Malware Analysis Report

2025-01-18 23:45

Sample ID 241031-1c14wstgmk
Target AASDF.txt
SHA256 da3fbccef03a9a280eff85af0482fb33f9a0d6feb22ecee829d02f0cd1e2cea2
Tags
steam defense_evasion discovery persistence phishing pyinstaller
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

da3fbccef03a9a280eff85af0482fb33f9a0d6feb22ecee829d02f0cd1e2cea2

Threat Level: Likely malicious

The file AASDF.txt was found to be: Likely malicious.

Malicious Activity Summary

steam defense_evasion discovery persistence phishing pyinstaller

Downloads MZ/PE file

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Adds Run key to start application

Checks installed software on the system

Detected potential entity reuse from brand STEAM.

Drops file in Windows directory

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Program Files directory

Detects Pyinstaller

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Browser Information Discovery

NTFS ADS

Suspicious use of SendNotifyMessage

Modifies registry class

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Opens file in notepad (likely ransom note)

Modifies system certificate store

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-31 21:31

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-31 21:31

Reported

2024-10-31 22:01

Platform

win7-20241010-es

Max time kernel

1562s

Max time network

1566s

Command Line

C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\AASDF.txt

Signatures

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Processes

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\AASDF.txt

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-31 21:31

Reported

2024-10-31 22:03

Platform

win10v2004-20241007-es

Max time kernel

1919s

Max time network

1895s

Command Line

C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\AASDF.txt

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\gldriverquery64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\gldriverquery.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" C:\Users\Admin\Downloads\SteamSetup.exe N/A

Checks installed software on the system

discovery

Detected potential entity reuse from brand STEAM.

phishing steam

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_030_inv_0328.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0508.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\btnDisBottomRight.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_rtrackpad_left_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\vstdlib_s.dll_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_rtrackpad_click_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\c4.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\vgui_indonesian.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_button_capture_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_l2_soft_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_l_right_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_button_options_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\friends\AchievementNotification.res_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\friends\FriendIngameNotification.res_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_050_menu_0160.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\downloads_bg.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\mnuSepCenter.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\steamui_japanese.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_mouse_4_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_dpad_left_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_button_share.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_touchpad_click_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_030_inv_0320.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0338.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\filter_profanity_thai.txt.gz_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_left_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_dpad.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tenfoot_images_all.zip.vz.193cb8c4eb4446698ea2c0a9e8c4e6b6a623dac7_5572671 C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_030_inv_0326.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_070_setting_0030.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox_lb_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\filter_banned_russian.txt.gz_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_r_left.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_lstick_click.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_button_l_arrow_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\sounds\recording_stop.wav_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0303.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\avatarBorderGolden.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\platform_swedish.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_r2.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_dpad_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_r_ring.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_button_circle_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0411.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0523.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_dpad_right_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_l_left_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_dpad_up_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_rstick_right.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\chkselstd_sm.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_servers.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\joyconpair_right_sl_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_l2_half_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_koreana.txt.gz_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\sounds\steam_chatroom_notification.m4a_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_050_menu_0140.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\controller_config_controller_ps5.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_090_media_0020.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\chkUnselStd.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_l_up.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_r_right_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_russian-json.js_ C:\Program Files (x86)\Steam\steam.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\msmouse.PNF C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Windows\INF\keyboard.PNF C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File created C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Browser Information Discovery

discovery

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\SteamSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\gldriverquery.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133748843500843348" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\8\MRUListEx = ffffffff C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\Shell C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6\NodeSlot = "21" C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\24\ComDlg\{7FDE1A1E-8B31-49A5-93B8-6BE14CFA4943}\GroupByKey:PID = "0" C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2\0\6 = 56003100000000005f5936ad10007061636b61676500400009000400efbe5f5923ad5f594dad2e000000fc43020000000700000000000000000000000000000091f115017000610063006b00610067006500000016000000 C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202020202020202020202 C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\20\ComDlg\{7FDE1A1E-8B31-49A5-93B8-6BE14CFA4943}\FFlags = "18874433" C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22 C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "3" C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2\0\1 C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2\0\0 C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000000000001000000ffffffff C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\7\NodeSlot = "22" C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2\0\2\MRUListEx = ffffffff C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 03000000000000000200000001000000ffffffff C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2 = 98003100000000005f5921ad110050524f4752417e320000800009000400efbe874fdb495f5921ad2e000000c3040000000001000000000000000000560000000000553fcc00500072006f006700720061006d002000460069006c0065007300200028007800380036002900000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003700000018000000 C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2\0 C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18 C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\24\ComDlg\{7FDE1A1E-8B31-49A5-93B8-6BE14CFA4943}\FFlags = "1" C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\24\ComDlg\{7FDE1A1E-8B31-49A5-93B8-6BE14CFA4943}\FFlags = "18874433" C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\24\ComDlg\{7FDE1A1E-8B31-49A5-93B8-6BE14CFA4943}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000ed30bdda43008947a7f8d013a47366226400000078000000 C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{7FDE1A1E-8B31-49A5-93B8-6BE14CFA4943}\GroupByKey:PID = "0" C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\24\ComDlg C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2\0\2\0 C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202020202020202 C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\MRUListEx = ffffffff C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12 C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202 C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13 C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Program Files (x86)\Steam\steam.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\Steam.Auto.Cracker.GUI.v2.2.1.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A
N/A N/A C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4496 wrote to memory of 3364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4496 wrote to memory of 3364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4496 wrote to memory of 3364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4496 wrote to memory of 3364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4496 wrote to memory of 3364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4496 wrote to memory of 3364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4496 wrote to memory of 3364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4496 wrote to memory of 3364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4496 wrote to memory of 3364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4496 wrote to memory of 3364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4496 wrote to memory of 3364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 2220 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 3748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 3748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 3748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 3748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 3748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 3748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 3748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3364 wrote to memory of 3748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\AASDF.txt

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2024 -parentBuildID 20240401114208 -prefsHandle 1940 -prefMapHandle 1932 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {042c51ac-a481-40d9-ac5f-b9ac0f7ad62f} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2420 -prefMapHandle 2408 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8bac2a7d-e5c9-4f6c-95f6-7bc1a95b3730} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3232 -childID 1 -isForBrowser -prefsHandle 2988 -prefMapHandle 3256 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2c8e860-d8e5-46de-80f7-543334c13e5f} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3904 -childID 2 -isForBrowser -prefsHandle 3900 -prefMapHandle 3896 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1e7c419-aa80-404a-b30c-ac38602b4873} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4896 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4864 -prefMapHandle 4888 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1413dda-030c-425d-8430-c54555ae2df8} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5372 -childID 3 -isForBrowser -prefsHandle 5368 -prefMapHandle 5364 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae517120-f34e-46a0-a3f3-6221dbc79098} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 4 -isForBrowser -prefsHandle 5512 -prefMapHandle 5516 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5516263d-adac-42ff-8ae5-8bf9dabf0bee} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5708 -childID 5 -isForBrowser -prefsHandle 5788 -prefMapHandle 5784 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56098fbb-4633-44bb-8b72-7bab4b2e37b0} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6128 -childID 6 -isForBrowser -prefsHandle 6052 -prefMapHandle 6120 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54655e68-2770-487e-a369-42fe78dddb2a} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3868 -parentBuildID 20240401114208 -prefsHandle 4308 -prefMapHandle 4324 -prefsLen 29357 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cc16c79-231c-403c-a836-d6490e12eb48} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3520 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 3512 -prefMapHandle 3508 -prefsLen 29357 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a98e8189-897f-4e3b-8a5c-0312f236f79e} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" utility

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4f4 0x240

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5656 -childID 7 -isForBrowser -prefsHandle 5672 -prefMapHandle 4616 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d72e7660-f312-46f8-b5a3-e54ef020211e} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6936 -childID 8 -isForBrowser -prefsHandle 5788 -prefMapHandle 5748 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4013c53-1e7c-45ee-ba54-f5d2db02f3ad} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7052 -childID 9 -isForBrowser -prefsHandle 7132 -prefMapHandle 7128 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49aa2291-1f26-4522-8570-5c2961483a24} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6200 -childID 10 -isForBrowser -prefsHandle 2340 -prefMapHandle 6080 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0169458-1fe3-41dc-9805-819ff1723c2e} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" tab

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap17511:116:7zEvent29219

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4548 -childID 11 -isForBrowser -prefsHandle 5188 -prefMapHandle 6876 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6db28ddc-db58-469a-8b1a-51530305a285} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4588 -childID 12 -isForBrowser -prefsHandle 6968 -prefMapHandle 6976 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37c4f5ec-98bc-43ce-a37e-dc305510f8a2} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5464 -childID 13 -isForBrowser -prefsHandle 5824 -prefMapHandle 5300 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77134e4b-ea7a-4d02-94a7-0717c1ac3e65} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3680 -childID 14 -isForBrowser -prefsHandle 5488 -prefMapHandle 5860 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6b2732f-a42b-41f5-8c53-434ec0ad61dc} 3364 "\\.\pipe\gecko-crash-server-pipe.3364" tab

C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe

"C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe"

C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe

"C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault0294c57ehb8ebh4d79h8609h8914e73a7246

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffdb5a746f8,0x7ffdb5a74708,0x7ffdb5a74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,8899565010797761273,4675813575829393463,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,8899565010797761273,4675813575829393463,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,8899565010797761273,4675813575829393463,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdb6a9cc40,0x7ffdb6a9cc4c,0x7ffdb6a9cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1888,i,17197816640728639897,9792038558736856163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1884 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2208,i,17197816640728639897,9792038558736856163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,17197816640728639897,9792038558736856163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2260 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,17197816640728639897,9792038558736856163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,17197816640728639897,9792038558736856163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4492,i,17197816640728639897,9792038558736856163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4520 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3696,i,17197816640728639897,9792038558736856163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3716 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4800,i,17197816640728639897,9792038558736856163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4792 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3700,i,17197816640728639897,9792038558736856163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4812 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4804,i,17197816640728639897,9792038558736856163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4672 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3688,i,17197816640728639897,9792038558736856163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4896 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5020,i,17197816640728639897,9792038558736856163,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4996 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1940 -parentBuildID 20240401114208 -prefsHandle 1868 -prefMapHandle 1844 -prefsLen 24856 -prefMapSize 245077 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa99af40-b92b-4701-b3a9-b1b83dcd2be5} 184 "\\.\pipe\gecko-crash-server-pipe.184" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20240401114208 -prefsHandle 2276 -prefMapHandle 2264 -prefsLen 24856 -prefMapSize 245077 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d84f294e-ced0-45de-a8c3-c1eddd0e44a3} 184 "\\.\pipe\gecko-crash-server-pipe.184" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3276 -childID 1 -isForBrowser -prefsHandle 3140 -prefMapHandle 3180 -prefsLen 25355 -prefMapSize 245077 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c66fd081-d7c8-4395-96ea-a859eff3b80f} 184 "\\.\pipe\gecko-crash-server-pipe.184" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4184 -childID 2 -isForBrowser -prefsHandle 4136 -prefMapHandle 4132 -prefsLen 30642 -prefMapSize 245077 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {413d96d0-c18f-4d3c-8337-e1b453cf2aff} 184 "\\.\pipe\gecko-crash-server-pipe.184" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4728 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4720 -prefMapHandle 4708 -prefsLen 30642 -prefMapSize 245077 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49eb1224-0d76-4019-8961-70d6651ae4bc} 184 "\\.\pipe\gecko-crash-server-pipe.184" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5048 -childID 3 -isForBrowser -prefsHandle 5032 -prefMapHandle 5052 -prefsLen 27974 -prefMapSize 245077 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99101ee2-740b-423e-921a-450b64c1265e} 184 "\\.\pipe\gecko-crash-server-pipe.184" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5256 -childID 4 -isForBrowser -prefsHandle 5336 -prefMapHandle 5332 -prefsLen 27974 -prefMapSize 245077 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b641c183-a6b3-4740-8992-cd984e323440} 184 "\\.\pipe\gecko-crash-server-pipe.184" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5244 -childID 5 -isForBrowser -prefsHandle 5472 -prefMapHandle 5476 -prefsLen 27974 -prefMapSize 245077 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62356b70-bbb4-4316-8ca8-4c795ddb471b} 184 "\\.\pipe\gecko-crash-server-pipe.184" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6064 -childID 6 -isForBrowser -prefsHandle 6048 -prefMapHandle 6056 -prefsLen 27974 -prefMapSize 245077 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43abd052-c5da-4763-a702-4fcec10bd266} 184 "\\.\pipe\gecko-crash-server-pipe.184" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6316 -childID 7 -isForBrowser -prefsHandle 4384 -prefMapHandle 4368 -prefsLen 27974 -prefMapSize 245077 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {319cb1f6-5ae3-4276-a9ff-7c78d7a82404} 184 "\\.\pipe\gecko-crash-server-pipe.184" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4368 -parentBuildID 20240401114208 -prefsHandle 6488 -prefMapHandle 6428 -prefsLen 30642 -prefMapSize 245077 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d66e123e-c96b-4a05-b08d-6c080235acb8} 184 "\\.\pipe\gecko-crash-server-pipe.184" rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6724 -childID 8 -isForBrowser -prefsHandle 6692 -prefMapHandle 6712 -prefsLen 27974 -prefMapSize 245077 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {edff31b3-ec94-4a49-8090-def8becdce4d} 184 "\\.\pipe\gecko-crash-server-pipe.184" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6900 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6976 -prefMapHandle 6972 -prefsLen 30642 -prefMapSize 245077 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9dac08d8-2111-49a4-981c-e0d4a6e751c5} 184 "\\.\pipe\gecko-crash-server-pipe.184" utility

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4f4 0x240

C:\Users\Admin\Downloads\SteamSetup.exe

"C:\Users\Admin\Downloads\SteamSetup.exe"

C:\Program Files (x86)\Steam\bin\steamservice.exe

"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=es_ES" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=17164" "-buildid=1726604483" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-userdatadir=C:\Users\Admin\AppData\Local\Steam\cefdata" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1726604483 --initial-client-data=0x368,0x36c,0x370,0x344,0x374,0x7ffdb40dee38,0x7ffdb40dee48,0x7ffdb40dee58

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=es-ES --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1596 --field-trial-handle=1728,i,17216676092438389601,12217770450539361890,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=es-ES --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2192 --field-trial-handle=1728,i,17216676092438389601,12217770450539361890,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe

.\bin\gldriverquery64.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=es --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=es-ES --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2508 --field-trial-handle=1728,i,17216676092438389601,12217770450539361890,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --first-renderer-process --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2932 --field-trial-handle=1728,i,17216676092438389601,12217770450539361890,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Steam\bin\gldriverquery.exe

