e1bf94c09a06a5d3eafdc19b6eb4be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Cache\Cache_Data\f_000073
| MD5 | c4133173e7880983fab8babbccd7b123 |
| SHA1 | 59f8327bd9d74b8d1fe7b9febe2e03694caf497c |
| SHA256 | d270187bce8766a459b8eab16519f718afdb014bde0a59d7b62ba9de9f9d1956 |
| SHA512 | 95031550c2c5ec9031a898c9e5733981224ccdc198dc28305f2176e3189433d41852e738068914797f77cda60c462476b90b46ad0911b03020d2dc709d29a6da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Cache\Cache_Data\f_000074
| MD5 | 387ed93f42803b1ec6697e3b57fbcef0 |
| SHA1 | 2ea8a5bfbf99144bd0ebaebe60ac35406a8b613e |
| SHA256 | 982aac952e2c938bd55550d0409ece5f4430d38f370161d8318678fa25316587 |
| SHA512 | 7c90f69a53e49bad03c4cefd9868b4c4ba145e5738218e8c445ff6ae5347153e3a2f2b918cbe184b0366afd53b984634d2894fea6f31a4603e58ccb6bfa5c625 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Cache\Cache_Data\f_000075
| MD5 | 291256b7c907159efc75c23698ce47e5 |
| SHA1 | 5d8095567b508c463c4838bd8f8fa503913143b0 |
| SHA256 | 809c72a63189cdb1420504cf8e7965ff26557cfd3e75071b74a58624a5093c87 |
| SHA512 | 713aaca5e838e6f1efed642af2c50c4d62704064c397b3b1680c66a254ed843f62e5b5616c5ce34c80f8824e55f4b3bcf4a40b40d8b1ca2a638362406c50e305 |
C:\Users\Admin\AppData\Roaming\discord\Code Cache\js\index-dir\the-real-index
| MD5 | fdc5579b9ce72fc304de9c40c1d45666 |
| SHA1 | 45de5d46f90f4c4665b63868a60d84c46b1491fc |
| SHA256 | 97299f7c9d1daecadd1d7368fe345a2ca3e584622d13a4fe3cf04aba730e6a14 |
| SHA512 | 99e1780f53216b6bbb70d2b672ad5859ef2495f372f20849fc2711beb030ce4ca7925032d61a2190018bac0c45a6f12fa191479a4a91a2c64bb17cd577460326 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity
| MD5 | 54e75dc5f46bff34ae5ace7c3a92c405 |
| SHA1 | 4b0437034c91fc43215e7bf3dc12decb65609d60 |
| SHA256 | 0b0aa5584f93a1d018d3c2cc1f7b1e6d4a3321eeff980c60b77b09f248e774b8 |
| SHA512 | f3f03f92f2857d6cc7f1652d3923f5bc5dc008c4c7626cedacd0eb4475bed9c1b0abe9c6e8292fdeaacac4bfd921ff57760bf993b6a3517e919acfa1b7d2c1eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\js\index-dir\the-real-index
| MD5 | b91742c63610a0d39611e7ef1403afd9 |
| SHA1 | 6caa6fc13d21975c942a7a47f0720766c7732f1d |
| SHA256 | af17c9f4cd4ea0fa10f86dfc0882bfb7b42b71fbb44e711f05601d237bff2122 |
| SHA512 | 3af26bba6509f365baa36caf815ab8886dce6e0facd6bb44e75ed559d8650f399e43fb73002f6d0a2653fea3e843a4c8c0d9ecc9968d442a45c6769bfc4d822b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0f3a3b14f438df934205b080bbc2040e |
| SHA1 | dc0fa74b55f2faa56a30ae31b4d2df4acff5f83d |
| SHA256 | 1162630ff6cda7427e9e21cddd99b169c59deb47c5462f443c9b49ec799f62c1 |
| SHA512 | 1cf8ea1653fac2894ce235921c03358f1820105bbfce9aae10aa7b20001f99b5696cc0ed440f4f2045f7e82b57ad3c5116f7d38dc245fbb0a27e5b394a37f179 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\Network Persistent State
| MD5 | 72ead1f0b033828ac3e10bc3bf311368 |
| SHA1 | 11190153546a27569b8b2af6bb167bfcb2cf9d98 |
| SHA256 | 5e43b2af88e9ad253cdacdcf7d0706a05423d93eb8e63636411a6b3568c6d619 |
| SHA512 | 0b0b4bbcb0d1ce4336693f961dc32294e98813a1a5888659800b28c1cac3ec4615897e6e0495c982e42a43e47675fa0d6f985650ee0dc5ee00f01db3c7d9d420 |
C:\Users\Admin\AppData\Roaming\discord\Local State
| MD5 | f42b988e59853cef4269f058969b280e |
| SHA1 | 1598f5c12b56d1e4f2a0d0771ac637c8122e107a |
| SHA256 | 1b928197bb277549ab6e237c22e7129ae71f3abc6123df11eeb185e344f995d8 |
| SHA512 | f1ee3586cc7c25162e3387aa5d2db59cf44391710841496f9b5b024af23272ec9ed02f7c1ef03076737ed1505886d4a58373b386926f1af22bc3abae0de88137 |
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State
| MD5 | 45603f4cbfa6174e617c0352c39ee7ad |
| SHA1 | 0eda96b45b5631d2666164dc47dd210bc5115253 |
| SHA256 | fdeef3d4f947de93ba7ad29690cb4782d5e4c793b14973ee6681f2b3a6ee829c |
| SHA512 | 1f7cb20fc4f5bff3d7c4614427325463bf5a8ee52836a718a9ca1c330059ee7f96168af04d6049b1aea1f8d7782df1e03c246fbaaea08981ac9432c2cbe7cf2c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3db536a7b742dd53a2590aa04381a18f |
| SHA1 | 41f27a51b842fe638ab4708193b0bcaa1e02b34c |
| SHA256 | a84817272f11c6057fd0a240329e8239d3a4f1a10610a4c0c76add54c9b17386 |
| SHA512 | d9cc5184a3a5318a49ad980cb67a015beb566f8accbfc4e80ad2d8c009f5c96817ba8e38434751e58f84090d211638c2479a29beb52c443e324ab87075da8b30 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
| MD5 | c2287955dddb30eda441bddf8af61b36 |
| SHA1 | 7a60a4f78bdba775601cfd6a7536869d756544de |
| SHA256 | c39448645ab1a8c8f3aa4d1d1afafbbf468dceb0a6b661fbc7eb6b81a2d8713a |
| SHA512 | e3da35dc76099ce7f91daafc21aeea2a2e84cdaff4032ce7581ad1a034a072889a14dd2f73da63855a102924b4cb0e1fa1f5976221923864bfebfea42dc9bf1d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\Network Persistent State
| MD5 | 7c76698afba381cb1c1bd5d1cb80a420 |
| SHA1 | 7fa3d0af07e788a2f9d46e696ab0bbef403b826f |
| SHA256 | ccab0c16c6941ddb57e1eb11cbc3fb4d649a32e07c8b3ca3c54167ad754a6838 |
| SHA512 | e714e1d6cdba6f7fc6907c484ed9a4511eadb4f00b4bd90e52bab467d399123871b017d7e34ece7b83a623dfec2b64e77e2cf8b5074a32f5fc7aa8224436996f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity
| MD5 | 34ae62a242d7775f1ba0fbb661294669 |
| SHA1 | cd05917c838836d892915a3339c2953d1501d82a |
| SHA256 | 23d98709b25eca5f0ba97dd7fb11d1eb6b650bc311d04d502490f52a09493ee9 |
| SHA512 | 29ef96cac3d38424491cde11eba1deb6fcd856c39f0994e4a4e22c549b295b24e1bc2d4a374ceead3c29c9e21954d8fb77cf2be9cfae9e6a6e8e471e48ed08d1 |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | 5b2b4d4d21b97b8439316b669ffb403d |
| SHA1 | 46c2ebb0d74ab910d863e77da99059b33e9e6cbf |
| SHA256 | b6b9ed0e4ec8fc25cbadd5f6efbebd65b85e33c2b39ecf18aa3f230d71da1752 |
