Malware Analysis Report

2025-01-18 23:44

Sample ID 241106-tj5bkasmct
Target SteamSetup.exe
SHA256 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
Tags
discovery steam defense_evasion persistence phishing privilege_escalation upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

Threat Level: Shows suspicious behavior

The file SteamSetup.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery steam defense_evasion persistence phishing privilege_escalation upx

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

Drops desktop.ini file(s)

Enumerates connected drives

Adds Run key to start application

Downloads MZ/PE file

Network Service Discovery

Detected potential entity reuse from brand STEAM.

UPX packed file

Suspicious use of SetThreadContext

Drops file in System32 directory

Checks computer location settings

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Access Token Manipulation: Create Process with Token

Browser Information Discovery

Program crash

Checks processor information in registry

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Modifies registry class

Enumerates system info in registry

Checks SCSI registry key(s)

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Modifies system certificate store

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious behavior: LoadsDriver

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-06 16:06

Signatures

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-11-06 16:06

Reported

2024-11-06 16:07

Platform

win10v2004-20241007-en

Max time kernel

33s

Max time network

41s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Steam.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Steam.exe

"C:\Users\Admin\AppData\Local\Temp\Steam.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 cdn.steamstatic.com udp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 2.23.210.75:80 r11.o.lencr.org tcp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 52.3.101.151.in-addr.arpa udp
US 8.8.8.8:53 32.169.19.2.in-addr.arpa udp
US 8.8.8.8:53 75.210.23.2.in-addr.arpa udp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 102.209.201.84.in-addr.arpa udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-11-06 16:06

Reported

2024-11-06 16:06

Platform

win10v2004-20241007-en

Max time kernel

9s

Max time network

4s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bin\SteamService.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\bin\SteamService.exe

"C:\Users\Admin\AppData\Local\Temp\bin\SteamService.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-11-06 16:06

Reported

2024-11-06 16:06

Platform

win10v2004-20241007-en

Max time kernel

11s

Max time network

13s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ShellLink.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5076 wrote to memory of 3024 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 5076 wrote to memory of 3024 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 5076 wrote to memory of 3024 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ShellLink.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ShellLink.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3024 -ip 3024

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-06 16:06

Reported

2024-11-06 16:07

Platform

win10v2004-20241007-en

Max time kernel

30s

Max time network

31s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3416 wrote to memory of 2052 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3416 wrote to memory of 2052 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3416 wrote to memory of 2052 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2052 -ip 2052

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 616

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 20.242.39.171:443 tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-06 16:06

Reported

2024-11-06 16:07

Platform

win10v2004-20241007-en

Max time kernel

34s

Max time network

35s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 856 wrote to memory of 3144 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 856 wrote to memory of 3144 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 856 wrote to memory of 3144 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3144 -ip 3144

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 644

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-11-06 16:06

Reported

2024-11-06 16:07

Platform

win10v2004-20241007-en

Max time kernel

34s

Max time network

36s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3656 wrote to memory of 3048 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3656 wrote to memory of 3048 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3656 wrote to memory of 3048 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3048 -ip 3048

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-11-06 16:06

Reported

2024-11-06 16:07

Platform

win10v2004-20241007-en

Max time kernel

12s

Max time network

14s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 8 wrote to memory of 2732 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 8 wrote to memory of 2732 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 8 wrote to memory of 2732 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 2732 -ip 2732

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-06 16:06

Reported

2024-11-06 16:51

Platform

win10v2004-20241007-en

Max time kernel

2700s

Max time network

2687s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe"

Signatures

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe N/A

Downloads MZ/PE file

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini C:\Windows\system32\svchost.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A

Network Service Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\System32\GameBarPresenceWriter.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files\VRCHub\VRCHub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files\VRCHub\VRCHub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Detected potential entity reuse from brand STEAM.

phishing steam

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\dll\gdi32full.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\dll\advapi32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\dll\crypt32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\dll\ws2_32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\sechost.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\dll\userenv.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\dll\ntdll.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\symbols\dll\cfgmgr32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\crypt32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\shcore.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\gdi32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\symbols\dll\gdi32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\hid.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\dll\glu32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\SysWOW64\mfc100kor.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\dll\UnityPlayer_Win64_player_il2cpp_x64.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\symbols\dll\UnityPlayer_Win64_player_il2cpp_x64.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\dll\win32u.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\baselib_Win64_player_Master_il2cpp_x64.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\winmm.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\SysWOW64\mfcm100u.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\ole32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\symbols\dll\sspicli.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\symbols\dll\oleaut32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\dll\shcore.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\symbols\dll\shcore.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\mfc100jpn.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\shlwapi.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\version.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\dll\version.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\mfc100cht.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\symbols\dll\userenv.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\sspicli.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\dll\AudioPluginOculusSpatializer.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\mfcm100.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\dll\msvcrt.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\ucrtbase.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\AudioPluginOculusSpatializer.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\SysWOW64\atl100.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\symbols\dll\AudioPluginOculusSpatializer.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\WindowsPlayer_player_Master_il2cpp_x64.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\dll\kernelbase.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\symbols\dll\mpr.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\DLL\iphlpapi.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\SysWOW64\msvcp100.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SysWOW64\mfc100cht.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\msvcp100.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\EasyAntiCheat\service.log C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
File opened for modification C:\Windows\SysWOW64\mfc100chs.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc100esn.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\symbols\dll\user32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\dll\ole32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\symbols\dll\shell32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\imm32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\dll\opengl32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\symbols\dll\dbghelp.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\SysWOW64\mfc100u.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SysWOW64\mfc100ita.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\ntdll.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\symbols\dll\msvcp_win.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\CoreMessaging.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\symbols\dll\advapi32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\dll\bcryptprimitives.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\system32\mfc100chs.dll C:\Windows\system32\msiexec.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Steam\config\libraryfolders.vdf.async5644.tmp C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_hungarian-json.js_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\icon_controller_bpm_over.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_ltrackpad_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_lt_click.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_dpad_left_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files\VRCHub\ja\System.Windows.Controls.Ribbon.resources.dll C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0010.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_110_social_0301.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_home_down.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_buttons_e_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_ltrackpad_up.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_gyro_yaw_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\styles\gameoverlay.styles_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0450.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\icon_up_default.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\xbox_360_spanish.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files\VRCHub\System.Net.HttpListener.dll C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0402.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_back_over.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\icon_install.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_r_right_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_button_plus.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_090_media_0200.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_030_inv_0309.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox360_button_start_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_l_up_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat_Data\resources.assets C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_rb_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_ring_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_button_x_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_l2_soft_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\filter_profanity_russian.txt.gz_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\layout\gamespage_grid_chrome.layout_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_ltrackpad_right_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\hp_m1_sm-1.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_l1_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\friends\ChatURLWarningDialog.res_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files\VRCHub\is-REJ90.tmp C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\inbox_offlinemessage.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_button_home_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_l_click_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_sr.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files\VRCHub\is-JQUU1.tmp C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe N/A
File opened for modification C:\Program Files (x86)\Steam\steamapps\common\VRChat\EasyAntiCheat\Localization\it_it.cfg C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_down_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_mouse_scroll_down_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\pt-BR.pak_ C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files\VRCHub\es\UIAutomationClient.resources.dll C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\steam_tray.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_gyro_roll_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_touchpad_click.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\steamui_postlogon_latam.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_rt_soft_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat_Data\Plugins\x86_64\symbols\dll\dwmapi.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0210.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steamui_greek-json.js_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\steam_voice.ico_ C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files\VRCHub\clrgcexp.dll C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp N/A
File created C:\Program Files\VRCHub\is-187SK.tmp C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\icon_security_unknown.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_l_touch_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification \??\c:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\UnityPlayer_Win64_player_il2cpp_x64.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\dll\UxTheme.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\DLL\iphlpapi.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\dll\AudioPluginOculusSpatializer.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\rpcrt4.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\symbols\dll\rpcrt4.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\dll\gdi32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\imm32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\symbols\dll\ws2_32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\symbols\dll\winmm.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\symbols\dll\opengl32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\symbols\dll\GameAssembly.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\kernelbase.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\apphelp.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\dll\rpcrt4.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\CLBCatQ.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\symbols\dll\shlwapi.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\symbols\dll\gdi32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\advapi32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\symbols\dll\bcrypt.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\dll\winmm.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\dll\glu32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\symbols\dll\Kernel.Appcore.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\dll\userenv.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\symbols\dll\userenv.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\Installer\MSID2E4.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5dce3a.msp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\dll\GameAssembly.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\symbols\dll\sechost.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\symbols\dll\win32u.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\dbghelp.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\symbols\dll\kernelbase.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\sspicli.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\ntdll.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\AcGenral.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\ws2_32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\symbols\dll\glu32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\dll\Kernel.Appcore.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\symbols\dll\bcryptprimitives.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\Installer\MSIE545.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\symbols\exe\WindowsPlayer_player_Master_il2cpp_x64.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\symbols\dll\ntdll.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\symbols\dll\ucrtbase.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\opengl32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\CoreMessaging.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\dll\shlwapi.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\cfgmgr32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\dll\bcrypt.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\winhttp.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\user32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\dll\gdi32full.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\setupapi.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\symbols\dll\cfgmgr32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\bcrypt.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\crypt32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\hid.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\dll\baselib_Win64_player_Master_il2cpp_x64.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\sechost.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\dll\ole32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\combase.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
File opened for modification C:\Windows\dll\advapi32.pdb C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\gldriverquery64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\gldriverquery.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\Downloads\VRCHub Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files\VRCHub\VRCHub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ZER0.Certificates.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Steam\steamservice.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2010\vcredist_x86.exe N/A
N/A N/A \??\f:\81bd88d56c11da6e16b3\Setup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2010\vcredist_x64.exe N/A
N/A N/A \??\f:\5b89c399c4a5f9140449c776\Setup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x86.exe N/A
N/A N/A C:\Windows\Temp\{4E1D1858-88A5-4997-AEFD-3BD2DA91ACAB}\.cr\VC_redist.x86.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x64.exe N/A
N/A N/A C:\Windows\Temp\{F382EE27-E8CD-4592-821A-26ACF2D107A5}\.cr\VC_redist.x64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\x64launcher.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\x86launcher.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\VRChat\EasyAntiCheat\EasyAntiCheat_EOS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\VRChat\start_protected_game.exe N/A
N/A N/A C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\VRChat\start_protected_game.exe N/A
N/A N/A C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\VRChat\UnityCrashHandler64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\VRChat\UnityCrashHandler64.exe N/A
N/A N/A C:\Program Files\VRCHub\VRCHub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ZER0.Certificates.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Access Token Manipulation: Create Process with Token

defense_evasion privilege_escalation
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Common Files\Steam\steamservice.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\gldriverquery.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2010\vcredist_x86.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x86.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\VRCHub Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Temp\{4E1D1858-88A5-4997-AEFD-3BD2DA91ACAB}\.cr\VC_redist.x86.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Temp\{F382EE27-E8CD-4592-821A-26ACF2D107A5}\.cr\VC_redist.x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\x86launcher.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steamapps\common\VRChat\EasyAntiCheat\EasyAntiCheat_EOS_Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\f:\81bd88d56c11da6e16b3\Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2010\vcredist_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ZER0.Certificates.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ZER0.Certificates.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Common Files\Steam\steamservice.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\f:\5b89c399c4a5f9140449c776\Setup.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 \??\f:\81bd88d56c11da6e16b3\Setup.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 \??\f:\5b89c399c4a5f9140449c776\Setup.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz \??\f:\5b89c399c4a5f9140449c776\Setup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz \??\f:\81bd88d56c11da6e16b3\Setup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\CRLs C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133753828689015903" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.dp\ = "VRCHub.dp" C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VRCHub.dp C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1D5E3C0FEDA1E123187686FED06E995A\KB2544655 = "Servicing_Key" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A\ProductName = "Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1926E8D15D0BCE53481466615F760A7F\KB2524860 = "Servicing_Key" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A\SourceList\LastUsedSource = "n;2;f:\\81bd88d56c11da6e16b3\\" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1926E8D15D0BCE53481466615F760A7F\Version = "167812379" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VRCHub.dp\ = "VRChat Asset Package" C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VRCHub.dp\Shell C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1926E8D15D0BCE53481466615F760A7F\Patches\Patches = 3400440035003400300037003600430045004400340046003500420041003300320042004200440033004500350046004100440031004300440034004300390000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1926E8D15D0BCE53481466615F760A7F\Patches\4D54076CED4F5BA32BBD3E5FAD1CD4C9 = ":SP1.1;:#SP1.1" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2437139445-1151884604-3026847218-1000\{BA3FE3F8-A88F-48DE-B710-52C9CFB1F088} C:\Windows\system32\svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VRCHub.dp\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A\Version = "167812379" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1926E8D15D0BCE53481466615F760A7F\KB2549743 = "Servicing_Key" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1926E8D15D0BCE53481466615F760A7F\ProductName = "Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1D5E3C0FEDA1E123187686FED06E995A C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VRCHub.dp\Shell\Open\Command C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1926E8D15D0BCE53481466615F760A7F C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VRCHub.dp\Shell\Open C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Patches\2D0058F6F08A743309184BE1178C95B2\SourceList\LastUsedSource = "n;2;f:\\81bd88d56c11da6e16b3\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1926E8D15D0BCE53481466615F760A7F C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1D5E3C0FEDA1E123187686FED06E995A\KB2524860 = "Servicing_Key" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1926E8D15D0BCE53481466615F760A7F\KB2544655 = "Servicing_Key" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2437139445-1151884604-3026847218-1000\{618BA95B-D79C-4304-B7FA-1C9D6B1B4334} C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VRCHub.dp\Shell\Open\Command\ = "\"C:\\Program Files\\VRCHub\\VRCDataMod.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A\Patches\2D0058F6F08A743309184BE1178C95B2 = ":SP1.1;:#SP1.1" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Patches\2D0058F6F08A743309184BE1178C95B2\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Patches\4D54076CED4F5BA32BBD3E5FAD1CD4C9\SourceList\Net\2 = "f:\\5b89c399c4a5f9140449c776\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7B9D7E1F96BA7FF50AC0D201383FD1F07412E59E\Blob = 0300000001000000140000007b9d7e1f96ba7ff50ac0d201383fd1f07412e59e2000000001000000d3050000308205cf308203b7a00302010202147d7bd06f0a46a1d10d3dad668239b834249f5fc4300d06092a864886f70d01010b05003069310b30090603550406130247423116301406035504080c0d57657374204d69646c616e64733113301106035504070c0a4269726d696e6768616d3110300e060355040a0c074d61676d614d43311b301906035504030c124d61676d614d4320476c6f62616c5369676e301e170d3234303831363133333331335a170d3339303831333133333331335a3069310b30090603550406130247423116301406035504080c0d57657374204d69646c616e64733113301106035504070c0a4269726d696e6768616d3110300e060355040a0c074d61676d614d43311b301906035504030c124d61676d614d4320476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a028202010093210f529d7445a998218a94ebaa50e6dc11038451ad30469459b44d716ece5f54eb3fd38b305e29ba3b60bcf3f5f980d261cc391ae519f1e05c221c80e5da1f46eef851bd4b768f8ef4471b80f52043e01f59966df78d4e717b8be427162989da8d828db463fce97cbbe0b75452a63b24222605308b3add6123be8a4e92e53ceffbf41484d874624c113d43e2a51e086a39bf30830310f0423ad1d934ca41b7b85cd885fdd5865378932111b73227d6574c26b9102d4a29de2a7003f8fdb2f295fa39ab8b1b6f8c62d2e5ae90f6d614ee6464fd807a4c4872e4a56cf6edb0cc73ea2ecc644d2b1bbc682bb75f1b53204cf8b16861d278c9ffc32ad9a700e9d5de035bc2b7ec0b2258899b31b285192040d97aeebea70968e6029bf0fe5bf3ecf3c2144dc9e6fcce39720a3e5f03288f8cc0af6a1d929c15ccfc187a20dd6897659fb45da7bdd45559afb1a4b577d4980ac359aa00089fb66adcfc79c263c515d9e3db19d201e76a0db2ab26d2ece0b282d57811299f8a7f2ab72d58c27f29c82b881c96fa2f30d8229d6d06ff55bf41276552723f9260285b0a685ac4c0ab23c04ff7cdbf9bc94574d82f43fb622d34f1d9d1ea6f4fe0cf4dd59f8b631f2a59dda59542383a8c4411932c51413b3a77915281e2518b51c08486e846b588cf2ce7b0b0a9331e706e9f7ae6ec9f0bd513524d0ec57720f0cc6dbef1ebd6209c490203010001a36f306d301d0603551d0e0416041400e97016ef3bdf351cd1ce322c1188324a352151301f0603551d2304183016801400e97016ef3bdf351cd1ce322c1188324a35215130090603551d1304023000300b0603551d0f04040302078030130603551d25040c300a06082b06010505070303300d06092a864886f70d01010b05000382020100587a2cd58f10ac6407ec028b511d1363a9ef269ee78c7a2d6fbcfb10f87fcd4c2b9e9c1086a0dc03af5f4ef5bf91e500c96d071896ab3770d2110b26fc047fed1c8124b8066c3d19de9b3e47bb9a7bf0959877acf807e5c318fc38a46ecb81657119d554383472c517a9709e57936b4fda72603d909d4d6312d1671356bc6b77efb73ce60f66ca0d5f3cc54db8e4977ba92f859e0a7eb528a5ba770ede910a77d655ae42180f863614480374fbe3efeff32baf7b6f7db12e7b0d776f3b5fb1edbb5dd5dd20ef9d08a94104dbdd8ef082080148af43510b3d8e869dfec42ddda578319ca601f99aedd598f52d56b9a4c77fc8a35370d35a9b0e258319bc0e2ad67aa37a41f99b0e9d45de208141f8f3e97718974a5a02a5c0a9e45d3f6b7cd4f97a7ccf4042eaa381ffb1307abde103c0bd64a470e3c07170633f66985841d373cbf1c5bf9f2e18b3847dc6d72d9e76ad5d0e4003abe684cab66053b25a50d1e287b6c0b797936e9603c937beb9e49c2a551e197005e7a838f2a909b944aebdc23dfbaf7de3ad183c909f88de6c3f6fa1af9100a69c071ca3dc6599b70da0c0cce68d0e2cb23b5eab785e496bba843db233196d155c15457c01dfb3e9ed4a248c68750ce187351806aa7b7d85421d56f733400c64f4010b0c9cd078a801599d9fb7080eb7f6987cd12323a5653fa7e88dc3279b9333dd87de3ae622c9e67c327e C:\Users\Admin\AppData\Local\Temp\ZER0.Certificates.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Program Files (x86)\Steam\steamapps\common\VRChat\start_protected_game.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 \??\f:\81bd88d56c11da6e16b3\Setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A \??\f:\81bd88d56c11da6e16b3\Setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Program Files (x86)\Steam\steamapps\common\VRChat\start_protected_game.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\C9B4CA6DE60F5398B21CDA1841CFD9081D3960F7\Blob = 030000000100000014000000c9b4ca6de60f5398b21cda1841cfd9081d3960f72000000001000000c5050000308205c1308203a9a003020102021464f260997509be7e207b99fd968f2bc20afed4b1300d06092a864886f70d01010b05003062310b30090603550406130247423116301406035504080c0d57657374204d69646c616e64733113301106035504070c0a4269726d696e6768616d31123010060355040a0c095a455230205465616d3112301006035504030c095a455230205465616d301e170d3234303831363133333330385a170d3339303831333133333330385a3062310b30090603550406130247423116301406035504080c0d57657374204d69646c616e64733113301106035504070c0a4269726d696e6768616d31123010060355040a0c095a455230205465616d3112301006035504030c095a455230205465616d30820222300d06092a864886f70d01010105000382020f003082020a0282020100bd166a791cc1ea6f5af331e87fa3b54ca042e47ad224a08f23f19cb5cb0fcaae58974f5b9526e558518cdb1ba133cb95eba881c04a8ed2e738e907c9593e2da4796195220cdc297c0cf7e28502de9ecf15e0aa3cf1efa78ecbc7ca65ec6129c2bb3db786a74624598907f14f19a8a8adc71da369fac97599323eb6d5ee0b0ef6a188037f91c87dd7453fac3864d06f232fce044e00a50820476c221daf3a3e8e3182891fdd49102767605fcd610cae1a6c8a3e76e98933bca0c6426a61a41a2f77e5017e76b18e2986fec3cc839bb1173e136d3e41a6dea72dac4715ab38117595f6db905d3770567331b9ff924d65443b83bf9cad4043ff73d0f5767fa8c4cbc1fe3dac34d96c47a99a96eba1f2ef9762904af25401b8a2175a8cac765589549dca49b56fc46510200571b062cecaed8ad1a1c2165de6c40b9ba101416c4b046cfaaa22c81370fb969074368aa49532ffc1395a93b74ccb74256c123c0af26041f70f4e203d784a5e7feb59680c748f91cb9523c5f4c006559ac3ed37bc69c4b40f0c5fe447a134c94d4b2600731c024ddfd201c3710655d4082b4f4f9990c97c0752fe21bf7d95041f9a8ba7fa84929a8e348da7ad32c4e923a7cea00cd78873376f761e90a29c8311a792241c307658496917d6f058c6c6eaa077f5753bd3c1e14de6c150052b3ba13a6832e7b326e19a23647a555c8d5e95c8199474df770203010001a36f306d301d0603551d0e04160414817e1ff385f7063b05692cc2ff235d83e560a366301f0603551d23041830168014817e1ff385f7063b05692cc2ff235d83e560a36630090603551d1304023000300b0603551d0f04040302078030130603551d25040c300a06082b06010505070303300d06092a864886f70d01010b05000382020100657115b65f2af264dca34ea1d2c90daa2afe9198e172370d5b1f59a56595602a41e565810a2f5b7bd07f783dbe110010a3fad5ec8c0089ee31aedddd0dee8f60c2af3ca947aa1b136cec53e53633941572d2581fee3c742f68bb4023f9d463027af6c9a7a5bf52b636b09412c24503e5d30bed11128001eca664e27d08b6af0e2cfa76fb96a6ca9017c08391b5ca9d423e0122643eb157ee22ae71c94c9c9991839361e294cc811e00f18196b304d76fb777978dbf1795a44591d240e3e94bee2df678fbcbc4d080544202958d4556d76f56b976e0da56fd162bea45f15fb3273ca031355b1fffbd814aa40dc3159dfdacb2bd59598c3b0addb3c4ac903bcdcea43a7ccb11718ac0bb93274d83627577aab763d3e52a9fb692c29a9c4ba0bc5d4bd354d2bc09e2f72bc8a005924c0fe59ebdc548371e7b5f64241d0c63fcbc9cce1cfdec0ef946a84809266a4cdf3dd2325bcd92792da9b52220c7d9825c02ffbb6abe224e1285252129bc9c3cafe28113793ee84ed13d9212446cc3f99a386fd5176bccfac01e08187208b0e83c038b1a6fa81b3e90ec249263c5faf2fbe167acfc8fb780d9ba857550bb0b06cf529375cbe9fc76973cf65167b327840929e4947299722ede77af1db718a31f27a4f13c668b616c910dddfdb4d2f1e288cb09f48e5cf075b3db7da245b1c69ecda75875522348a0728909f01cd861e0ac637f C:\Users\Admin\AppData\Local\Temp\ZER0.Certificates.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\388678CFB6A9627CB62083131A1D88B2E2306381\Blob = 030000000100000014000000388678cfb6a9627cb62083131a1d88b2e23063812000000001000000930500003082058f30820377a00302010202144a2c64052856febaea3118c40bf04be2fe536c5e300d06092a864886f70d01010b05003049310b3009060355040613025553311c301a060355040a0c135a45523020436f6d6d756e697479205369676e311c301a06035504030c135a45523020436f6d6d756e697479205369676e301e170d3234303831363133333230315a170d3439303831303133333230315a3049310b3009060355040613025553311c301a060355040a0c135a45523020436f6d6d756e697479205369676e311c301a06035504030c135a45523020436f6d6d756e697479205369676e30820222300d06092a864886f70d01010105000382020f003082020a0282020100c610f7f764bf52f8b59bd35a766109f610e83fba15381006d8ee4827f813a2de5a7b55458a0c8fa97373fbbe48f9884e78aa4d20a4cf343db893884af2137959e5cbb76a1ea5f068fe196e05bc5d1e803c220c0b586f134f8ab47e0a9a698b28fbb421c87d5aa412e1cb477b078b8dd1adf814d3e643707b4c6f00746266000b6a647d3ae833ff1f5559de05c45fafe398b4b5540ccfd16675c8920583d04377f7f9da3aaa9f7d5766adf1c69e9a8246e5ae650bec36781d8a32bfe4537e7f4b2dcb9fb1d72f9145b9376fb4d78eae94bc47a8ad58a6d66e07382c2d5078315dcf99a3032323e3e7f804a59d1eed5e4eb54c6bd8d2a3761585960c53e6c8f7652b5e224f54a9691d347ae16107c79a0ce482e14a17cfb6338804e8e07851c3756d69ac86731835f8b996ff1fab0c36fd9865c557be8a517db7c1ddc877342302ccdf46ea5d0072e107b14e6c39ecde53e1d0bd804ad6e94df79f6e2635152ce6b197fd3a78e6e5083f93b8f3a9de811f0d5005bbe12494bad3a3ebe940cbd8128163ab856d767eab1eb22d4e890b5083c431cbf3b1358fb8c9b5808e32aa94a5e21d028011023d202eebcac4d6001ed2650027cbffd1fc581708ad3d2337f8cd3a7e6d67af2e814f9cbebd7f5f24aee21d5ad9a73f7f0b0f3f4b6057b24a7318e7d27d5528a39bd6715a209c464123c8db5bd683183f82ef9ab923242bf094150203010001a36f306d301d0603551d0e04160414c91d69e12acf625f9580b637cbeb812ecddee01d301f0603551d23041830168014c91d69e12acf625f9580b637cbeb812ecddee01d30090603551d1304023000300b0603551d0f04040302078030130603551d25040c300a06082b06010505070303300d06092a864886f70d01010b05000382020100088cc3dd2e60ce7066cbd369c07a90d14082130f13f70ae7c5ba0fde9548a87910e2868169251b1fd6a393c4aaa59e54db55428bebf6ae35e885fbf6bc9b79a485c40b0fe2352147d5a36608dd191cbd8c42f15c6f15cb074a5d8610a0708828c4624b1423ad3262841d80b644a529fb06f0dc93963e083fbbf2b417854671708e549606335caba89ca48bab35827aa1addf75157b080bfbc6d4ac81812b6e7231b0a878498ec426b66bd64e7637acb473dd8512cb33caa7547507e5cedbc476ca3c4b24ffb4a2fed8da8fd945806d5059aa37925952937262b4321aefd626d2e797a31db05169b7bccea5028ebba1c49468bb254d333d826a4604a87fe022edd02742af8d9a0b5ecf88ccd6cd04c4b45a8aa43869bcd60ddaa499e7cb2e8d5332aadbf9477e7d238518779340e566253b19620543f79aebde89258935002810becf4818ebf1e4894d41c270e1d82037cc4de7fd58646e9733933a52ea636cffb68348a15c7d893dde42221fb65b693b77c6eb05545901f839e36d7a1a713de4f119880df7143a7d11e251f55aee24cd6023e23c4a5d295d78092904afc98ab8311d22a7ed2f37301365186f4fb1d6070fdc3facf8f86c4685a490c695c95ddb6f77ee167e17a51bb56dadd0bcda9bd483a6891f39af58b9cf2e3e32cdb0789889472d19c765aa7063790b8f869682648632a15b1fa1a1b639400ac011a0db7f C:\Users\Admin\AppData\Local\Temp\ZER0.Certificates.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD C:\Program Files (x86)\Steam\steamapps\common\VRChat\start_protected_game.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 5c000000010000000400000000080000190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0282000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\C9B4CA6DE60F5398B21CDA1841CFD9081D3960F7 C:\Users\Admin\AppData\Local\Temp\ZER0.Certificates.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\388678CFB6A9627CB62083131A1D88B2E2306381 C:\Users\Admin\AppData\Local\Temp\ZER0.Certificates.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0280f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 \??\f:\81bd88d56c11da6e16b3\Setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7B9D7E1F96BA7FF50AC0D201383FD1F07412E59E C:\Users\Admin\AppData\Local\Temp\ZER0.Certificates.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 452 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe C:\Program Files (x86)\Steam\bin\steamservice.exe
PID 452 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe C:\Program Files (x86)\Steam\bin\steamservice.exe
PID 452 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe C:\Program Files (x86)\Steam\bin\steamservice.exe
PID 7780 wrote to memory of 7800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 7800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 7780 wrote to memory of 5660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe

"C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe"

C:\Program Files (x86)\Steam\bin\steamservice.exe

"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffcc0bfcc40,0x7ffcc0bfcc4c,0x7ffcc0bfcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1944 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2204,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2304,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2264 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3116 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3156,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4536 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4388,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4720 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4344,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4732 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4028,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4856 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4492,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4456 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4848,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5108 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5148,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3700 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4664,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4476 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3264,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4416 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3140,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5340 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3132,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3332 /prefetch:2

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=5644" "-buildid=1730853027" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1730853027 --initial-client-data=0x280,0x284,0x288,0x27c,0x28c,0x7ffcbbf3af00,0x7ffcbbf3af0c,0x7ffcbbf3af18

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1584,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1588 --mojo-platform-channel-handle=1576 /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=2276,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2280 --mojo-platform-channel-handle=2272 /prefetch:3

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x324 0x2f8

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe

.\bin\gldriverquery64.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=2732,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2736 --mojo-platform-channel-handle=2728 /prefetch:8

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3176 --mojo-platform-channel-handle=3168 /prefetch:1

C:\Program Files (x86)\Steam\bin\gldriverquery.exe

.\bin\gldriverquery.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe

.\bin\vulkandriverquery64.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe

.\bin\vulkandriverquery.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3696,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3216 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5076,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5424 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5520,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5524 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5468,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3128 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3300,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5516 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4932,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3376 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5828,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5836 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3844,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3848 --mojo-platform-channel-handle=3840 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3984,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3988 --mojo-platform-channel-handle=3968 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=3796,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3784 --mojo-platform-channel-handle=3804 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=860,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6024 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5812,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5840 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5288,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5884 /prefetch:8

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4268,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4264 --mojo-platform-channel-handle=4380 /prefetch:8

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4264,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4260 --mojo-platform-channel-handle=4100 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3868,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3740 --mojo-platform-channel-handle=3876 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4324,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4308 --mojo-platform-channel-handle=4436 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4580,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4692 --mojo-platform-channel-handle=1992 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=4488,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4804 --mojo-platform-channel-handle=4528 /prefetch:8

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4608,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3644 --mojo-platform-channel-handle=4332 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=3392,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4476 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5640,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5096 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6472,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6476 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6468,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6632 /prefetch:8

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3916,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3892 --mojo-platform-channel-handle=3544 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4000,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3760 --mojo-platform-channel-handle=4016 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6156,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6168 /prefetch:8

C:\Users\Admin\Downloads\VRCHub Setup.exe

"C:\Users\Admin\Downloads\VRCHub Setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp" /SL5="$70300,71276599,905216,C:\Users\Admin\Downloads\VRCHub Setup.exe"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5028,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4536 --mojo-platform-channel-handle=3540 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4752,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4740 --mojo-platform-channel-handle=4764 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5016,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4936 --mojo-platform-channel-handle=4792 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4920,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4992 --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4056,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4088 --mojo-platform-channel-handle=4924 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4972,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=5064 --mojo-platform-channel-handle=4068 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4764,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=5012 --mojo-platform-channel-handle=4704 /prefetch:1

C:\Program Files\VRCHub\VRCHub.exe

"C:\Program Files\VRCHub\VRCHub.exe"

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" EasyAnalytics.dll,OpenAnalyticsPort

C:\Users\Admin\AppData\Local\Temp\ZER0.Certificates.exe

"C:\Users\Admin\AppData\Local\Temp\ZER0.Certificates.exe"

C:\Program Files (x86)\Common Files\Steam\steamservice.exe

"C:\Program Files (x86)\Common Files\Steam\steamservice.exe" /installscript "C:\Program Files (x86)\Steam\steamapps\common\VRChat\runasadmin.vdf" 438100

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2010\vcredist_x86.exe

"C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2010\vcredist_x86.exe" /quiet /norestart

\??\f:\81bd88d56c11da6e16b3\Setup.exe

f:\81bd88d56c11da6e16b3\Setup.exe /quiet /norestart

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2010\vcredist_x64.exe

"C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2010\vcredist_x64.exe" /quiet /norestart

\??\f:\5b89c399c4a5f9140449c776\Setup.exe

f:\5b89c399c4a5f9140449c776\Setup.exe /quiet /norestart

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\Microsoft Visual C++ 2019 x86.cmd" "

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x86.exe

"C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\\VC_redist.x86.exe" /q /norestart

C:\Windows\Temp\{4E1D1858-88A5-4997-AEFD-3BD2DA91ACAB}\.cr\VC_redist.x86.exe

"C:\Windows\Temp\{4E1D1858-88A5-4997-AEFD-3BD2DA91ACAB}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x86.exe" -burn.filehandle.attached=580 -burn.filehandle.self=588 /q /norestart

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\Microsoft Visual C++ 2019 x64.cmd" "

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x64.exe

"C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\\VC_redist.x64.exe" /q /norestart

C:\Windows\Temp\{F382EE27-E8CD-4592-821A-26ACF2D107A5}\.cr\VC_redist.x64.exe

"C:\Windows\Temp\{F382EE27-E8CD-4592-821A-26ACF2D107A5}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x64.exe" -burn.filehandle.attached=580 -burn.filehandle.self=688 /q /norestart

C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe

"C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe" --no-vr

C:\Program Files (x86)\Steam\bin\x64launcher.exe

"C:\Program Files (x86)\Steam\bin\x64launcher.exe" -hproc 1094 -hthread 13a4 -baseoverlayname C:\Program Files (x86)\Steam\gameoverlayrenderer64.dll

C:\Program Files (x86)\Steam\steamapps\common\VRChat\EasyAntiCheat\EasyAntiCheat_EOS_Setup.exe

"C:\Program Files (x86)\Steam\steamapps\common\VRChat\\EasyAntiCheat\EasyAntiCheat_EOS_Setup.exe" install a4a57ff548934dbeba0cc7c62cdf9f34

C:\Program Files (x86)\Steam\bin\x86launcher.exe

"C:\Program Files (x86)\Steam\bin\x86launcher.exe" -hproc 3a4 -hthread 3a0 -baseoverlayname C:\Program Files (x86)\Steam\gameoverlayrenderer.dll

C:\Program Files (x86)\Steam\steamapps\common\VRChat\start_protected_game.exe

start_protected_game.exe --no-vr --startup-begin-ts=89353721752

C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe

"C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe

"C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe"

C:\Program Files (x86)\Steam\steamapps\common\VRChat\start_protected_game.exe

"C:\Program Files (x86)\Steam\steamapps\common\VRChat\start_protected_game.exe" --startup-begin-ts=92253912886

C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe

"C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe"

C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe

"C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe"

C:\Program Files (x86)\Steam\steamapps\common\VRChat\UnityCrashHandler64.exe

"C:\Program Files (x86)\Steam\steamapps\common\VRChat\UnityCrashHandler64.exe" --attach 6332 2451030609920

C:\Windows\System32\GameBarPresenceWriter.exe

"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3164 --mojo-platform-channel-handle=3116 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4960,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=5116 --mojo-platform-channel-handle=1992 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5040,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3760 --mojo-platform-channel-handle=4272 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3328,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3332 --mojo-platform-channel-handle=3220 /prefetch:2

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://hdzero.mysellix.io/pay/9b069c-20bb91bd74-877091

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffcb47446f8,0x7ffcb4744708,0x7ffcb4744718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,8523047973517730181,11200991102576332216,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,8523047973517730181,11200991102576332216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,8523047973517730181,11200991102576332216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8523047973517730181,11200991102576332216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8523047973517730181,11200991102576332216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\23d50ff898444cb98d5cc4716f2a5892 /t 896 /p 4632

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\424abf664adb4089b1178cf956774938 /t 4380 /p 6332

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Program Files (x86)\Steam\steamapps\common\VRChat\UnityCrashHandler64.exe

"C:\Program Files (x86)\Steam\steamapps\common\VRChat\UnityCrashHandler64.exe" "6332" "2451030609920"

C:\Program Files\VRCHub\VRCHub.exe

"C:\Program Files\VRCHub\VRCHub.exe"

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" EasyAnalytics.dll,OpenAnalyticsPort