.\bin\gldriverquery.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe

.\bin\vulkandriverquery64.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe

.\bin\vulkandriverquery.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=es --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=es-ES --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2464 --field-trial-handle=1728,i,17216676092438389601,12217770450539361890,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-agent-product="Valve Steam Client" --lang=es-ES --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=3632 --field-trial-handle=1728,i,17216676092438389601,12217770450539361890,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3548 --field-trial-handle=1728,i,17216676092438389601,12217770450539361890,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3744 --field-trial-handle=1728,i,17216676092438389601,12217770450539361890,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1948 -parentBuildID 20240401114208 -prefsHandle 1856 -prefMapHandle 1848 -prefsLen 24856 -prefMapSize 245077 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfa5b42c-9916-48cb-8821-aa320b3abc96} 8036 "\\.\pipe\gecko-crash-server-pipe.8036" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2312 -parentBuildID 20240401114208 -prefsHandle 2292 -prefMapHandle 2288 -prefsLen 24856 -prefMapSize 245077 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f7e393f-f431-4a5a-bac4-8411e9d3030e} 8036 "\\.\pipe\gecko-crash-server-pipe.8036" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3352 -childID 1 -isForBrowser -prefsHandle 3292 -prefMapHandle 3084 -prefsLen 25355 -prefMapSize 245077 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6f8858f-c248-43f3-a00e-c235426eb09c} 8036 "\\.\pipe\gecko-crash-server-pipe.8036" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3744 -childID 2 -isForBrowser -prefsHandle 3740 -prefMapHandle 3736 -prefsLen 30588 -prefMapSize 245077 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c14759d9-db6b-4028-a6f5-813c4a547a38} 8036 "\\.\pipe\gecko-crash-server-pipe.8036" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4740 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4744 -prefMapHandle 4736 -prefsLen 30588 -prefMapSize 245077 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0c43640-d97f-4d0e-8149-07799727f4e5} 8036 "\\.\pipe\gecko-crash-server-pipe.8036" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5116 -childID 3 -isForBrowser -prefsHandle 5108 -prefMapHandle 3632 -prefsLen 28027 -prefMapSize 245077 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dde999f9-536c-434e-bbe7-8fddad3db857} 8036 "\\.\pipe\gecko-crash-server-pipe.8036" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5348 -childID 4 -isForBrowser -prefsHandle 5272 -prefMapHandle 5276 -prefsLen 28027 -prefMapSize 245077 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc20301d-701e-473b-baad-cca918c9734b} 8036 "\\.\pipe\gecko-crash-server-pipe.8036" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5492 -childID 5 -isForBrowser -prefsHandle 5496 -prefMapHandle 5472 -prefsLen 28027 -prefMapSize 245077 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b53c8e1d-cadf-4765-9f01-cf970a96c07a} 8036 "\\.\pipe\gecko-crash-server-pipe.8036" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6140 -childID 6 -isForBrowser -prefsHandle 6092 -prefMapHandle 6096 -prefsLen 28027 -prefMapSize 245077 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86deb74a-8f75-4a65-824c-a9039a77c821} 8036 "\\.\pipe\gecko-crash-server-pipe.8036" tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 99.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
N/A 127.0.0.1:55458 tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:55469 tcp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 138.191.11.52.in-addr.arpa udp
US 8.8.8.8:53 we.tl udp
NL 18.65.39.127:443 we.tl tcp
US 8.8.8.8:53 we.tl udp
US 8.8.8.8:53 we.tl udp
US 8.8.8.8:53 wetransfer.com udp
NL 18.239.94.87:443 wetransfer.com tcp
US 8.8.8.8:53 wetransfer.com udp
US 8.8.8.8:53 wetransfer.com udp
NL 18.239.94.87:443 wetransfer.com udp
US 8.8.8.8:53 cdn.wetransfer.com udp
NL 18.239.94.119:443 cdn.wetransfer.com tcp
NL 18.239.94.119:443 cdn.wetransfer.com tcp
NL 18.239.94.119:443 cdn.wetransfer.com tcp
NL 18.239.94.119:443 cdn.wetransfer.com tcp
NL 18.239.94.119:443 cdn.wetransfer.com tcp
NL 18.239.94.119:443 cdn.wetransfer.com tcp
US 8.8.8.8:53 cdn.wetransfer.com udp
NL 18.239.94.119:443 cdn.wetransfer.com udp
US 8.8.8.8:53 cdn.wetransfer.com udp
US 8.8.8.8:53 87.94.239.18.in-addr.arpa udp
US 8.8.8.8:53 127.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 tagging.wetransfer.com udp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
GB 18.244.124.114:443 tagging.wetransfer.com tcp
US 8.8.8.8:53 tagging.wetransfer.com udp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
US 8.8.8.8:53 tagging.wetransfer.com udp
US 151.101.65.229:443 jsdelivr.map.fastly.net udp
US 8.8.8.8:53 229.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 114.124.244.18.in-addr.arpa udp
US 8.8.8.8:53 ekstrom.wetransfer.net udp
IE 54.217.172.44:443 ekstrom.wetransfer.net tcp
IE 54.217.172.44:443 ekstrom.wetransfer.net tcp
IE 54.217.172.44:443 ekstrom.wetransfer.net tcp
US 8.8.8.8:53 ekstrom.wetransfer.net udp
US 8.8.8.8:53 ekstrom.wetransfer.net udp
US 8.8.8.8:53 auth-session-caching.wetransfer.net udp
IE 52.16.86.31:443 auth-session-caching.wetransfer.net tcp
IE 52.16.86.31:443 auth-session-caching.wetransfer.net tcp
US 8.8.8.8:53 auth-session-caching.wetransfer.net udp
US 8.8.8.8:53 auth-session-caching.wetransfer.net udp
US 8.8.8.8:53 privacy.wetransfer.com udp
US 8.8.8.8:53 bsp-proxy.wetransfer.net udp
US 3.165.148.70:443 privacy.wetransfer.com tcp
US 8.8.8.8:53 wetransfer.fides-cdn.ethyca.com udp
IE 52.48.5.216:443 bsp-proxy.wetransfer.net tcp
IE 52.48.5.216:443 bsp-proxy.wetransfer.net tcp
US 8.8.8.8:53 bsp-proxy.wetransfer.net udp
US 8.8.8.8:53 wetransfer.fides-cdn.ethyca.com udp
US 8.8.8.8:53 bsp-proxy.wetransfer.net udp
US 8.8.8.8:53 44.172.217.54.in-addr.arpa udp
US 8.8.8.8:53 31.86.16.52.in-addr.arpa udp
US 8.8.8.8:53 70.148.165.3.in-addr.arpa udp
US 8.8.8.8:53 216.5.48.52.in-addr.arpa udp
US 8.8.8.8:53 experiments.wetransfer.com udp
NL 18.239.83.66:443 experiments.wetransfer.com tcp
US 8.8.8.8:53 experiments.wetransfer.com udp
NL 18.239.83.66:443 experiments.wetransfer.com tcp
US 8.8.8.8:53 experiments.wetransfer.com udp
US 3.165.148.70:443 wetransfer.fides-cdn.ethyca.com tcp
US 3.165.148.70:443 wetransfer.fides-cdn.ethyca.com tcp
US 8.8.8.8:53 snowplow.wetransfer.com udp
IE 34.249.124.146:443 snowplow.wetransfer.com tcp
IE 34.249.124.146:443 snowplow.wetransfer.com tcp
US 8.8.8.8:53 sp-20200324121949090600000008-54648268.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 sp-20200324121949090600000008-54648268.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 public.profitwell.com udp
US 8.8.8.8:53 api.pico.bendingspoonsapps.com udp
GB 18.245.143.110:443 public.profitwell.com tcp
US 8.8.8.8:53 dna8twue3dlxq.cloudfront.net udp
US 34.102.204.67:443 api.pico.bendingspoonsapps.com tcp
US 34.102.204.67:443 api.pico.bendingspoonsapps.com tcp
US 8.8.8.8:53 api.pico.bendingspoonsapps.com udp
US 8.8.8.8:53 api.pico.bendingspoonsapps.com udp
US 8.8.8.8:53 dna8twue3dlxq.cloudfront.net udp
US 8.8.8.8:53 66.83.239.18.in-addr.arpa udp
US 8.8.8.8:53 146.124.249.34.in-addr.arpa udp
US 8.8.8.8:53 110.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 67.204.102.34.in-addr.arpa udp
US 34.102.204.67:443 api.pico.bendingspoonsapps.com udp
US 8.8.8.8:53 analytics-v2.wetransfer.com udp
NL 18.239.83.15:443 analytics-v2.wetransfer.com tcp
NL 18.239.83.15:443 analytics-v2.wetransfer.com tcp
US 8.8.8.8:53 analytics-v2.wetransfer.com udp
US 8.8.8.8:53 analytics-v2.wetransfer.com udp
US 8.8.8.8:53 15.83.239.18.in-addr.arpa udp
US 8.8.8.8:53 wetransfer.com udp
US 8.8.8.8:53 2.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 e-10220.adzerk.net udp
US 54.205.46.242:443 e-10220.adzerk.net tcp
US 8.8.8.8:53 e-prod-alb-s105-us-east-1-01.adzerk.net udp
US 54.205.46.242:443 e-prod-alb-s105-us-east-1-01.adzerk.net tcp
US 8.8.8.8:53 e-prod-alb-s105-us-east-1-01.adzerk.net udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 sp-20200324121949090600000008-54648268.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 di.rlcdn.com udp
US 8.8.8.8:53 s.pinimg.com udp
US 8.8.8.8:53 js.adsrvr.org udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ax-0001.ax-msedge.net udp
US 8.8.8.8:53 di.rlcdn.com udp
GB 184.26.132.239:443 s.pinimg.com tcp
US 8.8.8.8:53 e6449.dsca.akamaiedge.net udp
NL 18.239.67.100:443 js.adsrvr.org tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 dg2iu7dxxehbo.cloudfront.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
US 8.8.8.8:53 ax-0001.ax-msedge.net udp
US 8.8.8.8:53 e6449.dsca.akamaiedge.net udp
US 8.8.8.8:53 di.rlcdn.com udp
US 8.8.8.8:53 dg2iu7dxxehbo.cloudfront.net udp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
GB 142.250.179.228:443 www.google.com udp
GB 184.26.132.239:443 e6449.dsca.akamaiedge.net udp
US 8.8.8.8:53 insight.adsrvr.org udp
US 8.8.8.8:53 ct.pinterest.com udp
US 3.33.220.150:443 insight.adsrvr.org tcp
US 8.8.8.8:53 insight.adsrvr.org udp
US 8.8.8.8:53 insight.adsrvr.org udp
US 151.101.128.84:443 ct.pinterest.com tcp
US 151.101.128.84:443 ct.pinterest.com tcp
US 151.101.128.84:443 ct.pinterest.com tcp
US 8.8.8.8:53 prod.pinterest.global.map.fastly.net udp
NL 18.239.50.36:443 nolan.wetransfer.net tcp
US 8.8.8.8:53 nolan.wetransfer.net udp
US 8.8.8.8:53 nolan.wetransfer.net udp
US 151.101.128.84:443 prod.pinterest.global.map.fastly.net udp
US 8.8.8.8:53 match.adsrvr.org udp
US 15.197.193.217:443 match.adsrvr.org tcp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 242.46.205.54.in-addr.arpa udp
US 8.8.8.8:53 228.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 100.67.239.18.in-addr.arpa udp
US 8.8.8.8:53 239.132.26.184.in-addr.arpa udp
US 8.8.8.8:53 150.220.33.3.in-addr.arpa udp
US 8.8.8.8:53 84.128.101.151.in-addr.arpa udp
US 8.8.8.8:53 36.50.239.18.in-addr.arpa udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 cdn.brandmetrics.com udp
US 8.8.8.8:53 lebowski.wetransfer.com udp
IE 54.155.202.146:443 lebowski.wetransfer.com tcp
IE 54.155.202.146:443 lebowski.wetransfer.com tcp
US 8.8.8.8:53 lebowski.wetransfer.com udp
US 8.8.8.8:53 lebowski.wetransfer.com udp
US 8.8.8.8:53 cdn.brandmetrics.com udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
US 150.171.27.10:443 ax-0001.ax-msedge.net tcp
US 35.244.174.68:443 di.rlcdn.com tcp
NL 18.239.70.203:443 d1ykf07e75w7ss.cloudfront.net tcp
US 104.26.1.90:443 cdn.brandmetrics.com tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net udp
US 35.244.174.68:443 di.rlcdn.com udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 98.82.156.107:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 collector.brandmetrics.com udp
US 8.8.8.8:53 www.datadoghq-browser-agent.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 20.90.134.35:443 collector.brandmetrics.com tcp
US 8.8.8.8:53 waws-prod-ln1-145-3f54.uksouth.cloudapp.azure.com udp
US 8.8.8.8:53 www.datadoghq-browser-agent.com udp
NL 18.239.49.193:443 www.datadoghq-browser-agent.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 waws-prod-ln1-145-3f54.uksouth.cloudapp.azure.com udp
US 8.8.8.8:53 www.datadoghq-browser-agent.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 217.193.197.15.in-addr.arpa udp
US 8.8.8.8:53 146.202.155.54.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 90.1.26.104.in-addr.arpa udp
US 8.8.8.8:53 203.70.239.18.in-addr.arpa udp
US 8.8.8.8:53 107.156.82.98.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 35.134.90.20.in-addr.arpa udp
US 8.8.8.8:53 193.49.239.18.in-addr.arpa udp
US 8.8.8.8:53 backgrounds.wetransfer.net udp
NL 13.227.219.79:443 backgrounds.wetransfer.net tcp
US 8.8.8.8:53 backgrounds.wetransfer.net udp
US 8.8.8.8:53 backgrounds.wetransfer.net udp
US 8.8.8.8:53 sp-20200324121949090600000008-54648268.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 cdn.lamp.avct.cloud udp
US 8.8.8.8:53 79.219.227.13.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 pixel.adsafeprotected.com udp
US 8.8.8.8:53 donny.wetransfer.com udp
US 3.165.148.54:443 cdn.lamp.avct.cloud tcp
US 8.8.8.8:53 cdn.lamp.avct.cloud udp
US 44.230.97.193:443 pixel.adsafeprotected.com tcp
US 8.8.8.8:53 firewall-external-1941599784.us-west-2.elb.amazonaws.com udp
IE 34.242.104.91:443 donny.wetransfer.com tcp
US 8.8.8.8:53 donny.wetransfer.com udp
US 8.8.8.8:53 cdn.lamp.avct.cloud udp
US 8.8.8.8:53 firewall-external-1941599784.us-west-2.elb.amazonaws.com udp
US 8.8.8.8:53 donny.wetransfer.com udp
NL 13.227.219.79:443 backgrounds.wetransfer.net tcp
GB 20.90.134.35:443 waws-prod-ln1-145-3f54.uksouth.cloudapp.azure.com tcp
US 3.165.148.54:443 cdn.lamp.avct.cloud tcp
US 44.230.97.193:443 pixel.adsafeprotected.com tcp
US 44.230.97.193:443 pixel.adsafeprotected.com tcp
US 8.8.8.8:53 measure.lamp.avct.cloud udp
IE 108.128.153.6:443 measure.lamp.avct.cloud tcp
US 8.8.8.8:53 measure.lamp.avct.cloud udp
US 8.8.8.8:53 54.148.165.3.in-addr.arpa udp
US 8.8.8.8:53 91.104.242.34.in-addr.arpa udp
US 8.8.8.8:53 38.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 193.97.230.44.in-addr.arpa udp
US 8.8.8.8:53 6.153.128.108.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 static.adsafeprotected.com udp
US 8.8.8.8:53 sp-20200324121949090600000008-54648268.eu-west-1.elb.amazonaws.com udp
GB 18.172.88.93:443 static.adsafeprotected.com tcp
US 8.8.8.8:53 d162h6x3rxav67.cloudfront.net udp
US 8.8.8.8:53 d162h6x3rxav67.cloudfront.net udp
US 8.8.8.8:53 measure.lamp.avct.cloud udp
US 8.8.8.8:53 dt.adsafeprotected.com udp
US 54.159.232.57:443 dt.adsafeprotected.com tcp
US 54.159.232.57:443 dt.adsafeprotected.com tcp
US 8.8.8.8:53 dt-external-217593033.us-east-1.elb.amazonaws.com udp
US 54.159.232.57:443 dt.adsafeprotected.com tcp
US 8.8.8.8:53 93.88.172.18.in-addr.arpa udp
US 8.8.8.8:53 dt-external-217593033.us-east-1.elb.amazonaws.com udp
US 34.102.204.67:443 api.pico.bendingspoonsapps.com udp
US 8.8.8.8:53 wetransfer.com udp
US 8.8.8.8:53 download.wetransfer.com udp
GB 18.172.88.50:443 download.wetransfer.com tcp
US 8.8.8.8:53 download.wetransfer.com udp
US 8.8.8.8:53 download.wetransfer.com udp
US 8.8.8.8:53 57.232.159.54.in-addr.arpa udp
US 8.8.8.8:53 50.88.172.18.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
DE 23.55.161.211:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 142.250.200.14:443 redirector.gvt1.com udp
US 8.8.8.8:53 r2---sn-5hne6nzy.gvt1.com udp
US 8.8.8.8:53 r2.sn-5hne6nzy.gvt1.com udp
NL 172.217.132.167:443 r2.sn-5hne6nzy.gvt1.com tcp
US 8.8.8.8:53 r2.sn-5hne6nzy.gvt1.com udp
NL 172.217.132.167:443 r2.sn-5hne6nzy.gvt1.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 211.161.55.23.in-addr.arpa udp
US 8.8.8.8:53 167.132.217.172.in-addr.arpa udp
US 8.8.8.8:53 dt-external-217593033.us-east-1.elb.amazonaws.com udp
US 8.8.8.8:53 sp-20200324121949090600000008-54648268.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 ax-0001.ax-msedge.net udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 snowplow.wetransfer.com udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 lebowski.wetransfer.com udp
US 8.8.8.8:53 lebowski.wetransfer.com udp
US 8.8.8.8:53 lebowski.wetransfer.com udp
US 8.8.8.8:53 pixel.adsafeprotected.com udp
US 44.230.97.193:443 pixel.adsafeprotected.com tcp
GB 18.172.88.93:443 d162h6x3rxav67.cloudfront.net tcp
US 8.8.8.8:53 dt.adsafeprotected.com udp
US 34.201.207.133:443 dt.adsafeprotected.com tcp
US 8.8.8.8:53 firewall-external-1524972847.us-east-1.elb.amazonaws.com udp
US 8.8.8.8:53 dt-external-217593033.us-east-1.elb.amazonaws.com udp
US 8.8.8.8:53 prod-cdn.wetransfer.net udp
US 8.8.8.8:53 dt-external-217593033.us-east-1.elb.amazonaws.com udp
NL 18.239.50.111:443 prod-cdn.wetransfer.net tcp
US 8.8.8.8:53 prod-cdn.wetransfer.net udp
US 8.8.8.8:53 prod-cdn.wetransfer.net udp
US 8.8.8.8:53 collector.brandmetrics.com udp
US 8.8.8.8:53 donny.wetransfer.com udp
US 8.8.8.8:53 d9.flashtalking.com udp
US 8.8.8.8:53 data.ad-score.com udp
US 8.8.8.8:53 sp-20200324121949090600000008-54648268.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 donny.wetransfer.com udp
US 130.211.115.4:443 data.ad-score.com tcp
US 8.8.8.8:53 data.ad-score.com udp
US 8.8.8.8:53 waws-prod-ln1-145-3f54.uksouth.cloudapp.azure.com udp
IE 52.19.249.99:443 d9.flashtalking.com tcp
US 8.8.8.8:53 tag.device9.com udp
US 8.8.8.8:53 measure.lamp.avct.cloud udp
US 8.8.8.8:53 data.ad-score.com udp
US 8.8.8.8:53 donny.wetransfer.com udp
US 8.8.8.8:53 waws-prod-ln1-145-3f54.uksouth.cloudapp.azure.com udp
US 8.8.8.8:53 tag.device9.com udp
US 8.8.8.8:53 measure.lamp.avct.cloud udp
US 8.8.8.8:53 measure.lamp.avct.cloud udp
US 8.8.8.8:53 111.50.239.18.in-addr.arpa udp
US 8.8.8.8:53 133.207.201.34.in-addr.arpa udp
US 8.8.8.8:53 99.249.19.52.in-addr.arpa udp
US 8.8.8.8:53 4.115.211.130.in-addr.arpa udp
US 8.8.8.8:53 pixel.adsafeprotected.com udp
US 8.8.8.8:53 sp-20200324121949090600000008-54648268.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 firewall-external-2134955858.eu-west-1.elb.amazonaws.com udp
US 44.230.97.193:443 pixel.adsafeprotected.com tcp
US 8.8.8.8:53 sp-20200324121949090600000008-54648268.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 firewall-external-2134955858.eu-west-1.elb.amazonaws.com udp
US 34.201.207.133:443 dt.adsafeprotected.com tcp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 ax-0001.ax-msedge.net udp
US 8.8.8.8:53 support.mozilla.org udp
US 34.149.128.2:443 support.mozilla.org tcp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 2.128.149.34.in-addr.arpa udp
US 8.8.8.8:53 70.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 sp-20200324121949090600000008-54648268.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 collector.brandmetrics.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 waws-prod-ln1-145-3f54.uksouth.cloudapp.azure.com udp
US 8.8.8.8:53 waws-prod-ln1-145-3f54.uksouth.cloudapp.azure.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 216.58.204.81:443 csp.withgoogle.com tcp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 216.58.204.81:443 csp.withgoogle.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 142.250.200.42:443 ogads-pa.googleapis.com tcp
GB 142.250.200.42:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 142.250.200.42:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 81.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 consent.google.com udp
GB 216.58.204.78:443 consent.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 216.58.204.78:443 consent.google.com udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
GB 142.250.180.14:443 encrypted-tbn3.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
GB 142.250.200.46:443 encrypted-tbn2.gstatic.com udp
GB 142.250.200.46:443 encrypted-tbn2.gstatic.com udp
GB 142.250.180.14:443 encrypted-tbn3.gstatic.com udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 172.217.169.86:443 i.ytimg.com udp
US 8.8.8.8:53 86.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 204.201.50.20.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 184.25.193.136:443 store.steampowered.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 store.steampowered.com udp
GB 184.25.193.136:443 store.steampowered.com tcp
US 8.8.8.8:53 store.cloudflare.steamstatic.com udp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 store.cloudflare.steamstatic.com udp
US 8.8.8.8:53 136.193.25.184.in-addr.arpa udp
US 8.8.8.8:53 cdn.fastly.steamstatic.com udp
US 8.8.8.8:53 shared.cloudflare.steamstatic.com udp
US 8.8.8.8:53 store.cloudflare.steamstatic.com udp
US 8.8.8.8:53 cdn.cloudflare.steamstatic.com udp
US 8.8.8.8:53 t.sni.global.fastly.net udp
US 172.64.145.151:443 cdn.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 cdn.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 cdn.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 cdn.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 cdn.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 cdn.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 shared.cloudflare.steamstatic.com udp
US 8.8.8.8:53 cdn.cloudflare.steamstatic.com udp
US 8.8.8.8:53 t.sni.global.fastly.net udp
US 8.8.8.8:53 shared.cloudflare.steamstatic.com udp
US 8.8.8.8:53 cdn.cloudflare.steamstatic.com udp
US 172.64.145.151:443 cdn.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 cdn.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 cdn.cloudflare.steamstatic.com tcp
US 151.101.195.52:443 t.sni.global.fastly.net tcp
US 8.8.8.8:53 105.42.18.104.in-addr.arpa udp
US 8.8.8.8:53 151.145.64.172.in-addr.arpa udp
US 8.8.8.8:53 52.195.101.151.in-addr.arpa udp
US 8.8.8.8:53 clan.cloudflare.steamstatic.com udp
US 104.18.42.105:443 clan.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 clan.cloudflare.steamstatic.com udp
US 104.18.42.105:443 clan.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 clan.cloudflare.steamstatic.com udp
US 8.8.8.8:53 video.cloudflare.steamstatic.com udp
US 172.64.145.151:443 video.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 video.cloudflare.steamstatic.com udp
US 8.8.8.8:53 video.cloudflare.steamstatic.com udp
US 8.8.8.8:53 steamcommunity.com udp