| SHA512 | 709cdb2cf9418b41534563c5a002671abbcb482aee2d2b8942b3b0b7fe7899789a8282c89c4b40d67fad8b94c9f06d37c4716e884ad4a52fe279dd34215e32ed |
C:\Users\Admin\AppData\Roaming\discord\Code Cache\js\index-dir\temp-index
| MD5 | 1f04d646c56b07a626fd4658b7f900b8 |
| SHA1 | 89a94519622cdf286c0ecb110781606b24dba7cb |
| SHA256 | 94b77a1a7d4cf84675f8345053df43fad691d41b4ab8ded7cdd5d00960f96c99 |
| SHA512 | 47c3e21151ec28fb7def4cf33b4da15d3c5c69a7ada1d38fcc194fe27f3c02c466133a7e27d360a0017b07e9004b960427f6efb6de7c061ce7f351b97bf1af51 |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | 84710c38b5e56751bd993e1ec5c859b7 |
| SHA1 | 67854553763062238463e9425934fd9fa662b822 |
| SHA256 | a09920f0b7cdc508b202583100f3f42d014f89563767d956f68a37ca45c9f601 |
| SHA512 | f2d435f00b1a1c4e044fa801276f71b908a1d1755cd7fc3b36dbb07c65dc7a1a42d281d97b6d8e15c5ffac7242a8a4c082d8dd772362dc6e1f59b0742fa64466 |
C:\Users\Admin\AppData\Local\D3DSCache\93e7f05821b87c7e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | def8e2bad89ab5365a8b165ad135d0fb |
| SHA1 | c76436fa0274553bc98612ef861c901d01ff0b9c |
| SHA256 | 70cddc94629dcddde3b071dc0e917c18bd44f7bb30f8489f1198d7c6fa67e85b |
| SHA512 | ba53101d836cc776069f092dc809ad1e4b6c530e61ce0491f0527d321f609be80a9da45e4cce73e42e57a1f0b20499cc2e5029a45f673a3628cf1d87fca2c008 |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | 0770aaf2191174fce622803c9b7d7bbb |
| SHA1 | acd3143284512d04e402bc0b16a5ea2101b259df |
| SHA256 | 61121d8f8be5c601519d96968210981d0afa0b0707694870e99200c89ed9af52 |
| SHA512 | 6f5b22d9a2c71428cf64413a3c8c5f627fe2128cfaf1f84ee202b6487a960f86dfd959fd2e1b9551da8c34f42a6b62c6a0940690f2f003841a081ea2bf306b2b |
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State
| MD5 | 85b89c8ee90b97effccda39e2ba8cc58 |
| SHA1 | dc21221283a04ecca403e4afcfa7250d3bc8217e |
| SHA256 | 4d5111a229700d5eed54bb015ff82dc919e2525d51d39919fc4a2c09b9a41656 |
| SHA512 | bd7935b37ff51ca556d822838daad7364ae20fa6bf76185fea2db0ed3a38dbc95ae702a9ded4efd07c95bc332cf921c79aab83dd34894fe559402ba0515a0597 |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | 12ee415107267bec329b9b8e6dc596a3 |
| SHA1 | 1c125eca318ce403b5e6f807e0d42108df429588 |
| SHA256 | 6aa0ea20555d3a7f395f864856c9608ac921bb58d2082cbc6869cbe614bb5dc0 |
| SHA512 | 330cbff981d3e99c52ca87f5f3d6d9ec154dd6acf518700b964867814cf40a76a7fdad74693eb6c397411ceb2b4c9faf8cf0dfa81faf5b6e60c6a4155b103d0d |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | 47a3013c65d9e36c7d53446e1f132dde |
| SHA1 | d95122acd6d2ce981c25e411095b86ffba22bc8d |
| SHA256 | a73da903e55c679121005f342e5286c6ea434d2d094de1968efb5e40ac799254 |
| SHA512 | afe95159486f3365d0dbbc4c403f7db5cd835ff62b3388f683d556f530b60c46670941dd0c6de0e26fe805311ea5869d6659e33f872d487143925d3f34a5ecb1 |
C:\Users\Admin\AppData\Roaming\discord\tray-unread.png
| MD5 | 501fc444768f499ecfaf5befe1b090ae |
| SHA1 | 8c63e33140492b2b64a6512ccf6d4f0cfd379435 |
| SHA256 | ec242dec681372df01ce1eb96aecf9a1638f8e7a067966f45ab83bc8acdcaab7 |
| SHA512 | a63256aa5cdc3b2d3829afabcc44699ef40703c6cb8a014b5820fe050b04a1f09169edb9852bc54f72f047419651a163ca5886acb7270081c31de05bcf67dcec |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\modules\discord_dispatch-1\discord_dispatch\dispatch.log
| MD5 | 81b33a0b34aec16ece3b1fbb7b49f124 |
| SHA1 | fc7e0380fed687ca4c2b39a2bb1c274ca13510ca |
| SHA256 | c2a61ac6134ec38f445cae0b54ab4da3d00d9bbb4f4efaf596d70952b748d8fe |
| SHA512 | 3239f5b83b37a75fb3d2dbdb4f26b176e89c719cb34e94255d0d00c5bfc3ec5d59a731800c875f76af706bc804674f734a6ad4cfbd1b7a08d9ee482c14fe3274 |
C:\Users\Admin\AppData\Roaming\discord\tray.png
| MD5 | 08e3872ede2967f3ccf2c4a3eee511c9 |
| SHA1 | aa604f49406d8617c03e306a889931813f4b479c |
| SHA256 | a44bbb3d84b73c628714f3ff805e94fd524943963c1740d4b59b53f422ffbea8 |
| SHA512 | fc0e14c8ada9ef43421a7e69d98887c06e01e1ed9f117902c06b4609ede02709de40de08b5f3f583a29fff45a80fa075e51680d2960088d13e4c236c379b9585 |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | 568814fed873a13716fbe99f60704edc |
| SHA1 | ecb63b1219253430ef03dddda5d4eefeec1c3fc7 |
| SHA256 | 3f09dd27e6abb56ad37dff35d956ae7025aa694d39aebde73e829ddf82b7022f |
| SHA512 | 62f5171e3e31de6ac28117100a8c97010599119fa481a142b06df5866da5b9468707a90e48abb7cce268e4267dedeba13cd39635b5dc7a2a9d71e0b6b030139c |
C:\Users\Admin\AppData\Roaming\discord\Code Cache\js\index-dir\the-real-index
| MD5 | d2d651436b02e95b97547b8df03e5bb6 |
| SHA1 | 0fc206969a236388ab4ea49a146c06baed7706c2 |
| SHA256 | 70c0b7e3f5d118456ebc1322c7960b2ee44b4a880f10e6458610bb8fad2d0038 |
| SHA512 | d79b9e49730e3b516dfe06e61b9137935eae4f92591d1a2b777d8f85ab65d369e17a805f51b7dda08cadf9a3f7147031ffe6af160f204749a9ab48ba97295e2b |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | c2fe2a9745a6deedab18a2a5a440e2e5 |
| SHA1 | 5d67da8e3de2812d240d9dd7cfccabfec829668a |
| SHA256 | f4c023e8fef40f352911e49dd3bf9490014fda07c7f309bf896d8b844a141665 |
| SHA512 | 18dd5cbd48014e16edc148c3967a7eba3617482d29c0faffcc0a891334aeff0434ead778b7d3ef21c2718e9cf9b3c408bc244cf76bd8c8faab49469ba7a6c7c9 |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | f85d62f6c5ccf4bdc8b6613bc44bcdb9 |
| SHA1 | da3d4f60a3206e002ae1c57cc2535dbff6585479 |
| SHA256 | 51e6c7e9216b50c7120732dd8c9fcc7e69b817eb1be8a28a09771415ed069401 |
| SHA512 | 912fef0da5d32c4d09b4f42c6ff4546ea739f6e24e78b7eab5455e5638d383a31df5bddd0ba45b45898015c88d8cd31131efb906107d153de01584a5a04ac317 |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | 28e7b3005041c80415c79d3fbe2490d7 |
| SHA1 | 6c393093a03879a2d2c9d8afee2d026c5c1b9469 |