C:\Users\Admin\AppData\Local\Temp\ZER0.Certificates.exe

"C:\Users\Admin\AppData\Local\Temp\ZER0.Certificates.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 cdn.steamstatic.com udp
US 151.101.67.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 2.23.210.82:80 r11.o.lencr.org tcp
US 8.8.8.8:53 52.67.101.151.in-addr.arpa udp
US 8.8.8.8:53 32.169.19.2.in-addr.arpa udp
US 151.101.67.52:443 cdn.steamstatic.com tcp
US 151.101.67.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 82.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 172.217.169.42:443 ogads-pa.googleapis.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 172.217.169.42:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.178.14:443 clients2.google.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
GB 216.58.213.1:443 clients2.googleusercontent.com tcp
US 8.8.8.8:53 1.213.58.216.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 dns-tunnel-check.googlezip.net udp
US 8.8.8.8:53 tunnel.googlezip.net udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 172.217.169.42:443 ogads-pa.googleapis.com tcp
GB 172.217.169.42:443 ogads-pa.googleapis.com udp
N/A 224.0.0.251:5353 udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.34.239.216.in-addr.arpa udp
GB 172.217.16.238:443 play.google.com tcp
GB 172.217.16.238:443 play.google.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 test.steampowered.com udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
GB 2.19.117.21:80 test.steampowered.com tcp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 21.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
N/A 127.0.0.1:49245 tcp
N/A 127.0.0.1:49228 tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 109.234.82.104.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 ext1-lim1.steamserver.net udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
PE 155.133.244.34:27037 ext1-lim1.steamserver.net tcp
PE 155.133.244.34:27020 ext1-lim1.steamserver.net tcp
US 8.8.8.8:53 ext1-scl1.steamserver.net udp
CL 155.133.249.180:27033 ext1-scl1.steamserver.net tcp
US 8.8.8.8:53 ext2-scl1.steamserver.net udp
CL 155.133.249.164:27019 ext2-scl1.steamserver.net tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 34.244.133.155.in-addr.arpa udp
US 8.8.8.8:53 180.249.133.155.in-addr.arpa udp
US 8.8.8.8:53 164.249.133.155.in-addr.arpa udp
US 8.8.8.8:53 ext2-lim1.steamserver.net udp
US 8.8.8.8:53 ext1-eze1.steamserver.net udp
PE 155.133.244.50:443 ext2-lim1.steamserver.net tcp
AR 155.133.255.100:27022 ext1-eze1.steamserver.net tcp
US 8.8.8.8:53 ext2-eze1.steamserver.net udp
AR 155.133.255.164:27028 ext2-eze1.steamserver.net tcp
BR 155.133.227.50:27020 ext2-gru1.steamserver.net tcp
US 8.8.8.8:53 smailpro.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 unpkg.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 104.17.245.203:443 unpkg.com tcp
US 172.67.141.155:443 smailpro.com tcp
US 172.67.141.155:443 smailpro.com tcp
US 172.67.141.155:443 smailpro.com tcp
US 172.67.141.155:443 smailpro.com tcp
US 172.67.141.155:443 smailpro.com tcp
US 172.67.141.155:443 smailpro.com udp
US 8.8.8.8:53 50.244.133.155.in-addr.arpa udp
US 8.8.8.8:53 100.255.133.155.in-addr.arpa udp
US 8.8.8.8:53 164.255.133.155.in-addr.arpa udp
US 8.8.8.8:53 229.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 203.245.17.104.in-addr.arpa udp
US 8.8.8.8:53 155.141.67.172.in-addr.arpa udp
BR 155.133.227.50:27025 ext2-gru1.steamserver.net tcp
CL 155.133.249.180:443 ext1-scl1.steamserver.net tcp
US 8.8.8.8:53 cmp2-ord1.steamserver.net udp
US 162.254.193.75:443 cmp2-ord1.steamserver.net tcp
US 8.8.8.8:53 cmp2-dfw1.steamserver.net udp
US 155.133.253.52:27018 cmp2-dfw1.steamserver.net tcp
US 172.67.141.155:443 smailpro.com udp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.23.210.82:80 e5.o.lencr.org tcp
US 8.8.8.8:53 app.sonjj.com udp
US 172.67.211.113:443 app.sonjj.com tcp
US 8.8.8.8:53 75.193.254.162.in-addr.arpa udp
US 8.8.8.8:53 50.227.133.155.in-addr.arpa udp
US 8.8.8.8:53 52.253.133.155.in-addr.arpa udp
US 8.8.8.8:53 p2p-ord1.discovery.steamserver.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 113.211.67.172.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 66.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 216.58.213.14:443 fundingchoicesmessages.google.com tcp
GB 216.58.213.14:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 216.58.213.1:443 lh3.googleusercontent.com tcp
GB 216.58.213.14:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 142.250.200.34:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.200.34:443 ep1.adtrafficquality.google tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.179.225:443 ep2.adtrafficquality.google tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.179.250.142.in-addr.arpa udp
GB 142.250.179.225:443 ep2.adtrafficquality.google tcp
GB 142.250.179.225:443 ep2.adtrafficquality.google udp
US 172.67.211.113:443 app.sonjj.com udp
GB 142.250.200.34:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 151.101.65.229:443 cdn.jsdelivr.net udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 www.temposearch.com udp
NL 81.171.31.78:443 www.temposearch.com tcp
NL 81.171.31.78:443 www.temposearch.com tcp
NL 81.171.31.78:443 www.temposearch.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 afs.googleusercontent.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 csi.gstatic.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
GB 142.250.180.4:443 www.google.com tcp
US 216.239.32.3:443 csi.gstatic.com tcp
GB 216.58.213.1:443 afs.googleusercontent.com tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 partner.googleadservices.com udp
GB 216.58.212.206:443 syndicatedsearch.goog tcp
GB 216.58.212.206:443 syndicatedsearch.goog tcp
GB 216.58.212.206:443 syndicatedsearch.goog tcp
GB 142.250.180.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 3bde6f0a88f40217cf2e24602caab1e2.safeframe.googlesyndication.com udp
GB 216.58.213.1:443 3bde6f0a88f40217cf2e24602caab1e2.safeframe.googlesyndication.com tcp
GB 216.58.212.206:443 syndicatedsearch.goog udp
GB 216.58.213.1:443 3bde6f0a88f40217cf2e24602caab1e2.safeframe.googlesyndication.com tcp
GB 216.58.213.1:443 3bde6f0a88f40217cf2e24602caab1e2.safeframe.googlesyndication.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 200.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 78.31.171.81.in-addr.arpa udp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
US 216.239.32.3:443 csi.gstatic.com udp
GB 142.250.180.10:443 content-autofill.googleapis.com tcp
US 8.8.4.4:443 dns.google udp
US 23.192.21.216:443 tcp
GB 2.19.117.22:443 tcp
GB 2.19.117.22:443 tcp
GB 2.19.117.22:443 tcp
GB 2.19.117.22:443 tcp
GB 2.19.117.22:443 tcp
US 104.19.229.21:443 udp
US 8.8.8.8:53 216.21.192.23.in-addr.arpa udp
US 8.8.8.8:53 22.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 21.229.19.104.in-addr.arpa udp
GB 2.19.117.22:443 tcp
GB 2.19.117.22:443 tcp
GB 142.250.200.14:443 tcp
NL 74.125.8.200:443 udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.8.125.74.in-addr.arpa udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 104.19.229.21:443 udp
US 104.19.229.21:443 udp
US 8.8.4.4:443 dns.google udp
GB 216.58.201.99:443 tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
US 8.8.8.8:53 p2p-ord1.discovery.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
US 8.8.8.8:53 ext2-maa2.steamserver.net udp
IN 155.133.225.21:27030 ext2-maa2.steamserver.net tcp
IN 155.133.225.21:27019 ext2-maa2.steamserver.net tcp
IN 155.133.225.21:443 ext2-maa2.steamserver.net tcp
US 8.8.8.8:53 cmp2-sgp1.steamserver.net udp
SG 103.10.124.5:27020 cmp2-sgp1.steamserver.net tcp
US 8.8.8.8:53 21.225.133.155.in-addr.arpa udp
US 8.8.8.8:53 5.124.10.103.in-addr.arpa udp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 2.23.210.75:80 e6.o.lencr.org tcp
SG 103.10.124.5:27018 cmp2-sgp1.steamserver.net tcp
US 8.8.8.8:53 cmp3-hkg1.steamserver.net udp
HK 103.28.54.102:27020 cmp3-hkg1.steamserver.net tcp
US 8.8.8.8:53 cmp1-hkg1.steamserver.net udp
HK 103.28.54.100:27019 cmp1-hkg1.steamserver.net tcp
SG 103.10.124.5:443 cmp2-sgp1.steamserver.net tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.23.210.75:80 e5.o.lencr.org tcp
HK 103.28.54.100:443 cmp1-hkg1.steamserver.net tcp
US 8.8.8.8:53 75.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 102.54.28.103.in-addr.arpa udp
US 8.8.8.8:53 100.54.28.103.in-addr.arpa udp
US 8.8.8.8:53 ext2-bom2.steamserver.net udp
IN 155.133.224.23:27033 ext2-bom2.steamserver.net tcp
US 8.8.8.8:53 cmp1-fra2.steamserver.net udp
IN 155.133.224.23:443 ext2-bom2.steamserver.net tcp
US 155.133.229.4:27023 cmp1-fra2.steamserver.net tcp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 4.229.133.155.in-addr.arpa udp
US 8.8.8.8:53 23.224.133.155.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.10:443 content-autofill.googleapis.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 e2c57.gcp.gvt2.com udp
IT 35.219.224.178:443 e2c57.gcp.gvt2.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 216.58.213.14:443 fundingchoicesmessages.google.com udp
GB 172.217.169.35:443 beacons.gvt2.com tcp
GB 216.58.201.99:443 udp
GB 216.58.213.14:443 fundingchoicesmessages.google.com udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
GB 142.250.179.225:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 178.224.219.35.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 s0.2mdn.net udp
GB 172.217.16.230:443 s0.2mdn.net tcp
GB 172.217.16.230:443 s0.2mdn.net tcp
US 8.8.8.8:53 store.cloudflare.steamstatic.com udp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
GB 172.217.16.230:443 s0.2mdn.net udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 ib.adnxs.com udp
NL 185.89.211.84:443 ib.adnxs.com tcp
US 172.64.151.101:443 dsum-sec.casalemedia.com tcp
GB 142.250.178.2:443 cm.g.doubleclick.net tcp
GB 142.250.178.2:443 cm.g.doubleclick.net tcp
US 172.64.151.101:443 dsum-sec.casalemedia.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
GB 142.250.178.2:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 230.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 151.145.64.172.in-addr.arpa udp
US 8.8.8.8:53 38.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 84.211.89.185.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
GB 2.19.117.27:443 store.akamai.steamstatic.com tcp
GB 2.19.117.27:443 store.akamai.steamstatic.com tcp
GB 2.19.117.27:443 store.akamai.steamstatic.com tcp
GB 2.19.117.27:443 store.akamai.steamstatic.com tcp
GB 2.19.117.27:443 store.akamai.steamstatic.com tcp
GB 2.19.117.27:443 store.akamai.steamstatic.com tcp
GB 2.19.117.27:443 store.akamai.steamstatic.com tcp
GB 2.19.117.27:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 27.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google udp
GB 2.19.117.23:443 tcp
US 8.8.8.8:53 23.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 client-update.steamstatic.com udp
US 151.101.67.52:443 client-update.steamstatic.com tcp
US 8.8.8.8:53 r10.o.lencr.org udp
GB 2.23.210.82:80 r10.o.lencr.org tcp
N/A 10.127.255.255:27036 udp
US 8.8.8.8:53 clientconfig.akamai.steamstatic.com udp
GB 2.19.117.14:80 clientconfig.akamai.steamstatic.com tcp
US 8.8.8.8:53 14.117.19.2.in-addr.arpa udp
GB 2.19.117.14:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.117.14:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.117.14:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.117.14:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.117.14:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.117.14:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.117.14:80 clientconfig.akamai.steamstatic.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 shared.steamstatic.com udp
US 8.8.8.8:53 steamstore-a.akamaihd.net udp
US 151.101.131.52:443 shared.steamstatic.com tcp
GB 2.19.117.22:443 steamstore-a.akamaihd.net tcp
US 151.101.131.52:443 shared.steamstatic.com tcp
US 151.101.131.52:443 shared.steamstatic.com tcp
GB 2.19.117.22:443 steamstore-a.akamaihd.net tcp
US 8.8.8.8:53 cdn.steamstatic.com udp
GB 2.19.117.22:443 steamstore-a.akamaihd.net tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 2.23.210.82:80 r11.o.lencr.org tcp
US 8.8.8.8:53 steamcommunity.com udp
GB 104.82.234.109:443 steamcommunity.com tcp
GB 104.82.234.109:443 steamcommunity.com tcp
US 8.8.8.8:53 52.131.101.151.in-addr.arpa udp
GB 2.19.117.4:443 tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 4.117.19.2.in-addr.arpa udp
GB 104.82.234.109:443 steamcommunity.com tcp
N/A 127.0.0.1:27060 tcp
GB 104.82.234.109:443 steamcommunity.com tcp
GB 2.19.117.13:443 tcp
GB 2.19.117.13:443 tcp
US 8.8.8.8:53 13.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 shared.steamstatic.com udp
US 151.101.195.52:443 shared.steamstatic.com tcp
US 151.101.195.52:443 shared.steamstatic.com tcp
US 151.101.195.52:443 shared.steamstatic.com tcp
GB 2.19.117.27:443 steamstore-a.akamaihd.net tcp
GB 2.19.117.29:443 tcp
GB 2.19.117.27:443 steamstore-a.akamaihd.net tcp
GB 2.19.117.29:443 tcp
GB 2.19.117.27:443 steamstore-a.akamaihd.net tcp
US 8.8.8.8:53 52.195.101.151.in-addr.arpa udp
GB 2.19.117.27:443 steamstore-a.akamaihd.net tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 8.8.8.8:53 29.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 cdn.steamstatic.com udp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 shared.steamstatic.com udp
US 8.8.8.8:53 steamstore-a.akamaihd.net udp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
GB 2.19.117.19:443 tcp
US 8.8.8.8:53 52.3.101.151.in-addr.arpa udp
GB 2.19.117.19:443 tcp
US 8.8.8.8:53 19.117.19.2.in-addr.arpa udp
GB 2.19.117.20:443 tcp
GB 2.19.117.20:443 tcp
US 8.8.8.8:53 20.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 clientconfig.akamai.steamstatic.com udp
US 151.101.67.52:443 shared.steamstatic.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 8.8.8.8:53 lancache.steamcontent.com udp
US 8.8.8.8:53 cache13-lhr1.steamcontent.com udp
GB 162.254.196.23:443 cache13-lhr1.steamcontent.com tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.23.210.82:80 e5.o.lencr.org tcp
US 8.8.8.8:53 cache1-lhr1.steamcontent.com udp
GB 162.254.196.8:443 cache1-lhr1.steamcontent.com tcp
US 8.8.8.8:53 23.196.254.162.in-addr.arpa udp
US 8.8.8.8:53 8.196.254.162.in-addr.arpa udp
US 8.8.8.8:53 cache16-lhr1.steamcontent.com udp
GB 162.254.196.26:443 cache16-lhr1.steamcontent.com tcp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 2.23.210.75:80 e6.o.lencr.org tcp
US 8.8.8.8:53 26.196.254.162.in-addr.arpa udp
GB 162.254.196.26:443 cache16-lhr1.steamcontent.com tcp
GB 162.254.196.26:443 cache16-lhr1.steamcontent.com tcp
GB 162.254.196.26:443 cache16-lhr1.steamcontent.com tcp
US 8.8.8.8:53 cache11-lhr1.steamcontent.com udp
GB 162.254.196.18:443 cache11-lhr1.steamcontent.com tcp
US 8.8.8.8:53 18.196.254.162.in-addr.arpa udp
US 8.8.8.8:53 steamcloud-eu-ams.storage.googleapis.com udp
GB 216.58.213.27:443 steamcloud-eu-ams.storage.googleapis.com tcp
US 8.8.8.8:53 cache7-lhr1.steamcontent.com udp
US 8.8.8.8:53 27.213.58.216.in-addr.arpa udp
GB 162.254.196.6:443 cache7-lhr1.steamcontent.com tcp
US 8.8.8.8:53 6.196.254.162.in-addr.arpa udp
US 8.8.8.8:53 lancache.steamcontent.com udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.187.195:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.187.227:80 o.pki.goog tcp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 vrchub.site udp
US 172.67.204.5:443 vrchub.site tcp
US 172.67.204.5:443 vrchub.site tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 172.67.204.5:443 vrchub.site udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 csi.gstatic.com udp
US 142.251.107.94:443 csi.gstatic.com udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 5.204.67.172.in-addr.arpa udp
US 8.8.8.8:53 94.107.251.142.in-addr.arpa udp
US 8.8.8.8:53 software.vrchub.site udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 lancache.steamcontent.com udp
US 8.8.4.4:443 dns.google udp
US 8.8.8.8:53 video.akamai.steamstatic.com udp
US 8.8.8.8:53 video.akamai.steamstatic.com udp
GB 2.19.117.35:443 video.akamai.steamstatic.com tcp
GB 2.19.117.35:443 video.akamai.steamstatic.com tcp
US 8.8.8.8:53 35.117.19.2.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 lancache.steamcontent.com udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.4.4:443 dns.google udp
GB 104.82.234.109:443 steamcommunity.com tcp
GB 104.82.234.109:443 steamcommunity.com tcp
GB 2.19.117.13:443 tcp
GB 2.19.117.13:443 tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 8.8.8.8:53 vrchub.site udp
US 104.21.77.37:443 vrchub.site tcp
US 8.8.8.8:53 37.77.21.104.in-addr.arpa udp
US 8.8.8.8:53 api.vrchub.site udp
US 172.67.204.5:443 api.vrchub.site tcp
US 8.8.8.8:53 datapacks.vrchub.site udp
US 104.21.77.37:443 datapacks.vrchub.site tcp
US 8.8.8.8:53 software.vrchub.site udp
US 172.67.204.5:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 8.8.8.8:53 api.segment.io udp
US 34.223.74.168:443 api.segment.io tcp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 modules-cdn.eac-prod.on.epicgames.com udp
FR 52.222.201.96:443 modules-cdn.eac-prod.on.epicgames.com tcp
US 8.8.8.8:53 96.201.222.52.in-addr.arpa udp
N/A 127.0.0.1:56144 tcp
N/A 127.0.0.1:56146 tcp
US 8.8.8.8:53 gossip.easyanticheat.net udp
IE 52.51.109.253:443 gossip.easyanticheat.net tcp
US 8.8.8.8:53 api.epicgames.dev udp
US 44.199.1.61:443 api.epicgames.dev tcp
US 8.8.8.8:53 datarouter.ol.epicgames.com udp
US 54.208.220.37:443 datarouter.ol.epicgames.com tcp
US 8.8.8.8:53 253.109.51.52.in-addr.arpa udp
US 8.8.8.8:53 api.epicgames.dev udp
US 18.215.87.180:443 api.epicgames.dev tcp
US 8.8.8.8:53 61.1.199.44.in-addr.arpa udp
US 8.8.8.8:53 37.220.208.54.in-addr.arpa udp
N/A 127.0.0.1:56213 tcp
N/A 127.0.0.1:56215 tcp
US 8.8.8.8:53 180.87.215.18.in-addr.arpa udp
FR 52.222.201.79:443 modules-cdn.eac-prod.on.epicgames.com tcp
US 8.8.8.8:53 79.201.222.52.in-addr.arpa udp
N/A 127.0.0.1:56296 tcp
N/A 127.0.0.1:56298 tcp
US 8.8.8.8:53 gossip.easyanticheat.net udp
IE 52.208.91.56:443 gossip.easyanticheat.net tcp
US 8.8.8.8:53 api.epicgames.dev udp
US 52.44.234.237:443 api.epicgames.dev tcp
US 8.8.8.8:53 datarouter.ol.epicgames.com udp
US 52.2.171.86:443 datarouter.ol.epicgames.com tcp
US 8.8.8.8:53 56.91.208.52.in-addr.arpa udp
US 8.8.8.8:53 237.234.44.52.in-addr.arpa udp
US 8.8.8.8:53 86.171.2.52.in-addr.arpa udp
US 18.215.87.180:443 api.epicgames.dev tcp
N/A 127.0.0.1:56335 tcp
N/A 127.0.0.1:56337 tcp
US 8.8.8.8:53 config.uca.cloud.unity3d.com udp
US 34.111.113.40:443 config.uca.cloud.unity3d.com tcp
US 8.8.8.8:53 api.vrchat.cloud udp
US 104.18.26.36:443 api.vrchat.cloud tcp
US 8.8.8.8:53 40.113.111.34.in-addr.arpa udp
US 8.8.8.8:53 cdp.cloud.unity3d.com udp
US 34.107.172.168:443 cdp.cloud.unity3d.com tcp
US 8.8.8.8:53 files.vrchat.cloud udp
US 8.8.8.8:53 36.26.18.104.in-addr.arpa udp
US 8.8.8.8:53 168.172.107.34.in-addr.arpa udp
N/A 127.0.0.1:56374 tcp
N/A 127.0.0.1:56386 tcp
N/A 127.0.0.1:56402 tcp
N/A 127.0.0.1:56428 tcp
N/A 127.0.0.1:56441 tcp
US 8.8.8.8:53 steamcommunity.com udp
GB 104.82.234.109:443 steamcommunity.com tcp
GB 104.82.234.109:443 steamcommunity.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
N/A 127.0.0.1:49245 tcp
US 23.192.21.216:443 store.steampowered.com tcp
GB 2.19.117.4:443 tcp
N/A 127.0.0.1:49228 tcp
GB 104.82.234.109:443 steamcommunity.com tcp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 api.segment.io udp
US 34.223.74.168:443 api.segment.io tcp
US 172.67.204.5:443 software.vrchub.site tcp
US 8.8.8.8:53 hdzero.mysellix.io udp
US 104.18.5.210:443 hdzero.mysellix.io tcp
US 104.18.5.210:443 hdzero.mysellix.io tcp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 50.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 210.5.18.104.in-addr.arpa udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 172.67.204.5:443 software.vrchub.site tcp
US 8.8.8.8:53 perf-events.cloud.unity3d.com udp
US 35.190.78.8:443 perf-events.cloud.unity3d.com tcp
US 8.8.8.8:53 8.78.190.35.in-addr.arpa udp
US 104.21.77.37:443 software.vrchub.site tcp
US 172.67.204.5:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 172.67.204.5:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 104.21.77.37:443 software.vrchub.site tcp
US 172.67.204.5:443 software.vrchub.site tcp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 clientconfig.akamai.steamstatic.com udp
GB 2.19.117.41:80 clientconfig.akamai.steamstatic.com tcp
US 8.8.8.8:53 41.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp

Files

C:\Users\Admin\AppData\Local\Temp\nscB21C.tmp\System.dll

MD5 a36fbe922ffac9cd85a845d7a813f391
SHA1 f656a613a723cc1b449034d73551b4fcdf0dcf1a
SHA256 fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0
SHA512 1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

C:\Users\Admin\AppData\Local\Temp\nscB21C.tmp\nsDialogs.dll

MD5 4e5bc4458afa770636f2806ee0a1e999
SHA1 76dcc64af867526f776ab9225e7f4fe076487765
SHA256 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0
SHA512 b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

C:\Users\Admin\AppData\Local\Temp\nscB21C.tmp\nsProcess.dll

MD5 08072dc900ca0626e8c079b2c5bcfcf3
SHA1 35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37
SHA256 bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8
SHA512 8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

C:\Program Files (x86)\Steam\Steam.exe

MD5 33bcb1c8975a4063a134a72803e0ca16
SHA1 ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA256 12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA512 13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

C:\Users\Admin\AppData\Local\Temp\nscB21C.tmp\nsExec.dll

MD5 2095af18c696968208315d4328a2b7fe
SHA1 b1b0e70c03724b2941e92c5098cc1fc0f2b51568
SHA256 3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226
SHA512 60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

C:\Program Files (x86)\Steam\bin\SteamService.exe

MD5 ba0ea9249da4ab8f62432617489ae5a6
SHA1 d8873c5dcb6e128c39cf0c423b502821343659a7
SHA256 ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d
SHA512 52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

MD5 0340d1a0bbdb8f3017d2326f4e351e0a
SHA1 90d078e9f732794db5b0ffeb781a1f2ed2966139
SHA256 0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544
SHA512 9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt

MD5 66456d2b1085446a9f2dbd9e4632754b
SHA1 8da6248b57e5c2970d853b8d21373772a34b1c28
SHA256 c4f821a4903c4e7faea2931c7fb1cf261eba06a9840c78fdca689f5c784c06c4
SHA512 196c2282ba13715709ece706c9219fe70c05dd295840082e7d901b9e5592e74b1bb556782181cdbe35bd1ab0d6197fef67258b09491fabc6f27606dbed667d49

C:\Program Files (x86)\Steam\public\steambootstrapper_vietnamese.txt

MD5 f350c8747d77777f456037184af9212c
SHA1 753d8c260b852a299df76c4f215b0d2215f6a723
SHA256 15b6a564e05857a3d2fd6eec85a5a30c491a7553d15ffc025156b3665b919185
SHA512 efb86809a0b357b4fcd3ba2770c97d225d0f4d9fb7430c515e847c3dd77ee109def4bef11b650b9773c17050e618008fc03377638c1db3393ac780b5b0bc31b2

C:\Program Files (x86)\Steam\public\steambootstrapper_ukrainian.txt

MD5 cadd7a2f359b22580bdd6281ea23744d
SHA1 e82e790a7561d0908aee8e3b1af97823e147f88b
SHA256 3dd0edfbe68236e668fb308f92fe7c6493dbb05bfca85a48de93588f479ccc99
SHA512 53672dd13e6ccbe96f6d4a61297c595b6d6cba8de92caa51ccf8ab1d8a82eea5a425eab348f295b9ec27de0026ef849d9230f751a46e040be8863923f91b8519

C:\Program Files (x86)\Steam\public\steambootstrapper_turkish.txt

MD5 29f9a5ab4adfae371bf980b82de2cb57
SHA1 6f7ef52a09b99868dd7230f513630ffe473eddf8
SHA256 711675edb20b3cb70acf6cf75f2eea8e0d87c8ace3e11c8df362b4517427a34f
SHA512 543fe63f791250e05e8fda24fd2ceadebb4c8925e8927de49ae490895c87eed3e61a9ad50237532649f99fe3165836261de215ee3f66ffbfc6d677ddeea7732a

C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt

MD5 53f7e8ac1affb04bf132c2ca818eb01e
SHA1 bffc3e111761e4dc514c6398a07ffce8555697f6
SHA256 488294b7faff720dc3ab5a72e0607761484c678b96d6bcd6aad9ee2388356a83
SHA512 c2e79c2505a6fd075df113ffce92ad42c146424ca39087601daa4ed15a2b5528d478a093921d9d8a738c7b6b963275a0693ebe526b6e2135d14ced03639d0e70