GB 23.214.143.155:443 steamcommunity.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 155.143.214.23.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 avatars.fastly.steamstatic.com udp
US 151.101.195.52:443 avatars.fastly.steamstatic.com tcp
GB 23.214.143.155:443 api.steampowered.com tcp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 api.steampowered.com udp
N/A 127.0.0.1:27060 tcp
N/A 127.0.0.1:27060 tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 172.64.145.151:443 video.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 video.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.178.14:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 clients2.google.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 chrome.google.com udp
GB 142.250.178.14:443 chrome.google.com tcp
N/A 127.0.0.1:58394 tcp
N/A 127.0.0.1:58399 tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 support.mozilla.org udp
US 34.149.128.2:443 support.mozilla.org tcp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 216.58.204.81:443 csp.withgoogle.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 216.58.204.81:443 csp.withgoogle.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 216.58.204.74:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 216.58.204.74:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 store.steampowered.com udp
GB 184.25.193.136:443 store.steampowered.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 store.cloudflare.steamstatic.com udp
US 8.8.8.8:53 shared.cloudflare.steamstatic.com udp
US 8.8.8.8:53 cdn.cloudflare.steamstatic.com udp
US 8.8.8.8:53 clan.cloudflare.steamstatic.com udp
US 8.8.8.8:53 avatars.fastly.steamstatic.com udp
US 151.101.195.52:443 avatars.fastly.steamstatic.com tcp
US 104.18.42.105:443 clan.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 t.sni.global.fastly.net udp
US 8.8.8.8:53 store.cloudflare.steamstatic.com udp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 shared.cloudflare.steamstatic.com udp
US 104.18.42.105:443 shared.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 clan.cloudflare.steamstatic.com udp
US 8.8.8.8:53 cdn.cloudflare.steamstatic.com udp
US 8.8.8.8:53 t.sni.global.fastly.net udp
US 8.8.8.8:53 store.cloudflare.steamstatic.com udp
US 8.8.8.8:53 clan.cloudflare.steamstatic.com udp
US 8.8.8.8:53 shared.cloudflare.steamstatic.com udp
US 8.8.8.8:53 cdn.cloudflare.steamstatic.com udp
US 104.18.42.105:443 cdn.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 cdn.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 cdn.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 cdn.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 cdn.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 cdn.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 cdn.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 cdn.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 cdn.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 cdn.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 cdn.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 cdn.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 cdn.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 cdn.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 cdn.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 cdn.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 cdn.cloudflare.steamstatic.com tcp
GB 184.25.193.136:443 store.steampowered.com tcp
GB 184.25.193.136:443 store.steampowered.com tcp
GB 184.25.193.136:443 store.steampowered.com tcp
GB 184.25.193.136:443 store.steampowered.com tcp
US 8.8.8.8:53 login.steampowered.com udp
GB 23.214.143.155:443 login.steampowered.com tcp
US 8.8.8.8:53 login.steampowered.com udp
US 8.8.8.8:53 login.steampowered.com udp
US 8.8.8.8:53 api.steampowered.com udp
GB 23.214.143.155:443 api.steampowered.com tcp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.229.21:443 js.hcaptcha.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.229.21:443 js.hcaptcha.com udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 104.19.230.21:443 newassets.hcaptcha.com tcp
US 104.19.230.21:443 newassets.hcaptcha.com tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 104.19.230.21:443 newassets.hcaptcha.com udp
US 8.8.8.8:53 21.230.19.104.in-addr.arpa udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 104.19.229.21:443 api.hcaptcha.com tcp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 104.19.229.21:443 api.hcaptcha.com udp
US 8.8.8.8:53 cdn.steamstatic.com udp
GB 2.22.144.23:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 r10.o.lencr.org udp
US 8.8.8.8:53 23.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 125.21.192.23.in-addr.arpa udp
GB 2.22.144.149:80 r10.o.lencr.org tcp
GB 2.22.144.23:443 cdn.steamstatic.com tcp
GB 2.22.144.23:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 149.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 test.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
GB 2.22.144.13:80 test.steampowered.com tcp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 13.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
GB 23.214.143.155:443 api.steampowered.com tcp
US 8.8.8.8:53 ext2-gru1.steamserver.net udp
BR 155.133.227.50:27034 ext2-gru1.steamserver.net tcp
BR 155.133.227.50:27037 ext2-gru1.steamserver.net tcp
US 8.8.8.8:53 ext1-eze1.steamserver.net udp
AR 155.133.255.100:27032 ext1-eze1.steamserver.net tcp
AR 155.133.255.100:27033 ext1-eze1.steamserver.net tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
BR 155.133.227.50:443 ext2-gru1.steamserver.net tcp
US 8.8.8.8:53 ext1-scl1.steamserver.net udp
CL 155.133.249.180:27023 ext1-scl1.steamserver.net tcp
CL 155.133.249.180:27035 ext1-scl1.steamserver.net tcp
US 8.8.8.8:53 ext1-lim1.steamserver.net udp
PE 155.133.244.34:27029 ext1-lim1.steamserver.net tcp
US 8.8.8.8:53 50.227.133.155.in-addr.arpa udp
US 8.8.8.8:53 100.255.133.155.in-addr.arpa udp
US 8.8.8.8:53 ext2-scl1.steamserver.net udp
PE 155.133.244.50:27023 ext2-lim1.steamserver.net tcp
US 8.8.8.8:53 cmp2-dfw1.steamserver.net udp
CL 155.133.249.164:443 ext2-scl1.steamserver.net tcp
US 155.133.253.52:443 cmp2-dfw1.steamserver.net tcp
US 8.8.8.8:53 cmp1-sea1.steamserver.net udp
US 205.196.6.132:27018 cmp1-sea1.steamserver.net tcp
US 8.8.8.8:53 180.249.133.155.in-addr.arpa udp
US 8.8.8.8:53 34.244.133.155.in-addr.arpa udp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.18.190.73:80 e5.o.lencr.org tcp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 2.22.144.142:80 e6.o.lencr.org tcp
US 8.8.8.8:53 p2p-sea1.discovery.steamserver.net udp
US 8.8.8.8:53 50.244.133.155.in-addr.arpa udp
US 8.8.8.8:53 52.253.133.155.in-addr.arpa udp
US 8.8.8.8:53 164.249.133.155.in-addr.arpa udp
US 8.8.8.8:53 132.6.196.205.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 142.144.22.2.in-addr.arpa udp
N/A 127.0.0.1:55227 tcp
N/A 127.0.0.1:55226 tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
US 8.8.8.8:53 p2p-sea1.discovery.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
GB 23.214.143.155:443 api.steampowered.com tcp
US 8.8.8.8:53 ext2-bom2.steamserver.net udp
IN 155.133.224.23:27028 ext2-bom2.steamserver.net tcp
US 8.8.8.8:53 ext2-maa2.steamserver.net udp
IN 155.133.225.21:27024 ext2-maa2.steamserver.net tcp
IN 155.133.225.21:27032 ext2-maa2.steamserver.net tcp
IN 155.133.224.23:27038 ext2-bom2.steamserver.net tcp
IN 155.133.225.21:443 ext2-maa2.steamserver.net tcp
US 8.8.8.8:53 ext1-bom2.steamserver.net udp
US 8.8.8.8:53 23.224.133.155.in-addr.arpa udp
US 8.8.8.8:53 21.225.133.155.in-addr.arpa udp
US 8.8.8.8:53 cmp1-sgp1.steamserver.net udp
IN 155.133.224.22:443 ext1-bom2.steamserver.net tcp
SG 103.10.124.4:27019 cmp1-sgp1.steamserver.net tcp
SG 103.10.124.4:27018 cmp1-sgp1.steamserver.net tcp
US 8.8.8.8:53 cmp1-hkg1.steamserver.net udp
HK 103.28.54.100:27020 cmp1-hkg1.steamserver.net tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.18.190.73:80 e5.o.lencr.org tcp
US 8.8.8.8:53 cmp2-hkg1.steamserver.net udp
HK 103.28.54.101:27021 cmp2-hkg1.steamserver.net tcp
US 8.8.8.8:53 cmp1-fra2.steamserver.net udp
US 155.133.229.4:27023 cmp1-fra2.steamserver.net tcp
US 8.8.8.8:53 cmp1-sto2.steamserver.net udp
US 8.8.8.8:53 4.124.10.103.in-addr.arpa udp
US 8.8.8.8:53 22.224.133.155.in-addr.arpa udp
US 8.8.8.8:53 100.54.28.103.in-addr.arpa udp
SE 155.133.252.68:27019 cmp1-sto2.steamserver.net tcp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 2.18.190.80:80 e6.o.lencr.org tcp
US 8.8.8.8:53 p2p-sto2.discovery.steamserver.net udp
US 8.8.8.8:53 101.54.28.103.in-addr.arpa udp
US 8.8.8.8:53 68.252.133.155.in-addr.arpa udp
US 8.8.8.8:53 80.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 client-update.steamstatic.com udp
US 151.101.131.52:443 client-update.steamstatic.com tcp
US 8.8.8.8:53 r10.o.lencr.org udp
GB 2.18.190.73:80 r10.o.lencr.org tcp
US 8.8.8.8:53 52.131.101.151.in-addr.arpa udp
US 8.8.8.8:53 p2p-sto2.discovery.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 23.214.143.155:443 api.steampowered.com tcp
US 8.8.8.8:53 ext1-dxb1.steamserver.net udp
AE 185.25.183.36:27033 ext1-dxb1.steamserver.net tcp
US 8.8.8.8:53 ext2-dxb1.steamserver.net udp
AE 185.25.183.52:27036 ext2-dxb1.steamserver.net tcp
AE 185.25.183.36:443 ext1-dxb1.steamserver.net tcp
IN 155.133.224.22:27029 ext1-bom2.steamserver.net tcp
IN 155.133.224.22:27021 ext1-bom2.steamserver.net tcp
IN 155.133.224.22:443 ext1-bom2.steamserver.net tcp
US 8.8.8.8:53 ext1-maa2.steamserver.net udp
IN 155.133.225.20:443 ext1-maa2.steamserver.net tcp
IN 155.133.225.20:27022 ext1-maa2.steamserver.net tcp
US 8.8.8.8:53 52.183.25.185.in-addr.arpa udp
US 8.8.8.8:53 36.183.25.185.in-addr.arpa udp
IN 155.133.225.20:27036 ext1-maa2.steamserver.net tcp
SG 103.10.124.4:27019 cmp1-sgp1.steamserver.net tcp
US 8.8.8.8:53 ext3-sto1.steamserver.net udp
SE 162.254.198.46:27038 ext3-sto1.steamserver.net tcp
US 8.8.8.8:53 cmp3-hkg1.steamserver.net udp
HK 103.28.54.102:27020 cmp3-hkg1.steamserver.net tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.22.144.149:80 e5.o.lencr.org tcp
US 8.8.8.8:53 p2p-sto1.discovery.steamserver.net udp
US 8.8.8.8:53 20.225.133.155.in-addr.arpa udp
US 8.8.8.8:53 46.198.254.162.in-addr.arpa udp
US 8.8.8.8:53 102.54.28.103.in-addr.arpa udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.131.75:443 api.steampowered.com tcp
US 8.8.8.8:53 cmp2-fra1.steamserver.net udp
DE 155.133.250.20:27021 cmp2-fra1.steamserver.net tcp
US 8.8.8.8:53 cmp2-fra2.steamserver.net udp
US 155.133.229.20:27023 cmp2-fra2.steamserver.net tcp
DE 155.133.250.20:27018 cmp2-fra1.steamserver.net tcp
US 155.133.229.4:27018 cmp1-fra2.steamserver.net tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.18.190.73:80 e5.o.lencr.org tcp
US 8.8.8.8:53 20.250.133.155.in-addr.arpa udp
US 8.8.8.8:53 75.131.82.104.in-addr.arpa udp
US 8.8.8.8:53 20.229.133.155.in-addr.arpa udp
US 8.8.8.8:53 cmp1-ams1.steamserver.net udp
NL 155.133.248.42:443 cmp1-ams1.steamserver.net tcp
US 8.8.8.8:53 cmp2-ams1.steamserver.net udp
NL 155.133.248.43:27018 cmp2-ams1.steamserver.net tcp
NL 155.133.248.42:27018 cmp1-ams1.steamserver.net tcp
US 8.8.8.8:53 cmp1-fra1.steamserver.net udp
DE 155.133.250.4:443 cmp1-fra1.steamserver.net tcp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 2.18.190.80:80 e6.o.lencr.org tcp
US 8.8.8.8:53 ext1-sto1.steamserver.net udp
SE 162.254.198.44:27025 ext1-sto1.steamserver.net tcp
US 8.8.8.8:53 ext2-sto1.steamserver.net udp
SE 162.254.198.104:443 ext2-sto1.steamserver.net tcp
SE 162.254.198.46:27037 p2p-sto1.discovery.steamserver.net tcp
US 8.8.8.8:53 42.248.133.155.in-addr.arpa udp
US 8.8.8.8:53 43.248.133.155.in-addr.arpa udp
US 8.8.8.8:53 4.250.133.155.in-addr.arpa udp
US 8.8.8.8:53 p2p-fra1.discovery.steamserver.net udp
US 8.8.8.8:53 44.198.254.162.in-addr.arpa udp
US 8.8.8.8:53 104.198.254.162.in-addr.arpa udp
US 8.8.8.8:53 p2p-fra1.discovery.steamserver.net udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 23.214.143.155:443 api.steampowered.com tcp
US 8.8.8.8:53 cmp2-vie1.steamserver.net udp
AT 146.66.155.85:27018 cmp2-vie1.steamserver.net tcp
DE 155.133.250.4:27021 cmp1-fra1.steamserver.net tcp
US 155.133.229.20:27018 cmp2-fra2.steamserver.net tcp
AT 146.66.155.85:443 cmp2-vie1.steamserver.net tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.18.190.73:80 e5.o.lencr.org tcp
DE 155.133.250.20:27023 cmp2-fra1.steamserver.net tcp
US 8.8.8.8:53 cmp1-vie1.steamserver.net udp
DE 155.133.250.20:27019 cmp2-fra1.steamserver.net tcp
AT 146.66.155.84:27018 cmp1-vie1.steamserver.net tcp
US 155.133.229.20:443 cmp2-fra2.steamserver.net tcp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 2.18.190.73:80 e6.o.lencr.org tcp
SE 162.254.198.46:27025 p2p-sto1.discovery.steamserver.net tcp
SE 155.133.252.68:27019 cmp1-sto2.steamserver.net tcp
US 8.8.8.8:53 ext2-par1.steamserver.net udp
US 8.8.8.8:53 85.155.66.146.in-addr.arpa udp
US 8.8.8.8:53 84.155.66.146.in-addr.arpa udp
FR 185.25.182.52:27037 ext2-par1.steamserver.net tcp
US 8.8.8.8:53 cmp2-sto2.steamserver.net udp
SE 155.133.252.69:443 cmp2-sto2.steamserver.net tcp
US 8.8.8.8:53 p2p-sto1.discovery.steamserver.net udp
US 8.8.8.8:53 52.182.25.185.in-addr.arpa udp
US 8.8.8.8:53 69.252.133.155.in-addr.arpa udp
US 8.8.8.8:53 p2p-sto1.discovery.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 23.214.143.155:443 api.steampowered.com tcp
SE 162.254.198.46:27038 p2p-sto1.discovery.steamserver.net tcp
SE 162.254.198.46:27021 p2p-sto1.discovery.steamserver.net tcp
SE 155.133.252.68:27018 cmp1-sto2.steamserver.net tcp
SE 155.133.252.69:27018 cmp2-sto2.steamserver.net tcp
SE 155.133.252.69:443 cmp2-sto2.steamserver.net tcp
SE 162.254.198.46:443 p2p-sto1.discovery.steamserver.net tcp
DE 155.133.250.4:27024 cmp1-fra1.steamserver.net tcp
DE 155.133.250.20:27019 cmp2-fra1.steamserver.net tcp
US 8.8.8.8:53 p2p-sto2.discovery.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 p2p-sto2.discovery.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 23.214.143.155:443 api.steampowered.com tcp
GB 162.254.196.79:443 cmp1-lhr1.steamserver.net tcp
GB 162.254.196.79:27018 cmp1-lhr1.steamserver.net tcp
US 8.8.8.8:53 ext1-par1.steamserver.net udp
GB 162.254.196.79:27020 cmp1-lhr1.steamserver.net tcp
FR 185.25.182.20:27025 ext1-par1.steamserver.net tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.22.144.149:80 e5.o.lencr.org tcp
FR 185.25.182.52:27022 ext2-par1.steamserver.net tcp
FR 185.25.182.52:443 ext2-par1.steamserver.net tcp
NL 155.133.248.42:443 cmp1-ams1.steamserver.net tcp
NL 155.133.248.43:27018 cmp2-ams1.steamserver.net tcp
NL 155.133.248.42:27018 cmp1-ams1.steamserver.net tcp
US 8.8.8.8:53 cmp1-iad1.steamserver.net udp
US 162.254.192.98:27018 cmp1-iad1.steamserver.net tcp
US 8.8.8.8:53 79.196.254.162.in-addr.arpa udp
US 8.8.8.8:53 20.182.25.185.in-addr.arpa udp
US 8.8.8.8:53 p2p-ams1.discovery.steamserver.net udp
US 8.8.8.8:53 98.192.254.162.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
GB 184.25.193.136:443 store.steampowered.com tcp
US 151.101.3.52:443 client-update.steamstatic.com tcp
US 151.101.3.52:443 client-update.steamstatic.com tcp
US 151.101.3.52:443 client-update.steamstatic.com tcp
US 8.8.8.8:53 52.3.101.151.in-addr.arpa udp
US 104.19.230.21:443 api.hcaptcha.com tcp
US 151.101.3.52:443 client-update.steamstatic.com tcp
US 104.19.229.21:443 api.hcaptcha.com udp
GB 142.250.200.14:443 play.google.com tcp
NL 74.125.100.233:443 udp
US 8.8.8.8:53 233.100.125.74.in-addr.arpa udp
US 8.8.8.8:53 p2p-ams1.discovery.steamserver.net udp
US 8.8.4.4:443 dns.google udp
US 104.19.230.21:443 api.hcaptcha.com tcp
US 104.19.230.21:443 api.hcaptcha.com udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 23.214.143.155:443 api.steampowered.com tcp
US 8.8.8.8:53 cmp2-lhr1.steamserver.net udp
GB 162.254.196.79:443 cmp1-lhr1.steamserver.net tcp
GB 162.254.196.79:27018 cmp1-lhr1.steamserver.net tcp
GB 162.254.196.80:27019 cmp2-lhr1.steamserver.net tcp
FR 185.25.182.52:27024 ext2-par1.steamserver.net tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.18.190.80:80 e5.o.lencr.org tcp
FR 185.25.182.20:27032 ext1-par1.steamserver.net tcp
FR 185.25.182.20:443 ext1-par1.steamserver.net tcp
US 8.8.8.8:53 p2p-par1.discovery.steamserver.net udp
US 8.8.8.8:53 80.196.254.162.in-addr.arpa udp
US 104.19.229.21:443 api.hcaptcha.com udp
US 8.8.8.8:53 p2p-par1.discovery.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 23.214.143.155:443 api.steampowered.com tcp
US 8.8.8.8:53 cmp1-atl3.steamserver.net udp
US 162.254.199.165:27018 cmp1-atl3.steamserver.net tcp
US 8.8.8.8:53 cmp2-atl3.steamserver.net udp
US 162.254.199.184:27018 cmp2-atl3.steamserver.net tcp
US 162.254.199.165:443 cmp1-atl3.steamserver.net tcp
US 8.8.8.8:53 cmp2-iad1.steamserver.net udp
US 162.254.192.99:443 cmp2-iad1.steamserver.net tcp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 2.18.190.80:80 e6.o.lencr.org tcp
US 8.8.8.8:53 165.199.254.162.in-addr.arpa udp
US 8.8.8.8:53 184.199.254.162.in-addr.arpa udp
US 8.8.8.8:53 99.192.254.162.in-addr.arpa udp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.18.190.73:80 e5.o.lencr.org tcp
US 162.254.192.99:27018 cmp2-iad1.steamserver.net tcp
US 162.254.192.99:27020 cmp2-iad1.steamserver.net tcp
US 8.8.8.8:53 cmp1-dfw1.steamserver.net udp
US 155.133.253.36:27018 cmp1-dfw1.steamserver.net tcp
US 155.133.253.52:27018 cmp2-dfw1.steamserver.net tcp
US 155.133.253.52:443 cmp2-dfw1.steamserver.net tcp
US 8.8.8.8:53 cmp1-ord1.steamserver.net udp
US 162.254.193.103:443 cmp1-ord1.steamserver.net tcp
US 8.8.8.8:53 36.253.133.155.in-addr.arpa udp
NL 155.133.248.43:27018 cmp2-ams1.steamserver.net tcp
GB 162.254.196.80:27018 cmp2-lhr1.steamserver.net tcp
US 8.8.8.8:53 103.193.254.162.in-addr.arpa udp
US 8.8.8.8:53 p2p-lhr1.discovery.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 23.214.143.155:443 api.steampowered.com tcp
US 205.196.6.132:443 cmp1-sea1.steamserver.net tcp
US 205.196.6.132:27018 cmp1-sea1.steamserver.net tcp
US 8.8.8.8:53 cmp2-sea1.steamserver.net udp
US 8.8.8.8:53 cmp1-lax1.steamserver.net udp
US 205.196.6.133:27018 cmp2-sea1.steamserver.net tcp
US 162.254.195.69:27018 cmp1-lax1.steamserver.net tcp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 2.18.190.80:80 e6.o.lencr.org tcp
US 162.254.195.69:443 cmp1-lax1.steamserver.net tcp
US 8.8.8.8:53 cmp2-lax1.steamserver.net udp
US 162.254.195.75:27018 cmp2-lax1.steamserver.net tcp
US 8.8.8.8:53 133.6.196.205.in-addr.arpa udp
US 8.8.8.8:53 69.195.254.162.in-addr.arpa udp
US 162.254.192.98:443 cmp1-iad1.steamserver.net tcp
US 162.254.192.98:27020 cmp1-iad1.steamserver.net tcp
US 162.254.192.99:27020 cmp2-iad1.steamserver.net tcp
US 155.133.253.52:27018 cmp2-dfw1.steamserver.net tcp
US 162.254.199.184:27018 cmp2-atl3.steamserver.net tcp
US 155.133.253.52:443 cmp2-dfw1.steamserver.net tcp
US 8.8.8.8:53 75.195.254.162.in-addr.arpa udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
N/A 127.0.0.1:56355 tcp
N/A 127.0.0.1:56364 tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 support.mozilla.org udp
US 34.149.128.2:443 support.mozilla.org tcp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 216.58.204.81:443 csp.withgoogle.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 216.58.204.81:443 csp.withgoogle.com tcp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 216.58.213.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 216.58.213.10:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
US 104.19.230.21:443 api.hcaptcha.com udp
US 104.19.230.21:443 api.hcaptcha.com udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 23.214.143.155:443 api.steampowered.com tcp
US 155.133.229.20:27022 cmp2-fra2.steamserver.net tcp
AT 146.66.155.84:443 cmp1-vie1.steamserver.net tcp
US 155.133.229.4:27022 cmp1-fra2.steamserver.net tcp
US 155.133.229.4:27019 cmp1-fra2.steamserver.net tcp
AT 146.66.155.85:27018 cmp2-vie1.steamserver.net tcp
AT 146.66.155.84:27018 cmp1-vie1.steamserver.net tcp
DE 155.133.250.20:27020 cmp2-fra1.steamserver.net tcp
US 155.133.229.4:443 cmp1-fra2.steamserver.net tcp
US 8.8.8.8:53 p2p-fra1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra1.discovery.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 23.214.143.155:443 api.steampowered.com tcp
FR 185.25.182.52:27021 p2p-par1.discovery.steamserver.net tcp
FR 185.25.182.20:27019 p2p-par1.discovery.steamserver.net tcp
FR 185.25.182.52:443 p2p-par1.discovery.steamserver.net tcp
NL 155.133.248.42:27018 cmp1-ams1.steamserver.net tcp
NL 155.133.248.43:443 cmp2-ams1.steamserver.net tcp
NL 155.133.248.43:27018 cmp2-ams1.steamserver.net tcp
DE 155.133.250.4:27023 cmp1-fra1.steamserver.net tcp
DE 155.133.250.20:27023 cmp2-fra1.steamserver.net tcp
US 8.8.8.8:53 p2p-ams1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-ams1.discovery.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.131.75:443 api.steampowered.com tcp
US 8.8.8.8:53 ext2-waw1.steamserver.net udp
PL 155.133.230.50:27023 ext2-waw1.steamserver.net tcp
PL 155.133.230.50:27037 ext2-waw1.steamserver.net tcp
PL 155.133.230.50:443 ext2-waw1.steamserver.net tcp
DE 155.133.250.20:27024 cmp2-fra1.steamserver.net tcp
US 155.133.229.20:27019 cmp2-fra2.steamserver.net tcp
DE 155.133.250.20:27020 cmp2-fra1.steamserver.net tcp
DE 155.133.250.4:27023 cmp1-fra1.steamserver.net tcp
SE 162.254.198.44:27024 p2p-sto1.discovery.steamserver.net tcp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 50.230.133.155.in-addr.arpa udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\913b5489-b91a-4442-a2a7-7ba2ba8c440a