| SHA256 | 9c964bc97f933263bd359346768bb34123f01dbcb77e7a16af4d4effa176ae7b |
| SHA512 | 1ba474de95b707519beaf9a54d0dff56e2f8178422ce1723a84abd3055195f701e60cb6ea1fa54d0f6ec44b715b17aef19119ed70d5957c6df7a762cd3671e29 |
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State
| MD5 | 1798d4906fe64415e8bb77a4711cf865 |
| SHA1 | 249d54f4637fc1b68057cff00106526373888208 |
| SHA256 | 9cbf0f70c736c1755e0002a32ecdc9e83e08c46f3bc9d7bea16f297b1765078e |
| SHA512 | 6866dd067acddbd017d601faffc87b5941e1f4a93ba755b97a62931a88bba88a3f86a3662e2e6a389dde5991fbd886df23ceb3216f2a27c10d85fab84966deb0 |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | 1c4474d896fed1a19ca92ce1f27b3730 |
| SHA1 | 19f40bdd99641ff9022fd256260e707515f16fdc |
| SHA256 | 43e79a108008180c4c370cb92743694c2da438bde1213f48525fea6d0c221f9d |
| SHA512 | bb34ba0e1136c0ba206c314d74cd9cfce0c5ceab9493bcea6b0d2d2e919095499ede5e84c444cdf59f7dd2fc8941540a24ecd7601c443a4bb5cc56b55c6db470 |
C:\Program Files\Google\Chrome\Application\SetupMetrics\5c4c62bf-3dba-483e-a3d8-ec4c2b52ca76.tmp
| MD5 | d7bdecbddac6262e516e22a4d6f24f0b |
| SHA1 | 1a633ee43641fa78fbe959d13fa18654fd4a90be |
| SHA256 | db3be7c6d81b2387c39b32d15c096173022cccee1015571dd3e09f2a69b508a9 |
| SHA512 | 1e72db18de776fe264db3052ce9a842c9766a720a9119fc6605f795c36d4c7bf8f77680c5564f36e591368ccd354104a7412f267c4157f04c4926bce51aeeaa1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
| MD5 | 3ccfeccdee2534524c37d1c00c8f36e6 |
| SHA1 | dbf462b92f4a57b617efdb826975fc3110cfa5bf |
| SHA256 | 5f5433876e5ac2499b7c5cccb43c4eb695980a9bc001cd9b9b83c9479ba45c53 |
| SHA512 | 27258df9b134e19f4dc8b4e2b9093b2b3a1c94ff06eaab22aa7b22bff2230da67bce19631cac4e749459bce8ca4fe704dcbb07976295ee742b4ecbe2e6fcc952 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e7ce7de746e8b590fae94e84cf9a4c52 |
| SHA1 | cb97028392b9ad68272cded3000d588a69bfbc2e |
| SHA256 | 2b9d980baa71c8b13399f76ac56da923a181e21a32a1e540d543ebd8d933d6f0 |
| SHA512 | a8e6491de636a6e4e5a111fe3cf0b92dbb908a81d574be45fe083e50cc6df0b1dcd93ecfdd241eb57d9e2f31ba16ae77ff0c97e96a068da7ef922a5eb74844f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity
| MD5 | da92f0bdb22f3982767282515c62ab3a |
| SHA1 | ad58cb09178099a361a06dc1fc641c7a535affcf |
| SHA256 | b20234e213f2e2eebda72ba0a64d64463a372c91ad606862c1b595e52b3c591a |
| SHA512 | ee26c6a23901ab485ad1571474f200d68f5e1e5f37f627a1447314458d9ee6af67da54c314f397573fe6d79879061da5d9f780cbca6ece46247e32cc92cf6a4d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Cache\Cache_Data\f_000083
| MD5 | 7626aade5004330bfb65f1e1f790df0c |
| SHA1 | 97dca3e04f19cfe55b010c13f10a81ffe8b8374b |
| SHA256 | cdeaef4fa58a99edcdd3c26ced28e6d512704d3a326a03a61d072d3a287fd60e |
| SHA512 | f7b1b34430546788a7451e723a78186c4738b3906cb2bca2a6ae94b1a70f9f863b2bfa7947cc897dfb88b6a3fe98030aa58101f5f656812ff10837e7585e3f74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
| MD5 | 527027105f135b0ede6d89c30609c52f |
| SHA1 | 70134a1780bf606df787ce563f719d7666a0ca84 |
| SHA256 | a58447957cc260f39f3f1f4d21ee9c1b4396a0cb781e7be3674dc31edbcf6194 |
| SHA512 | 7ac986d71ee822312d55ab6428aac81a7de149829eb37778d3dcf0b1b68fd72135ef304b5a5bace92e681e3132f5e3a642c5fa104697de6b76882361c7677e98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | bce7c5cd945275bc02002e79f4dc937b |
| SHA1 | 3a8aeb2166cbb589395a2f30d15dc647bcc057f6 |
| SHA256 | efd43034be397d381949433fc326ceb390c80dbc6b183b909ebc6583f28b4da5 |
| SHA512 | cfb30d77ea0fbd2a781d4c05bb7204887701a27e0b8cc92d9e0566db6bc2ee16c3d92408389e7ad774f3d7cbfeb6b0f32f9b90257a42207775b71df7f4412fb4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity
| MD5 | 4ee55eb948d817b38dd38b65d35e2dac |
| SHA1 | acde8421b36b91b528f9d6798b38726fe5d58c68 |
| SHA256 | 9b100d380e00b5026fdff3e6735261c4fb379a6da87971fddea1ed5d0319122e |
| SHA512 | 574fec53b1dc0200695bb64a43577b756e78d2ba057a00c2eeda8fa308af4169c72efa4a86362373d769902f7e8647b827ac3caa682445c788f6e54a82509031 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\js\index-dir\the-real-index
| MD5 | 46e5715169d99bf3aceb78b083e93be6 |
| SHA1 | a02da310dff5f2b2fa3afd5a7680e496fa2c88d7 |
| SHA256 | 4337a4dee213f0ab821de2d2042cb7ded37cbd03dedbfe5f07b3d6f2cea12df0 |
| SHA512 | 9d5f6ca4c611c030af3b18ed817c926f6d32aae366432d37f252f3e596f5dd7f761638bfd7cb8f3d73a6e78b1fc7a6f01b1e434a381cfe9cdc423b043ae0da4e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
| MD5 | b4508f542b40ab73ae16a9db1e254065 |
| SHA1 | 8f7874f9cf3dd5556346f0f4130a9bdb89c24df4 |
| SHA256 | 08d5c0e91b573944d2842a5f60003946a01fc6b8e40ef087e3923030aa69bf65 |
| SHA512 | 158ad6e41818f13cd57d1fe62c505276030871070feccbab06cf720dc703e7af177161fc8f96a2f2575215cb13b35e2217d4974f62775c2071030f06075b38b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 91bdb58975cf30ee9862b98b8f94e851 |
| SHA1 | de50d311a8e649e2fd57639624268654a945e226 |
| SHA256 | c8d2e58aca6ba797d20f716602afd82cebff20622f8239f8d81fbcf729fdb49e |
| SHA512 | 3d993ff6b2f94d1af18b318637035eb4ec8036be14f5d148f9ba8277f10fbe2431d325526ccb206f9506a11fcdf152f7b03d2b88a208c7ca3b397144236712b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c8ff26ce27eb91c82745a1b2cc12be13 |
| SHA1 | 19c93151ff3012fd652bae115d82949ab948e702 |
| SHA256 | 89c0bdf7f1741a22bae60ddac09f1b9e9b156551de8999413942673ed5f92824 |
| SHA512 | 3ab815435a31d9f91261d53627a368c143f048f389651914bb0ae59bdaf4ee08441cf63edbc957a07df329a37794f4753dfa9d29c9b1f9a260579b3b1ad7988e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\Network Persistent State
| MD5 | adc18bad8fe63a07a5936d4836511625 |
| SHA1 | 4fdb9a969e8ecef00dd573a1dbc57cd1d664f762 |