C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt

MD5 194a73f900a3283da4caa6c09fefcb08
SHA1 a7a8005ca77b9f5d9791cb66fcdf6579763b2abb
SHA256 5e4f2de5ee98d5d76f5d76fb925417d6668fba08e89f7240f923f3378e3e66f6
SHA512 25842535c165d48f4cf4fa7fd06818ec5585cc3719eff933f5776a842713d7adb5667c3b9b1a122a1152450e797535fc7a8e97ebdd31c14b4d4900a33ede01f3

C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt

MD5 b2248784049e1af0c690be2af13a4ef3
SHA1 aec7461fa46b7f6d00ff308aa9d19c39b934c595
SHA256 4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690
SHA512 f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c

C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt

MD5 56dcf7b68f70826262a6ffaffe6b1c49
SHA1 12e4272ba0e4eabc610670cdc6941f942da1eb6a
SHA256 948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f
SHA512 c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2

C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt

MD5 e04ad6c236b6c61fc53e2cb57ced87e8
SHA1 e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4
SHA256 08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e
SHA512 0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt

MD5 6367f43ea3780c4ee166454f5936b1a8
SHA1 027a2c24c8320458c49cd78053f586cb4d94ee6f
SHA256 f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998
SHA512 31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32

C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt

MD5 eb8926608c5933f05a3f0090e551b15d
SHA1 a1012904d440c0e74dad336eac8793ac110f78f8
SHA256 2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04
SHA512 9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

MD5 9b0b0e82f753cc115d87c7199885ad1b
SHA1 5743a4ab58684c1f154f84895d87f000b4e98021
SHA256 0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32
SHA512 b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

MD5 58e0fcbee3cca4ef61b97928cfe89535
SHA1 1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b
SHA256 c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425
SHA512 99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

MD5 7913f3f33839e3af9e10455df69866c2
SHA1 15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25
SHA256 05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c
SHA512 534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

MD5 202b825d0ef72096b82db255c4e747fa
SHA1 3a3265e5bbaa1d1b774195a3858f29cea75c9e75
SHA256 3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314
SHA512 e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

MD5 7e1d15fc9ba66a868c5c6cb1c2822f83
SHA1 bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7
SHA256 fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265
SHA512 0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

MD5 8958371646901eac40807eeb2f346382
SHA1 55fb07b48a3e354f7556d7edb75144635a850903
SHA256 b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585
SHA512 14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

MD5 1514d082b672b372cdfb8dd85c3437f1
SHA1 336a01192edb76ae6501d6974b3b6f0c05ea223a
SHA256 3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4
SHA512 4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

MD5 18aaaf5ffcdd21b1b34291e812d83063
SHA1 aa9c7ae8d51e947582db493f0fd1d9941880429f
SHA256 1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5
SHA512 4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

MD5 189ba063d1481528cbd6e0c4afc3abaa
SHA1 40bdd169fcc59928c69eea74fd7e057096b33092
SHA256 c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695
SHA512 ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

MD5 5c026fd6072a7c5cf31c75818cddedec
SHA1 341aa1df1d034e6f0a7dff88d37c9f11a716cae6
SHA256 0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382
SHA512 f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

MD5 10c429eb58b4274af6b6ef08f376d46c
SHA1 af1e049ddb9f875c609b0f9a38651fc1867b50d3
SHA256 a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13
SHA512 d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

MD5 9e62fc923c65bfc3f40aaf6ec4fd1010
SHA1 8f76faff18bd64696683c2a7a04d16aac1ef7e61
SHA256 8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7
SHA512 c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

MD5 da6cd2483ad8a21e8356e63d036df55b
SHA1 0e808a400facec559e6fbab960a7bdfaab4c6b04
SHA256 ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6
SHA512 06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

MD5 31a29061e51e245f74bb26d103c666ad
SHA1 271e26240db3ba0dcffc10866ccfcfa1c33cf1cc
SHA256 56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192
SHA512 f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

MD5 03b664bd98485425c21cdf83bc358703
SHA1 0a31dcfeb1957e0b00b87c2305400d004a9a5bdb
SHA256 fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115
SHA512 4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

MD5 2158881817b9163bf0fd4724d549aed4
SHA1 c500f2e8f47a11129114ee4f19524aee8fecc502
SHA256 650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7
SHA512 f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

MD5 4c81277a127e3d65fb5065f518ffe9c2
SHA1 253264b9b56e5bac0714d5be6cade09ae74c2a3a
SHA256 76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9
SHA512 be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

C:\Users\Admin\AppData\Local\Temp\nscB21C.tmp\modern-wizard.bmp

MD5 3614a4be6b610f1daf6c801574f161fe
SHA1 6edee98c0084a94caa1fe0124b4c19f42b4e7de6
SHA256 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b
SHA512 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

C:\Users\Admin\AppData\Local\Temp\nscB21C.tmp\StdUtils.dll

MD5 db11ab4828b429a987e7682e495c1810
SHA1 29c2c2069c4975c90789dc6d3677b4b650196561
SHA256 c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376
SHA512 460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

MD5 577b7286c7b05cecde9bea0a0d39740e
SHA1 144d97afe83738177a2dbe43994f14ec11e44b53
SHA256 983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824
SHA512 8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

MD5 00bf35778a90f9dfa68ce0d1a032d9b5
SHA1 de6a3d102de9a186e1585be14b49390dcb9605d6
SHA256 cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2
SHA512 342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

\??\pipe\crashpad_7780_YXVZOFYSETUXTAGA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

MD5 836dd6b25a8902af48cd52738b675e4b
SHA1 449347c06a872bedf311046bca8d316bfba3830b
SHA256 6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64
SHA512 6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

C:\Users\Admin\AppData\Local\Temp\scoped_dir7780_1431819758\20b83c73-8a48-428a-96db-7c46e2db105f.tmp

MD5 da75bb05d10acc967eecaac040d3d733
SHA1 95c08e067df713af8992db113f7e9aec84f17181
SHA256 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2
SHA512 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0c98132e362bc21df98d222b401f80b3
SHA1 b61ec41ad32fe3f8cfc1087ffab99cfd80c37cf8
SHA256 0bbcd7acde49e6a12b25a6b8115b2a97e2dded3418c759c1f7c63980d35a63ae
SHA512 677cd236af66f1075e79598d7f4277e63ddbbd2d9d6abfa291585c908b90c074aaa407f989c8ea86e47d395c52f819475ee9396e3cae2431b9b63ee0904d6d33

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0f2a60e57731d7a4ff88baa3aed5783d
SHA1 ea03e1ad0911079c8de8b3c32808fc636a2a042e
SHA256 fecb8ce4394e4f5a1c51abb418e88f47dd7a25a66468fc2cc0ed1c6f2d799987
SHA512 876afba73f6a629f07b93a1d0225ad06438f3a735545299210ac24c7dc0d196cf52dafa1299bbdd60fc002aa4436aba58dc7e4bf5a9e131803549619667b6cfe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 14adbd47827dbf5e8874be31d3240920
SHA1 03633b81e32e6dffe06505bb905a321b292e3e9e
SHA256 d55c628b280065c0e04c70be22bb96fddfc67a183c80458a4f347a93eb3aa35c
SHA512 0b3dee05322b7b41d539d99eba6efec0e049acc08eda014fd6ca37e161d7d932102e91169592f91d455d82babd76e23a688c9a19838db0adf1b35fa52ac1a9a7

C:\Users\Admin\AppData\Local\Temp\scoped_dir7780_1431819758\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f2e51c1a0a05bbc6e9bde85235aaad2e
SHA1 615880af70ce87f22f17bbe9ea757333a4f6f73d
SHA256 603a62c54354221f0bd466f5c6308ee0d9e19a67a5119a6ea535fab8c9f76e46
SHA512 f0b9fa5ee9927e2876a8561d8dda82e2d80ac8ec56d7c0af426e4f913e8bf0876414c3d8c0773387b625f480b68ac1e8a5610baaff07b3cc16a1a1f93aae7676

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 44836f9d62ae8f03c2382b102ab2e182
SHA1 c74e3a52f36fa1f55932fe8007a593255ae912fa
SHA256 5ac7e376cc67f9aa58a66c1a69e496afc1b2c55233a7971401c0254a04d24e88
SHA512 6778bc95d40adaa7f2f5d889ead597ea361cc864011fe0fff2a8895aa12dd8f6e1b973224ea57cc872d317172f8acd6f984a4cf319419ef53352981ce051220c

C:\Program Files (x86)\Steam\steam.exe

MD5 52d06173e5995fdb588e56840ac7343d
SHA1 0e3a1de21cfa9652adec0e9385db153e494f07f0
SHA256 0ab4f7c0d72361c9c37c5ce59f1df39f1a138f258c380a9bc1328ce146651721
SHA512 7e6e0159afa4fd02d9bec216d6861e425cf44d15e2742c05454aeccf4408be36cb43d57ec89094e5ba64e25c1282f912a956a66e297ef8e62b130a809dcd5693

C:\Program Files (x86)\Steam\logs\bootstrap_log.txt

MD5 fccb8417c15bac43abce69702ef1ed21
SHA1 d8c331674f38734507c86b0ca47365b11eec1c06
SHA256 4e30e0f0a9b9cc75afbb177dcb3eb13318a9e7a28fb84f27adfb528c16fe4d4f
SHA512 4411eee86ced3a723e7ae6b903b4441cc675bd71c53a2a5c20c8b792d26c2334981676363eeaf76e790df0d21a16bc898cb8cd53c16caae2cc85d8a5d5dded77

C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

MD5 27993eb75894ca4894db266ad9b5e61b
SHA1 4def653ee04b0514822b690052598435ec25e686
SHA256 fbc09c1b9a55d04b57be8fb2ad5ab58b38f76054ecd3d1b70440a2d08191b05b
SHA512 eaebeee5b1a7dfb9bdf661623554793d7ef7e15d9f9cf01f94da1eb0b84b88c8f24176463d15c407ebf670c5b7fd4052daea33ba43e75c1de2979487c4987bab

memory/3504-12619-0x0000000000340000-0x00000000007F2000-memory.dmp

C:\Program Files (x86)\Steam\crashhandler.dll

MD5 020ad894f0395691f728e74614adbd96
SHA1 d9c479da05f8cd20f42842ab9c6cb76170feaced
SHA256 ed97c4061db76f43a87aab8c226a6be0a68bbdf9cb331b3974bb9eb3da60a399
SHA512 db6bcf95135da7c247e7750e469c806c75c96622c1f765989d13e09439e3d52d434137cf9322470ffe3ad19b0bfb38ad23f8f015063511e7c77525173e6ee8a2

C:\Program Files (x86)\Steam\package\steam_client_win32.manifest

MD5 b1a967b318030e275d3bf19635f17644
SHA1 ab036db9ca9c485e64333333d18b1b27655461b2
SHA256 5b1efdcd684821cf4d00e8fb4c7133d1e6a8b40d511c62c7e6fca6e3fa2c9e36
SHA512 eab0a2fa354481a8db92bf503437ed0d200e4727fb454834aab7f5125cebb901ee53b9bea44227b44bdbb3bb1280290699b4cf8fdbf3bbbef8b121c621d95a85

C:\Program Files (x86)\Steam\package\steam_client_metrics.bin

MD5 b1854227f1511ff11ad77c1c101d4caa
SHA1 fe8b2131d6c99ef574b799213c64528168ccf1bb
SHA256 2bdd2cda09567e8c42982f83582e8d18a0481673cb096721793dd089094c826d
SHA512 a37afe9c699bd173e502f98d24692998e368b1d55545a1a50a587f8f983b78b870e311eac9a65ce9d0b8ffff271eec7db02088cdaa256d0354a72a3fca9e2fa3

C:\Users\Admin\AppData\Local\Steam\htmlcache\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Steam\htmlcache\Shared Dictionary\cache\index-dir\temp-index

MD5 40ea7c3c7529ef6315cad8aa7bd2ae71
SHA1 35492520d50a06d4d3959b04627e44dadca1e8a0
SHA256 5d320233b3ceab0d7f5a62631a44905513035e6f233cca08eb721ebb1c256c50
SHA512 2c613ac57dc9d61ceb344ee521d8f1eed9f20db920002c0fe490c81c599b9fe9ade5037bdde3d66e8965c49328a62ed263a80795d39bbe0b691e97daf53be8c2

memory/1820-12667-0x00007FFCDE6B0000-0x00007FFCDE6B1000-memory.dmp

memory/1820-12666-0x00007FFCDE170000-0x00007FFCDE171000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Program Files (x86)\Steam\config\config.vdf

MD5 6e6a2b18264504cc084caa3ad0bfc6ae
SHA1 b177d719bd3c1bc547d5c97937a584b8b7d57196
SHA256 f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53
SHA512 74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

C:\Program Files (x86)\Steam\config\config.vdf~RFe590b8f.TMP

MD5 3cdebc58a05cdd75f14e64fb0d971370
SHA1 edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe
SHA256 661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7
SHA512 289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

C:\Program Files (x86)\Steam\config\config.vdf

MD5 a2ec2e91c3ef8c42e22c4887d032b333
SHA1 e2c738a2e9400535b74e2263c7e7d1ecefe575f2
SHA256 8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3
SHA512 b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dab3ed66dce2c8761a454591dd3c13f0
SHA1 b720995b8a312e1a91aebe3231f1f74a7b9897fa
SHA256 ff65ae4458cec8cc7537b554ea43b1f0f1b068469dff73eb0774af0fff6381a9
SHA512 fad032f7e0da3ecc2c2716e054b61f9bf7de332bfe86e6e669fbf80055117667198f7a5aa1da247caa057a9fc7dc6c8ce0325072b13676b16c967f60ee7910fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 725acd538cb612dbf3e27337ba98f73b
SHA1 c142eecbc64b89a8df06f237be8cf93f3690cb0f
SHA256 a4e5d0e249a6f594072179e603037d0fa3dd821d92bb8906ccc3c8db58379cd8
SHA512 37e19ce151abbcf2e12bc8a6f4fe66ed694f6a8d3f0856449a096500783e1bbc418753449ba289069b335dae67e52d93dab9624bbe68c78193d92e9bcae8be6b

C:\Program Files (x86)\Steam\config\config.vdf

MD5 1dc776f5f1d6e6afaa88496c7dec7bfd
SHA1 1a7d8100e45f001d9fdcd9bb30c5c73c4154d9f1
SHA256 3d4da4ab6daa76e36ecd53d743df10cb89703d3b8f5cd8eee7453d24fffea74d
SHA512 3dfcf05686a57f186a7c1e8a81d99b5f8fbab377e06553be0de6992862f7eaedd9f39af4053ddab5202bebd534812a107ba40930ac0da6593009438ac9926c99

memory/5644-12856-0x000000006E280000-0x000000006F5C1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 24dadc43f8a556a7637dcbca54ae3c59
SHA1 beaf9557361f8d3b919ccedcd9055048dc111e8e
SHA256 8d7487a0b55d0d0844409e5be36c862c031a3596144d583b852031f7ef6f3cf6
SHA512 bdd3bec4ed68abf2d824cd6df4724d5cab0a8e9cb1d31f7c0176376cbd3143a4c7cfeb0698aacbb8a6f6b62897e30b9b4f9a12af57c68566b9d7b845aabb7b53

memory/1820-12870-0x000001BDB3D80000-0x000001BDB40D5000-memory.dmp

memory/6208-12871-0x0000022FCFF00000-0x0000022FD0255000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9fc31c93a31bc372d861b8963dc6a39a
SHA1 0cbc1d31d8a7d3d0b46da4acee1b13765aa16c03
SHA256 20d448f128734a7b7bb4aeae3d0ba77f2209ed9875c3d5c4d423e49564630f62
SHA512 2c8863b9f9c0ee83df21da8b866cbfe5a43cea59c2f39ba376562621020a9228839bdc80e879548df79ddf1d61a70c0f5fe8a219f8c5dbab2fa40c01797fdc42

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b6e67a5ce3ddc4a7f9dba56484fc63c6
SHA1 e925bc5969be7617a104186aa36cd8d88aef607f
SHA256 71bfe9089465c6ca03d2bc302ae277788a155912ed859001a555185e0f4407f0
SHA512 8ef7ff06a16617dfc4c8a06285e97052db3e7d979820a41e89d9545d11e6829f359d942b4ed85e98f8ebaffc1bd5144227742a8a3464bfec553bf1ac858e3e4b

memory/5644-12957-0x000000006E280000-0x000000006F5C1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7375947e537dab6be9d815edb2a8f76f
SHA1 6e136b0e5de98b2cf6e7362866bf4528b3ac5be8
SHA256 bc08f01eee761c0641e090fcdba0f65dcb4f5b89508cbffa75aecd4163489360
SHA512 f77a0703cb8c7b5e71c25dc694404b7a463b66314881be827559f7c013bf29a2c61bfac6e49d019bffec8bf29763f81da8846db60036ac6eed8e972665962d08

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 38eecd6bb9ad36b6a4a2122f39f555c9
SHA1 02d8f1a675f9fb19515e77020e8fb3b273273e8f
SHA256 84bdf27bbc523ace528022c17550ed321e1c0355f659755798fdd70a504f9c6e
SHA512 64dbed48bb8a89cc80b78b4a70bb189142ab4acca8a293ec697057e373cda07f0b3f7be97babd7bd7cf3b98687c02e36c522c507f5fbb23192ee0b9dc650358b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5abb031fb78b2acc3a454b1ba5363165
SHA1 243302551d4f9d1a91948282a162e41ae5eb7d4a
SHA256 57e75337b6454cc6a06e41cd8f45b6ce19dd28d283aa4ce25bd26b5cc6f65c10
SHA512 a8840cc4a8747c283cc18d584ab158a3c3f6cf298d6d0f0ec3b568d750c5cc413157be763e708b15e4c594ee68dc8e959954306003a5af533ea8248205a40b46

memory/5644-13028-0x000000006E280000-0x000000006F5C1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bb381650f1684124df5f292b7c097403
SHA1 af47402b4dfb11c0434a2ab3a3b12e197221f692
SHA256 3f7bdff5f8e515b68635ca983b9a31bca5c698912b1fda1c11b2786b6ed0100c
SHA512 f241dc8b6bbd17f83b956a6533ac0cab7a5c3202dc30923d808ac96165b532b5b4fb8dcb9eba0a5e62bd5d5c192a1db91bb43098742e097a437df1f0d786dbe4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f12356a672558f3dc6dc7959fa1011ab
SHA1 1b5acbcbb64ac966a3b17334f4d330628922bf1e
SHA256 06fcd54baccbc52fe4bd3e10e659262a076fbbf2a7bba78924f33972bee685a6
SHA512 2762de1771b3e6dfa96be23148de14ff955c943c8ca17faa28e2f03e1419dc9a1e5d05a570f760ac6f8d388591596a5c917a82503168bbde16688365c4c82cbf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 75167e6ce984abb4a6a041010ec76fdd
SHA1 98f4c3f831a7cd2f534d3e202246a218f0dc59a8
SHA256 8bf84583ed836ffbcb6675f45fe430a03ee2b8c5a89b81d48519ea0f55e6c1e5
SHA512 1575699b2c84f1ed0e09f75687b295e6ccee8600a707fa46c704a5b683c2a0a9f5dde81e9c17f035c9e81cd33bb1ffc97db847e70851388579ebe4170c288d67

memory/5644-13074-0x000000006E280000-0x000000006F5C1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 eb758fbf0b0d4f66436b3aa806441777
SHA1 a835f3201c87ece230d6bee7c5d6a6b4e1cb1d65
SHA256 d8b556825288e5e665cc575453eb58c3cbbb02c58c617ab0cc6ddd7e56ee6272
SHA512 81d01783ede16166b4fc40f05dfc95d60ba4190d994c45fc335a06e3187365ad32173984dbc6c7a26c7321c2382fd23d75579809291795a02c84fc300d4505de

memory/5396-13195-0x000001C94EAD0000-0x000001C94EAD1000-memory.dmp

memory/5396-13197-0x000001C94EAD0000-0x000001C94EAD1000-memory.dmp

memory/5396-13196-0x000001C94EAD0000-0x000001C94EAD1000-memory.dmp

memory/5396-13200-0x000001C94EAD0000-0x000001C94EAD1000-memory.dmp

memory/5396-13199-0x000001C94EAD0000-0x000001C94EAD1000-memory.dmp

memory/5396-13204-0x000001C94EAD0000-0x000001C94EAD1000-memory.dmp

memory/5396-13203-0x000001C94EAD0000-0x000001C94EAD1000-memory.dmp

memory/5396-13202-0x000001C94EAD0000-0x000001C94EAD1000-memory.dmp

memory/5396-13198-0x000001C94EAD0000-0x000001C94EAD1000-memory.dmp

memory/5396-13201-0x000001C94EAD0000-0x000001C94EAD1000-memory.dmp

memory/5644-13208-0x000000006E280000-0x000000006F5C1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c27a19b203caef777cdcc051dc85a5b0
SHA1 360f365bb6ef7e331c29ebee99be882f33ae67c5
SHA256 8283db3c47c43804f06c0aed851cd49c74c8958246b2931d6d5761b47e7c1818
SHA512 6727791d29135648f67d2613d5635863dcb2ae209724aaf17bd5a22a061e2c4a15da009479ee5c237c8d9660a1423cff5323c3f09be8336a96abfb8da000df3b