MD5 bddbf7ef438d1773c08f392c2f9dce27
SHA1 0c9ae5f37aab2e6a933f58de196aea4daa89e08c
SHA256 75642ae39fcaa5c774b2e0aaa595ab2ea5772e400ac948e0bcc19c74f774517c
SHA512 fa8bd86c40ecd049e14f88ae1c0c58cd9d55aa8bde2b53319700d9b0c1c248330d05efe95ef153a4f355f976bae97e9ad8e754d78c67496e21246bcf589dbfaf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\45eeba94-b7a3-4ad6-92ac-fc43baac9d09

MD5 b66fa1df1390b1b30806bdb0aed3b773
SHA1 bd72b967c159d53ca24e3dd8386565ece666249a
SHA256 e53bd580645a198c6f1d5fe78856d5f9afa85366c8ab0629feaed746adcfcf82
SHA512 1ea40dfcee70f88301b004ae8f0a6d09e7b4adcbf470041c9f1d3f0a741764ad4b8faf09561b90a63dc6b15fd7d6342c64643eae239edc1ff22fea760c0c58b1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp

MD5 35ce0b27dfdd144e2a2f380b8ba29d0a
SHA1 201f4df5b1d49c19c47003feba1018edd53e7916
SHA256 f96e5326d7688a278b5568afa4eb1af354814314e698917232bd31e3d633d495
SHA512 0bb498bec0b30c305915d0c79850be83611edb09fd900c5b732923ce4deb95128bf7e027db58af1fc3e90088147ce8218e0b306e467ece53873b016b5f2882ab

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\89b02a13-30c1-464e-a4a2-5acb66789ddc

MD5 5044204a6cc992e74754ba45d5502ebc
SHA1 b7c5a2de729e6c385b836192f3bc68a55209f87b
SHA256 c5c6285f0dd2fd169fc16bb5cce2c23a936d1201ac3153e139f9e083fe7e28bd
SHA512 967324d12a80d9329b6b3234261a0bb73c4f5cfc9c797c4232fa50be474c93dfddba08001914fa988bee33b6eb442a9b6f488f0ed225ba59d4269727dfaa1b0f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp

MD5 d8432c3627a6209c4ed24ce8789f3060
SHA1 d00d5b80d7649188fc8d140e714e8e9d87c110c9
SHA256 a2c2cea542098181abf08ba2f1fb3a61320c2148bc593fef911e1cec54df0f57
SHA512 50efb1e005f5429ef9247208955dfb1ed91d1340ef1f49affed21500f501f3332e459006789c5aa4acfb929f6b4748ee8f222e516697198155a39a28a51ef731

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\activity-stream.discovery_stream.json

MD5 f4071792e99beb9f31f78471b0e2b629
SHA1 fac3cb1da94fe8013cbf33c0a820554c9a942d8d
SHA256 11c424fe09a34af6e4a27bc4b0bbd6a9fec02355f714c613aeb10f8f847626f7
SHA512 f4c765396a823cc9fc6523a302683a68830c008c4732910d254aa1327152c90d47d5990966a8d67a90eee98f982cbe763f988b4e9c92f6e52ee46e6bdfa22894

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp

MD5 d75a1447a9d4f13acb49c7600570f38d
SHA1 a3fe9c9c83330ff308eb78d5ccf5a0dc66d55500
SHA256 9786f8d0fe2f373592c3e99aa723bb51aa5e13e44533e2f1a0d63889d16d5f6f
SHA512 f976370b3df92a8fdfe2234bd630f87083006c12f00ef45ef23d8dac7334f7d6cb573855f81416c87b4dbfc3501f250b971c272d721cd98373073cbc447cd58d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\prefs.js

MD5 df37bea78dd897e174429ef6b9b3857e
SHA1 9a8d8a8939981ac354fc716931b192d478d25302
SHA256 0931e7e2754acc378e9f43abee4ef5dd1aed883c47f83fbe9589ee82c860c43d
SHA512 7070e31b6123d95b1b1d784e33419fd36ef693ae7a413ac37b0b39e92cbe455eeb3348b821fe214b031fc61a3fe2efcc94152a125b9fec420087eac644c77384

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\prefs-1.js

MD5 62adf1a87fa26f6b5f5eb6bf349e46e5
SHA1 012583c4ee867748c63cec939548b229b95e5b7b
SHA256 02d38f40dd93ce374ed895a494d99119bc4c2879b70bc980832441659c93912f
SHA512 b3a018560cd10eb9e2a6b3b940226192ba3bccd958fc07da57ff4ba9f719d09627b586ad5bf079a8fba57295f5bea014d66270531db821721f13984a95fa5ccf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\AlternateServices.bin

MD5 557a57b133a42f95c0423f6eb0b37285
SHA1 425706b04d426be03a60ef876c6de7b661b2b394
SHA256 876d8fec26a51d33a4c8d1395aab83bdbb6ec33c79e620b124548810fbebd0ff
SHA512 fc598cc1d8d797ce4abb6319945930288cb5ee7c8beadc80b30426f0dd346848bb341c02091d71e6f6501755a934bb9f9311c0cca50e3502ad45502e377385ee

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\doomed\24997

MD5 ab52f188e7e85d7d25f55f4a80c4085c
SHA1 dbe3631390b0d2b9924764399edcc710b64cb44d
SHA256 06c9eadbe3876fba17ee02573d57d0209ae4cf20bdc37e2966bba24c8aa79b42
SHA512 9487017fe13ec38dbf299b2afe45d4e8cf6ac76977d705a3468af0616c7ae36c9d269343f5c0cf9190ff07f463b38d8787c1fb9c130900d9cb6d593a71512ae9

C:\Users\Admin\Downloads\Steam.AbAnaC86.Auto.Cracker.GUI.v2.2.1.zip.part

MD5 93dd0c79faaa39c57d67aa07aed48c24
SHA1 65490baf70f3cd3375a161556dc908aaa683c085
SHA256 c4949e748348256c219ec0406d2e16e3f4845fe676d3dc26dbfcb2059afdfa81
SHA512 4f1bca38cec5c74f5c3dc0836086387ec57303d9b9231be8312159173e0ed519dd48aa4f5aa061c28c378b39e271790effafb6026ad95476dc8f74769b637ac0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\storage\default\https+++wetransfer.com\idb\3865057905o3rVino.sqlite

MD5 b1f2b50630924efac1a2a7509379a6ca
SHA1 628953e1562464b4e3f0c452084e3fcfeda1e6a1
SHA256 dab341217a35444d3bf6373b30992cd43edd8376fb395a34ce18322d79a7aa33
SHA512 411e769ed9a784f30cb69435e2ba117c9bc7f89ddc63dd1d10e1b7f7b481824ae55e3a389af39b98937c14ed273ad310457069b9231f88aa5e19b7342a022078

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp

MD5 c4886ade36260b329462aa0af9537547
SHA1 5adfa08e8ae755e74c70f11212b53ce9cf90cd80
SHA256 e861aaa5d9de6b9bef2307b38a64c1f043ceb7c4368ee84baca10b8dce42a782
SHA512 39ddd45874c1e45803034dbffa2b91f93983641fc3c156e6943d0bf9d1ac46981c08c8ea958efa1646060a558925795e039fe3acf7ddeb82cab06441e83b461d

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\prefs-1.js

MD5 a87b2f9cda39e962bf234e94e67f4b3a
SHA1 a326e734b545e3ab45ebf16b5c21ac106fcbaea9
SHA256 9eb6eb5e78e0ce2fe40a5e80bfbedcc3ee5c9ef468d939f9fa905ce9cd371b23
SHA512 d3145f6107cff68395d64655f255628ce98fcc6b6701635f5f1c95555ceaa7488b5f42153e8a4aaf44fa001114234f6e86ee2e3d56857c4d6d889658ef228318

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\AlternateServices.bin

MD5 c10e4372a147419036f91ca25b6fb9ba
SHA1 078f3850a36fb609bf49b2ccc524bde5653f9aae
SHA256 0e296593e33d228eec0156c2603d2b685d9779986eb38573a4968e238052ce4b
SHA512 83e041fa38862f875f5128f2eb047d3d1aec0a89d2365e9f90782c7dbd00835ccc4e3bb0bb53fa05bf78b1d1b25cbfab1d3aca9ea1a5f8815060969b1c560132

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionstore-backups\recovery.baklz4

MD5 0505b59e73619797e06ecdfab6957669
SHA1 a58def521b0572a1cb18bef3a9d668192538e76c
SHA256 8e6239785645b6718fcb9bd29580d4b875cae5e3405254c7b2c1db80e3efad60
SHA512 78d07f70eec82dfe2756fc8e03603e3fbba30c2c2e40ce57f1540c6a43fec7d0a421a7bcf1d99cee94c392e47e427c8e5e8b68284a5fb97ac3ef29c3776b2a29

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionstore-backups\recovery.baklz4

MD5 a15f3d081b553b2d48e67a15b7aae542
SHA1 5fe453ce972fea8ae4cfc9317926c8c40bf5ef4d
SHA256 75ab0dc84c85f64f4d649477a5a42f63062f985914d127cb7a50ca4c7faaa5f3
SHA512 7b3a28d6de38d21186c73a6aefe23c6e3188a6256d1ca23ae24b5d4f253c3df210391222b9e61306fe2cb7a5f37b70887e6778229b3c3ef30bfdc17c315fcddf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\8E85625EE9AA011944D3C0C6D5776A5A154B9FB0

MD5 b0e4a62577229f757e035627a4696cc5
SHA1 fcf506e0ffc5ee2a85b3c81afcd7a1c9df2a1c19
SHA256 8abf1f6f2aaf843f5f6ab155c4a14b4931c1a08cf6b07e54a86734eb1bc74298
SHA512 69cfe548e0a2f942f8e51c62a3266fe2044d531ed9aeec534a52eb9636d790bee0fee5e006bcbd4aab6970914a9ef8bbafb080ba71b80187ee5c1b51dbc8f4f3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\CAA92896BB011F3FC8AA09A6942D700C05A6DA8A