| SHA256 | 8c039416e710d7ab8d538447458859e8280af2fbe43eb7208e84970bdd257d46 |
| SHA512 | 5cfb19ec3246253fb929db41ab94e796a0fba871980ade48c2a82a579b161b1c66017403ba25b9ca5418688a1b47db55bfc06832a062b1ba9cc14d60a33bb3be |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | 3816e1517aeb00522d656937a9fed954 |
| SHA1 | 256f587f26d080a036f96b725f4da17ba2e6cabd |
| SHA256 | 6160813b90a20392eb1b1cae7ec71042f90ff7ec0e7413ab70edc153487e26a3 |
| SHA512 | eae2dd26b3acf5eddf9cf8ef73d0e2156a682200bab8feab160342e0a3fd412ce5e858af222176c392b264916166cff5e2decce4acb0adf016c83ea025ec41c2 |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | 1000f200e94648f7bb6ea459c95fb08b |
| SHA1 | 614f5edc08ef1312d47f36f1b2916fda63315b32 |
| SHA256 | 975179e334dcc8e916df3196e323c4000eea243889660b3bb39577eaf56e36a5 |
| SHA512 | b3e696148d40805db42505105d2edaacb3270d812ad52ef5b299411df96c7f8e3d0811c4b6c2f0ea05dffca47372fbe5e01d8c43ff21840ab8df0d43df8675c4 |
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State
| MD5 | e0ab933153888b1ff4889027c865dbf4 |
| SHA1 | 9edeeac73ea20a1a15b1236a33c45f053d803382 |
| SHA256 | 202971b6c94a5c09f529b27dc8d88b8ba939cc0d5b2cbdc2406bce50947f5141 |
| SHA512 | 538b73ff7923af35b756c31839ba2ba09d3f87bca2de982af60edad8f7e5970e75ddf0ba1dc7250bc80e247f94ba301a2f474faeba2b65e18d0ad57efb994cbb |
C:\Users\Admin\AppData\Local\Temp\nst5402.tmp\System.dll
| MD5 | b361682fa5e6a1906e754cfa08aa8d90 |
| SHA1 | c6701aee0c866565de1b7c1f81fd88da56b395d3 |
| SHA256 | b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04 |
| SHA512 | 2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9 |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | bd18986fa5e973d204931b9fbd8546d9 |
| SHA1 | 8936aaa1896c5a53434dec66139abcda1159beb4 |
| SHA256 | b6ab80c71f32664bde59ca34ce980f965ac1f0e29ad36329df09637c4fd4a376 |
| SHA512 | d6393e20f07a27c770163f563417ee117c41c9a8cc6cc91732b9f119739c06ca21b3b26dce31c298c35001c4e291b83f5d252b7e75ce70547dbd842d473288d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | b10e4b89549e7d0ad58bf6e8f4f7f83f |
| SHA1 | 9fe3dde41a969c694f3e7c8cf6dea1f1570dbc9c |
| SHA256 | 82c022975c6c225dff66b921078511cf3640cdcc3fbc528bf4fa07e5eebdf377 |
| SHA512 | 20aa7021a811b77f2e13261e26125056a11d5a02377a02c252e39f5618cb32efb64e7218b8fcdbfb90185aa732e7c5bd644a28852926ad5f922e5e9dab633bc3 |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | 008729bed4b81618bc2640cf4cb69de4 |
| SHA1 | 723368cd4e03cf94289ea388eb98e8b11bfb4b6d |
| SHA256 | 9e946137854342fc51e62b67813a6aaa8eb8789bb83d2bebb66c3d78f5e53ace |
| SHA512 | 3c6a205e99e51c69111f43ab53ce781a18960c4741635188ce87b4226121320be6079d7662ad544b3833f1b71c30a82573d0604161a721ae545c292c4e17e311 |
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State
| MD5 | 832f045eb479143ad73ad45f6341b0a8 |
| SHA1 | c252e08d577d82df5a099b8d9f762d8affb950ce |
| SHA256 | af2f330e747410b7d73ee3ecd4a54c7ea0cbbe81bdf966754d8df91dffdb1d36 |
| SHA512 | e8c6b091b6a8a4c0d4053f63f50b578f97d20e77f46d7fed5658bddad3e3f74ce989a6e0c98efe0868c1edb6da72a1cafe0645c6f983f19e41865f6d139826fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f437769d68dc26ec3faddd74483f7bc3 |
| SHA1 | eb2534c5ccf360fe696cff0b734f174454014a4b |
| SHA256 | 0e551aa9297cb6eca8f90676d68e7fd8c85f7da0ddba6ae6fffa9a9e156b1f8e |
| SHA512 | afb818d1a9d6cc6d5e7665349f9622e0961a460b1da5e7f880e43ca3f4f9f0c73354ec67f4eb25eaa5de754839f438aca7f6c3e5b60742803aec3ecced17b51b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
| MD5 | 877146b0ffc68620bb99e93eccaa3774 |
| SHA1 | 695f3023f12135196f8a2f4cfbb7f4b7396c9088 |
| SHA256 | 4f3428a7b5b9cf3f54d169c666024275695cba94dac97de031369ff7c40d395d |
| SHA512 | 33cfd8a052fe6a65010d48d7b87ec5f747a22dc7b720b9bf2f43835c74dbdd90d19265bf22fa8af5aeee9ee906c6d7a7422a499e7461024177b8cf7bb6e92f7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity
| MD5 | cd565ac1204eb84c8d154a18fb8fe0ea |
| SHA1 | b66b814b98564a80e51b1f747b60651c9d7ab168 |
| SHA256 | 97353a355f6f5b145e8e4712db184afe0200698bb2cd8a50c2c2f86c2990d882 |
| SHA512 | fbce165b0ab4e37eaabb563a83c06735acb67864ce4a0f96e0dbfbbd3bcc976af601f08a585b2f20640242e2ceaea94571f1b5866d1e552130295c26e2a8fab6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Cache\Cache_Data\f_000086
| MD5 | 0ed8278b11742681d994e5f5b44b8d3d |
| SHA1 | 28711624d01da8dbd0aa4aad8629d5b0f703441e |
| SHA256 | 354730711c3ca9845bf98ec5dfb58a16e50984f9edcf0e8f432742326334f8a2 |
| SHA512 | d296ab1f1b418b125f09598ca6645d984a1cf67092a914956b8879d285ee35521b408363b47da195de79086e3be3ed9b1709bc8f9cd2e32d5dccb720a010bc8c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\WebStorage\1\CacheStorage\index.txt
| MD5 | 901b698b3b8ebdc7acd1e2d7d9fc36a0 |
| SHA1 | df6fe169795fe05a630a2615a2248ce42489303f |
| SHA256 | 8f9dca2ef32a81a246fe21f0ab311e52ca770f2647fc8278b31b2aa571b4db9f |
| SHA512 | ece370a877dff9607a3ad2cfb6c418cb1dc8455ff724c80e1e83e8e71548af0c7b083a2362ca6fd4f39fd5d83e2e634a10acb1cf3b07b54c44c247eb573af047 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\WebStorage\1\CacheStorage\index.txt~RFe6e6fd1.TMP
| MD5 | eaf859934ac0c1f1b0e2ea7459c176f2 |
| SHA1 | c801361a645fb29d0e4ebc38399a615e99eab55a |
| SHA256 | 10a0bbe5adc9de9d7979fadfa2d9ba467c306a5665ca3995dd06fa6e0df4cb11 |
| SHA512 | f3f0dc47c8449b0d91985eef0deb69860883c71cb8fb0f77b8d459aeb10aa6ee0ccacccbbe9cdb23a2b23cf0ebce4ac9ca78930e762024bf6fa63ae6d4d1a65d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
| MD5 | 8f7733bbd890a17deb9cb0c496e37b65 |
| SHA1 | 58e01068d25eab88de99144b309949a51ddb0729 |