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 24f3a1857da8e9099fd9a81d137dda75
SHA1 5e525bc3c71a6fed9d9b444f6d41a7477c6ca890
SHA256 24232015a1d9427b58fb7f28e913857b0ddee1260984f14dbcf5f0af3077e1c2
SHA512 b907f8b5c11a09d016048f24aafd2d861c77e133d4c9e836269b4944d12f31bc276cbe651d6d5231e572766cc5b3c37b0f68744a85ee72fa24312b510fe6a34b

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe59d874.TMP

MD5 c23d18e83043dec9022168bed520b6c8
SHA1 9b9a109e353858bd2bdf00d0d7e08a82e8ce3045
SHA256 f6490131e2dcf7d5942e90a77d187f53f47c5d8abcf7beb103bafaea5cd12270
SHA512 f3cb5d459fcf66383f3241d040ceaf4d7fcb4ebd59aaf4eb64967a41e6c190c3cd42bf5797abf13a3385ffce5dc5739934bd8e65b6ef3bd7f82d25f62d1e5622

memory/716-13236-0x0000017D6EE70000-0x0000017D6F1C5000-memory.dmp

memory/6036-13237-0x000001D5B7A90000-0x000001D5B7DE5000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2189686d12112ea3caed27ac41836b5c
SHA1 5037cfb78eb746f74c2a04e6443b9695eaf57a0b
SHA256 ec953c8428587e262b5f4eb5b3bf42d1d11d4d46f33e8fa86cc4627543b62da2
SHA512 ecb9c32688f83923e3fe91eaf0ed7b2a84252f21761ead2760488e4bf0b3b20471917f4c53c4988b5052232d450cc9d03127d5b2182b8f09e0627cc51353ca90

C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

MD5 602c49f9246967bdcff45b4f43cf2fb0
SHA1 4c5796e0c724bbd7a9244cc8a0fc9e8f40181f2d
SHA256 a3ad9649c1038078038be1abd591cdba73b4b4f5cf30e11bb6cb7a432b746114
SHA512 2f273c0dd0127071f4c768cfe7277c6efff84c1ef4f4271c1326db3658c84261794b106af3198717f349fbaaaf276163700bbb50ae20fe52ed0a88a192d46f77

C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe59e4e8.TMP

MD5 68b20851ccb9834d21fb32615e42bd43
SHA1 88fab935f0b9484994097c08f785e9ecb7d68127
SHA256 a954b528dd65ad6c4c2091fa32f17abdb7a49454ce88e10bb6c377734c70c26f
SHA512 dcb0771120c8fe35213d60e9abf4b242af807324759e3c99e9b2569c00a941d885d53ef6fadfe69e6b740e0b52a6008602605d643801190a2d29175a7d065e15

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 247e20c02ddf4a21c541b94365882a21
SHA1 5e148e7cf79ab29158b5429276465dbc4b0e4a97
SHA256 63cbb544dd9ab0f928a4e7813476399c5e8f77b4f0d1be943e5dbad02ed1c370
SHA512 af12b3943daad0c00fc76f280c7bcebff3424f64d261b626091f8a979438b6a10484e1c28dceff451dddddb7758909678cfa533ad87c1c1653c75491bdb052cf

memory/5644-13263-0x000000006E280000-0x000000006F5C1000-memory.dmp

memory/716-13267-0x0000017D6EE70000-0x0000017D6F1C5000-memory.dmp

memory/6036-13268-0x000001D5B7A90000-0x000001D5B7DE5000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b7310437a3f8979c0189e6c86d52d8e9
SHA1 7831f0a1c58124999df1c351cdcc8ee0dac8a1b6
SHA256 5f2f723087bd8b5ea0c0fd68802167730f8faf67e248eca7944d219702c2a843
SHA512 baddd98456e37d5e5de7d94be472fbd1587a77abc6c0d29c9d85074de5363428b82a22ca046f99ae4064c45bc2133806444239ee3a934264ef2ab44f70cdd683

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 5231d981149c0254cc195a4834f9658f
SHA1 717956bc88ae780865e21275f6a494dbe5697908
SHA256 99fb9dc2196b1bff14d96528cbcc73d5802bc3876eac5b7f42b40da626c5cfb8
SHA512 a65c7439e6e68df0843fd1cc12ed09bfae40807025fdeae550a17306422fc72dce98184537075d5fd313fb15e9506df695fdbda7565bfbf218579a5cb27865af

memory/5644-13287-0x000000006E280000-0x000000006F5C1000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

MD5 4804c67a7bc8153ff59b0807c3062d72
SHA1 827e4c6b25c3bd20139d8cf55e5c19311bf75ce2
SHA256 60f2885b872d78f8c84bc8abc2ac7a6d8f7db11e07cc4aeb0d1b35bf7cdbeb38
SHA512 d2c3b91fe4fd3a8c250c85b753e59ce9d656945c2f46623cc6641c29480a1143c388f0032d1ce1fea9b98d529f6efb5ad69f99bbb901288a347a606daaf4636d

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5a1936.TMP

MD5 64b3b9548a0640a743f9380db0e6110b
SHA1 dc7d069fad9908032b0eda3403212a8d973e6a3c
SHA256 13b2fba01fd388be26ece69243fc56f338b8cf4e02191d6c86704da5d1faf423
SHA512 6c89bc85b8d327fbdf557311239ed86606b0d545a880b86edd138776ef0a23777ca77d855a235499ce593585b7a308b5fc658dd7385e1d3adda4c0cca6896375

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 e279a93271cfd8644c23db0331d21655
SHA1 4a09a2f67ce4bdba0f5e7d414c3fbf6b65f4e75a
SHA256 0d57817ab4262a59e7aad454c94544f949f1e0fa20723fa21a6fd2849b76e2ec
SHA512 202a92fb433f40d28c051b7bd03b43ece99f08f838b7782deda810db146810110333cfd1dc4484b92b198fe4b353f6dfdfaa592a65ebb747786824d3b3160f83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f02ed6a84e75fc6efed28ab5ec83b239
SHA1 9fe550b7ab006214e2e1d46cfa7e3ecf3c25a084
SHA256 8a86ae5b35c01b22f9728819d25dde85edca018a887b8ee05e70754b9f4f3088
SHA512 9146e5e5c504f769d78ac25dcc7d79b19e30e217658535c7801944bf9dbb9b201cc6d0b66eafdcf02e5ae245d3a90fee4853098d08691680fc1349551042bd2f

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5a2ced.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 77b78933a52534ae79283db70ae8306b
SHA1 619d99a1fd48e759b077cdd3d24d542f99fa6b2b
SHA256 d9d681f542b0582e5f5e43eb96a89c4a67a2d0a59f88dab2b503646a848a4496
SHA512 7f008745cf8a27b8b0e14e963a6d8b7ba0cf765be1414cdb5c0ed5660368f067a3e1cc0f2cd4aba4b9bb33574223a349d2afdbf5ac0083bce3fadfb5837d1125

C:\Program Files (x86)\Steam\config\config.vdf

MD5 84cbab3211e164e99f3354d536bcf35b
SHA1 13b5f0d84606214b9b3ef871b42ead535c42be9d
SHA256 4633280aab743351f393756b24363e13f6543c93e3646397bc279adaea222330
SHA512 24b0c56fcdb065c288130378c0e8c611284648226bf4dce78bf9329e7288cffb65fb9784b5271a0482cba23999c9337ed3ef9ffe12e211a5e7c8dacb8110e9a7

memory/5644-13353-0x000000006E280000-0x000000006F5C1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 def2d2e0af8c3e436b55f2f658f78cd5
SHA1 ae90852b4171939fe03398809ac7787b53df6c02
SHA256 c101ffd0260dc0ce760a6a1ccbaca46dd0472a2808092cb186a9bd7dd3745ee0
SHA512 cc9623917649cb175714d0dad3494591a3c93128846c15aae971568edde99251d1079d954134d839369f0722ec8805151bacaf25d47a120fe656775de86a306d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 eb4ffd1dc7e1c8b60126a3df9c324f30
SHA1 b13d6e9c2502bf08546304881556b27f9bc489ae
SHA256 d53c382e9a28ddd52e0f0fe4272569d329bb59d23d48a96f8ea4295b682950f0
SHA512 e84f51620c812914f5e169d9f96a7cd05f789f19db8103b1cf6279d599f403dfe213f79a112ce837442053e0299a84721446718244e70762b9a04742c3673e96

C:\Program Files\chrome_Unpacker_BeginUnzipping5380_1163699812\manifest.json

MD5 2ff237adbc218a4934a8b361bcd3428e
SHA1 efad279269d9372dcf9c65b8527792e2e9e6ca7d
SHA256 25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827
SHA512 bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542

C:\Program Files\chrome_Unpacker_BeginUnzipping5380_1163699812\LICENSE

MD5 f6719687bed7403612eaed0b191eb4a9
SHA1 dd03919750e45507743bd089a659e8efcefa7af1
SHA256 afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59
SHA512 dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

memory/7576-13437-0x0000020BAFE70000-0x0000020BB01C5000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 faadcf8e5560b92714ce7b761dde2589
SHA1 5d9c9821f596422ae8578944708f3e28d77f29f1
SHA256 0640afcd97e6533478c36a8e0b03c79d0e5f144ac5debe63e4dab8df67447740
SHA512 f810ab293e402c384576ef1688d6b6604323f050774cec3188a76e5cb1d724753611945ba3a4da95bdd3ea29c52f6a6935201d168dc6923b808f689b2e3df5fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 3a8ad551ebf9122274a160d7a22100ac
SHA1 1bd2fcd6b86c37a717b387186e510de5c8a2ef2c
SHA256 4c1ee3e726da9b0dd3dae0c2ba58824daaf0e132d9ede9721a8c7dc190a4c099
SHA512 7d6f1986a535b21a45399d13024f28298fd74c4e0e08737b47df6050fdee324ebd7f86b912615287a4cf6d71597ac78805b3aed16c1da0f561c724648ed9e98e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a020658ad58cb5ececb259c777ea6287
SHA1 f8ea2dc3fa43b25ccd382242e4c81b3d53f109c6
SHA256 96c0e77c01e5dedfeb44d03941584886a7e2fef7c3cfe12dc9c6d51c212b9d67
SHA512 1b44719ea90643362f024882c0b9b7a6688f28ddb443c33e60760158ad9002ac6db98223fa1ea7120c0f00151aefd4ff7341de336e3357812de03f7cc05e0ce5

memory/5644-13514-0x000000006E280000-0x000000006F5C1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 19553067210f71536f54810fafe398c0
SHA1 373dd5ab49e66ba6ffbc79e146c2b9121df64df3
SHA256 b562536c1514371aecf5f7313bfdb21be74fe8feb4a39c4e9d6c86032df2ad0e
SHA512 941136c6bfc8fbdfc4c23879a2a60c5b7b1c72a1c47b1b013f9268c462370d26e7cb57a97e2de3081f590d187b44060014811c86e85128488dfd267abfc50acc

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000002

MD5 2fed1645b3d6857e061b7bc0d2850494
SHA1 4cceae6416b4275b18a172eb9dec60c16e874753
SHA256 bbe87edc7f708e4f75d90f09135220e03a29ca93730f30da17be4869d0a1a436
SHA512 b968593188c7558f41c9d809d027ae9b29a6fde2be2c5184a8c6bab579eb572be9a9df5b4a2ef4e15698a00377b36b839f80bbd9e4e7b2a401f528b9560452be

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000003

MD5 9fa060a599b0ee1912f2073ed59df3c8
SHA1 eaaeef616747d09506c6ed1d96901d2c8d1ad4e0
SHA256 7924474a8f327264982347dc932997ed49890ea4114925024ba678fba2d4e90c
SHA512 93837c0d1bf848ff603073bce6ac252f770a35fad094b294609682e11b04b463292c74c8440891e89741f28fa67a888ed6fdc1575fda99a3c2b6065ccc4e7b47

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 633d0280c3487195fd103c50d25e5fc2
SHA1 ee07b4920a889f16166fd7115ba541f2bc8d9664
SHA256 59d80a64a4e631bf1bdc5d8f87fa143297b1751e63dd229e9cf4fea1f84d1e35
SHA512 2bca03e0b723a49556e37099ad6278ca23ac0d93243af18f591fb66558517b98802faf0b7b83117c1d7258c7501b85a11f56ff20c3f555c155c484c8a822681f

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

MD5 6623063e8cc3991d6c79fb9f5917a080
SHA1 de20411ade4457c6a4506f4739d058d88bbf2890
SHA256 300eee3dd847a6fdb2035e2c376b9920c43e5b03597cca5980e163885f827f1c
SHA512 2184a311e582e9ae01bfa24358e8f662ecb923e576069592b5c219c7ec6ad25461ec3d5edd9e22756e9be61c46dac6eb7cab7f2f9334f8ec870f1bd3d7b4ea1d

memory/5644-13651-0x000000006E280000-0x000000006F5C1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1267d96bd1e5b7e882e15bc251a79675
SHA1 c392529b6b0b295af039d5ee292a34d608526db5
SHA256 7120f099203827ab90735a7a83be06d9a35169aee10b2facb8c680497cb36438
SHA512 962a10c479c21173e0480c3752d9b6f28031762d13b12fb99d326b6b459ea5f1ba9195e3f05291c0a33d77192351c727d19ae4fd595c9556482f66e21967e26f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b5d848a899cde336a8bdc253a21f1034
SHA1 90a1ce73e902d089e43dce00915e961525497a64
SHA256 bb9905cb976776cf8a90694c1ce8f4736ed1aa7a2e80495eaef4b8fb50af80d0
SHA512 aae2ec4a60bf4726b040932cbaece55e18eaf0ee98e608eb4ae3aa4e3058d28c92add2f55e658097999ba72cd6956955e1509ce8b2165756e0052e893d9ea073

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6011ce8824b43da4350686ac680dea67
SHA1 43c00b32ade73f0ac370c20a9da427b100b3b6cf
SHA256 a51a8a52be52bfcfd34070e566781e80f195415402737ec2661f99dedd1434d9
SHA512 975e55770f34561ad8d00d6c922035b59fa3a82e160f4ef4d97547f0a2fa0263acbb3b40b04a1fc970d916a71c67420764f2e0058d2a3ffc6c1a05e1dd9d0d53

memory/5644-13692-0x000000006E280000-0x000000006F5C1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 edac3e8c4237ae394a8ae62adad9976c
SHA1 635917307bc422bc441b099c0b1505aeb23483f9
SHA256 6af5196c4a99921aa76bd9feeac6be7c525d84c9092df2c1d352e631ab15e1e6
SHA512 c959eee59918dbf9d79aaf8f5957002d7d63032bb401c142a9b450463ecf74baca7d699fe1f32fc6b60d0f6bca5fc2aecff9f22afa4dca3646091fec52464f6d

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 0cb6901d97f1e3ed9397627f53e973a6
SHA1 057467106a69914edf9ef64fe825bc3a1acd2b4f
SHA256 cf243347b607a23eb68bc932d1ab501bd983bdba7d6040d64d268e5c2fe0e4f1
SHA512 f82076e0cca42d4ce289e6a64ac2cfc87b95e0c6abe87b846828d319fdb80a20c390d192bbde2c20bf6dbca58f130f3c4b5b6b7a1908eadca9073c0516d1e297

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 21382031c8dffb2becfc1d3de6b38ef7
SHA1 13af0fd1282c3f5595aedf4f5f68af953c866c4b
SHA256 7ac2b26c02f7f5b15d5ec2ff49f3d189046e75cb71ef29fb9ac58d9d763a5efa
SHA512 a7e73e3c5ddc20eac29f2f34189a30075968cb39f7166090f9ca514efcb49ccc031c870c67a2c879bd9932f6999c21aa9c6bc7a50017ee2fbcb39749e8481080

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 81d836bc9ccc833ba44b635cd4e22670
SHA1 17d9d7803d5fc47af6df5f5eca324b6ebe6748bc
SHA256 f956080869c8f90f6d3ab4f88f7045637e43ba6d122ed7e1e786f2225be275a1
SHA512 671579ee3f8d64a88b6eb583140996e114816df146d2c7296f4216da848dc15536aab15ca88fe506bced7115ca01a28d0e6edbdb4dce106bd461b4b8e7ea06c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a009546d29a0051be55948be99564f1e
SHA1 d69529563bb36cb8963dbccd8d9e27cc5a586682
SHA256 5c63c3631fff69bb811c6afa33f66c965c551fb664575f02feb3c623af372966
SHA512 7a5c64c00ec938d011aed61a5e13e73f0b61d395a37c72631e2cffb95019ec4c1bab75c10fe18a6b3dc54319aa90415399e1ef647a061ee03a5966fa68f07d59

C:\Program Files (x86)\Steam\userdata\1839625405\config\localconfig.vdf

MD5 b6629d40dbd79fc3d5dbf8b1bf1d2906
SHA1 3841abe4cf18b03f3b24041eb27d09cacdea878c
SHA256 cd2c95cf708ce7b8b24e890e80a9ed9cc683626996c6348d7b988e5c8f760bc5
SHA512 701bdd5372fd0486dcadc89a7e89268aeb039769dc10fcad249af69bdfc745e9fa077cfba8afa9c89968a3fc94c8b249b51db0afc9d5013131faab783bcf2e9d

C:\Program Files (x86)\Steam\userdata\1839625405\config\localconfig.vdf~RFe5af8a9.TMP

MD5 67a80d556d3e3d102e5b1af66f18457d
SHA1 fb8dc46c539800f018c273d8609c9a507cf573cc
SHA256 a9862e819d0e7e46682e712b1917c52598b4600c527cf1ab7900cb450b98950a
SHA512 028ecbb5dcd05d02edea591254c4095e79399f153c41bbfd46ce967ad76a9d411fc843cd7120215cc16fa5bcab47744c06231335d90391e5100ed2abd5c83076

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 d92181230f390b1c16f363ae765ea8a1
SHA1 afaae1d30d766099fad555d8dcbf2ce5f8997285
SHA256 046605772f97af2286f681aaac253225e8aaa5ab787d2d34ab221b50e409ec1e
SHA512 2acf183bb02c5be00497697ff092ab79b063bd24dbb78e04477eda1f4da682132864199328cdbd163bb93d5852947c62e11f3e73a9af34fc7e2fc88b168968ba

C:\Program Files (x86)\Steam\userdata\1839625405\config\localconfig.vdf

MD5 b3f75776fd8d044759ef335189e6d906
SHA1 abbb8a9b253b08c3a58f4e7355770c7385766869
SHA256 76af104db022b894388b103e231bff002d5cda3544f36c7146a20dbe2c6c53c3
SHA512 66af74f2bb73dd77cc303fbd8c5ecdb0241ea5f1ea2e61174edbde073d2005ae044ad68ee75d6f9f743d04ab0982fbe84fca1c5836d8f67d1b6693ef3dc9bd90

C:\Program Files (x86)\Steam\userdata\1839625405\7\remote\sharedconfig.vdf

MD5 68708327762cc976d8a5644885f0e426
SHA1 144f5dcce93dc374b1535db0dcd63ccab22d2178
SHA256 71e9aa671ce0ce62eb959318d5e8e5eef7fd41c653d22db497fee72a4f71dfd8
SHA512 7226991f245967c0d450cda00408462cbc64c73fda3621d941088beba78d862b8ef25fd3dfcc67f91ba13f945f6b80571a3a109c44453da3da3d2cb9c3b8e893

C:\Program Files (x86)\Steam\userdata\1839625405\config\localconfig.vdf

MD5 7f14b497099a0c114e2a7ba21feefa15
SHA1 30b745426014934177126d7f5d7da2f251fe2c11
SHA256 35d229d23a5c280fe1d53269b64ea95e92bab0d1207217ac1c9fb508665c2a95
SHA512 76643c7996ee740a7d2aa3d5b272ce571aa15152867392c529754f7e3cf42d3ceb0a73678177b5353741ad3fdf854e916a6833764cc396e893a1b85cd8370900

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 fdd89654f952b393b5d69819c741adb6
SHA1 1cb7475b9c220ab57bd692bf908034956d320783
SHA256 d7fc8f68fbeb8c10369b6e26733cb89d44bdc61d26e7324816fa46c13aa9f82a
SHA512 9977671fba5543455cb2ffabf17df61be0d641a283f31ae96fddb17774f95185fc0653a0ace6ea69dc7c9cbf2b76cdb22cf2528203806c89c9d63ace6af9ca47

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 e8e0987e4aa59b768b8da41d5f7972fb
SHA1 f6068f6d19a365bf68f9ccdb6a3cfba3ff47512e
SHA256 289244801e1cd3685dd5395f4b71658b619c3bb4e1be8a169679ef981f90d9fa
SHA512 0174a976472cc4ff5c8fb101f4cf9f10c04ef241088543e030f7d121f3b12e0128a6b571bbbbe34857fecababdd30fe1e4530ab3c1a32dfe6d46405777924709

C:\Program Files (x86)\Steam\userdata\1839625405\config\localconfig.vdf

MD5 b23e760aed49bab61ab84fc20d36a9bc
SHA1 35cdc4c8307c9c9c54cc1b1dcce72718a0a98cb6
SHA256 252e9dfbf7f44f556d22e430af2030a294406ea56ae51168282fdd01db9cccf0
SHA512 f107540540bc0db6bc9347806ec647c08918fdc922042dab8145c9a4f233af21ca4b1051efc2531c079c09639c6be4c0290602cab2310f0c5471e62c43c41b30