MD5 9d967e15780101d26be5e6b5211bc13a
SHA1 cccbae917c97f68f4749dbbcd17f7203a52c7c27
SHA256 a523542b0864b7331e06bce08f5b7480bf88786f9f809c6a83692b9fdc574d68
SHA512 a54ae80d66b91202fd851bcf3a95a1b5b0eec3fafe2ef920f9b45926cc71b0fffea7105e4feeb50b1fdd641d36cabb632a997064a5c62b09a23eea44d86dc6bb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionstore-backups\recovery.baklz4

MD5 14e319d616cb1b2ad0d13111ca0a366d
SHA1 1696a0328c63f5ea80ceda1a94aa3bc567913088
SHA256 b1f0a6abbe5b78916dc2b808b50fc7aee0e80e76144d879c631bee25204a33e1
SHA512 33a34b209f37faa7315254da6e741d7a7c8c3b4db045d89f6d22e2e259e85c367f7a45cf236b46169eb5456fe206ab550cabb1478dd138d9eb9b9be1493a69ad

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionstore-backups\recovery.baklz4

MD5 81eb10c4fb640c7ecb58cf44170031b8
SHA1 6e95c6cd0d5d326e2ac8c7692417c0f814fde8b3
SHA256 fbe51c89af95b3b063279e65c1158e822fbe1ec250e2782df8d29f54a8fecc3c
SHA512 141ebe44afc156eeefcdf4219c9e07f00e5ff4a442a07c8e6201779078ca37b09ff7f6ea58410e87d20aefa6562d3dafa52e3fe2ef7f8fc9df13ac0e83de7dfe

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionstore-backups\recovery.baklz4

MD5 d1fa3f9cb96645b88edd91e5d4e0f178
SHA1 e8931486db6561d9736724909cd99dae0685617b
SHA256 3f1f1c178eef756824f3b9d3e295fc33058b2adf8c3efb5513548cb9f302b971
SHA512 6d21cf8c1b93cbb70b13ce9c63498ce54d5a271a478b48a95aa01a50c1973c339b505eddd8e6ba473bc1c0b5105c8e6c6a8142a890fa5cfb88ee0e7c9cd4bff5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionstore-backups\recovery.baklz4

MD5 4c762121e7d608c9eda49225313417ff
SHA1 359e84c0a6a9a312dc4e568530f79e26788ba6db
SHA256 5d992fe77cee5e8b678d8bfcc22d432d0d4867b94da373c8117175d2a8d8777a
SHA512 76c611bbc695b90f84e51bdb008387f4e4fff93aa0888c1d086bec689cbc2752e1f3629b5d1bdeae03728939b433b8214cd9e72759a283840ad3d4e9627e08d6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionstore-backups\recovery.baklz4

MD5 6c834bd7e544bbbb88473a843c5a2812
SHA1 313a02dc48bdbe18ace842e0e51d3fbe76a7b703
SHA256 393c9d7fa932af28fd7f4ef5b2a6cb23ee5a6dae0cf965501674d1def49a2ad6
SHA512 88e8fea2ebfd281c7258464161b265ae415e1d97c1d1cce6dc6b5490e8de2574770f2197f594eb6e66b109fb5ad0df9236b464432da800f9ffe5fc04cf502170

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionstore-backups\recovery.baklz4

MD5 5f647d5428faf33fa613615902430324
SHA1 b8ce70b7c6fb05a97d92902bbdfcbff0667e92e7
SHA256 ae0ea8025935c52c2db25251c41b4b4372ceeeef5aa3c91f11ef8ed84a51f43c
SHA512 e4de1f2d21815eaa6334c6f09b9bfce728c1b77051ebecc6a9c8306f31d0e623ac664afb33f107c4f89a3ccee209311e881c9117d79c5d71f4b528a0ea1eb358

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\prefs-1.js

MD5 5ab29d2351fe53957caff4df37112b6d
SHA1 6ffe87fcaeab8771d661311c7d6a40dd4b0ffc6e
SHA256 a77f43742c47e6bc43e13137568dd39161462fd9edd8eb543f2b92817289b38c
SHA512 da03ba435f9847cff5c8985bac8a2f8994e0daead1fc37990034f84eedc387626b996e9eb4c0878f18cb01a85927047fc44fba0809e13dc3cc8fa747a4f90752

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 d85fdec400451a21abea33340f23a1ca
SHA1 367988aa1954676a3edcd8a1fdf355285bbd703d
SHA256 9c1a13a4da46bc5cf80f5dea0ec17f27a1b4463bdb2649fbf2ca0bb1c4d2e25d
SHA512 b1d69a8aa9666d858d4a823adeaa32d512763e6d452ac2748edbdb59ac1eae7624f8f52fa0c2b4f2d0aec8679dd485ae918c358680dd78f46f663ccae06c37d2

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 d5284d90a35ae29a6a9bf053a2a864da
SHA1 358c3c37303e9377ae16d3695d039aa4e75080cb
SHA256 61fc22cc6267276a9ad33274e8092d3dcf452c6de90d227cf7ecb455f256fdb8
SHA512 6e67b4d3015606b896bfdb5685093531635392ededd8496bb2fe82b91cca5eaceb2622d6553653712aaf84864210f03bac14337590e2403e640fa7f07c26f78e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp

MD5 4b127397f683768262bea0c76df1654f
SHA1 06af916e55bdc37866a8cb0f79ee32477ca49425
SHA256 2cb01a2ef69e7d25bc7fb06ce1eb564f551e1a48fccb171d3f4b4527d2986402
SHA512 89291807ac1fae77d3671470f3f2c0fed536518fcf7b91719a117e4b60c52d8750e5ad279d8b9d1c2c6a04e5982da2e42268590ad82f4e41259bd167cd90a191

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\0330d38c-3c8c-42b8-b873-970b20ca6534

MD5 6796c7f5659ca74790ae263f92cbaa08
SHA1 143ab38b7a1380482b5c7e6dfde6b1ee7e42ccf8
SHA256 7e93c68f3ef868c06d6f1f6b681054f842fd0aa09df323cab9e9ac573e826fa1
SHA512 c620a3fb41c742beee4af4643af4aa9289ca902488116b1e55fb58ff0036d60cebc4322f1994f53a342fca9f6ded9d8e7580bc5cfc8a2fd2db36292e74fb03bc

C:\Users\Admin\Desktop\Steam Auto Cracker GUI (v2.2.1)\steam_auto_cracker_gui.exe

MD5 9b13d23586bc94a9a03a74c703544d2f
SHA1 404294664583896fc4e2fa82efcf30cea4d24a26
SHA256 4544dd9ccce49465d264ed6725036551c32975ab96014322f65499b79497f56a
SHA512 02f72f2d26fa0c96a82e1a310fa7769b51822bccce2c4241571e89fae6493078b3eb13e2f71a5214ab2e95a59f3a14b74591d9b9c2a76636e73b5179e4a4bc5f

C:\Users\Admin\AppData\Local\Temp\_MEI53322\ucrtbase.dll

MD5 8d78c854fac7afac4c261bb2a38d8f42
SHA1 8326ec243443752718f060560657c5625610bdce
SHA256 8b04be88020bb0465a0f6f038c714138a4121f05245c8b0157eb44252c44ef1e
SHA512 e91c1d88d0d68fe2af5582f1a450b4c80404e8311a7e3cf3ce54df1f1a9463d02faf42bdac5da5a2b89f7fa976920bc6145a98147956d4b6f586a7300b377514

C:\Users\Admin\AppData\Local\Temp\_MEI53322\python39.dll

MD5 2135da9f78a8ef80850fa582df2c7239
SHA1 aac6ad3054de6566851cae75215bdeda607821c4
SHA256 324963a39b8fd045ff634bb3271508dab5098b4d99e85e7648d0b47c32dc85c3
SHA512 423b03990d6aa9375ce10e6b62ffdb7e1e2f20a62d248aac822eb9d973ae2bf35deddd2550a4a0e17c51ad9f1e4f86443ca8f94050e0986daa345d30181a2369

C:\Users\Admin\AppData\Local\Temp\_MEI53322\VCRUNTIME140.dll

MD5 f34eb034aa4a9735218686590cba2e8b
SHA1 2bc20acdcb201676b77a66fa7ec6b53fa2644713
SHA256 9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1
SHA512 d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

C:\Users\Admin\AppData\Local\Temp\_MEI53322\base_library.zip

MD5 8b06eca7d1ca5640aa48f8287bcc3847
SHA1 81cbd84318a9d7aaab6a5e7b9f2d5247aebc71ac
SHA256 9cb58470abed7b95bf29bf2713227ee41c4db56e8ffeda7b0245c99063c480fe
SHA512 b1cf25b6426cd9f8012934b670f3c44da26dc81046c5cddee05ce74637438e45392ed3895376dcdf448439e0eb631d0716a5b384e3a6b1e422270004b0e5a109

C:\Users\Admin\AppData\Local\Temp\_MEI53322\_tkinter.pyd

MD5 77cf63868cae43963b69b4561114cd19
SHA1 6975afa15fde28279ede93c78d78847ed58d6221
SHA256 313fb33e72028fcc893ec7874e0c825c035cdcebe1b5b7c7d8d11ef3ad1b354f
SHA512 fcf92377b07a2979b87cce7f545dd5f34df8739e2634d889077a10bb4441853b24a9427fa92ed5cb4694e71ef6421f89e1106bd689f94d11d839e29f576af514

C:\Users\Admin\AppData\Local\Temp\_MEI53322\tk86t.dll

MD5 4b6270a72579b38c1cc83f240fb08360
SHA1 1a161a014f57fe8aa2fadaab7bc4f9faaac368de
SHA256 cd2f60075064dfc2e65c88b239a970cb4bd07cb3eec7cc26fb1bf978d4356b08
SHA512 0c81434d8c205892bba8a4c93ff8fc011fb8cfb72cfec172cf69093651b86fd9837050bd0636315840290b28af83e557f2205a03e5c344239356874fce0c72b9

C:\Users\Admin\AppData\Local\Temp\_MEI53322\tcl86t.dll

MD5 75909678c6a79ca2ca780a1ceb00232e
SHA1 39ddbeb1c288335abe910a5011d7034345425f7d
SHA256 fbfd065f861ec0a90dd513bc209c56bbc23c54d2839964a0ec2df95848af7860
SHA512 91689413826d3b2e13fc7f579a71b676547bc4c06d2bb100b4168def12ab09b65359d1612b31a15d21cb55147bbab4934e6711351a0440c1533fb94fe53313bf

C:\Users\Admin\AppData\Local\Temp\_MEI53322\tcl\encoding\cp1252.enc

MD5 e9117326c06fee02c478027cb625c7d8
SHA1 2ed4092d573289925a5b71625cf43cc82b901daf
SHA256 741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e
SHA512 d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52

C:\Users\Admin\AppData\Local\Temp\_MEI53322\_ssl.pyd

MD5 70014e88ecf3133b7be097536f77b459
SHA1 5d75675bb35ba6fae774937789491e051e62a252
SHA256 d318795c98c5f3c127c8e47220a92acba0736daf31bab0dc9c7e6c3513bb2aa3
SHA512 aa59b32c9164afca1b799e389c7087e95eeaa543790b6f590f9e30aa13b7fdb8cc83d0ef6351f0b578a4da636f4ca1e6dfe4558dcf3a813b744a80f7392aa462

C:\Users\Admin\AppData\Local\Temp\_MEI53322\libcrypto-1_1.dll

MD5 ab01c808bed8164133e5279595437d3d
SHA1 0f512756a8db22576ec2e20cf0cafec7786fb12b
SHA256 9c0a0a11629cced6a064932e95a0158ee936739d75a56338702fed97cb0bad55
SHA512 4043cda02f6950abdc47413cfd8a0ba5c462f16bcd4f339f9f5a690823f4d0916478cab5cae81a3d5b03a8a196e17a716b06afee3f92dec3102e3bbc674774f2

C:\Users\Admin\AppData\Local\Temp\_MEI53322\libssl-1_1.dll

MD5 de72697933d7673279fb85fd48d1a4dd
SHA1 085fd4c6fb6d89ffcc9b2741947b74f0766fc383
SHA256 ed1c8769f5096afd000fc730a37b11177fcf90890345071ab7fbceac684d571f
SHA512 0fd4678c65da181d7c27b19056d5ab0e5dd0e9714e9606e524cdad9e46ec4d0b35fe22d594282309f718b30e065f6896674d3edce6b3b0c8eb637a3680715c2c

C:\Users\Admin\AppData\Local\Temp\_MEI53322\_socket.pyd

MD5 cd56f508e7c305d4bfdeb820ecf3a323
SHA1 711c499bcf780611a815afa7374358bbfd22fcc9
SHA256 9e97b782b55400e5a914171817714bbbc713c0a396e30496c645fc82835e4b34
SHA512 e937c322c78e40947c70413404beba52d3425945b75255590dedf84ee429f685e0e5bc86ad468044925fbc59cf7ec8698a5472dd4f05b4363da30de04f9609a5

C:\Users\Admin\AppData\Local\Temp\_MEI53322\select.pyd

MD5 35bb285678b249770dda3f8a15724593
SHA1 a91031d56097a4cbf800a6960e229e689ba63099
SHA256 71ed480da28968a7fd07934e222ae87d943677468936fd419803280d0cad07f3
SHA512 956759742b4b47609a57273b1ea7489ce39e29ebced702245a9665bb0479ba7d42c053e40c6dc446d5b0f95f8cc3f2267af56ccaaaf06e6875c94d4e3f3b6094

C:\Users\Admin\AppData\Local\Temp\_MEI53322\_hashlib.pyd

MD5 69dc506cf2fa3da9d0caba05fca6a35d
SHA1 33b24abb7b1d68d3b0315be7f8f49de50c9bdcb6
SHA256 c5b8c4582e201fef2d8cb2c8672d07b86dec31afb4a17b758dbfb2cff163b12f
SHA512 0009ec88134e25325a47b8b358da0fed8bb34fe80602e08a60686f6029b80f4287d33adb66ef41435d11d6edff86a88916f776eeaf2d1cb72035783f109ca1ff

C:\Users\Admin\AppData\Local\Temp\_MEI53322\_queue.pyd

MD5 328e41b501a51b58644c7c6930b03234
SHA1 bc09f8b62fec750a48bafd9db3494d2f30f7bd54
SHA256 2782cf3c04801ede65011be282e99cd34d163b2b2b2333fd3147b33f7d5e72ab
SHA512 c6e6e6bca0e9c4e84f7c07541995a7ee4960da095329f69120ba631c3c3e07c0441cf2612d9dcc3d062c779aec7d4e6a00f71f57cc32e2a980a1e3574b67d248

C:\Users\Admin\AppData\Local\Temp\_MEI53322\_bz2.pyd

MD5 b024a6f227eafa8d43edfc1a560fe651
SHA1 92451be6a2a6bfc4a8de8ad3559ba4a25d409f2e
SHA256 c0dd9496b19ba9536a78a43a97704e7d4bef3c901d196ed385e771366682819d
SHA512 b9edb6d0f1472dd01969e6f160b41c1e7e935d4eebcaf08554195eb85d91c19ff1bfbc150773f197462e582c6d31f12bd0304f636eb4f189ed3ed976824b283e

C:\Users\Admin\AppData\Local\Temp\_MEI53322\_lzma.pyd

MD5 77b78b43d58fe7ce9eb2fbb1420889fa
SHA1 de55ce88854e314697fa54703a2cd6cc970f3111
SHA256 6e571d93ce55d09583ec91c607883a43c1da3d4d36794d68c6ecd6bea4ab466a
SHA512 7b03b7d3f2fd9b51391de08e69ca9156a0232b56f210878a488b9d5a19492ab5880f45d9407331360fbe543a52c03d68f68da4387bf6a13b20ec903a7b081846

C:\Users\Admin\AppData\Local\Temp\_MEI53322\unicodedata.pyd

MD5 3ba2a20dda6d1b4670767455bbe32870
SHA1 7c98221bc6ed763030087b1f33fb83eac2823ea4
SHA256 3a0987025f1cf2111dc6e4f59402073ba123d7436d809ee4198b4e7bfb8cb868
SHA512 0688f8af3359a8571bef2a89efabc2dbf26f3f5c6220932a4e7df2e33fac95cafee8b80796346ba698e6bf43630b8069f56538b95a8ff62ec21d629787ca5cd1

C:\Users\Admin\AppData\Local\Temp\_MEI53322\win32api.pyd

MD5 2c792ab3c75a897aaf4355532872e48e
SHA1 eb7742196a17fd7e4badaab82bb32d06f9948082
SHA256 e68bf1a0e2f1aafff0558dcb40b8916f971860eeeaf6ccdf726d4bffbadd7d1e
SHA512 31464abd6e64045308727e71e81969175a521c762e2344112403ff5f998ab6e3249d33e9c8e8e46fd1521c9dd700f535e47435b5ba179e98421dc6f35162eda3

C:\Users\Admin\AppData\Local\Temp\_MEI53322\pywintypes39.dll

MD5 74f0a90fbdd64f0c431cbf55a47eab35
SHA1 ef8711c4d6539ef0fde786976f665cd3bacff901
SHA256 684267ae1acf4a7cc069e511ffd72bbc8d9d071ee23c4a7d98156374dbf87958
SHA512 69cfa5766d376fb4caf23e2adb4fa374eb01ec645e1d1b71f44e264c130eee888e75bc46b99465def162601f487b41917bc245aa2d1f9bd194aa7dff31ebb6c8

C:\Users\Admin\AppData\Local\Temp\_MEI53322\tcl\init.tcl

MD5 982eae7a49263817d83f744ffcd00c0e
SHA1 81723dfea5576a0916abeff639debe04ce1d2c83
SHA256 331bcf0f9f635bd57c3384f2237260d074708b0975c700cfcbdb285f5f59ab1f
SHA512 31370d8390c4608e7a727eed9ee7f4c568ecb913ae50184b6f105da9c030f3b9f4b5f17968d8975b2f60df1b0c5e278512e74267c935fe4ec28f689ac6a97129

C:\Users\Admin\AppData\Local\Temp\_MEI53322\tcl\tclIndex

MD5 c62fb22f4c9a3eff286c18421397aaf4
SHA1 4a49b8768cff68f2effaf21264343b7c632a51b2
SHA256 ddf7e42def37888ad0a564aa4f8ca95f4eec942cebebfca851d35515104d5c89
SHA512 558d401cb6af8ce3641af55caebc9c5005ab843ee84f60c6d55afbbc7f7129da9c58c2f55c887c3159107546fa6bc13ffc4cca63ea8841d7160b8aa99161a185