| SHA256 | 30d43ad4529489c757d9e29ec2d262bdcc08af03338d6d89522f96f9971469d5 |
| SHA512 | c7f5553889cd9f4a0886618de248badfd584609e22f32d127386768cfe0f4034b5a5c9f49c146117a045aaf1bf7ddf77e3c09a096652bbdc8b5a215a89f1051c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity
| MD5 | 0adba547e1ab8248bd67d516990d2db6 |
| SHA1 | 1f74eaec82bcaf0ff17ecd653c8d6e16988e96e6 |
| SHA256 | 1aad1f210b6a16e1e359b8664e3ea271bc01148b9b5549650f0d60a20406774c |
| SHA512 | 7cd5311f81b47d65a092a8741c0f0a8016162a18670d39fa859a3d01d1e7fcf477a99aadb2b8dc81a535d871a26200665b5b2a2bc32628f0fb8ccf2cca3e822a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
| MD5 | 34b453d9fcba41af2bf5a04c49f14e7a |
| SHA1 | 9f72fbab699e89324f331b7cedab6cb2e71bf853 |
| SHA256 | 0d4f94877ba0e8d40637c71d3cb531c60c0c5df89e9e9b5659b5354fcc671ac6 |
| SHA512 | 018f4bcc0b7d8f78e0b1ed0c25605161bf1ff8090de035e44f598014b4fd408c041b7bb6d93de468bff25099977b9925366308ae430f067e120444e358c0db83 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity
| MD5 | 59ffde7f8a30ae8455eaa01e2737b80f |
| SHA1 | 8aa505d1a06508f69095f636ff2739efab467b31 |
| SHA256 | b0943768871670fd5c9d612c791501509dd9a6a74890920fc291ac0bf5d7cc2a |
| SHA512 | a1546dfcb8ba368ca3199bf97dbfc3c76a0d9521008bddcc51400b7df63f213f82304c3e245da7c1fdd85fbb9068ae5e7596d44cc5b87d6d2616ed55b298584a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
| MD5 | 9b1c6a0feb95c3cbab00265f79ca9a28 |
| SHA1 | 401b3de54b4fdf71ce12476648e966217ba19b48 |
| SHA256 | d0779963b6f19fd78020034d36de4591f9329ba91be5590345ffef3f907d09ec |
| SHA512 | 3eeb613d9d9562956c0fd4a6a8757e9f610c1b7ac34b4cb5c9bfdb1862ccea70f7126ce9ee2c6805bb72ded9b62b8a7431c50215e80e387059a62cdc2b6b278b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\js\index-dir\temp-index
| MD5 | cc3509884604013d9071f4da78f2a62b |
| SHA1 | 15e9ef4c1bb070743af5ed51dd9d9056e0edd157 |
| SHA256 | c681ebd49c96ea0354287587c975b0d4648e61e85b25647156ccafafd4563678 |
| SHA512 | 2e58a6ae502bba5c80097454ccb0f8541e950a5fd7d5781c222a667d4ca626b2e274a2e7ab694ed510b4511858c7f1312df07aa226fa5b3116828d0fd0eb4035 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\WebStorage\1\IndexedDB\indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\TransportSecurity
| MD5 | 1de3ed45ec0a459422c93ffe80bf1ef8 |
| SHA1 | e7415b1068819dac2653d30eda22e3420a959442 |
| SHA256 | 9a79cc9dc8a0a1f793170ca8a902a87541d69512d367709d8e69d1d416d903e0 |
| SHA512 | 892610ca46bebaab5be009c87a8971fd4002b33ebcd2339159a20c1c24712bf227c789d7fd538945a4a3278b32b8240ed2601d9170a33a576a17676cf9784e02 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
| MD5 | c959bf0aa43e80ef91186c506b167a80 |
| SHA1 | 163c4124730738250f1de9c0fb2239191fd2e178 |
| SHA256 | abcbfe93e1169bafe96e5c4d1605ee19eb1b2e414c97ad7274de4b5f13a4de4a |
| SHA512 | 88be980e5cf4a25d17053357f66f7a9aa3e07d100d3e1d402558d049ea2fd43e24a14619e3b7ae77f6c7a87d4b266f50d95bd6051845bc39bde356e2cd89dd28 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 156ea708e3ab31034ccb2a784711dd48 |
| SHA1 | b853c5ee8dc725d4f6ca758a729447b54f09daa2 |
| SHA256 | 9cc7a6e55a4b4e905cc453e05060663f5ece2e58b0a1157bf80d67b800a115fd |
| SHA512 | 42dc9ad76a0bdea01e914e3d934284743f3d41a4672b346f1968235b6474e17f3b567b7ebbf3fc18be56d5ab3ef7fcbba3ec14ad4541d63649eb45e1724f40d6 |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | 826fd522cf3af1587a1f6d75a853cbe4 |
| SHA1 | c7097108e8e06c0e1a25fb52731f5b3e9e90748e |
| SHA256 | 59c8ea288968f32f95bfd804fc6b5e310122d9750cf654fabda972442e3d5ae2 |
| SHA512 | 550c9382c70229e89c33ec928c2865aa42c5d5297041086069bf2d2efed9b425a060b029468c323e7902ac317898df73e80ef663268a300e3dbece183d6024d6 |
C:\Program Files\chrome_Unpacker_BeginUnzipping6052_541726167\LICENSE
| MD5 | ee002cb9e51bb8dfa89640a406a1090a |
| SHA1 | 49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2 |
| SHA256 | 3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b |
| SHA512 | d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c |
C:\Program Files\chrome_Unpacker_BeginUnzipping6052_541726167\manifest.json
| MD5 | 045ac93715ddf76f3e860f41895f91fe |
| SHA1 | 84c3ae55ba4ec5ab3be1ecd452dce7ea5cd328fa |
| SHA256 | 50d601311612a7930ee878c622970a8e71975f292b5a07ef14d9b211c16c344a |
| SHA512 | 7c622cf6004be50bd748c9b3bc495775f0a4a092f4a8fdb272d28ec7118091769276007c3d657daae6e139d68c108feb9dfd31ba0a1e1710139911bcc009e1fc |
C:\Program Files\chrome_Unpacker_BeginUnzipping6052_541726167\crl-set
| MD5 | 6c801e92a4347fa679bc196a96485984 |
| SHA1 | 76cc3341e34dbb305fcdb5a0fb1afeaadbb69974 |
| SHA256 | f2c302124f566f3dc5bb9a7e5b445af4fc6cc61684e39bb36e09b615643c636b |
| SHA512 | e1e4d0aad3e0c3317686517f2c2e96c844110517ab3dffa928aa75916f3d807379a031e223b9a954fe2e8139133b1873aec79944874659f1ccccb9a5227cbeae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a769d5bd00aca5be51d19f144040e5ab |
| SHA1 | 88f7ead92bc3bd163260177d639f9a1c0991b6fa |
| SHA256 | f756277c482f98e78f5b4d76f3595b0703e5b58c05a4929ab1519a78b9e1947d |
| SHA512 | 2c25dfa07bf85bd72a60f54c3baee956859882f2a32af7aad35266bbb8442f64d71ebe2aba4e287164abc3fcf9f04d148aad3d5d22d9b9c200e7d76111ce84fe |
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State
| MD5 | 01a185dd39ea71d1d823c465a5e4e78e |
| SHA1 | 69dcbf2a19d9db4b2e35424caee7ded616fac790 |
| SHA256 | a41fc499db9561d4bd67f6a1e80df870e0de13977b7406c8a7b155a581d7bc16 |
| SHA512 | 40757aed2f644d7156c83d695927306631e889be98c2a890e98acdae9fa881e581e59b36ede0023a4aaa9e76043246a3dae471bd78591cedb41e275af2b22317 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
| MD5 | 95ec8c0b130cc5417b23864251b004f2 |
| SHA1 | 24765555b0579add588ee86dcdf9eaf5520ac649 |