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 65b0779408325dd99a6281e6c656f38a
SHA1 c80b3cad1f5c29348c6ee18b0b7dc29a2db05c31
SHA256 80459ae253696201bd37ebcecb6562966573024e8e24e9d78e25ebb6c657c1f3
SHA512 b703c9eb731dd4f44ccbaf7fab9d9b24bc9a8b12dbcb3ac4f1e0b3dbf965a814b48d294b549e62ac1a2e22fec824d6ba551355bde3f0ed9d8f1b05970b8593db

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000006

MD5 e13edde4a25e96e573f37bdd11e020aa
SHA1 84a0c3cc6cd74b149cc27de2b0fe48bc2acb70d2
SHA256 45b526e6aa5356b278aa37e67593a25d09c9653e8a0e71fb8e155111d3b7a515
SHA512 9ba4cce47994f949731e594538f56f423ee46a8e602fe922ab6e1d173b87831ae5a80d967d695fc45a08b25aef5c494518b43cde6b4709db690e904b2cc1c053

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000004

MD5 ccca1d507e618047398d2b7925f6ccea
SHA1 107b142dfa77a1df956f8051b1569e7767d4a2e7
SHA256 f56b99fc2b763e22df8d023fb1d9dde3afa04c52560abfbf0fda5c75649c599f
SHA512 f1d40a2ae4369811f1fc44ade60b0321d42eaa1369f17ec998010470291c60b536e5a563bc01cefa3776b6aab3214c6e2c9b50234eae4b0fc70647df3212a37a

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000005

MD5 c5e39337f681f1c40f0efa29366109b6
SHA1 3df6cdfb2a6ef5d2e0b0b2832154986629dc3e70
SHA256 70707407660a3f4361c5b197db2be83f96fe74e2f1f95f0753e985ee30b7b84e
SHA512 f73d25aa88d2ff3bdfc4d569d20c327883b16600f76410c883e07eba51715cc65d8983cebfb681f2a0c6f888394749f9975ecbf5c9af428ec5f3e433874d6534

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 167b838878adac1e0fc90935cf597985
SHA1 1f782daa36f37b3bfe36fbd69e9aff46056f09cc
SHA256 7615741b6940cbfc71efd3091ec630e4c14aff4db80c76ac25cdef9ec7c9c329
SHA512 a89ec9eb5da94a2428b1c19f7e0e343d2a1e6a6ccfcfa1150211d4fdbac5159bd20fab4279c12e8f18d44e5447a9dd2399e024765341de2a6a196e1a9b39b2f7

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000007

MD5 c9e90bc8ec6a09d8a69f4a4dc6fe8b6a
SHA1 f099ace175891bb8b81eea2595bf8de8027bec6b
SHA256 8fa6b37e750ce1df8e880691ea6dcd4aa922b55a722aa0b1df8ed6302aaf723e
SHA512 c4bda62806935165c94191234b8782408876f1336279a26d58ab3a75f41c51433ad24516c0354a8a047c1e743c4fbb8989938b6a1ff29ae0585b3fd08230a497

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000008

MD5 029f7cc33ae75fc214f920e50ec8e1ed
SHA1 a9944bb45acaa6ff7481e33d1dae8720e660a0dc
SHA256 7afcb7387ce3e780abf62bbe0fb5746a01f4778d2f05ead46cf1b0380ce7d445
SHA512 e98ca79dc7fe5f16542f5e7d191b87e1081941dc94b39336eb36b5451d8573fb7dd243412af1eb3722c2a7b9147129b9ba2c1487449c27b78f3ce4895eb5c622

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000b

MD5 b507567f09861406425726176430b282
SHA1 ef31ff9a5a918797c76752018a667e29e415e580
SHA256 4390634070a440bead4ea3dc609984097da973983ac140b094149b4bbed1349f
SHA512 23e8a4e14a2a8608c817b88080fabce226ef7c280f5c87baa27780dc1307d60f75d215a91c3de6651f17e6df71219b3e51f2665ce9553c71f427a38e7c81d65b

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000c

MD5 6b7e9d2fca3a807995e65c6a12decc75
SHA1 f4a3e5d132c45cbbd0d065b748adcdb9a18a5e47
SHA256 f301268c5c18183b9460ee7d520564377a3c47ecd7dbe9926e4db054e33bd5bd
SHA512 d8ab7c2535353bc6ebbe9b2432bdce618ba3a9a759e413629dc94fb752e08e6d9ffe19871d1f4dc226a85320c4f91a0804dd2748d28cfe3964f5369bb269656e

C:\Program Files (x86)\Steam\userdata\1839625405\config\localconfig.vdf

MD5 a1e3910064cca2c427f0e0261371e027
SHA1 6e783fe8208bd522f99b2c6256bcaa438454be26
SHA256 9c8b3db71c0ce9990cc963931f8a442178bad49400e5f91557ae4fc34442f7ff
SHA512 f0fd18e19644c2db03765c3d53fb5e345e080902c2a37fda5c8fa70236354d409131fdac3bd5acf013c5233e422068f5f1ca9debb93661e8f4823fbb019b1dd4

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000e

MD5 1046f118e94b9be80b93c392ef392601
SHA1 7964bff232ba386ef811f90528a06ecae45e0ed9
SHA256 7562e901ec3a9d3b876691fbd4e13d72c7746641d91bda979f533994d106813d
SHA512 9a3c02be4a6792151728957bccb52003c8d14c8bd4be8ab69000ab2db372599e54b55241c74fcd1af1fac69403f4582c6497b9268146f3ff622c730e8fb0d2d2

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000f

MD5 23dccd50c1598cf87c321dd0e788e2e4
SHA1 4697f41531098e96b97de4ca6626fd86621efb1e
SHA256 167b5e3d2fc6a069ef986144f71f70ca1ed8c4332846757c8aa4792703420635
SHA512 00174629a41be7b3d69e0ef03041aab41adae416c39209934b8a9c3923350010ddf01ce8d37cedd6bd57769796b41ee3c18c1b393726988039b556416c20f676

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000010

MD5 9c4296981d7c3c8f68fdb015c70988ed
SHA1 58529bab31b3bba803b568d3d2bdc999d6224622
SHA256 b056d8d14fa59a3c0f743c90e6a89440e1cfddd5b8d020804e499594b63ec918
SHA512 d430833da2b82b02d926f86743e623fe7320c83bdafb3a2f89364adf48ec2b3412cc84d0f3546f41150cfab924d8f5853ba81b20cda742ab3e2f240dfd754c88

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000011

MD5 57613e143ff3dae10f282e84a066de28
SHA1 88756cc8c6db645b5f20aa17b14feefb4411c25f
SHA256 19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14
SHA512 94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000012

MD5 ce6bda6643b662a41b9fb570bdf72f83
SHA1 87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8
SHA256 0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6
SHA512 8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c75362e16657530b4a4375060e936f80
SHA1 a233285a85bb87bd17340db50177d424e4e3ab2e
SHA256 f65c5880a327c3f47890b54c2d9849579d646c48ace07a73fdb45d5271be5c14
SHA512 514f5dee2b9a2d38c761ab2ed38d5c8f740b6e173a4ff92947895fb67225186220fd20a5f5d5c92be8fcd95504efd3305001cccf2ea5f1a7e0a05e0c4329472c

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 6dd59c5abe67150e91d61933e59d3783
SHA1 64b2e26789c0cbcf7477435c5bcb3b9200ef17cf
SHA256 dcf282f6e6e64940bce4ce868903dc93d2af88830d551d1871f83b0fd335fd95
SHA512 cbf216ce25022adf272fe48f788568ac678772e7964992fc1455a8502c350ed76f4d1f8596261f6a6ad7857de33091cbbdbb897d93f3cf60f7e42533afcbf00a

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000a

MD5 1cd9f819fae888ce4860b7f6093347f1
SHA1 04f78da120741f1198d595af811b2c42ca9d5406
SHA256 d90bde2cee49d26d93cc149da64ebfe3b57b6f391c1fe84c696a2d5e3f33b3ad
SHA512 2f7e22a0b36ed64c6be176f48f91663bbaca60d7a4ea862a6a81678fadc1d8df31c59a3266d1097654fb52345e0d2e292b8bf48e9497be9c3e3be89cf43bf90b

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000009

MD5 47d88f0e30322831ac51429e321af624
SHA1 0a3a50ae8c9d61a6d96b872f91b4694187be0bcb
SHA256 ff066f3e1ab3028b7bf326825772da1a50d4c9bfe92ec0abcb52f17ed996482c
SHA512 416fa132223c396c6ec4ba581383ff0859ee02a7e73acca4836df0e8154600cc9cfa4249832d0370fc7c45232e0114994e7da36d094cd459a6f3c77be539cece

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\3626258c-c18a-4b95-8e41-7dd22c38ad22.tmp

MD5 65dcc8fa6ea39f7f8ef40665b7a410e4
SHA1 e75c8a0e13594b0ed32ddbf78b92fa0be46f3443
SHA256 31c9707f4ca9d6f4a1e0ae340f0ace23597992b5dc01fa47e991ac8653232e73
SHA512 48f394c6f15cf620c4be621da060e07a351b38438525f2729286b5af9bd29272a4be3cc5bea9799cdaaed161fa81b69469b5a6ce39d4b2450d31c7d4f7b73e5d

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 4d264140338b9578a565bb8d817f7274
SHA1 16f57fdeb92bffed2d6c85db7df2ff0fdb935e4f
SHA256 246bb764ea2e1f999fc68187b62a86d70eff30762be7a46bcd0a315668b2cba6
SHA512 6912bdea3b7b90f1001430c18e7891e4446e79978e43d35491fe9cb0873b42f88e146700d5922515da0634ac623b5a25a3b0a6d460bc19ab9bbf37ccb559ac34

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9fa5717b1b6fc37f978dd583bd43dbda
SHA1 3ca2b3ecef1c1bcec09c4725cd3285ea2ccd58f9
SHA256 9262bed65388f84335d150beb5771448a6651d904604026670d8bfbc96d91ebd
SHA512 d1eef942e45927524f72b62e0b38afc2193493d20ac87d25993c35866e63f77102216c73070256aaacfe75c7896c87dc8269ee7160e631f694b2d6b469aedab8

C:\Program Files (x86)\Steam\appcache\librarycache\1161040_icon.jpg

MD5 7ecdaf8a54ec52b20640a88527512903
SHA1 3133a4d748ad3be61fe9db759339cd5de73339b5
SHA256 7bd8b75aec0a4d4a377f3ca3a023fd8b7c5fc7dc6a2a66d17f8cdfe5b731ab0c
SHA512 60ae2031eed0c38264f0d8db22a9b6efeb3f80c791e916e15a1730853162d56e0da014dbd93a5479bae4f3bdd5705ca89be70c90574a524abd1c276ed5c55a2d

C:\Users\Admin\AppData\Local\Steam\htmlcache\Dictionaries\en-US-10-1.bdic

MD5 4604e676a0a7d18770853919e24ec465
SHA1 415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f
SHA256 a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100
SHA512 3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

C:\Program Files (x86)\Steam\userdata\1839625405\config\licensecache

MD5 6974b0f6af072db332d4f609cf3718bf
SHA1 8e29e1cbd61563f050e338dabb342fe56baab4c3
SHA256 e46d6c16c4a1b99c9e7160cd4507bd8ad58ca7ade2efdef7c8682d6ba7278888
SHA512 78435e45b6b4f4891da0973d3fa3d306a7bdbb5d8a6a31e4391a70788ddc0a9f8f2f4cf933a2e858547783bfef4cfa342a2f7b509316b59081c938eaa34b0090

C:\Program Files (x86)\Steam\userdata\1839625405\config\licensecache~RFe5b77cc.TMP

MD5 95cdb6b05fdfa9c153101142f75ddbfc
SHA1 d99339142107dce443f412c5df6201470fe1ba7d
SHA256 c74d82a3ee6e1d104196c0e895faee0741233e28fb0c1b37efc02cdea4578427
SHA512 3f946b531204d9f173e5d4988422791a24d1b462cdba9b4f0a8af46cc9af6b99b1cf8df41956bd7cb5c0985a3d77b1e0bcb3191290480231b4b9fe4dad77ae56

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 0492b527a0afdc3d0ecd5e87826e920c
SHA1 b4bb02a37bca13153fbf77b08d7ae8484d26ddcc
SHA256 f2e59c232cd5a0b9ebaefa4e98a05d600d7036fc3767d3a30fad26c0bdd3d9bf
SHA512 59ed804967df412d665c0f136179f45e28caf4a52d051ae30392bcef1dfa3f7c76aec186bf64e2bf4cb2e3cd3b958602f1f7116a3bb831852dd7eb4b909d0ca1

C:\Program Files (x86)\Steam\appcache\packageinfo.vdf.async5644.tmp

MD5 3d8debc2f8cb5c708ef3630ee87ce755
SHA1 4a292e8b67ff56197e5466db469d1a3e3ddc38a8
SHA256 f1f1b953d7994d99f45cacd5322bf42b37225fa8e5de41af03fdb012c0380b31
SHA512 fe3634313f4b71043d195d4969c1406bca9098941d6fb0c31506819176fb5afbbbdeaa4a80a8713ed221a23c3a5833e875b6eadb1c46c92a382e39eb733476b2

C:\Program Files (x86)\Steam\userdata\1839625405\config\localconfig.vdf

MD5 3f560a43e6a4f25dd66e768977ab42e2
SHA1 5c4f6cd34575c11060a6c659b95e0b7a909fae27
SHA256 bb05375026419bb6fd531f8360c873cadce04adbca074e8ee96ee0e1c6bdf368
SHA512 c2be42e732fc2446ecb1db0abf3e2d9183ac7ece8bd4b0db4dd9dda101c10c43395c53eb33753199ca32f2d1fbd3e12aeae3ef3dece57f2f5c3e69acd59486fa

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 f97078a30814a9d4dd2af326dc10a9e9
SHA1 70cd04b3a1043a51fbb6f308f2e6dc6682ba5b23
SHA256 ba7c2e3993269bac6c10a2072a4000be13ea87ae5ad7d7a86539026c6557b543
SHA512 be94d95875c613047f5779c9d25d5362d021b40ea63aacaf39d0a5f6764285350476bd9ea76733f07ca049a72ec50a1ea70b367b9ad936d508fb8d7e10af277d

C:\Program Files (x86)\Steam\appcache\librarycache\438100_library_header.jpg

MD5 dbac976a6c6f15648a833640ab4fea17
SHA1 e778b0ec3fe0baa5522ed822cb9189ce79b38431
SHA256 2c66e2b298652df099b28d69fe0b41980872253cdfbd99c823ab1c2295f7cb35
SHA512 31fd1e6f38b9b9031c62dac0f129bcd073d612f5ee7cd61343048c88daad0b116612490ae4d7885cc0bd113ab7ae998924dc6fca6c7a5b647b3aa7761626fb1d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 b4fc7160a8a978c8153fe1426be01ac2
SHA1 27442e218e3a57afa701907f9e72db71926b92e6
SHA256 ecabe42450314f9c81392e66a620a7ca29033c89c1f26e4a9cbb071ecffb2e7d
SHA512 e01de051d6cbeaebac1c26971252c0381d7b0e4e2f8a73ed0767b32ebbbee7527c2dbef9a157d5d85a4505fc83ba25b00c377a3c5b362857d381c49a84e5b915

C:\Users\Admin\Desktop\VRChat.url

MD5 cf121d41d50f71b94bdc4d745322e58c
SHA1 2632887d0e170bc7fddd4d18f6f202e3f0d9607c
SHA256 d23501f6a273c258d2439cd44ac23a21324d4236ad90b2be23f8530f824062a0
SHA512 321bcd707c8e570adef67e5ea818a16699b61030773f4b0e3d164d9d314451255212016360e74c37fe62dc0f44fbe5e6914b6b8795c4301f7a8e35ca21b3611c

C:\Program Files (x86)\Steam\userdata\1839625405\config\localconfig.vdf

MD5 c32e576ddc2cefde45dc5dc927e41710
SHA1 197bb4a18b507154a3f36b906c7133e8d2b8cfcc
SHA256 fc82361b742c086b3b7936ec4386c516d6deba1f12bf55b56478d6b51b2bf78d
SHA512 2280d356198b7acfd4c3634b040d14fd94772cb963ff8fd709356c3f4f58c24b643f04ac4514356c1e0661711c1d8801827c08bdfccf38d34063ea75c1bb7dcc

C:\Program Files (x86)\Steam\userdata\1839625405\7\remote\sharedconfig.vdf

MD5 d92d40266ba4959eb7dc6d98801806b1
SHA1 5cc6b193b1fd0c6a3166cc1e4b8f898889233318
SHA256 c9a0952bf1bcafcd1f1bf5311a86397888b792522cf50815976743c3c181b6b4
SHA512 1e9b4b79aa97fe4830122eb1d3dd774e1da5b09fbc8f8818aa1eba8cd176df652202e1ac6dad300bb0cced2c32646c30c7f223e2a2c76447a6b90d8f7a4bc145

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 ae4aab4530fe709b28f540af0960b07d
SHA1 1a69e95af26f5c37fd72c06387e09b4bd2982446
SHA256 d5755bdd985dc222bb583d9ba41d99dea917cc9edbe0931954af3813ed307440
SHA512 a5140ad4f0f6dbf77b7b6b0ac1481c2391d7d2bf49c9bcff27f8ebedcca1b75b60c3cb861068ea82fe0a4d96677a985a32897263828d6ad389d232b4053098c5

C:\Program Files (x86)\Steam\steamapps\appmanifest_438100.acf

MD5 50c771023e370924ce9656910151dc95
SHA1 2d62c1baf4f72560d00aadb00ae7c898020332d0
SHA256 8755ebb5f2f206d995d9d66250f0bf351424bb5c58ba5ff5ee3389deb18c636d
SHA512 a1aeeac89ecdd7b53a1deedc056de5548e6a991fda8373ebdb99738ce8e655e09f44a6db007e7a3e7ad4e21cfd69a9de5caedfc88413b1e1278db464f5ab91c2

C:\Program Files (x86)\Steam\steamapps\appmanifest_438100.acf~RFe5b9da4.TMP

MD5 01daf861cce2d69a28a4fdd2f290a610
SHA1 d188c0ef26488763b0cb31768eb1409862792faa
SHA256 d5146e031a8dc5a587d96eacb6b96c09a2efc0ae0fbf7fcd22d79b9b79445a71
SHA512 85048f6d03b8b7a9feb2502131d06b0195ada3b66bd8eac2ecd571d3bb419fe14170986e0a36f58185ed2c309992b36e1df0946d0cf185f7b5f8535dbb7d13d5

C:\Program Files (x86)\Steam\steamapps\appmanifest_228980.acf

MD5 9036e5ffdd48a272988d38c882be4ee6
SHA1 e032db769c8437053a35476298e807cae4944473
SHA256 31fbeca467f6e0b5c1530059e7dba1e08503646781de9b1460843b5a020ea294
SHA512 72d535e7dfed83bd79e76a2ef1ceb2a530d195fe3cf9da32779c4b644d07e7e2493c371a868605e61689cac6dcc8c9cc09f90ca68603a24ba7671b25a6435df2

C:\Program Files (x86)\Steam\steamapps\appmanifest_228980.acf~RFe5b9d94.TMP

MD5 d661702721b5f234b7a7e729629c957d
SHA1 6a6ea8e4a48ef67da9b0c35127fc9a0c38e9a951
SHA256 1774c5d46b834a00f98ad8b20e6cbb2cec85b641b4dff4d1a62a86b690fc4236
SHA512 5e19018318532b9022eee88b7ead2ca73b2e064120403f89188b1cbfdcf641f4372713008c6528d8a1e45282cc8e5b63b23af02cfc4252fb2e1987b4d589aa5e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a59f394b1eeccd46d8f8732b1bfe4632
SHA1 5f6a799a0e6624ea47a20735b0ed9adfc5fad20a
SHA256 397e0351f8d4760374ca16bbf5d4ad7d13e8044c22ffc8163a3b9486f0074041
SHA512 55279b9588b745635f6acc5527ab12f9fb1945ac60676b502ec40dc13b86298093ce7da345235335a6edc0b5214819d7764da65070ad80c774def592827ae2df

C:\Program Files (x86)\Steam\appcache\appinfo.vdf

MD5 316872b5dd635ccbee1086a37de4130e
SHA1 b9830cac2f5326eaff80ff39b023989eab4f6232
SHA256 4e3e608ffae1ca881531b65482314430e469ba566a30fa7fd55cd5c7aeffb269
SHA512 35d70dbb3f5c7650b7ad2eea0017052b7272694c520e15807071270a6f976cbe9bbf146164a3207fc56580d50f74d82348a21ac4dfef279e3a2f3b3e5bf9c749

C:\Program Files (x86)\Steam\appcache\appinfo.vdf~RFe5bb3cc.TMP

MD5 d17b776c9aaf9e9638bfe57df6fa51d2
SHA1 296014dd18eba39a1e1ecb57b90a5d38f9260844
SHA256 beaa31b4c340c5b31be5c92c09743353ecbd893d9f06d40b4d2bee8558203c38
SHA512 bcf8ce2ac8c868331769bfd01f12c01b3f14e9d3ac866adcb59c2a3e23d2005b084cbac53c8546258ea1f956f21d11a0fd859a963265c4618698eeb8927dc345