C:\Users\Admin\AppData\Local\Temp\_MEI53322\tk\tk.tcl

MD5 338184e46bd23e508daedbb11a4f0950
SHA1 437db31d487c352472212e8791c8252a1412cb0e
SHA256 0f617d96cbf213296d7a5f7fcffbb4ae1149840d7d045211ef932e8dd66683e9
SHA512 8fb8a353eecd0d19638943f0a9068dccebf3fb66d495ea845a99a89229d61a77c85b530f597fd214411202055c1faa9229b6571c591c9f4630490e1eb30b9cd3

C:\Users\Admin\AppData\Local\Temp\_MEI53322\tcl\auto.tcl

MD5 08edf746b4a088cb4185c165177bd604
SHA1 395cda114f23e513eef4618da39bb86d034124bf
SHA256 517204ee436d08efc287abc97433c3bffcaf42ec6592a3009b9fd3b985ad772c
SHA512 c1727e265a6b0b54773c886a1bce73512e799ba81a4fceeeb84cdc33f5505a5e0984e96326a78c46bf142bc4652a80e213886f60eb54adf92e4dffe953c87f6b

C:\Users\Admin\AppData\Local\Temp\_MEI53322\tcl\tm.tcl

MD5 215262a286e7f0a14f22db1aa7875f05
SHA1 66b942ba6d3120ef8d5840fcdeb06242a47491ff
SHA256 4b7ed9fd2363d6876092db3f720cbddf97e72b86b519403539ba96e1c815ed8f
SHA512 6ecd745d7da9d826240c0ab59023c703c94b158ae48c1410faa961a8edb512976a4f15ae8def099b58719adf0d2a9c37e6f29f54d39c1ab7ee81fa333a60f39b

C:\Users\Admin\AppData\Local\Temp\_MEI53322\tk\ttk\ttk.tcl

MD5 af45b2c8b43596d1bdeca5233126bd14
SHA1 a99e75d299c4579e10fcdd59389b98c662281a26
SHA256 2c48343b1a47f472d1a6b9ee8d670ce7fb428db0db7244dc323ff4c7a8b4f64b
SHA512 c8a8d01c61774321778ab149f6ca8dda68db69133cb5ba7c91938e4fd564160ecdcec473222affb241304a9acc73a36b134b3a602fd3587c711f2adbb64afa80

C:\Users\Admin\AppData\Local\Temp\_MEI53322\tk\text.tcl

MD5 7c2ac370de0b941ae13572152419c642
SHA1 7598cc20952fa590e32da063bf5c0f46b0e89b15
SHA256 4a42ad370e0cd93d4133b49788c0b0e1c7cd78383e88bacb51cb751e8bfda15e
SHA512 8325a33bfd99f0fce4f14ed5dc6e03302f6ffabce9d1abfefc24d16a09ab3439a4b753cbf06b28d8c95e4ddabfb9082c9b030619e8955a7e656bd6c61b9256c3

C:\Users\Admin\AppData\Local\Temp\_MEI53322\tk\spinbox.tcl

MD5 77dfe1baccd165a0c7b35cdeaa2d1a8c
SHA1 426ba77fc568d4d3a6e928532e5beb95388f36a0
SHA256 2ff791a44406dc8339c7da6116e6ec92289bee5fc1367d378f48094f4abea277
SHA512 e56db85296c8661ab2ea0a56d9810f1a4631a9f9b41337560cbe38ccdf7dd590a3e65c22b435ce315eff55ee5b8e49317d4e1b7577e25fc3619558015dd758eb

C:\Users\Admin\AppData\Local\Temp\_MEI53322\tk\scrlbar.tcl

MD5 5249cd1e97e48e3d6dec15e70b9d7792
SHA1 612e021ba25b5e512a0dfd48b6e77fc72894a6b9
SHA256 eec90404f702d3cfbfaec0f13bf5ed1ebeb736bee12d7e69770181a25401c61f
SHA512 e4e0ab15eb9b3118c30cd2ff8e5af87c549eaa9b640ffd809a928d96b4addefb9d25efdd1090fbd0019129cdf355bb2f277bc7194001ba1d2ed4a581110ceafc

C:\Users\Admin\AppData\Local\Temp\_MEI53322\tk\scale.tcl

MD5 857add6060a986063b0ed594f6b0cd26
SHA1 b1981d33ddea81cfffa838e5ac80e592d9062e43
SHA256 0da2dc955ffd71062a21c3b747d9d59d66a5b09a907b9ed220be1b2342205a05
SHA512 7d9829565efc8cdbf9249913da95b02d8dadfdb3f455fd3c10c5952b5454fe6e54d95c07c94c1e0d7568c9742caa56182b3656e234452aec555f0fcb76a59fb1

C:\Users\Admin\AppData\Local\Temp\_MEI53322\tk\panedwindow.tcl

MD5 286c01a1b12261bc47f5659fd1627abd
SHA1 4ca36795cab6dfe0bbba30bb88a2ab71a0896642
SHA256 aa4f87e41ac8297f51150f2a9f787607690d01793456b93f0939c54d394731f9
SHA512 d54d5a89b7408a9724a1ca1387f6473bdad33885194b2ec5a524c7853a297fd65ce2a57f571c51db718f6a00dce845de8cf5f51698f926e54ed72cdc81bcfe54

C:\Users\Admin\AppData\Local\Temp\_MEI53322\tk\menu.tcl

MD5 078782cd05209012a84817ac6ef11450
SHA1 dba04f7a6cf34c54a961f25e024b6a772c2b751d
SHA256 d1283f67e435aab0bdbe9fdaa540a162043f8d652c02fe79f3843a451f123d89
SHA512 79a031f7732aee6e284cd41991049f1bb715233e011562061cd3405e5988197f6a7fb5c2bbddd1fb9b7024047f6003a2bf161fc0ec04876eff5335c3710d9562

C:\Users\Admin\AppData\Local\Temp\_MEI53322\tk\listbox.tcl

MD5 804e6dce549b2e541986c0ce9e75e2d1
SHA1 c44ee09421f127cf7f4070a9508f22709d06d043
SHA256 47c75f9f8348bf8f2c086c57b97b73741218100ca38d10b8abdf2051c95b9801
SHA512 029426c4f659848772e6bb1d8182eb03d2b43adf68fcfcc1ea1c2cc7c883685deda3fffda7e071912b9bda616ad7af2e1cb48ce359700c1a22e1e53e81cae34b

C:\Users\Admin\AppData\Local\Temp\_MEI53322\tk\entry.tcl

MD5 f109865c52d1fd602e2d53e559e56c22
SHA1 5884a3bb701c27ba1bf35c6add7852e84d73d81f
SHA256 af1de90270693273b52fc735da6b5cd5ca794f5afd4cf03ffd95147161098048
SHA512 b2f92b0ac03351cdb785d3f7ef107b61252398540b5f05f0cc9802b4d28b882ba6795601a68e88d3abc53f216b38f07fcc03660ab6404cf6685f6d80cc4357fc

C:\Users\Admin\AppData\Local\Temp\_MEI53322\tk\button.tcl

MD5 aeb53f7f1506cdfdfe557f54a76060ce
SHA1 ebb3666ee444b91a0d335da19c8333f73b71933b
SHA256 1f5dd8d81b26f16e772e92fd2a22accb785004d0ed3447e54f87005d9c6a07a5
SHA512 acdad4df988df6b2290fc9622e8eaccc31787fecdc98dcca38519cb762339d4d3fb344ae504b8c7918d6f414f4ad05d15e828df7f7f68f363bec54b11c9b7c43

C:\Users\Admin\AppData\Local\Temp\_MEI53322\tk\icons.tcl

MD5 995a0a8f7d0861c268aead5fc95a42ea
SHA1 21e121cf85e1c4984454237a646e58ec3c725a72
SHA256 1264940e62b9a37967925418e9d0dc0befd369e8c181b9bab3d1607e3cc14b85
SHA512 db7f5e0bc7d5c5f750e396e645f50a3e0cde61c9e687add0a40d0c1aa304ddfbceeb9f33ad201560c6e2b051f2eded07b41c43d00f14ee435cdeee73b56b93c7

C:\Users\Admin\AppData\Local\Temp\_MEI53322\tcl\opt0.4\pkgIndex.tcl

MD5 07532085501876dcc6882567e014944c
SHA1 6bc7a122429373eb8f039b413ad81c408a96cb80
SHA256 6a4abd2c519a745325c26fb23be7bbf95252d653a24806eb37fd4aa6a6479afe
SHA512 0d604e862f3a1a19833ead99aaf15a9f142178029ab64c71d193cee4901a0196c1eeddc2bce715b7fa958ac45c194e63c77a71e4be4f9aedfd5b44cf2a726e76

C:\Users\Admin\AppData\Local\Temp\_MEI53322\tcl\http1.0\pkgIndex.tcl

MD5 a387908e2fe9d84704c2e47a7f6e9bc5
SHA1 f3c08b3540033a54a59cb3b207e351303c9e29c6
SHA256 77265723959c092897c2449c5b7768ca72d0efcd8c505bddbb7a84f6aa401339
SHA512 7ac804d23e72e40e7b5532332b4a8d8446c6447bb79b4fe32402b13836079d348998ea0659802ab0065896d4f3c06f5866c6b0d90bf448f53e803d8c243bbc63

C:\Users\Admin\AppData\Local\Temp\_MEI53322\tk\pkgIndex.tcl

MD5 3367ce12a4ba9baaf7c5127d7412aa6a
SHA1 865c775bb8f56c3c5dfc8c71bfaf9ef58386161d
SHA256 3f2539e85e2a9017913e61fe2600b499315e1a6f249a4ff90e0b530a1eeb8898
SHA512 f5d858f17fe358762e8fdbbf3d78108dba49be5c5ed84b964143c0adce76c140d904cd353646ec0831ff57cd0a0af864d1833f3946a235725fff7a45c96872eb

C:\Users\Admin\AppData\Local\Temp\_MEI53322\tcl\package.tcl

MD5 ddb0ab9842b64114138a8c83c4322027
SHA1 eccacdc2ccd86a452b21f3cf0933fd41125de790
SHA256 f46ab61cdebe3aa45fa7e61a48930d64a0d0e7e94d04d6bf244f48c36cafe948
SHA512 c0cf718258b4d59675c088551060b34ce2bc8638958722583ac2313dc354223bfef793b02f1316e522a14c7ba9bed219531d505de94dc3c417fc99d216a01463

C:\Users\Admin\AppData\Local\Temp\_MEI53322\tcl8\8.5\msgcat-1.6.1.tm

MD5 bd4ff2a1f742d9e6e699eeee5e678ad1
SHA1 811ad83aff80131ba73abc546c6bd78453bf3eb9
SHA256 6774519f179872ec5292523f2788b77b2b839e15665037e097a0d4edddd1c6fb
SHA512 b77e4a68017ba57c06876b21b8110c636f9ba1dd0ba9d7a0c50096f3f6391508cf3562dd94aceaf673113dbd336109da958044aefac0afb0f833a652e4438f43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 443a627d539ca4eab732bad0cbe7332b
SHA1 86b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA256 1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512 923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 25bc328d7c5e3a83d73b29c2367b6b2f
SHA1 fd3250e6f76d7771b3ad0988665374b9fbe9b12d
SHA256 08857fdf7245ebab267d24ae825437eba21b520000f196617aa7734db8f2cecc
SHA512 05728e56a55b88fc01b4eafc314db7a629b079f009470cd161e68474fce7bb9b51e1a9e1c9788ee066e6e9f37ecd9fdce695f6bde8d66d898a9012126a9f79f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b247e223135afc66f481f758608672e6
SHA1 eef6d1428bc50731e3ed237176c1701082dcf4d1
SHA256 f2702f88df2ee7e70ccc97bc17aa987ea06105311a5ebf88b122e7ec5ec0bb5d
SHA512 74bea2054b7cbebdf730f77cbf31b260927775b5a7ac12cf04e25ad949e367edf7a1522465ce6f0a3fd59b1d4cc9f541bb3de85aa3ef0755d81ab3a04e04d3ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 71b50de2c071ee6e3b6adc56a5d6e970
SHA1 558d3fadf0e161f0fdbe96a23560a1ee08db5365
SHA256 09d2d776e7f12a10b7e24180eeff469810c430cd090395c2d5462e9e09930491
SHA512 7733b0a1fb4fa81b08cb4654689ce6713a6ff0fd76cc229a7d37299ee81f47027f12e446211c38841e4d90d1a9ffc17bd04a24316da1c550dd9040785d5cd391

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5c6265c6a532f1e4cf1f9d58f870cae3
SHA1 22eab981b666a3c71d4148e7bfcc8749f16e8274
SHA256 40a6d092574bb3a64f17875d0b6408b02127e4763627e0bd9674e7e2e0075c66
SHA512 25fc5fb49ede5d9d6b11eb0601e8e94c314e240d9fba0159d0ef1780aff70530329dd73308b7a7921123cb1bab999480da90b15c483794797609b894c2fd5bd4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f1e6402b998d715698b702253c720b3d
SHA1 cb8b06128b6378c19fbf30a63e02474c3baec8de
SHA256 67a55b85d61fcc3f451740d1e6c3691582638d98cac8d1d430d515446a39b2e6
SHA512 0f0083b97ddbc7f772b9c8ff81befb9fcf1ae7aa5c350267c85e75eba813a38c33b022f2a750ace1dc940af66f8cc9edca4be87bcc198d8e90660eed8c350a35

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b9341af2128839b5ec9a240c7f11847b
SHA1 4d22f90dfae2d43f36606144aecbd70f6f972862
SHA256 25394c0a4fcd8e5fdcc8dff1dde54c9b2f5b46f196feea337366a7d2d4450c78
SHA512 582221c6badb22d4b973b46a84e28cdcc6803c1945c154731e50d50e33970fbd0318a53aab3794dfb69f1b08e78fd93267aa17c7f7c259f28849cd85ede88f1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 a09123acb8cb10b29ebbdc9af3ed9116
SHA1 6e751f33726a09e9527ec3ba0e8db31cd3358537
SHA256 d3fe8822ac60392f0aaf29fc47f3924510130b8b893c5d687a17995a7a4534ba
SHA512 b85969bd3f4f241825a66d010c0ca7808d093359f8fa6c00c69ebcd6a774d1b8e96499bf4c67c2414410c1b937f51f9b07b7c31de217a0158a2e26d12fc08d1f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5c823b3f78da1da665bbec380eb995ae
SHA1 7fb218a22b5f6cffe8215ef0cda3c225c09a75e6
SHA256 b8d0756fe94a898628313983d68f2f5277b119d5a3dbc41316207f78d3126683
SHA512 5dc28444941e70246e4d03e8f7be7e3a121c1ceb5e5bb42041affc004ce17f571607f0e961e55b4a26befe4c762490f74c45f6f0a5896d8442351d4b95769cbe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5375820c67cf4e53d0bbb2c1dbdc36fe
SHA1 6aa7e02ca29c0085d8d711acf4c1250c21d4d5d9
SHA256 a84cf4e3a240c52499dc4e25603db18b338d89de6cf27000c047b6b9e120fb94
SHA512 718d7020ce19644242cb6ed2dde357ff5636cdca45209afba723d9b4fc2ed6959a057c51e8f2a34e7efba235096ae275e8daa5ff33c653898c25cf6a67b94b3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp

MD5 6455606b564f8481709893217283e309
SHA1 40b70034d348e2e2587779773cb9e10a0b84a7c4
SHA256 e9b6a70cef22959d77e81b00262101fd2f7dd25525257b5578f64e61dfb6f32c
SHA512 abf4ea3a86bdaa9284f54c40f5c3c8083587082a24f814f46e8b592c845edee2da2f44d3ffc2a0d7165bbb3e41036f0bfd4c64fa899dcf4485247168949c5d87

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\e9fa97b8-afb5-41bf-ae0a-fee39412d5f1

MD5 c6fa781f42d2fb865a25aea725b0f59a
SHA1 84014164adbc4e90dded5251ab4961e52b5797ae
SHA256 4f82c29a80162ddef251cd41a97cfbce6a8a9ebbc5fb82d9a923c222b4dacbdb
SHA512 9c2cc4895607784bbc70290cfe782ca6881573b1d9a87863654c0e5d4902b3355ca92abb4c5b3c83191ba611b42a4a5b52d001549f28684d3322a674f9186f6c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\99367082-674a-48b9-bdca-3a8a7e012942

MD5 2251e37b672a2fdb828a727be9349100
SHA1 a859c1e168927b53130a5e687032f57f31ba967e
SHA256 ad576c30c7291c44eebd17508fc165d5ec093f9a2ac373c03c2e45115cca11b8
SHA512 2b63e5e4373b2922016d932f1ede2a976ff02ab272edb30d5ac90b04ada03161ed55f41c857ef255d8bcaecdf0dfebc04168c3271bf87c91f9ba51c8dbd59ee0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\aedc1b84-789b-436d-ad03-9442fac447bb

MD5 c27d88881d23ce4919ed4da1c3d27f74
SHA1 49e4dfe9d97248b9905bdc1f8de8d97500cae21a
SHA256 d805c95f222135fc2181dba0c48de7e7bdff05f2d5aed481ae1a0c447e94167a
SHA512 5c4972611d3d62879ab07b5c048bf0396a40654111f9761d132e7af5c1f97494089b956824f5dfcac02cd8ab168da3747813e69c54e3ae07263ac704a2c88b3d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\prefs-1.js

MD5 680def03215325acea68169560136de2
SHA1 9ae9274c3596c985f969276232d69ff6f480f08a
SHA256 a910780406850a37d1e77df8c2d245deba7045759ee6e566e85248ed43a7f3e9
SHA512 31bac8e8431ef952c9dce8770f29dbe44013121f0c00d2cd3121fbdb7392fec7c50f34f4722009d0b9d5bee928fd69a5cf73d2153b5e0b7bd864c2a897bd74af

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\startupCache\webext.sc.lz4

MD5 29c3ff60853db6f892501ec8869d8099
SHA1 3b0e2c08208e61e883fdd0ef11c5d25fb01180e5
SHA256 887d68e6834e3364b29b334222a7a5b296f11d8354d817ae02ab85d2931b383f
SHA512 7b4099b36645168f46c2a38a42f9fafba3eb9f73a82b79b9753d94cfd45251f28ccecd04f77ac7609c86b6a2e73fabc23aba7780d15744329bb5952837d479ff