| SHA256 | ffe60a6a8c49aac4e3479b85577b27c3a33c95147607e1695b0e66e72c084c9a |
| SHA512 | d1362906093ba58f5436e3fd3e741dc2594924d586325841190181c3c689c627982632a06aa9f81209b0e27aa0f728bc35c6fde226b8c6922c4fe841e0ee90da |
C:\Users\Admin\AppData\Local\Programs\recroom-launcher\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsg14A8.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\Network Persistent State
| MD5 | 7b0121ce60a7a92ba7ea39878b7d1d06 |
| SHA1 | 4c3b8d0aa8c4336459b3490fc8e998e62e56a05e |
| SHA256 | 37a691464675186f9a4d044ad866d7d766141aec9d5495be77dbb9d58e2b1c6e |
| SHA512 | c6961e21ee1aece012b5f2e5cf582fcbbde98e3703fb5f4f3e69a0bffcde40b18723f5ee98b8cacfd2d40c2cfc8ddfdc00b45a756913a921dba93aadcec32921 |
C:\Users\Admin\AppData\Local\Temp\nsg14A8.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\nsg14A8.tmp\nsProcess.dll
| MD5 | f0438a894f3a7e01a4aae8d1b5dd0289 |
| SHA1 | b058e3fcfb7b550041da16bf10d8837024c38bf6 |
| SHA256 | 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11 |
| SHA512 | f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
| MD5 | 1de31ba3d08ee68f4743c1a3bd4f5bb1 |
| SHA1 | 62357e2aa88bad1133247a38877356b971a651f6 |
| SHA256 | 46f3ba50045ee0d7638e4b9d923a9234cc1ed974d7f580c2fad32fe9ed474ab7 |
| SHA512 | 206922ec4d40fe6c185161db030e286657cb2710bbcb5a131c8f773a46b9bde36f7356d671fe9258c370e819d9a276be94726f5a1de9a711fbf360f33ea42427 |
C:\Users\Admin\AppData\Roaming\recroom-launcher\log.log
| MD5 | d6d9612fb053933824dd4d33674aa95d |
| SHA1 | 77ee01b4316f9706c6840da97e5472b5a55ade04 |
| SHA256 | b0a2e6e646c85ff65cf9b34a0221b230ef236031a0aa4868e0b2d0fb306651f2 |
| SHA512 | 52d97fed8498fe42a7031b8fc3ca973b1fe83d37785cfd553f98eb24d98013c369d7dd60478cf3cb38fc71806f2bd0e8ca4c69b925cf84af56015d52cdc59606 |
C:\Users\Admin\AppData\Roaming\recroom-launcher\app_logs\app.log
| MD5 | bd173bb4de053fa9c6aa20c05ee61a52 |
| SHA1 | 33ac9650e57c98bfd37f8406e2b3350328ee11a3 |
| SHA256 | b52352d3680681c93b916007689bb363256486e0299ade37f8a4298baf0f6635 |
| SHA512 | 1a78efe6698a955f1ee74757e95e134b039ad2f06ebd887ddbb09f2c1a6072d55392ede259f986d03c6ea2f1427bd7e80a90a4fb949c72b96ca431fa74ff91e9 |
C:\Users\Admin\AppData\Local\Programs\recroom-launcher\settings
| MD5 | 45455e3329e64fc2fad870d554be9787 |
| SHA1 | f3e626e9c0565b7540136816831348ee83e88d3f |
| SHA256 | 8cb05f0ce433a8bcd61e03974016c91bcecbb2b0165f3d3ddcf18a1d50058f85 |
| SHA512 | 22462686af1099f08b4c6ce0af3284a5e28eb2a8b1de9c77934a3dd6befc7adb49c3b76de8bc7b2ddf2cbc3c22a6f46ab2a83555b95d86e707ce2053737302aa |
C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Apps\Rec Room\app_data.json
| MD5 | 410a849c515c8313430216ce45ff7828 |
| SHA1 | 2bd2ffdd4b4a2b17ad22b00fd281347fc5ce7dc7 |
| SHA256 | df3a64e68a490c2c94cb9306172782d81c7068ba5541b0c9cff258153b22f7e5 |
| SHA512 | 15ebaf6650825f3637a37744e6a546e395f6d95595bf6e2c2b0ba44b7166ce1fbebd45240e7b95b2d1065c548a3b7bd46629b7dc21124a000435db8c2a86cc10 |
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State
| MD5 | 26f406cde833ced6faa09bdb4b3bea18 |
| SHA1 | fb86b000bd7126e0adec6270ce88448daba62d61 |
| SHA256 | c7b05a97d199ad93b70332d82d0288e6b4566822f85e384754f297f560232cf2 |
| SHA512 | 0b3ee0659b96cc288d0c8aad2271d8dd4b33f3e0ae0ed7dce45cfa55f930e5e3d81b86d2acf624701b6a3c267c52db030fa65828ae7b88c943e1d61bc5fcff37 |
C:\Users\Admin\AppData\Roaming\recroom-launcher\Network Persistent State
| MD5 | d2dd509625e692c95fe3be48233f732a |
| SHA1 | 36b67ac439faac59791b493cdb458f67d52ab45e |
| SHA256 | 41c84e9ebddb6362e9b835c966ba7438fe44f1b8518c55eb5d2b65233ee8c8f7 |
| SHA512 | deebfbe095d9bfd4fe78b3f16cc040c67eaf207fe9efebf1d0477104295c80c827ef42be374be727ffc9b87256b464a31866ddcb7296b4841a657e42435a6388 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
| MD5 | 7de367be95f2c5b3128a730546e72a18 |
| SHA1 | 34e7c9849490bb3d0bf8da35d413396c3dcca64d |
| SHA256 | 91a8cdb6a3e332b96d84e064aa4d97651a4200aeac42ae88d7bacec83a2bb257 |
| SHA512 | 792e89d8b9cb1cda819b13cadacc01b5e6ff8f6b4c0ab86d4e2357e149d0f0cfd4b36aa528d83cea5b7a82326dc59b6906cb8c199b31d057e03dc648981488b9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
| MD5 | 5b8662bfcb2b41f5cd01e42d93c5cd53 |
| SHA1 | 73b1b0239a68276f467cc83da1d0d2ef194cc766 |
| SHA256 | 966b0242c7e8e226e0b5b2b46c501801c03eca973ac0a86274652a0b2ddbd1de |
| SHA512 | 5b58e8bd98390628680c5436a72997bf01565cc6467d2a0d22f14a8ecd43abe86bf0c13b451a05f293933aabe6ab366de4e6f75e7ddf5e5e6481326814598303 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
| MD5 | 5b5eb8fb05126c3d0f7ea7c41205500c |
| SHA1 | e0e1e84bb567ed25507e6c4d64b22942de55e8eb |
| SHA256 | 781c9cb32dd043fd5eb66c9d8f7ce8c7779edd4a615ec899e5e5d8cd7de60d0a |
| SHA512 | 38def19f0318f1d776724a81173d375cb2a89a9547f375a14d37155a54851b9406090b38eed048ca7e12e9e0556ad5034a04f70c6e33bc311e3caf0f4aa0268a |
C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Apps\Rec Room\RecRoom_Data\sharedassets0.assets.resS
| MD5 | b827a57657a5d35139dbb14ad97aade7 |
| SHA1 | ef4850d3446165b2eb9409dff8b21c650722d8b8 |
| SHA256 | 458c20ecd7a3d08336692bc68148f6d2580a7a597e12a65c70f263821027d742 |
| SHA512 | 2f5ff07bac051976c9b9b057144394fc74eb94058e3b4bc55f3d38c840bb208a2a2289637bbcd0e84f734ed382f03c6313379b4a3d4034717efb20a6eb3efa66 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 72af77dbf2625f9e775f24809013cd3d |
| SHA1 | 7fac99d1c18ce88cdf9983d4e1ed9a05955b7365 |
| SHA256 | 6172e8dcb483dea58d0bee84c330f5a2fde3c792ea82365b093a9a488b29adc2 |
| SHA512 | bc17e0031adfe704c334c3e2a03d8c421420850cde7417894b356ae53eeca1f6c0ca964810d0232e85ae0ae1404ce6fd0377421b0a94f32694077da62a8167d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\shared_proto_db\000003.log