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 45ee3661b0eea11bfc1d44616c381e1d
SHA1 c537dac37c79882e1c39221d1ab45c0be677efa3
SHA256 ad908369a51bd47e911119a9776ad2a27afce2f07c289b9cf1f47596ab0dcb5a
SHA512 09a640270afada2a6b7e981bff4e762ea5649aa4426516afbeb954f5541d97cf117241fa9c369803deae366bd46f249373853871ab249df6b08de7363378263f

C:\Program Files (x86)\Steam\steamapps\appmanifest_438100.acf

MD5 c03076553fc2ef373e0e798ed6b4319f
SHA1 faf1e5f366242da6b03d1879bc1fc7c389a6ebc2
SHA256 d22b3d6db903d9786145dc59fa39f05869345240a2957a35851105e6a0e4958d
SHA512 8c8f453cfe6d31c2e23b9103954997a5fd0d040dcd1a328c7a3c2afb3e9c563450829c824a0404599556999c5f938b537a87569c03080a10bcdf6726bc7f3bde

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 b9cdf24f60532bff18325899ba668508
SHA1 24ce2c0007b6ee730f05b34cc6b8e077ed3242ee
SHA256 3e9a852df6fb2e3dd5109aec0cc84fe9a5c0b17090039127aa715f884304bd32
SHA512 5582d583790687898d1982a97530db51c6b0759df5cb40fcc0b2166bc5c2531ba8cd69f0adefda39e0a25609897bd9e53b7e3709dbe4eea6b893036b7c6952b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 de2311886212018754dc27d565f59322
SHA1 e6df42c56ef05a3105e3193fe6c5be99c8316478
SHA256 6af417143b459dc6af4a8c37e5f5adf3494f9b03acd0d4e8fe82aac718c23710
SHA512 fbc490aaaac4f45074c16367594fd2da4755b44b9cfef8f1ce5356ce72936866f212376891731086d806ced688d26de7b54ea74fab858b7a0028a5b67b0d63c8

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 65b0727adcc81c8f1051fbe718dc488d
SHA1 ce631c6cafd06a905a6417d54ead149302fcf5a9
SHA256 7b1962f893c72f0608258dca5139a0f364f830a8d445cdec5a63cb3a6c8749da
SHA512 996b0b264dad938d86f741e0c68b00da9428b37d878f9e61377ab62630e094293cbf36df11d84266aae5be9c8909ee132eeb41f1cfe86b4712dda881161b1403

C:\Program Files (x86)\Steam\steamapps\downloading\438100\VRChat_Data\StreamingAssets\Avatars\avtr_ad3617cd-a8b5-4dab-a2f2-66937f7721a2_v18_u2019.4.31f1.vrca

MD5 34fb8919f90c055b31dfebd4cefbf407
SHA1 273d641beff0d7cecb2162872f7e46790c19356d
SHA256 be08b57af893cff8a152bb6535fdfb922d2147c07eb1859d8e2452eacc476bd0
SHA512 f08ebe6008a65d0ebb61c2c63c32125fe5520edc1aa885135a1ed980cb65dca81a792bcc390a4d149de392349cd8f19022a6a8da14d3aeaf54e09852df5d9b02

C:\Program Files (x86)\Steam\userdata\1839625405\config\localconfig.vdf

MD5 82fd8e52736dd0091e34324e9246a618
SHA1 af5205831c94b1fc4def9825c108ca71eec685e0
SHA256 94ed8f32a766c4e2a7a698ceec09c1e750c87c7d31b5744d08b7a2e75b338959
SHA512 99000b7f9868c0d220d4bfdef1f4194dc85f881a8596758100b128ce3331bfeba1946722544742c846804ebdc7c9b2f60ebd3de5e484fa4d95ea014abda0aa51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a3a35e003d97fc360f28cb29da3f54bd
SHA1 c3ffc91e48892be3d593069ff482f1499d6987e1
SHA256 7dc0c704ed4fbd7a22ee2aa04449b382dbe17b1c5da7e37987bb4ccbe50c8acc
SHA512 a20f9bc794bd1974ff5b540a64ec98a5870645e26e1bb8ef253c428addf90df04254df6c4a6211eedf6ae081a2c861d7f4f4ef47f76c999f082da29f99670e31

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6b69d1c9e364f0dd70815486742ee148
SHA1 7e914b555671eb7c5d4845454706b4b7cb6614ca
SHA256 6b82aa5fe83cf3bfeb1c42ddf894cfa093ab5d86420ed69ba5637dcb51f8854d
SHA512 433f074a70096973a9d6b8e9df398066bd59f83192bd67203dd252665f44be129975b2b1fdc9313cdb98c5935a81b0d866a76694b355f5a89c12063e8343adbd

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 cb3ddf0ab9685cf1e874289274dd599f
SHA1 6f8f272836ecac8b1bd19adbdbb9f640e3c549e3
SHA256 4b81c8863e83da84a35a01f7ddfd3354c98c38b051ceb4af1988200b53f12f37
SHA512 2837322cb38acab35e37f5fb7e9e91f7641a4d129dc689a97cdb270737803d7a5e1d776fec18105b165f2bffd1aafdc5bdb320ae02d8b6fa2b92c703028449a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e01a0e5c2fdefa609a0e96d493c5dbcc
SHA1 6d6b95f968db013eeb6a97e297fb5bc4798a3a45
SHA256 56a3bdb15ffbc4be0a9b70d963a421cdbb9e4dda126c82e81b6925fba8bc2862
SHA512 d72e05e759249fc7560d49be13d2619be19fca1f8e14f2d173df9cdc71a428f8d7b0e49513250e01b198184094920f13836348f1e64eadcc21c447b944749c64

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d78868013a0c283d8aeb351036e227bf
SHA1 abe719d7132aa0cbcbcf54ef90cab2ef0ea6f8dc
SHA256 9908e88a9940ed58d3226b3e5f6d9fdbcf6bce8896f474730d93747eeef3853f
SHA512 7ce4b00586a9ec1c74ded4bc74436b45a178082ffc4e386e9daf81732f85dcfb64ac92d3466cc31d11c325f21e5bee684b0ffaf37bd47912d5eaf2255bf4bc33

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2322d37c57de71d21d7c527385357327
SHA1 056163f5d717b794acb8f1fe23e22f8df9d46215
SHA256 7a848079dead4a12a2921dd5fa8cea2221a313b3773d13998c4c0a1e06128807
SHA512 765db82481b2c314dad03572a5b6a3fc6b96dcff6a583c17076d652efb774556ad3e64f824ee756f6455d901ff9e8dd725d8d8de73b4fb49c2a585bab1d5c993

C:\Program Files (x86)\Steam\userdata\1839625405\config\librarycache\438100.json

MD5 5216ef382c2d09e344ae46f2c073acab
SHA1 91040770b2b51d00e6b7c32a37315eef249a55bd
SHA256 2200afe5bd5dccc0cfe9d34b29eedc49014dd673e5b9b2d1797e3f52a14b5617
SHA512 0a5bc2a98fec77d33e0aca0934d547746883d5ce2b6cfe23e36dc9afe5fbd51dfe12d955213cd0123b4ca004e225182bea6722d0870ea65ba5a808756e893f7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 591b86a8d7a3996e148678e83c69f10c
SHA1 826ae5aa2cc15e15774a4ed1a3df1dbcd5e30cce
SHA256 65d1385b32f1f5f8651d06b77d05aa627f2bf63d03954ba16ee03810e45b61bb
SHA512 e195f4ee33d72ce89fadd0e0a2867ec0c8a5f91ff5eb4545a3cf31511ead8911b72a6a496718e3f38cec9e5c7f056c01f6b02c57e8f1544abc04de2b61c3724a

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 62941ce0c0ce81d6e894605ce1a1df2a
SHA1 da15a3c2623211af3485730b4c325364a9235c53
SHA256 0102e3499fbde1b74becb4bcd7050405e5e30191ab3ab3edd0955ef5611cefdd
SHA512 2253165a01a200875bdd2e868e77a4fbb0ae0b5696d65d70d1fa6cf2b316686c159bcc6c9caba675485b0fca5f46f0338c638d8172a6435c2d5c880a53562c70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d798bd28ead1cc74294f189ae37b8ea1
SHA1 c5dbb8217569527042bf48f962ac0454a9727d0f
SHA256 d7b2921d8ed98f25181ea45a3bc2f6df4fe12fc3aef8c043ce1caba5274bc8da
SHA512 853556f0f8b49b5c82d03e767f0fe758f0361d0456757196fd255655efdd448dfe06e08b0345541da5db6b01547a6adc33fa4e795b51154c46ccee6f53a3fe23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 22e425689ec7a83e3e504fb16a790139
SHA1 10dc5f12024e77907f718ef4cef3ec6bbae630e5
SHA256 41aec9e78dbba17ca9c89d475a066e8e0c12e7deec1d2bf4645fca5e6805fb4c
SHA512 b670240a89aaba568b01811094adfb41dc506fcfa20d0be1845693a707106916d879ef941c841385d93bbcbc2213a606991ea5d2745d7e4cf4c066b5aa87b9a1

C:\Program Files (x86)\Steam\steamapps\downloading\438100\VRChat_Data\StreamingAssets\Avatars\avtr_a0012827-9ef5-436b-8d0b-02363afc5777_v130_u2019.4.31f1.vrca

MD5 1773fac726b1f82857e925b9fe58097b
SHA1 ca6ab31267d3b27eba3e27f7f9c789447cea95e4
SHA256 2b6fad675b6973eeac6f1915d005282839635b31e319bca40adfa49749e1b695
SHA512 0140ca8138121f000ce9e45a37ac5db46da9f1ce28098083103644a54966a5a7eab0c9b99ce0e02cabd2d1eadf609ce5eb5b24f9de876b59b8662bdd32ebec6d

C:\Program Files\VRCHub\VRCHub.exe

MD5 c6aa5099b3eadf9a85c96def43d406ab
SHA1 83e525e2f05249be96320ea7aaa8132f52b2d2a2
SHA256 f350d0aa955968f2930ba9de394e00b3e79811a695547e89089a45b6f9f56dab
SHA512 4ead68b1a1d49854a9096ed3f72e90eaabcbba4fa90949fc9103365a6ef636b7fdfcd6deacec65209a594419524df686182940286b733e04a925ead5dab742ec

C:\Program Files\VRCHub\ZER0.Core.xml

MD5 68793b16d62309b2372887946034396a
SHA1 c7def664308c8aa8a3483d62bc3402fdf8dcc969
SHA256 6c451e4a79d132f9ef15ddee1fd01a8f477fff0319816d6a4bcff15f7418c2a3
SHA512 b7c64bdeefdcb90471266b732598aa0915d19a3b9b5bb101bb9e0a658cba8098a05704f2d1d40ab44d558fb30e8e9f6c6eb062b2f7dd7f9a4052509b45f0de5d

C:\Program Files (x86)\Steam\steamapps\libraryfolders.vdf

MD5 de2fabb93e277fc30169757d69cb5642
SHA1 46e8f21b3701fd61b8d85a4f4eb5a4284d1ca96d
SHA256 00c72466dba6a08cf33b6b992d10fe29fa70e47154a400f223134d07344a1252
SHA512 2e494c6f5af99f8d0878e9e9d4fb2af52257f63b8d8c4d969bfce175439921b9b894e69807e51fd3c0193bd4688d78f327d8b7a58c1abb2db7cf875b59997d6c

C:\Program Files (x86)\Steam\steamapps\libraryfolders.vdf

MD5 b9c05c624c8d7395c8dbe9457805c0b2
SHA1 e45861969d7b54d4afb9ea87b51fb07332f035b7
SHA256 f04c2830e88b775cdda9a17ed3facb4e2b813512b88c00d3a7ca03c5adddd189
SHA512 9ead8bc4ad983a39cba91c4065581eecac3d652f4d55d87b5b627e3b40512f6891ea2c822d8af529f3e623bae746cc702afc63c5b4ba8cedb04ef2a892d7a36a

C:\Program Files (x86)\Steam\steamapps\appmanifest_438100.acf

MD5 141c6cd4e2694185c311aabf556fa64a
SHA1 f53e51f584ba352036b99d8c8375c597ea8ebede
SHA256 a0fe8665257df6375e635d5d7f49c9ee97e2b248782f3a04e023a3ecba0d77f7
SHA512 4ee0d11ece463189081f11120fcbe238f4b09da3871232c3f9986d24e5fcfa714a4562db4907f6c732454d5b7f49cf60906ce29da77ff217a0a76b7e664f6f85

C:\Program Files (x86)\Steam\steamapps\downloading\438100\VRChat_Data\StreamingAssets\Avatars\avtr_e4f4c5fe-cb84-4b61-8ee7-c35f89a73495_v153_u2019.4.31f1.vrca

MD5 860245847999dc13a6edee3a622f99f6
SHA1 7388e9a15a9ee89ebb6804fb078532903188d97c
SHA256 152f0767eca79ec6f302147d922803485aa0ac4864b1b91bd86519d53d506057
SHA512 2dab45fcd74a1319de2ec23088118dfe463abb9a52aa6e0983ab11e900eeeb915a016922656ba2bba3bb7f72ab77c5c0edfdccc8d818dad13148acf00a2fad33

C:\Program Files (x86)\Steam\steamapps\downloading\438100\VRChat_Data\level5

MD5 afe0592af1a555fb68194a3215a3972b
SHA1 3abc08b3bf301d2bb6dba1d08c38030e7ede5065
SHA256 ddfcb3bf21dbcb1f6f868b676854fc3f5d0a33a7af25a9b8553e89f81f230c35
SHA512 d1c7592eec0ddd41ff4fe790b422c7d120f090e37b4f24fbdc7a4e1155ede19d76b4fda1344dd04943c9055c036c0d959031fef0efd6418d143210ebb8192258

C:\Program Files (x86)\Steam\steamapps\downloading\438100\VRChat_Data\il2cpp_data\Resources\Sentry.System.Collections.Immutable.dll-resources.dat

MD5 262003ff2013cf79d79518448d59f2b0
SHA1 69d071b70b2d0f166e11d545345d5f601f06ba26
SHA256 cdeda19448b3c583d912ff379e24c5e390e088a91d6e92a2fbef9042c1a1c85a
SHA512 bee9167f7cc6a3e2d0d9297c33b04487d41088816258995cfc3c57be8fef29e4bc839ee52679ec27e1d06c522c8476ace819cfe46593be053749c021335b944a

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2010\installscript.vdf

MD5 081bca29f369001a81a328369a67bdac
SHA1 9056314563128ff716ecf15f542e7ffcc1f93c00
SHA256 f2d06079d05f4d9e1ce402ba0247127c403b5b12232ab38956d2765b32012e89
SHA512 ab787d0511295bcdb3edc67a744a82abc2df0b59cc50e0edb72865a4e4f4c471a0f4888af52d92d6ad4dd986dd35594dfed21ef8afaf9264f6b8826c50904f8c

C:\Program Files (x86)\Steam\steamapps\libraryfolders.vdf

MD5 3030c90b7c1b7d564e577742283340ae
SHA1 ebe5bc3b54ae8d3eaaa25277454146fc728251a9
SHA256 e017cc98fdeef4f89905bf7f741f0bfe76cbae24867ae8fc0844256af20b709f
SHA512 cbce5d8912be607120d6ed72d72c2b027cf491d35f29c1179bb1407b057adfc42f5b2aeb95f7b4b0e5b59a8c2ac0e22565edfab1abb9447584effb6e8e9b6a90

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\installscript.vdf

MD5 694f8b0b8b20547d4af535951021e82a
SHA1 398db427a34a04738b8215202cb6ad24f54336e3
SHA256 331dcc846361ec44f1c7d1c0c080a5e7abddfcae454e5c1a3d779a89adb13446
SHA512 a43366eddfbcbfbffefd34cc7eec4f1d4a17bd441f45574275bc26154cef7023eec0c47f09847674c9cbbd1354bf7920f0635bd8936e55ae2da1ca928597a05a

C:\Program Files (x86)\Steam\steamapps\appmanifest_228980.acf

MD5 a02a531f6ad03e88f9d674637ab64498
SHA1 41445099ce01ca3d6db4d2eec71a7cca213fcffc
SHA256 025ea855d1366de8ae13bceaee93e53f9387559c3fbdcdb98851dc6f9b6a2c4d
SHA512 8f3a1df09621fd2a0680ca63ab599016876d2d92ac00039fe6b3fdc5c4dad99f676b1b9d456d8a8c304e55624da8ea003592f7488e92eddb03367f1842345e03

C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat_Data\Plugins\x86_64\vrc_image_loader.dll

MD5 7524985ccc6c7de978674b05d9551789
SHA1 3b982197d74b1246830ff0fac4d3c2042a1dbfb0
SHA256 e4090904693a5fb9b03b0a7ae1f0334b7f6ebed603972b46e26a397eaabd525a
SHA512 917cfd969089a110671b30ac6c241ab4fadaa24693e3cc33f49c54d75798dc7c72686e4055e970dafbf02b68da48b861b732b3c8bd69c43aa237419f1e3e1559

C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat_Data\StreamingAssets\Avatars\avtr_4fc72a98-9f44-4354-bc9a-e2abf53d6661_v15_u2019.4.31f1.vrca

MD5 e08f79766b64e1a95a359a23c4a03960
SHA1 b367145d65c01c6b317821590257bae39f2bdb9a
SHA256 cab76914ef43a3f17e2e9e0c89b487586987d76a36c23dd5a96450d834263ae9
SHA512 0dd88d443d2f5991e3b936974f25f4334a3e79e3c18c8ed361b899ec9b4ec9a141c7ed12e3ca054f1f4ef126563e7fbc1b1ffd15b168f7b6a4c38773e16a284f

C:\Program Files (x86)\Steam\steamapps\appmanifest_438100.acf

MD5 08c270c1284d28428cdef8b4cf06cdcc
SHA1 b8b47675de2e884c00f34c1ab7bc64f8c2d3a52a
SHA256 91cad3b90223e4ba1e9557d14e8fa2d76d388fbca4de5eec59db6825294c47be
SHA512 e21db9ed1a801a7a678f67908f839e48e70d23f2343bcc9c4e7e5cc9d73bd68e689186d30241e738ddecf99fda576b5c97d0ab44c20b53c394017e2e65efd6ad

C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat_Data\StreamingAssets\Avatars\avtr_da64d92d-03f2-4f3f-bdd5-f587752f4b82_v7_u2019.4.31f1.vrca

MD5 f2da8250c1cdd7f77f7fcc32005425b4
SHA1 cf1c33f9fdacd67412bdebef4cff7c70d40d1a6d
SHA256 368e9628e01570d169d9f08a4dacd07f8cb2162fa93e763c0a627fdfc833921b
SHA512 eb6019da5fc448a3bd115ac533e02ae4168b66ebb7a58ead98cea732a9e1429fc010e391971005d5eb41318ea0d4c3209932ec7ef1fdcebbc5ea351be6befbd3

C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat_Data\StreamingAssets\Avatars\avtr_a0e9acc2-7ebb-4af2-a946-f7ab23b896fb_v12_u2019.4.31f1.vrca

MD5 5393ee7f2f21c8095541cae061bef03c
SHA1 fb1fa62a0cf0caab4add59348284278c03983470
SHA256 e36ad400e07ef2e7a1bfc1b0569ef6d4c458d1752419f8a775fed27cab504a92
SHA512 38d6f6a4b05be6c9605318743efe2d05aa7a47a168cdd4ae2fdd842b0701f113d97377c6133ad339bd979b014353b9ff035ccb8e1935c125cbde78deefd0e402

C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat_Data\StreamingAssets\Avatars\avtr_7d735b2d-31d1-41aa-9d35-f9683bb0a8ce_v24_u2019.4.31f1.vrca

MD5 37cc00f5b1530cca7e9b656c3810a0c6
SHA1 0cf4001f063593020f6b5a2749faa27f134c7b96
SHA256 010ab74e8bab09633bf8c30de34ef849d932429411c333b49a18af9515bead17
SHA512 7ed3bbe383e1efb60fa385a0ddfecf4492a76738651c934844733971a60684f20069a808e9ebfb0730353c377ee1341160d8b2ed108945ba7a4b77f4ca2d2bcf

C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat_Data\StreamingAssets\Avatars\avtr_6f1e8cc9-1c12-490f-8a18-55e6e57e5ad7_v48_u2019.4.31f1.vrca

MD5 986fd673df73ae071beef9af50985251
SHA1 14c9bc8d6817d1b1e752600e4558fba88fa25a75
SHA256 05d74fd16e770835ac3eca2f5e4459595082e882029c6d5a728ba72592c2e817
SHA512 9ea4ad7a413eedbf313b024117d37f7877e8aa8f0468de778061d1f4d357fc1b3441cb0f4f54030e4f51c45368c32fa043873a9d18c2df74490c3168cac10ee9

C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat_Data\StreamingAssets\Avatars\avtr_4309bcf2-71de-4412-b035-4d617bccdb87_v3_u2019.4.31f1.vrca