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\72486DBDEBF1D64101900CFD6B0C98DB58BA51D8

MD5 09086eaaeeec8001f66b5ff10784159f
SHA1 372124c1511e34cc4300feda9e92b29014e67e34
SHA256 ff7ecddd6ce67f1aa12171899caa867fae91261382152dec56e2153acb40a931
SHA512 1a4a50c22d9ee5f5133f97b26012c3aaf5f56b4c8c9eaac4768ffb8722b282c003a816947956fbdad0d2e255f909008d64aa63753c5897e366fe4ab19cdb1e94

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionstore-backups\recovery.baklz4

MD5 33ce17486363d8d4c7f9dc4cb9c55a21
SHA1 223f714997dd7ea2b56800ca7bb8dd43d34ae2a3
SHA256 eeb0a9ee7a9b3ccc241e8e4688838cc1683b0afc8c1347d489cebe2d87b5bca9
SHA512 bcc099087d82e5bede340aac8aa0e83d38f5e68a30fe05dee88cb26e0428d7022e9f558d1f11d113dfd859ec77a36bcdaf7c01c91a854711b33131751cbd09b1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\86872C35A7B37D6E2142197601DE181F468519B8

MD5 d1774700cf62f3bac79d92ab836925d0
SHA1 a73fc86f095e5e13a467242e68f0b8e6b20b874f
SHA256 ab70a91cfce81e6cb1a60ad8c8ba285e3fd104f9aea619fd6e1b3024f444f685
SHA512 a29f9fef3034474ce3d465c60364214a34902258f9d1f912e9802e6ab559ac09d06a22cd78f4072f97c57e2b697e95664348c3ea5b3c2887525d9477c4d8c6d6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\01E45DAB63BC6FEE18B1E08B21C59EC616938A33

MD5 a0867a95962cffff726f368db9492c06
SHA1 730f20b145a969330dc984358da1498315c00411
SHA256 ea186826b3ca857eec6eff2742d4a4901d008b8d114ed94e8a949b038436822d
SHA512 939d518b107cb50d00d2e0cb959e9cf12056b81492b4fb04fe483f2f817b924a1621f1b95d5f3f7f345d6e2fc9864d2be21d007e7c5adea83337fd3d07d653d0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\52AD6A2CB7CF25B1329E335F81A4EE2C82CD36D3

MD5 8a891fdfcd3e212962e7a624e892ed28
SHA1 eea7e4768715b8156ca48d754407710426ff7b02
SHA256 238e2dc95adf37ccfb6685f1c28e7903eb7bef10230f90c408da725ad9849dac
SHA512 ba089cb03cdc0e8a276e2de6f71e68ba431ffced5cb79e6f4c6a1e4d68183265526e96967cf3b03afa33bead48ec9054a950456c3deec1677386cfec6da787e7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\51493B0AD49E82494123261E227E79EAC73CFF6E

MD5 1c86b5f32bc055fa6865361bd5622985
SHA1 f728dfc40cf5faff4916b58c2ef22e26addc76f3
SHA256 e2b2224c87871bd911fb3a53a42f8560dfa5dc45e1ac94afac9adaedd236b231
SHA512 047398ff571d434dab3a1349fb54ef809ae3487e0ae1d27fa7467a3a74315fce0d34d3713868ae35a5a48bbc76a08a977cd50ae5d05aed42175247db3108feb8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\A98287AF147D42F55A9870B9202170CBEB987338

MD5 8653b8a7ed9353af1f348c6ba54ec08f
SHA1 439576ac86e3b1cd3901c31ad26e3c1e65915e96
SHA256 9271936fc7fd4e9750c44b1c08c76fdc752b58953cd219d4f7fbab578f12875d
SHA512 2686e2626798e168bd9e5e9155eb687669279f23e1d33e38d37c9423b2d120c58e364b556c3c1b408b6400f9cb467357be8c46d0b0013917e9088471a01439e7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\A178041D1CE56178B2DFA9E124BD9FBB4879D9C1

MD5 109d32aebca1c1337a8e70e22533dfc8
SHA1 ccec8a308aee93ec32888c54791b70ccf9455433
SHA256 ee39601592f2c18f1fdcfb80573aa908a71ffd2643839ea3f41f1f7ca122f3dc
SHA512 d04e1bd7c21d36f12c71a1ff048ae43e1e1f6bc002198a3da3147a9fedc0633e971103c3622a3b77937e7ac13a80b45aba20153ed5166a75f8a6b71b9e1ff6a0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\2D8525BB345EEFD7EA77B17615BE7B8943800A8C

MD5 0a8604512c09c9bb6fcd693e483cc633
SHA1 794e89634da0681bdbc56d681b215a78be1e6e9f
SHA256 26af11d876b0fad360b90467dbce046d1bd169234d83d8a090d74a13e0c786a4
SHA512 07f0e3f89cf6c678023bf62a2f9f7a09fe20280db17ab3c7d98c6ef344b0d31bce056feae444bd98ec4c8992b74819373294ed621b0a707e140b8f57b56d8962

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\878D4F5D6C51837D0C109F0C4ED3B77C339B9CF3

MD5 8ec427dd5a4ef5d800f4994d62b57fc1
SHA1 8112bce62250a5b6fccf8db7b50f21ec1e4362ae
SHA256 ab38ac67d929d3382db455dac54d846db6ea39908ec4bf28878043afd2faf36f
SHA512 0024d074f0b60e551efb7cd592c6fad2396719b07bcabaf4b192f50221b968b90d8574c6166af5836dc20040c47caa9c58430a93c8bbf8d2e313a6b74bb0733f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\9304916E9AA953768B81A902FB0D7D621AC646B8

MD5 e25ce1694bcef668259f1dc03e9b9fe7
SHA1 2b68a9f4a99f0570351f9da561c47ad520626865
SHA256 a6a942b984262d6885ee870a353a280a39aebea82da3c45560d29aa77fd73b8e
SHA512 95627c82f47d5c920fd2d84829baaaefa7a16160dc2973ea6c5b0e07f5d8ec15546cf750d3155b466dbcf46815172894ba556de07e918aa7ed97c40ea6533122

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\A16E28EC4379DEE4C85C9D277CC4D22180262236

MD5 67302c19b6add31e25999bf4b309206d
SHA1 78e0acec05efc496484420d44cd14965771fc82f
SHA256 5c399db7252b1e4996691c8156e264552a55f3701e4b350cb6aff6f0250c484a
SHA512 ad229e930a80abf264166126f354572b306390ff9a3b43f24731d1b100514a93f7339dbab4b753ee40662bf821ddd2f305b9a2a65f0df63ef6b2ad316f8e53f4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\53B8AB1A4022552B544DB810ABE1A1DFCFE41DFD

MD5 ae656a9d02c04cc3343f81bb15e6baf0
SHA1 57f754c257efe6baaf3f38ea24ee8de766e3c781
SHA256 75119228d11f0aa90d0bebeb49aee01ca4a84099258d7412f496632fc667cf3c
SHA512 e9d34b66e325adcda409c5caddd93e7c38fef80a2188dc21d67d149c165a06c2631a9fe4176ff5db86d2b7ea44564fe2926b3813fc44492935cbcb45716ce7f1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\BB64D88F4C22D7E7717D86B1B9B240357E2F5BBF

MD5 0bb9b693c274682564fa42ca78d15511
SHA1 39fab5088f0e3f9384c332bf4a8bf09e52d7a9a4
SHA256 4bba3031117c818614a1cfaa061fa7ed7dd3619440be6d01c99d70313373291b
SHA512 0c2440ada5760d1b40e965fb9f40845b0373ee0aaa3ee3bb3497d86ab00d1cfe30591e10e4a944748fb763db36b0d218c4662b2d5e2f529aa324ee8e7c2b7b7f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionstore-backups\recovery.baklz4

MD5 7991b61e32c246f0f9412180b6721805
SHA1 3f2a8c810643d78bebd1187d3347e53271be4f21
SHA256 7f34fbffac1e721055c7724ed553ce4cd87625771e78a070debce9b068720475
SHA512 696d73c9bf99612775ecb7c41a9adbd62e52b32626d39d30965c4853f404a06de2904025b0444a3f33bda969aaa2b486ed106ae139d66e885ff7f695edcc6912

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\DF0F087B3B322D19A4DE0F953C1E5B5461B51731

MD5 8acecaffc8328650b7f91bb0b5a346f1
SHA1 4d0a8634c97600edc685af6909dff39c370fd397
SHA256 918916c34d1a43d21837fc78fecd8ce4bf20f23bfccf8fc125a4818bd28bfc43
SHA512 649dc8bbcc4c10790b5594c35cf92ad7a85dab9a94bf61ef03fb56e105b16927525616d24654ee2191d546b6ffecdc97309f16ad274af2d271d6320799681bea

C:\Users\Admin\Downloads\SteamSetup.exe

MD5 1b54b70beef8eb240db31718e8f7eb5d
SHA1 da5995070737ec655824c92622333c489eb6bce4
SHA256 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
SHA512 fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\crashes\store.json.mozlz4

MD5 a6338865eb252d0ef8fcf11fa9af3f0d
SHA1 cecdd4c4dcae10c2ffc8eb938121b6231de48cd3
SHA256 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965
SHA512 d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

C:\Users\Admin\AppData\Local\Temp\nsz2551.tmp\nsDialogs.dll

MD5 4e5bc4458afa770636f2806ee0a1e999
SHA1 76dcc64af867526f776ab9225e7f4fe076487765
SHA256 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0
SHA512 b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionstore-backups\recovery.baklz4

MD5 9ebfd0607d01437a4de1b1d710a934e8
SHA1 e65c88d629e498197218170c2df51adeebf45550
SHA256 88d48abb3ea7bb40a769c31cf753ff305562a906bc300423c9371984b4307af4
SHA512 31964eacaecb3e53fce0253f4c14a8e4ce803206d0a17e0df15dc0be993e9de1e816cb239ce269d737864b8a0c91b318be19b9d9633cf88457847e0b5d6224a8

C:\Users\Admin\AppData\Local\Temp\nsz2551.tmp\nsProcess.dll

MD5 08072dc900ca0626e8c079b2c5bcfcf3
SHA1 35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37
SHA256 bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8
SHA512 8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

C:\Program Files (x86)\Steam\Steam.exe

MD5 33bcb1c8975a4063a134a72803e0ca16
SHA1 ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA256 12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA512 13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

C:\Users\Admin\AppData\Local\Temp\nsz2551.tmp\nsExec.dll

MD5 2095af18c696968208315d4328a2b7fe
SHA1 b1b0e70c03724b2941e92c5098cc1fc0f2b51568
SHA256 3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226
SHA512 60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

C:\Users\Admin\AppData\Local\Temp\nsz2551.tmp\StdUtils.dll

MD5 db11ab4828b429a987e7682e495c1810
SHA1 29c2c2069c4975c90789dc6d3677b4b650196561
SHA256 c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376
SHA512 460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

C:\Users\Admin\AppData\Local\Temp\nsz2551.tmp\System.dll

MD5 a36fbe922ffac9cd85a845d7a813f391
SHA1 f656a613a723cc1b449034d73551b4fcdf0dcf1a
SHA256 fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0
SHA512 1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

C:\Users\Admin\AppData\Local\Temp\nsz2551.tmp\modern-wizard.bmp

MD5 3614a4be6b610f1daf6c801574f161fe
SHA1 6edee98c0084a94caa1fe0124b4c19f42b4e7de6
SHA256 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b
SHA512 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionstore-backups\recovery.baklz4

MD5 c615b969dfc5330fe520fbc5bb45ac8d
SHA1 20b33d518ccd39325e64b9d957b672b80b3d777c
SHA256 182b7a8398f8f8bf83ae8b6d29357d800d56abcdfcae4629f78954d1cf93f4c1
SHA512 e2e6b3eff3b8d62fba218841cfee8dbaeae34fc10345d1dab55d15b69d5e2f6ab83ba86356d924f73cf5d2d5868d60f8d0e2624c0cb6f81d0fb9cfb8be088892

C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

MD5 577b7286c7b05cecde9bea0a0d39740e
SHA1 144d97afe83738177a2dbe43994f14ec11e44b53
SHA256 983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824
SHA512 8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

MD5 00bf35778a90f9dfa68ce0d1a032d9b5
SHA1 de6a3d102de9a186e1585be14b49390dcb9605d6
SHA256 cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2
SHA512 342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

MD5 836dd6b25a8902af48cd52738b675e4b
SHA1 449347c06a872bedf311046bca8d316bfba3830b
SHA256 6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64
SHA512 6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

memory/6136-15885-0x00000000007F0000-0x0000000000CA2000-memory.dmp

memory/4604-15911-0x00007FFDD52B0000-0x00007FFDD52B1000-memory.dmp

memory/4604-15912-0x00007FFDD5780000-0x00007FFDD5781000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\4260f719-72b6-43ef-8d43-a47f22396a5b

MD5 dea74c8bf6e53dc665d0e47e268525bb
SHA1 ca95bce7dc42574414f123f44b35d3b7e319671a
SHA256 7ee79041d8bf2e5f9740bead2f40891e37b2fc29b5eab1318968767aafeda219
SHA512 bd26da462f04678f6c2b53209fc0aae59df8de3bf73c633a915f625bb2d1a94e687a29237cc304319330a7a4fa431fd3202800ef49eab386ac08425db377a94d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp

MD5 a44a072eccd93b5f52f6f0245597a793
SHA1 b23938e74ea5b31cb0676a937cba445929c4b121
SHA256 d02c262e39ce7e91163f292a616e02d4aa33d42d276476a4fca0e7440f115d6c
SHA512 95f80b6b4698d2027bc44953a5049ae97c3be2900ffb9d1674791a09c49bef6e11edc0487f88de2da4cce2264f264b49844d422730be65242e6d065524c5f93e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionCheckpoints.json.tmp

MD5 648ea624280e409ac3a7f120b5e9000e
SHA1 168bd9dd85eb0603e0db6bef23a0df64f916bf83
SHA256 ea208bf36fe4e150165db9ff5972004c6f468114058d6dbe5d0350f85e8fc08a
SHA512 49520e85cd86cdb0b9fcefecaabc99ba3915ed5ce0b622ffe752de94df6d1fbf3f2fbae13ee18397b32477aadfb23280e42be6f92ec1c74feb4f246c60eb7e32

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\places.sqlite

MD5 cec8d448f292685048d2e7f2d41a605e
SHA1 e25787b21f388d25ac22587dc53626cb02834b7d
SHA256 e00278d731bf970677cfcb66f946d924d10f734a67167038fe57b664f682f474
SHA512 a26dbc50e4358d063fb9b6804f036d43fd8570fd463fe30ffd20cf6be3d1dbae31ca4e23672f81fd205ff203317473d0f0d1e9a0d2feb3258b0a586fdac27f73

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionCheckpoints.json

MD5 2ad4fe43dc84c6adbdfd90aaba12703f
SHA1 28a6c7eff625a2da72b932aa00a63c31234f0e7f
SHA256 ecb4133a183cb6c533a1c4ded26b663e2232af77db1a379f9bd68840127c7933
SHA512 2ee947dcf3eb05258c7a8c45cb60082a697dbe6d683152fe7117d20f7d3eb2beaaf5656154b379193cdc763d7f2f3b114cf61b4dd0f8a65326e662165ccf89cc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionCheckpoints.json.tmp

MD5 948a7403e323297c6bb8a5c791b42866
SHA1 88a555717e8a4a33eccfb7d47a2a4aa31038f9c0
SHA256 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e
SHA512 17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\xulstore.json

MD5 d7a9c29a5421078a9135ccf1cade552a
SHA1 e1b43108778d359d8d9287cf59225617e1769463
SHA256 bade20948c677d1d458e39a4cf6d8c4d8237263d55e63370d6272fa3243ffe28
SHA512 49553b13fa1cc8d257f2ca9056742e6e11fbdce21633edeb5af6f863294f97ccf3cabe851d94bcedba03e2716311a48dcf8064eb1500f8a7c400b049bf48296f

memory/17164-16075-0x000000006F330000-0x000000007071B000-memory.dmp

memory/4604-16083-0x0000020DD7EE0000-0x0000020DD7EE8000-memory.dmp

memory/3004-16084-0x000002192AC50000-0x000002192ACEE000-memory.dmp

memory/3004-16085-0x000002192A9B0000-0x000002192A9B8000-memory.dmp

memory/4604-16082-0x0000020DD8200000-0x0000020DD829E000-memory.dmp

memory/17164-16088-0x000000006F330000-0x000000007071B000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 110e2b519c16346eda2dde15fee9fa85
SHA1 b112f46ce497ac055849b5bf2bfe742a5c5935dd
SHA256 9243bee184b30766b2f854a394758a9db03cd6dbe735a65b7518ad4f77e0aa35
SHA512 fd043356b120aba3d71a228b36528c7a326f63f184695368d3a221ab029ead6b5ff70ee98281971235aa0cd00a2095cffe648c772be1f10e0dcfdafe14e7266f

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe6151b9.TMP

MD5 ada2a113343f77eca5bbafb2da4b877d
SHA1 805886d2988fa940961d44b5fd6958916c50c2c8
SHA256 c14c0f8e514796dbe30e76b645d45cbda669d7e5124140e0f46b6683fee2cb6b
SHA512 99a99b13a70cfff9fde0012455defb8d85f491135dea1aae2e26d430e894f75f40be66a6bf8d5c5f373eb631e027912e2693a8c7f8b0beabbad488abb180dd0b

memory/17164-16102-0x000000006F330000-0x000000007071B000-memory.dmp

memory/17164-16107-0x000000006F330000-0x000000007071B000-memory.dmp

memory/4604-16108-0x0000020DD8200000-0x0000020DD829E000-memory.dmp

memory/17164-16112-0x000000006F330000-0x000000007071B000-memory.dmp

memory/3004-16115-0x000002192AC50000-0x000002192ACEE000-memory.dmp

memory/17164-16117-0x000000006F330000-0x000000007071B000-memory.dmp

memory/17164-16123-0x000000006F330000-0x000000007071B000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

MD5 cb308a2ff2155132b93ac7c6f584af45
SHA1 0de791b06079fa8b90ea490a39c62fbeaa989cd8
SHA256 3054e1c29db88adea64e33e2b20b8765a122b339d52eb142c6fc12496db322e4
SHA512 9332ade7d0db3ebf6c532fd10e9c3b0dfe415d6755233e6e49f367b3059eb567ae81d3636ffa49d04e75aecd8ad9fab5a41518657dd7c1ca3b26b246b1f54b56