| MD5 | da9f5428ac10907be3ccc84336931d6d |
| SHA1 | b824e0efd6d0dc68a55e0c6e08d924cbdcf125d9 |
| SHA256 | e6cceb7e2207730acd96035edaeff865d493065d00d3265a4222488e506785da |
| SHA512 | 909aa91c08f2ea305b7d205b8dcd1e913e5e75b2fd5b4e4a0fbaaf5410cd6c4222fe96be6075b64083e7d1d4fdb9a3d7d88e84fa63cfa4e2697ffe666097baf8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 02d4cdde733edf2e68c1a1b27ffd3f76 |
| SHA1 | 5d15c2920c7272ee1672f3ee80bafe17046f4b6c |
| SHA256 | ea5ed7840943980d6eb0bd57468728f6c3147f4fbcf30a8f7fff5874320de9b8 |
| SHA512 | 77e5732661b53e28c93387ea7e8ed614d8567e8491ace8158b103f99fa52eb25cf04b2264288126a3315d67ec35bdf8f3c83f33367e1a175b5e630221c6897ea |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | 605127d976fa40046ccdb8107332ed34 |
| SHA1 | 516cd63673ec3fe1351f40d65c47a432f6aba1cc |
| SHA256 | aa7962f485c61033ce2f6e8af4bffcfb08548e4f90c672d8dfbdd74fa601477a |
| SHA512 | 942cfdcda47501e12caf254c04a7ec7deed305fc358944c659c37e0d6a7afb09c5fd00e90f33cba40525a43d4aee77eb3ea798b862109ef3197be60c34d072d9 |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | 94ad503df3658e6d94bb056afc734593 |
| SHA1 | d41110004a2d10d6993bb40270e38a1d7cbda66c |
| SHA256 | 41ff62525a36335b8dbf933fe07f4ed8499ac726c8625dd96035f0f74cce84b9 |
| SHA512 | 5c791b9acd1f3c0c3073456edcc75be520efcc3e6dca35e50df0ae1ad3e0c479ac513c77c43d1cb22af0427abc546ed832371cd0396a107dfa272a91e3bc2b98 |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | 8c9a09781ecc406d2861afdd92a3aac1 |
| SHA1 | 8ffcd11f7c29090168443b28a70e008d96ccd1de |
| SHA256 | 9bb891b2814feccf1ec7310d42702a894714bfc448dd55fdfd4a5150fa3aedf6 |
| SHA512 | 0a2609fe118100626bf0ce424e23d2eb31818996a6189a80f7453f99637f786114bb8eac05a3a47850d0c5e2c3ee1c8b5265dee961184e07a47f823f4b4f26a8 |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | de3e6bd10e13e44b34d29c1a34312c31 |
| SHA1 | 669235c2b77c17ffa7e2d838989300c84f3b9e81 |
| SHA256 | 480d2b919435b1abe258117c5e7e705f40f3beb011ea695e3e9e9e1c27b11ea5 |
| SHA512 | 94c2ffc586b23e31e7ce683bba303f44739bd5aa56371a9bb53d25cd0d60c012c3235f15703f22224fefd05351626c091c060e045803b293e33f902f31cd8cde |
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State
| MD5 | 78a7f0b29098e08ed69418f8ec1c954d |
| SHA1 | 9bd3d65ac5091659a9a17d0f0407325f85d8fc6a |
| SHA256 | 6e4fdaf3a17d73242b8d652e041a04238925fdc8bd4947a8a1e4df29a5076dc3 |
| SHA512 | 82a80921c9e40489114a61fbe9ccdf07d8866ea79efc1c0361f661ca1ee9d442f18ae6f8fdcba05647d6e1566fda38546d9f8f18a6d3ab27ecaaf8beb3d798cf |
C:\Users\Admin\AppData\Roaming\discord\Code Cache\js\index-dir\the-real-index
| MD5 | ec0d12a13266f3bb6ea124a78aae2b2c |
| SHA1 | 39be8d93e7243ebda64cc837e025ef955a688c98 |
| SHA256 | 6ac03c79f015318fadd568c6f4a1bfb964d7d56a9c8f88a5e77a2c0b73a65409 |
| SHA512 | 2e95a01f56e703761b9006be0124b7130e2589a4f23091a7142aa906e15b128fe293d2a3ece1afbe232c470698fd3e7d35f4dc02980b84cf297aa33c5a9535fd |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | ec449eda57301b9e54025704eff4f560 |
| SHA1 | 2bfc15a467ce22ecab9bc5438c6abe681be0d8fa |
| SHA256 | 6ba2b0030cde0edd9f4c935625b4fdebc51203b9acf6d6daacc93bd50841ca11 |
| SHA512 | 9d8b2f7cd0f6753d02137e9c433df1640c1e6691d0fa60b7bacd161a269d507af4c3d29cbb9390e8bed60ccc42fb59c8ec8065634a7a49116b7e046b7cb0a2ce |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | a8e1a048b0a2a233786930f067c0759d |
| SHA1 | 8cb81a517ad265a32d0be706cb28b79dc880f42f |
| SHA256 | 13b7436162e516bad5fceb8efc9356a330f4538d447fbab8086924b473046829 |
| SHA512 | 0bf3b74d96436e3b47c5f99a3ac0b5b426e469d32ddaef47e960849fbfb7100b4657cd595bc3dd339cbf3e89ecf259fc20040dccacf4068ec88466bac19e117f |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | cdc33f4e91f22bd9b6fb90ce22bfc012 |
| SHA1 | aa166b0a08cc00a7e05a8ae4eb766b7d11269166 |
| SHA256 | cb64dfd970bab4dad557cc5e64b1044796ea2c9db4b60c915b0298817a3b5f68 |
| SHA512 | b0682c0491758808a6d81ebeeff797601f8afd2536b26e913fc8448ad8dba97259315d7c6048ee1e092c20ed6c6ebd8849132f7352363ce288ca48752f6e3191 |
C:\Users\Admin\AppData\Roaming\discord\Crashpad\settings.dat
| MD5 | 1f16b1ff1c257e45843eb4e8f2ef3cc6 |
| SHA1 | 375fe29c8974000bfd13e091050a7cf36c111374 |
| SHA256 | 193300103a7198da9df6092bba8275cc23a2baadb27be5d1ae6ab889c8bfeafe |
| SHA512 | f9cf3151cfc42ee539e807198311c9cbcde90ec7eea42c7367ba1a6c804bad053aca3b25384a6b338f95560a1b01e0858063a2574d7823f8bf1cc1eada51e2ab |
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State
| MD5 | 9eb68f74545d0b0c87dc123e51f61854 |
| SHA1 | fb7c02734344ffa76c7e88874d3498013f6caca7 |
| SHA256 | 3383d64a8bb868ad080cb673ce7b87a1ec8b0186d7fe4140de796d5947e3230d |
| SHA512 | e291a16f528ddea66588cdb9ada43a12ef4e1b9a402db78a319a72ef75e098bf60746f6059069f0fd59d2826ee688232f7e98bac5f445dfdab486cbaa7c5b1dd |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | 962a08cf5e51d78278a22467fe138f35 |
| SHA1 | 67d97decb91d4f6e3ea3c1a66e4f2fbebc6791ea |
| SHA256 | 8f6a8204c9c752e5218394cf1b6eda1cedf5ac06b7d00f1d0dfd8e098bedb556 |
| SHA512 | 4d8b66a77d5611dad16690b1ff41140a66264996e9764c89c508e448c0440f56141551f9ed7392807ed9e506c6ccc8da1fdeb4dbe42891987a3b3b016cf6233b |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | bf3902ba24e4092924db22b6cbe22b97 |
| SHA1 | bf0938e83aaa9ee6f4816b4413d8f5c697e7a467 |
| SHA256 | be35f4e86e9a098ae11070c8839aa9352c6491c1170453f92bde8e8275ed4cde |
| SHA512 | 2c42f2088e453ed5db3ba6f0f4a60c4abf2558d2e641d2534f273e19cf8fac27e6a0ffe90746cf22642e98ca31a55e65595bd38b5b9f65c58479572624867829 |
C:\Users\Admin\AppData\Roaming\discord\Code Cache\js\index-dir\the-real-index
| MD5 | 4abaa8514002f577881e62aea594a73e |
| SHA1 | 5433ed9524ed66b7d020554c78a8a85122bd88b7 |
| SHA256 | afb03a9f7807fb2c10b334c285f4b492264ccaa32a7d5c9a6905d2d6a1f07289 |
| SHA512 | 8eab8587f82b16e8153dc05d935b0c6f0592bd6ccebd3315a55d27906e0c2baa2ba5d8d69a1233210d7db7eb0888451da88d5bb537be9af2e1f93097eff01752 |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | ce9dfc71163d9a280c9e1cecea3db74b |
| SHA1 | 929c528b8eba27af6f7ea2f930dc4fdfd42c1ee5 |
| SHA256 | 9331e8b3bd0486e110cbaef13bfc4cfc72cac304a3c4a064c97743496d5207cc |
| SHA512 | 16f1797f3a6173fff9c000823378701f7d03a3d6dcb50b780b106a02bce542944656ee9d01aa3ce9b3b2dc4b0adc2f6323980e131bc78b93b0158f992ba65a16 |
C:\Users\Admin\AppData\Local\Programs\recroom-launcher\Apps\Rec Room\app_data.json
| MD5 | 1981a9579d53652cfe843b4f52fcfdfb |
| SHA1 | 28f05a2f6a85d39931d70f6159f4d1298ea8d850 |
| SHA256 | 29a6f982a132debf00fd5e2dacd2e2e3e0acf6bdf0afb1f42159f8bad1bdebb3 |
| SHA512 | 7071e604a594d0a9998d724c93bdc315f17fa7f54613099de23ccd086670b86691672ef8deec4600e787289cce922c40e261b07a9df5a3066e9385244941824a |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | 68ade0f0f21f60d76f9cc3ab694f6dff |
| SHA1 | b3128163d2311e492463b14ffcd12c993396e2b7 |
| SHA256 | adacb278db4d49244ae10b416833af6445981703c712e54ff3cf9b3922641850 |
| SHA512 | 1976bf388d5f2f3adff711fff72b8c1fce5d3ac081fd54db0a8a5f1d090cff97a22487e678a20f42062f9f1ea8a3d02bd48d15fe1aa310070f3253a6976c8df8 |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | 77b7001f7f96044db1328a6c7001d689 |
| SHA1 | 6b7b6fc4ce1245a61deb19eff7e1f5684eed9c0c |
| SHA256 | aad114a0b1a1e6bb012283cc7383b422728ee6431e16b7910f39fbdfcf76dfd5 |
| SHA512 | 5a90aeffdf59073bab251b7d02f47308a395050c8d85563bfe2d9feb2179d63ef2fd2546b8e6db1f32e884b905f7edb6a2041b2cb362ba3b62541832dd5cbdac |
C:\Users\Admin\AppData\Local\Temp\b34af373-e726-36e5-168f-d280ecd2e188
| MD5 | 9de2f71650ac9eac04b52bf9b20ecc5e |
| SHA1 | ef31449d1b2577ea98bf845b1adb18835ee38f8a |
| SHA256 | ac730019ec9004b5d70756c4cce3621483b9090a606ae1938ce6bb4d2d1a124e |
| SHA512 | 4991a50b700c946e27add8d68a99d529ad7bc94ffb0d8af7422708d1a40acda2669ecab2bacd0d5e87823e15a8234a514d12eddf53fc42087aff4ea90ed4bfd0 |
C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.sys
| MD5 | 2cdb9f69c44313f4fd5b7b0d8a70dd96 |
| SHA1 | b8958f3a2f0064cb70ca5bbdd4eaf45740b5469c |
| SHA256 | b9824adc9a6d39de820461008e0eec0ad4ce3e2038c304725fce1f5c26c906ee |
| SHA512 | 95fde8a6d1cedb3354569d859a9a225b6e199b53c22112af874698a4925b108b1f249bbfdef9748d8ec859b9ce6c8212916911dc2d39c24560110face6bd8e08 |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | 95ab2ed527601a0315b600696c289918 |
| SHA1 | 9fe90f0c05b3702cb1f0e3054e765945e02f43ff |
| SHA256 | 5a7316edd71f819d8f6e38f06d9bdc2e388c8629f589f6618b6808108feb8e69 |
| SHA512 | 14ce54e58b8fb23b2c3f7aa40e2a13e01d3ab022e264cd2c28674e7d147e60af69a5c45fa5bc2554009b7b7efeb7cec81a558a6373c1de4dd1d0706dafd86c7b |
C:\Users\Admin\AppData\Roaming\discord\Code Cache\js\index-dir\the-real-index
| MD5 | f2ea2050ef156ef34c191df654887c3a |
| SHA1 | c2b8926fd4c7274e29ddb8ce649a3d6dd07c5441 |
| SHA256 | 394563431aeb7f835378e511513fac42b27210ac6e381c372a4d0305115a2960 |
| SHA512 | 8957d79586dd91cc3565663c1ee4aabe0adce366be539bef25212205e8745a0570a1528c35cb16b1b2c67a293dccaa31ede01f2ec66c7895f02bee21b0d3f2a5 |
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State
| MD5 | b86fc0f5817247558ae388a7123c57eb |
| SHA1 | 0b501d6c5555dba1755a2d2fe1e933916d405e0f |
| SHA256 | b14bfcf6f8a3598b3fd8737d8da1c09892c8ccbd5238085082406a4fe9a118e1 |
| SHA512 | 493ba9045494577e626901391d566f8af7325af5728b952a89bf14d209f4566fbebf660e9b575adc549a2c59165eef3327af7e6783fa7e7bd8424c62602ef755 |
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State
| MD5 | b6de04332cf14a8af64bfaa8e4926e1c |
| SHA1 | 3b960e5d59069080ae5fb9e950bfca2efa2ea990 |
| SHA256 | 770301260e06630faafe093f8ef2cd609b59540fb0821c89f880f9000ae8833a |
| SHA512 | 31e6f5b33a3f4758d8365ceb5f2fc56655cc3587aa503631d2a01cf2f1a3aa1c31a75c078c11dd8401c0d2518560f26f9d418728d71678a440247b9e774dee3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b021f7257f27bc7302e115d35da43b7e |
| SHA1 | aa461ff98fd6e2157448530bfb9398041fa5c032 |
| SHA256 | e38d23a4541466df64b01aad57b72c076305c1c8f5a8ec7e932aebdecc727abb |
| SHA512 | 33065fe27d3cc7921c9ee9da0c044d57d9ab13cd7ba56a9da8e29e1ce599673a0c938be35e05082ab4c48a1f96d3de2ef84f7fe5866de3d3a15ee725e932d5a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cba7854feb132ed62a76c0c0167fe405 |
| SHA1 | c95357617be2945c334c8895dc7c8c421a1043ab |
| SHA256 | 0e81dbcdcb889d639b4653e5257e2b6b181383764bcc9e9c39384365f945a73a |
| SHA512 | f6bc158f091a551c5ec2c4dbeb1423db9ac777dfb28fa5679049f0b13342a5d84e1848d02443872046502ba81b60d6a07d6a0897d32f3ccec613fcd6e450c23c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | d3793b6c89c1f89fbdc7c8a9b0f1d231 |
| SHA1 | f1c4a68523c36e9b0b57d3ba4a142c727b5e53a6 |
| SHA256 | 3b29bfed0dee8e8467211f01dcab878addab8eb0631717692e01e17e0a59979e |
| SHA512 | 2c17a1326b1a4bd205b49187266f684e776a057dfdc4b222c1a9a91ac74880066fe515d806cc6fd4a05446ddc96ac60fb2aebcb43a8d1de970d594bc25bd2d78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | df60de71eb1f0a3d66a1d236fd64f5d1 |
| SHA1 | 7bc1c0d0cc03a14fa760010000f96d4fd4625f50 |
| SHA256 | 3a8e38e14748babeda444316451eecacbde2d4f3d545a3b7d38ccb81241bb30e |
| SHA512 | 0d8363e74c2a51eaf98830c0ac045654c25d4c425aacdd8d9800e9baf99f3ebfad18536cd107422902ca734a810c6fe77827efc315e4279b164832cb192542aa |