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe620d1a.TMP

MD5 04965753f789a76f73e68a1792788672
SHA1 3ef5e4e67aa3fd2419ab2de8fb9c1614dd661869
SHA256 918b5e41191a7c39ed70a3917456866ddc58f92de91ae6798e18893314d86e91
SHA512 d0a9e3a7298bfa72b5e9f650624079b6dc514e7f7c5666b37feec65049177f84351f7fb109783b8fb8ba871a6a666dff3d6141b5e318ed73fa0f08e643b05a3a

memory/4604-16133-0x0000020DD8200000-0x0000020DD829E000-memory.dmp

memory/3004-16135-0x000002192AC50000-0x000002192ACEE000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 a37410c868181a96e15f0b38dbd6b4ff
SHA1 d2979d535c19a51ea40c78c944534e6f9ff3dbda
SHA256 1bee658d0c6101ad10370d8c51d07e3c3619318c25fc86aaeced0be6905e314a
SHA512 d2367b25abbdebf9cc1eb9a3aca4cfcb460802bd249e872af67fb424f50dd9e938f7b466e0ae9f1e71d22c7b936edf4492b30c81b6fcf1a2b7dd2b48f97cd1e8

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe621de3.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

memory/17164-16146-0x000000006F330000-0x000000007071B000-memory.dmp

memory/3004-16152-0x000002192AC50000-0x000002192ACEE000-memory.dmp

memory/17164-16168-0x000000006F330000-0x000000007071B000-memory.dmp

C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping17380_1928286608\_platform_specific\win_x64\widevinecdm.dll.sig

MD5 36e5ee071a6f2f03c5d3889de80b0f0d
SHA1 cf6e8ddb87660ef1ef84ae36f97548a2351ac604
SHA256 6be809d16e0944386e45cf605eae0cd2cf46f111d1a6fe999fec813d2c378683
SHA512 99b61896659e558a79f0e9be95286ebf01d31d13b71df6db4923406e88b3ba72584ef2b62e073b2f5e06901af2c7d1b92d3d12187fe5b4b29c9dd2678444f34e

C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping17380_1928286608\manifest.json

MD5 32ef54fcac37d3d390c05880067559d6
SHA1 ab44258473c7c1a920596ccc33463a765e5fe60f
SHA256 d97f5e50808d1ef75bb241df2dde8f7293b9bfcd498dc525e258c97b39564211
SHA512 3bcdd94edb8b0df2d1684ef865f9711bf544c4c4f6adde927611b648dab2776e398e3b29681369a80e8c7ebfb9cd100ba8469ea69c5034ec023c796d8cbfefa0

C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping17380_1928286608\LICENSE

MD5 f6719687bed7403612eaed0b191eb4a9
SHA1 dd03919750e45507743bd089a659e8efcefa7af1
SHA256 afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59
SHA512 dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

memory/20140-16204-0x0000029834000000-0x000002983409E000-memory.dmp

memory/20140-16205-0x0000029833EE0000-0x0000029833EE8000-memory.dmp

memory/17164-16212-0x000000006F330000-0x000000007071B000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

MD5 52122cb704b87ea684d37a0a0f041d65
SHA1 77e73b18b92ce188afb125307aa730fbcfdcfa87
SHA256 73570932109d5bae8b7752af3d80503b71fdee926e4bb2c55c5e0e1ebeaab3fe
SHA512 4f2a7a837a4dc46c2f07c3c468de223115f99280e9b730527a5c9cf2b59bb3ca47692e97bafcb913a970f5695c20c3be0218bdd6d33c6bc729c20b90139bf34c

memory/17164-16226-0x000000006F330000-0x000000007071B000-memory.dmp

memory/3004-16229-0x000002192AC50000-0x000002192ACEE000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000008

MD5 47d88f0e30322831ac51429e321af624
SHA1 0a3a50ae8c9d61a6d96b872f91b4694187be0bcb
SHA256 ff066f3e1ab3028b7bf326825772da1a50d4c9bfe92ec0abcb52f17ed996482c
SHA512 416fa132223c396c6ec4ba581383ff0859ee02a7e73acca4836df0e8154600cc9cfa4249832d0370fc7c45232e0114994e7da36d094cd459a6f3c77be539cece

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000009

MD5 1cd9f819fae888ce4860b7f6093347f1
SHA1 04f78da120741f1198d595af811b2c42ca9d5406
SHA256 d90bde2cee49d26d93cc149da64ebfe3b57b6f391c1fe84c696a2d5e3f33b3ad
SHA512 2f7e22a0b36ed64c6be176f48f91663bbaca60d7a4ea862a6a81678fadc1d8df31c59a3266d1097654fb52345e0d2e292b8bf48e9497be9c3e3be89cf43bf90b

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000010

MD5 57613e143ff3dae10f282e84a066de28
SHA1 88756cc8c6db645b5f20aa17b14feefb4411c25f
SHA256 19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14
SHA512 94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 94e269c8b59b0b5c46fea5a5f2ab71d5
SHA1 553b4d971cb4541039aebde35dd2d559dd1e55d8
SHA256 cb1c9f3108856113f395227a276c4d8a67aa287422b3f967276a7e831a4ee13b
SHA512 c407fccadb0792311180fbf0fde2f1a9a582bc8afb8cf5ab9766f5b768e2b4630768b97c47884b01005f6da138aad3948a9d3a86b4a460281e9ea1b4b4199924

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe67ac5f.TMP

MD5 dbf86487f1ed448a8c30e51a7547b4f1
SHA1 290f3f2bbc226a94d8d44167c69eae9755add6c2
SHA256 dc81046d53ec1ec4a2fa82213efee70aff222ec6461b634ac07f926fb25d72f7
SHA512 9cc24ce76064c6768abef3674be9489c5835829666db13607fb72edb8d71b2a5a5da57ed28056685ec564324181c75688f3ed87e5766785e3783e2a4a7e079e4

C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

MD5 0e6f12697c0b1c4507d517ac06740816
SHA1 700f4b3929fd9653d5385aa7ec714d4f9dd60e93
SHA256 742145dc081092b384c0b915488917e9c797f36771768bc766542f167d38f3af
SHA512 e905669603a4ec2119fb74aabb5601a76670bd2b16f4105cc7a76b6ee7bcb25b0f20f9a7a5f30e544996e51d5691e36d7b8f52c79d158a5876fce6eb730d6aa6

C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe67e040.TMP

MD5 5a9f0e83162e5206f9c268a64042ed84
SHA1 ca215d58b7a19e921773ff95caa79016df13a84c
SHA256 04d304111a342c7708003d14a0c9e5c661e74757d70b3e327a5c0e7983a9f1cf
SHA512 689de1ba21c2d6a2c5e15d09f38faffc11341ff00678801cdd9e50e323321728d4d71943475044f6ac020176d9ab69e4a1fab7343e153b62d1d74a8e87978fad

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 88d48966936577606b6ee9fed180452d
SHA1 178e72671f6999e2e1c25b7a90a876cad93c1491
SHA256 c1af536924e55508f3ed9e59c831ba5603aa98f4908484aca4843d3f2a137731
SHA512 1647a4164204f06e945b50a71d36b9002efa8f2c2601839a752d046aa76ad4a0536ce229d9a20af89535fba41bc12702558a0e67d95517c5fe8c6eb6aaa904a2

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 885dba5efa6183ce20f45a67089a3886
SHA1 d47b56c5ea80ab0773560ed6b9e275191fa5f8ea
SHA256 0bc88c744b3dc5c4c4b86319d1366caad9f3d6ba1facfcd7b338ddc40cbfd976
SHA512 15f87f4cfea56af863e6aacfbd4ae5c8df5250e839858eb2b3c4f30122792683840a58e2995bb6499fa6de5233eb976d98e5c35602d8cb0e12e17ff5e16fd699

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 63b381ea796a69ee39461b3afeb6c644
SHA1 e649ca77088cf1b187d68a893e6ec898940d1127
SHA256 a7e934b5f197b2d07374d9a675be5d4dfc53d9854a94750cafc4b73aa95f36d4
SHA512 c4701ae3b241015ba518a8087a5b9392a63d2367988fadba5ec50cddceea9a742a94bdba3aa75e5840ca0af14d4290ed5cd5450204d529c2c16da3d85edfbebc

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 bf951db9436ccb18ddabd45a1b3e5431
SHA1 6d55095e966e3cb6321f58c322599ea4572c61aa
SHA256 676a954361764961f0f49f9bc195bbba3ce2f5fade5193fb08c2e2d9d8ee5f82
SHA512 4c6afcadf0d3ea231c138173e4b158e01893dc3684fbd37a7c189a3ca13a8048098c32b71c680546f11315e4ff04274c8cb14c589f9e7a87f2fa0b87ebc4be70

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\temp-index

MD5 a793282aa732da5e717a18c82aafdbef
SHA1 9b0b3a83275b65908706b5a0394454e8204d6571
SHA256 0eabe19497bd012966b76de0857c5c66513f99406aa8575d8cea99d03414ab68
SHA512 428da8ef9bfa91cb33af446361c7cdad0c3ecefd637da9af106bbb4f62296176a68bcd80ad1210d7adefd083fc15e8f42abf09dc7777d1233670644877052a08

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 c15cf0fb5e0d5cd6f6476df42a8ac0f5
SHA1 dfed6526f482851040409e59f065e9afaff9b135
SHA256 54489d3df7e8be97347e9e15a8cbc1e4f988ba6b6f6580cf9f009f4915da6f9d
SHA512 df1a4c2758defec6bf88b76327e825b94b53ccfa4c50230f65bbb99b31f1489f605e52a164be194ee187c2d88044beeac9d6b88f7f9112462e51f66514b964d6

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 8c0cdc2ff63070e2434ccd0f6a472fa6
SHA1 14fca11597a45c5603224521090c88f3dba180c6
SHA256 9d59afc5f6f4f15f2766bc88c88b2336d22e57209c67100e4a6141e4344192d9
SHA512 fb2e318986ba97aae23241715432e408e945ed5bb2ea6f126ac34bd9389440ba61a74791f9e62097bef2547559b9c27d6b6e98041dc0d93017f7b3ce0ce08b53

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\143a7736-a5dc-4618-aae5-b69a7c08632f

MD5 5198f3ad475bae0c2f228b5fd5042f9a
SHA1 3bdb4a94bf3b1f7f80941ed2799271cf3563b49f
SHA256 a3d907832452a16b9afcac33ab9cc0cc3dc8f95b765e3880bc4f849267f371d2
SHA512 d82b432a01c106371a281e94d0f347150940fd7f15b45cfc2eced84cc51e2edb54e95c877f4e2faeafba2004eb0bb3779224163f6c19988a807041cbcc849711

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\eaab2a8d-dc30-47d4-bfbe-cf1c78a626b9

MD5 6240930f75405207b4a07f12eef74a2c
SHA1 8d95c6ea3b20f6e2d89cefc3b974b9932c1064b9
SHA256 cf82afa0a6b77fe12c888803c0c88e67d75d1f8cfd851c368f40d1c950fe5084
SHA512 06de657dc5853fbb1fbd6360ed48eddc3badc2c0720bafcfdb8012bdf4350cf26346dbd9bc940323afdba5f7b5a7e16a7dc01fd62e46c955c700cfd7bb0e2697

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\c7e28abb-364a-4e15-b2e6-8427f2d34471

MD5 46bbfbd2fff3115f2329e434881f3e13
SHA1 4986b38ccbe4f45ea3d08724cba93be85741c154
SHA256 c292993af132c9564f3f1ebf2eb0d837ab4eff2c22d8241f4be2951a89766778
SHA512 4ba44d453edc7a3ecd4ce6ca51c86852ed3fc66801dc2b1e25f388a8cd1fc71345162595e51bed077fb9f79206a9606f427dfc69aadd3f61d68240db586c2f50

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp

MD5 176345efd618b6d48f6ea706d338a6ea
SHA1 e116b43ce4e93ffc6b3047bf5f1cb41a864da463
SHA256 fb22f6e3371df1c6e0cea62d30f817788c943eaed121d4d4e185fa36d401974b
SHA512 ac66d1c850b256fc7f7ff9f2c46fc7515703df5d4556d415957b699d937f52621e5da22d7def26c72146670edb7e11d4bde7dbb655e3fdb3bd2c8befa136f247

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp

MD5 2ff2ececb94d39c7af3e753f248e9171
SHA1 d16568acc998373c273c980a3f032145cf5b8850
SHA256 56201a75a081aa12a16e1260268599b808c058daf5df5a78a5b71db76448ed71
SHA512 c13b57d0b3f16f70d5600d99a06e86c195dfe562b62799a31384e8a5e6dfe93a20a430fec7bdd1fcc17ca6509498ef8c69e930ad29e5f603bbf5143ee4a660a9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\prefs-1.js

MD5 0b3ec98c70733f5ba47073dc268f6360
SHA1 e581274d643ebe01c0ca6203f574579f9ecc420d
SHA256 79e36085a75ad961507b1160cdb14941d17ec3309ba6acc77eab23303b70c668
SHA512 ea63112c4abd4f018ebf39c7624d2f121e916b3d5d7ba6c4d633029b223a6fff1b5bfaf2cec906bb6e087986eb78ff3787871c5ba5462f361498c081c17f8fac

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

MD5 219d515bff947d2c25cb4cdc0c5757fe
SHA1 2a9b35d193b82e5733ff83e1db7e90fd6d6c2264
SHA256 074d075864da3800e064ea82054eb97990b0e557b27b61cd2376e14b40a41e60
SHA512 1bcd3a0e4e38e7558cefe9dc69d5156819fd21fb73d4441e0baf527a26372dce1d84170186e0634d92b48c9b2a74e03dffd7a81ff8c8130cec4136a8342d2c4e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\AlternateServices.bin

MD5 b33b2e19eaca24d7d6c79384e41d7379
SHA1 2b9469603d8172f3cee1b813b2381fd8f4b8410d
SHA256 5c3267e9dcb4a5e11b2f7776fc6607797b7c7d07c1b233b8913c240d56c11285
SHA512 31d9450344d92acc65c50180a3ada3f39c964d0018b1afd3affabb1b9b84ac5acee184eba4edb00f9adaec6b561e4e84fe8db95d9cc77c699fd8cf53237bc122

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\8AD6F5CF0FEC728921A5A08D73A7BA92616EE430

MD5 5ea715ec3d85b75a6bec84eba6271138
SHA1 1a65bfb92e6961973b20fadb797024a194850eb6
SHA256 377ee341df70fcc52fb72542c5d504304b4649d6e15604a4bdd43ce3d4b66b25
SHA512 bc3a19245761ff861e4e0964edd747f1f9e84eb808c1adbe6715b540911929d79290149b38f8e0f1a229c1bb43d996a08ae74d3efff0807c30da1ed08e83d0fe

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp

MD5 c300f8a0ddbf465114bde3810bb56341
SHA1 adbd948719230d686cc7c558f9e58fa93bbd7792
SHA256 c2da4b13c57978571a87b5f621bb6eb24b052b62e20e0f9aef1fc26dce8a1931
SHA512 f29fd951d1b42df370cfd051271f1caa9c4c035020f8422899cf8830fb87ae7e60241e07092293d05d489769cc24f6e0ef8059df3f3f25c323540377b29cae65

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\cebc6f2e-ef8c-47af-af40-b8d893067124

MD5 ca2c6b358f0281850b0b7cfc6b893b71
SHA1 d2898ad148f3c24e2e91d602050c56c543c71794
SHA256 c6b25881745f6304523dd0ca6c5fd0ede1844fc10be6a16f90f15665d1240956
SHA512 2a824177cb56e0f962919f7f56d639277ecb3070eda33e77e646ab6dbf8e73a074c89b898664027c6bee5344f9cbf9926fdc377c05509de413608db6807accfd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionCheckpoints.json

MD5 a0821bc1a142e3b5bca852e1090c9f2c
SHA1 e51beb8731e990129d965ddb60530d198c73825f
SHA256 db037b650f36ff45da5df59bc07b0c5948f9e9b7b148ead4454ab84cb04fd0e2
SHA512 997528e2ecd24a7e697d95cd1a2a7de46a3d80b37fd67fac4fb0da0db756b60a24648b7074255dc38f7651302f70894a53c3d789f3d7cd9f80fb91bd0cade4be

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\xulstore.json

MD5 3c7edbdeecdb47fba617e3d03c36b0d3
SHA1 53628ce8c5170810fabafab8e001bfd971d47825
SHA256 c3db6f2519b071b7441022f9ed508b0da5ba40295be0ee449a27bd6146595d04
SHA512 bbf56ea374114173f7de198cd71ac6e75276b0f30926c6690db512f45ac2e54d099d990c285578f702696494d2884d8550e5dddadeee01077933034ac3817842

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 b16bb6b1e7a9e0f2907327606d4062ff
SHA1 e419c0403bea99fc7d3808e1e9ff9e8c4056f374
SHA256 9bf16eb376f6fefed49f58c27e6a97cbb3123abcfc6dafda3a10f59ba01d9e9a
SHA512 d099682ff6fa1d2662df219ccf386fcfcca4a1a4acf5e975c992b99cdba159509dfd419de3abede32f45c576ed6fb7c321a9266ffb3dba6ea03fded132b72dba

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 c0c2514c34b3b4c8a79876664b86439d
SHA1 87ad6220ce02181178c0b4e930134beb89a8edee
SHA256 ffc1c3ebcec7d031ec2c7bd99cca08ad9042f562737be09b6d75d83c2e338eec
SHA512 23ccc6453539528a9e4691e9aba24ff44a47bc45a16085168b74a61629cfff5efbbe3179535de82e53ad622be5a8b3a17a639e925a61aa2cdd4b7c4a10ceeb81

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 daaaac5db0f3a9336c7989103762c527
SHA1 d613067417cee634bc3852753abef90f4e4aa73c
SHA256 26e648ba8e00f0972a53c52ad81cb9fc57a30cda5b0311827300022b105fdb56
SHA512 18e97075e9b457d2adfec5dc0a7ac3c5fbf51891ef03227fe84a9f77d497104d2437414439cb55524bc83c1d693a64c73b15f29d6f392822d03805926d853b08

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 bdedd767aeaba26786febc233504f91a
SHA1 0d6c6caa579f6c84298455197b4eab7ce9b74202
SHA256 6f06f27d5de35a78415c411cf3a5f679dc3fad71c91524444914e1591d5481cb
SHA512 c54f094b82bf751c074fd13a45aa074b014d2c6a61901d37bfb5265916c22f68fb2179db8599688df75d8456d6780efbdd22b4c9f919862c82394c230bf490d1