MD5 c1d3a770bbae1b3b7e13f13402864378
SHA1 802361c10844b0eab3e3a52993f0c284e81d5549
SHA256 d40ae6b715b16f4e2153c4c3c84f4a8fbeafc559af65a465e165104f46654ce8
SHA512 57e2ed0aece93c30cd0e7519b7395d8ffef32744811edc7d2dabc62e556186aea210a28fec96e609a6463196c1e7b2d4a1901db1ed340c11703587f67464aae0

C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat_Data\StreamingAssets\Avatars\avtr_36e884bd-bf32-46b2-8386-57144593cd7f_v38_u2019.4.31f1.vrca

MD5 1e3f7d15a345e6ed9f798167949d0692
SHA1 cd94cdfce46e764e10051b046cd7a8d2fddb99c6
SHA256 291587961b8541d9b38176a7edd3695308e3f777370b7cf5b5287990ab2c9da2
SHA512 5d47f9611b248a0d7c64f5afd0dc14a3ef6893ce4cd84fd803adcf94eda366cb89b84a8917247244ad9e43df3d3de67cc4e2bf7b187b8770d2220e9b0868281d

C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat_Data\sharedassets1.assets

MD5 cd4fd0a49e13e8850e79df99488742ab
SHA1 998e89ca12fe28892b769ac53ae9368cb5ac2b2a
SHA256 843a897c59ac5ddd7bf476050181c30e59964bcae65ed74a9ca3212b6f52e205
SHA512 60c0731c8188c219c8eec1bb9f44e69b05ca55aaa8a0beb94688327e2401ef91b09310040c239563d57ad27cd41b11e793f3c918accd0f7d702a0ba9b30a1fea

C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat_Data\Resources\unity default resources

MD5 143dc232c9457e1bb787ca819754dd9b
SHA1 86c8eefd06d786c341d8f563c1b56899f09e7d93
SHA256 447caf3737cc58e2cf965f9829ae1c00c2c88505c055df2e8be0d8ede76b4da9
SHA512 de3d8771a43b0a0f584cd6d769dc0fe73c7279e3d0f19fb6975ce5f75430ce7312bc9057f8f2aaf2647dd6b07440f3b97f789e0ee0a6a51f8f8b56f0f764b3bc

C:\Program Files (x86)\Steam\steamapps\common\VRChat\installscript.vdf

MD5 43897a65b07266bd8bedf9cf22307c20
SHA1 d36943953760bfacf4c2ef79152d4b8edee68a30
SHA256 e44e3780c5fc1af584e1d095e4515bc534a3048de43b825066fbdef0dd6436c1
SHA512 aaef57e00a2c087bbb72643d2e11aad753bdd7a03d3da1c3c18382a680d128a523f8de9500bd62d620c592345394280a44913f482bc8cb9315475b6b2317e6c8

C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe

MD5 c1069547608ebb2810cc3424f1b99f82
SHA1 a12fff007753bc1f86536322a5d1ee69d800980b
SHA256 33a0bdbbacf3aa78432c6fa91dfb85a55299e25702ef6ffc059e43acc2b2e9ab
SHA512 488b5b62d58e2b67c471d139f9154292af2de1f2d39640ea6130dc589f97b3d78f345fbfabd5a8b71f345394dac1bf949ea9e9d62c5fc9ef2fafd95bdb151a27

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000019

MD5 6168553bef8c73ba623d6fe16b25e3e9
SHA1 4a31273b6f37f1f39b855edd0b764ec1b7b051e0
SHA256 d5692b785e18340807d75f1a969595bc8b1c408fb6fd63947775705e6d6baa66
SHA512 0246cee85a88068ca348694d38e63d46c753b03afadf8be76eca18d21e3de77b495215ed2384d62658a391104f9e00df8605edb77339366df332c75691928efb

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000035

MD5 2d64caa5ecbf5e42cbb766ca4d85e90e
SHA1 147420abceb4a7fd7e486dddcfe68cda7ebb3a18
SHA256 045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f
SHA512 c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 434ef12b68eee07445a3a51a2d014488
SHA1 24e9bd4425aaaa87a382b488dd36b5594acdebd1
SHA256 30eb3b32668424e7e326f61c7fa216ce79eebb007abe7432f0f672eb8b67dbf1
SHA512 a2399f7739585be08c044f84782882888b992b506366ffe1d08cdd89fdc6db3c14c29e54e44dd77936448cc7996862cb60409a36b8f9481273b0f591808107ca

C:\Program Files (x86)\Steam\userdata\1839625405\config\librarycache\438100.json

MD5 14ea3871b3de5f8bac35265b79c4a7aa
SHA1 70754d3bea928cf3a3da5efd691905b210ce6b1d
SHA256 736475951eb3776b0b3582e5c9557aaf45004658c39a19173c86875324b2e9f6
SHA512 cd7fb4e4a5b6090723130b49b369d4ed67b8eeaa7ed33860a6ee49b1a2ff263183463533ba2aa5f784269090dbc92700b824516831dbb852e91ac57f8231da6d

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_0000ac

MD5 745e2de9cdeacd04baab2f32ce734afa
SHA1 c82ce4264d89daccfd8d0b336d0c3582cfbdd872
SHA256 930141ac792b32840b235687955bc1deb386fff47146a7a4533afb7f4c1cb383
SHA512 5edf52cb346f22e3a5a30560e85b4b129956ff658ee9235d408a57c08abc2cae6f7bc34c5454ec4bd4120b8cdc3461dc01c1b3160038d3f3221ffeb01c11f7ef

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_0000ab

MD5 24d7666db8ce0bd3037911b1d1f25fcb
SHA1 e691d836ddbe2919213ef12aca2e6bfed6fb5f71
SHA256 a4e5027acdd5e17f6de6cadc0e6310253d8c42f0a0bc9f40a0be57b2c333c303
SHA512 249a1a5776b2ff8f74d2fa9e3f7e0161964ff3b076c010a3928e97de5bcdd859770119e2af3b3f567c8689ede037ee072be3630079c0fd1d3c8ac55e1b3e5ada

memory/7604-18668-0x00007FFCC0830000-0x00007FFCC08C7000-memory.dmp

memory/7604-18671-0x00007FFCB4130000-0x00007FFCB45E5000-memory.dmp

memory/7604-18670-0x00007FFCC7050000-0x00007FFCC706D000-memory.dmp

memory/7604-18669-0x00007FFCC16B0000-0x00007FFCC16F6000-memory.dmp

memory/7604-18667-0x00007FFCCB0A0000-0x00007FFCCB0E0000-memory.dmp

memory/7604-18666-0x00007FFCCEFE0000-0x00007FFCCF001000-memory.dmp

memory/7604-18681-0x00007FFCCEFE0000-0x00007FFCCF001000-memory.dmp

memory/7604-18684-0x00007FFCCB0A0000-0x00007FFCCB0E0000-memory.dmp

memory/7604-18683-0x00007FFCC16B0000-0x00007FFCC16F6000-memory.dmp

memory/7604-18682-0x00007FFCB4130000-0x00007FFCB45E5000-memory.dmp

memory/7604-18685-0x00007FFCC0830000-0x00007FFCC08C7000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 2f36e771bdade49c4040b2e37fbfbdd2
SHA1 cad4bb71b410efd3e5905133f4a254176540feee
SHA256 e02f9c8ca54342c6ab1e64b4a85aac111f51e568ce7d4aa2dc1282bc21fe6b58
SHA512 f0072f345616836f4e0a2ec3fe6fd925da7b16d0abdb01ea190ffe1458570503a4fa92ffb1ab1647c449ddcc1687c205e5019def0f73e76bc6dcc9389ebd4b19

memory/6740-18703-0x0000000000F70000-0x0000000001050000-memory.dmp

memory/6740-18704-0x0000000005A00000-0x0000000005AA0000-memory.dmp

memory/6740-18706-0x0000000003420000-0x000000000342A000-memory.dmp

memory/6740-18705-0x0000000003410000-0x000000000341A000-memory.dmp

memory/6740-18707-0x0000000005B40000-0x0000000005BD2000-memory.dmp

memory/6740-18708-0x0000000005950000-0x0000000005958000-memory.dmp

memory/6740-18709-0x0000000005AA0000-0x0000000005AC6000-memory.dmp

memory/6740-18711-0x0000000005AD0000-0x0000000005AEE000-memory.dmp

memory/6740-18710-0x0000000005970000-0x0000000005978000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\temp-index

MD5 1831bb26bf0dd2e0521d5d5deca7d4d7
SHA1 b6b1d2e2ace302e249efe5a2d9db586509a231e6
SHA256 6a119f92d6897aa07ef50201fc661ca08477cf6fd1f2ce4f499f8c2a1e823615
SHA512 eb178bc58cd06afd3ce0f646e84c2353e0c35d9ce69f8c41fc7619965822e56f9438a1d143afaef1529c37100b445af099576bb32f919349df1bb1d2acbbe43c

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2010\vcredist_x86.exe

MD5 1801436936e64598bab5b87b37dc7f87
SHA1 28c54491be70c38c97849c3d8cfbfdd0d3c515cb
SHA256 67313b3d1bc86e83091e8de22981f14968f1a7fb12eb7ad467754c40cd94cc3d
SHA512 0b8f20b0f171f49eb49367f1aafa7101e1575ef055d7007197c21ab8fe8d75a966569444449858c31bd147357d2bf5a5bd623fe6c4dbabdc7d16999b3256ab8c

C:\Users\Admin\AppData\Local\Temp\HFIC816.tmp.html

MD5 cc34ac05439713cbf8c5286b935460d1
SHA1 53ee6ddb4023b1baa11c41b9a6a0157dff9b5094
SHA256 6368baed9aa1dbb2b3939925c9e7e68c200132f8da5863f8a206fc84ab336a10
SHA512 a7d692cc81d5e60610de8261d7a3c41b80f218418249fb9025c3e019f32d9eb97262c7f4df1bd4580cb32f6eca3c904e36d2aabf8b892587aba59148dc8ce92a

C:\Config.Msi\e5dce32.rbs

MD5 6469d117485f808a46aafa8d1ad372be
SHA1 c235252fa5fb924f77cc2b276a773cbe51436f65
SHA256 1c4611247dee7f857148935a94be30dbce511981cb8f85eec521f3d301052cc0
SHA512 203d008fb05b8fb461face0152e5b57d0843681b74c547f8db6f2f72e7eb2b078f0099a84c72347e574dd9703393c44448168d5337533d1727ab44e6d91100ab

C:\Config.Msi\e5dce36.rbs

MD5 218b233548b4f9e952e429c450e564d0
SHA1 5b015f62835fd780c5dcbec3cd03930bf6cdecd9
SHA256 0289e9b862ffcf91e8981417877b7b090f37c3c2acdd0835d1798aefac99e0af
SHA512 b5f61fc4252dc10b4d43e35aa004f216278ab9029bea12d5d20442a6b0956476a3b016abe7a93c031ef671c33321784f992cc374d6e36e5102ca3040320f5259

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2010\vcredist_x64.exe

MD5 c9d9eebccef20d637f193490cec05e79
SHA1 15d032d669078aa6f0f7fd1cbf4115a070bd034d
SHA256 cc7ec044218c72a9a15fca2363baed8fc51095ee3b2a7593476771f9eba3d223
SHA512 24b56b5d9b48d75baf53a98e007ace3e7d68fbd5fa55b75ae1a2c08dd466d20b13041f80e84fdb64b825f070843f9247daba681eff16baf99a4b14ea99f5cfd6

C:\Config.Msi\e5dce39.rbs

MD5 484c17c89d9e16f629bcba11c8ba5c24
SHA1 8805dd37452ec05e73cdf5221c890c774bc61010
SHA256 3185451212ab9f02db4e940e4e098ad7ecd3dfcbbf2d0da1a9f1ced977170b07
SHA512 de0f5b61b5f1f188073a1b4794c42804e0497babd8227cc006312a374142e34f0e2898ab2b6dc1723d4075f6a7a4a724a37749ab7299391d507e2d007014d3e0

C:\Config.Msi\e5dce3d.rbs

MD5 54beaf966b28e6eb73bf8f305e38cd6f
SHA1 0843f254ced39fe56171bea05ef3b465f935b0de
SHA256 0076c6085d287142fee2559b9a78d009f9baaaa9bf8984186b0a0ed775310c83
SHA512 a2475ed830a14a84d02f46ad5fd45b7929e744ac16e9f92b355702b8a6e8c5ee5da38b73e1035b5c98fb8f17c65821682ace16783a48f071c2b4a2cb822bf2fa

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\Microsoft Visual C++ 2019 x86.cmd

MD5 a8d147a22093c77cdf20d663748877c6
SHA1 7fe518339330ec20fc78352beb841e7a7b070b87
SHA256 8098ebcc001ca152aec47352e9b7d8f086512519cc430a8ec9c82f67fa9c29a5
SHA512 642676197b92ea837d475ccf2754217d1ed0bba7985cbd72202eb9b27541b08093c37dd3217b8946182bfd6b8a7f4f54357f294fc32d1449279390aa65a169d2

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x86.exe

MD5 fedc87470a950d6c723e6538c5f27817
SHA1 17674fcc6cf3a2ffdc391bdcde082aa936e37a89
SHA256 5c7dfa4fd52809813cf9350c4e5807434d78a0bb1fd0d61c85e02b41646a5780
SHA512 17d286311f8aee8866fb7dfbb12fc28fe98e57a460c086fd30bce421c1cd8c0549d92ba5a90c4557eb263ad29a0655da9022603979079022a414c0c5805cf9a1

C:\Windows\Temp\{ADCCE9C3-DBF0-48F7-B158-D5E29C3243E5}\.ba\logo.png

MD5 d6bd210f227442b3362493d046cea233
SHA1 ff286ac8370fc655aea0ef35e9cf0bfcb6d698de
SHA256 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef
SHA512 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\Microsoft Visual C++ 2019 x64.cmd

MD5 1c39b0799c57e7d2e97ba432faefc85f
SHA1 8b5029489d50b8b93ef9864dd056bd035d98d591
SHA256 c39c8d1d2065c790e39ec9dbd242d64340774e12db6ef90dbe2933106b46864a
SHA512 ddfe19d501bdc713d85dc1ba96bfb2a14ea01661b5115e1374fc80c83d5d6ab6fffb2375ca5e0121725a3f6d853fe7ba72cf6791cdab699a3171bdd288d05948

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x64.exe

MD5 ba584d9886d6eaee8daa852a0605dd00
SHA1 1effe7db3f42d670a1352c5c9b451c4db3e57ab5
SHA256 c2d74d9b85d0030eaa134679a2392268baa773185c5a21657390e43f8b518f69
SHA512 3076aa5583c2ee719f9755fb6aefc1f01f37a33491a7d336c39f9ad303e671574498a0dc16b64e3744098c86ac43ccb916557a4866caf1a5f4b1f5ec68446d47

C:\Windows\Temp\{E4FA0F66-5314-4600-9DFD-5B8A91945553}\.ba\wixstdba.dll

MD5 eab9caf4277829abdf6223ec1efa0edd
SHA1 74862ecf349a9bedd32699f2a7a4e00b4727543d
SHA256 a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041
SHA512 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

C:\Program Files (x86)\Steam\userdata\1839625405\config\librarycache\438100.json

MD5 6598db6351fb5f00f91082a3171f8779
SHA1 47d7b6e6fdaab2ce89542e19269ad8501b6ba55b
SHA256 4efc159ccef7773530dc27711d40c91582a74461b5f1b522e31c52bbb5c34098
SHA512 401d78650ef23b714822d6776676be1133f8e82c6e12857b6d3a4a527ebcddc6f25d00f5cf6c01a2f0f5c88ee41e57c8df9c4775ff23bf911b4930787c34b04a

memory/3112-19226-0x000001C3E0B20000-0x000001C3E0BB4000-memory.dmp

C:\Program Files (x86)\Steam\steamapps\common\VRChat\EasyAntiCheat\EasyAntiCheat_EOS_Setup.exe

MD5 98bfc93faf00b1cb0dec008988d89b25
SHA1 656de3845bd34bb1e7928e936415c5b9b3d854a5
SHA256 94567bf0dfcf48bfd6a2fa073e854ff6c8fb38ea114d5913dbe2c1d2554bcaae
SHA512 1be9c7d533ad4a8f0bcefa69aef9505fbf8adb24bcd7a985b0ebac2b5f8d6b8112207b9192ea6082746f257539dce837fa7556044e98477f476a598e9e8a610b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 9836179a1fd2b9bd58c08cac03844035
SHA1 4ccb6f8bdc8df4d45144ba63e8bcfa9bcaadfc20
SHA256 ba6e11ba5b47526fcaae6dbcecd933d0b7346b7553edca6cf707faddda72437e
SHA512 72b79d2b7c1fa2df9ba8dd371cbb7d5be20db905be135d8aefc237a2a061aa1f35f529b035266345cc4e2bb2e43647244c5b3b9c9060a15dca18ac8d4574b713

C:\Program Files (x86)\Steam\steamapps\common\VRChat\start_protected_game.exe

MD5 d1e1a1feb8171aca968bb6ea84403281
SHA1 95636ea7514e347114a4fa2e5d9a0a3af404da4b
SHA256 41505e16657a08b14450f3002fdcf9cd67f5ffcb08daa760cac5a9010ea57933
SHA512 2d923c38c6f88869530e32bd611981b44142893f03381c7a9ab6ce34e6017856894882fbb8da42de01bdd5c96daa282241e163b7aee048c4d20d90c1368b15c7

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 51d03b8186081b7bab0d3c7127df2441
SHA1 a50eb14951599a8f6d7744661c7ea82faa423d6f
SHA256 620c8adda4a6518959716061789ab7d8ae9dd769461d6af0d6a0e9e03c17eb6b
SHA512 6d2cf2bfde234274b9a80ba6e68cffab703a4cedef81ed40405a3f3820aff4125efcf5b001f1e65f26e907312c05ba239f4ff71a332e702004a24c0838927ac3

C:\Users\Admin\AppData\Roaming\EasyAntiCheat\badb4a68-68dc-5407-c59b-c03692712a8a

MD5 bed53153944fbb6981f63f3d2fef7168
SHA1 f476bf4dd0c6c9f61681d9bb2f26d3f2d4419d5f
SHA256 95a628655fefa1c2c3a9e24305a33f179db0891bb807332cb48e4e3c1550aeb0
SHA512 273fdc55fb4fc5ec14d70922213aaa096f9c39e6c8d7633122a6a476c8e4fa3b5a60d021f2be45b91e570d9917090b9347ba0ee8712ea75258700f70f71adee9

C:\Program Files (x86)\Steam\steamapps\appmanifest_438100.acf

MD5 bca7df152c2e138c55301de01191d4df
SHA1 17c5e3a17ff89e2d61ea5520e6ba6905c32b5781
SHA256 3714e586a1cfac7429893baa7f9c2310224d697c5ba2f7fc41744348fcb72252
SHA512 492b0cbd7bfda75656a17ec11a47a429d46d755a571dfcc764de36f2ab079b895a28c937f4ae1cce91d2c5eb27916f3007b478badcaf9df1371a5fe96b5d4660

C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.sys

MD5 e736ab47b62aeafb5413140766419b85
SHA1 4d33664ba441c11bf24c095209748a08a2882579
SHA256 77120a24813ba880db7dafa8273286080e85fe023332fe3bdcdf0e6ee333e87a
SHA512 d246e9442911f264e68eb0b3743d560b9bcf55007748abed0902446710160948f297503a38e90fda6bc9268ef5b9723412cdb3bd2430ecab6b6f7cf340758f59

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 78bce958237965a12097a589e963676c
SHA1 ee3a012a32ce92a7ae8cc191396c858bee05e2b7
SHA256 17dac53303802f3fde251567f6e8d97324eea21130125351aad8a76af071f3ef
SHA512 69ffa78954f7044b37eb2f7043768adc7469b52f50f16c0c7a5f5e84152d42d54e3c0946e84b5bf24ce53e913eac9f9a3d4c99fe8ae6b25091faf3c763f8c45f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 f077b3d1f538ccff9393923c3d2c82d5
SHA1 ebf221b5b257d546e91edc4d8bceb14460b4cafc
SHA256 c1c12729e9d9c780670fdef7bc2dcf9b954d5006e4d93924e9a9ef64706a593d
SHA512 4813729b64c966456298504e7078d76f04f6242ded99db309d3e9e6c1b2ae3c065905081c60e091260e9a6e883bee7888faf056b97e87be45d875bff70c8922e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 085ff40b507a172534fb2398058cf7e1
SHA1 20cc4277732ccba26fbffc8d2186f537a44ce097
SHA256 a8eaf6bd3c0978307bd019c3c81f78155d423470d675e6d89def230879284a0c
SHA512 86717b9734a1581c00d88d4969ad29de79b5aabdd63cf3410a0eb4d5900470fcb77e3d26dbf4df83cd36444500b97c8655a47d3189fad82fbe48861bd44121a7

C:\Program Files (x86)\Steam\steamapps\appmanifest_438100.acf

MD5 5286c6e4561eb2eb992b1086f84ed34d
SHA1 68fe504d8fe42e00b88bd91349ef947b591ca5fd
SHA256 e8d6c404a236b6cc5e968d8d80391e7ce54f6f52971d95d2a69dd8bd270ac60d
SHA512 007e719958d9d7d6961a2a92742c58edb6441e0bcc8c26dc9639094a97a47a1dd1ae77cf2113aebddd808fe4fcf72bce1df6dbd9ade632da2e23780fc0a18b0c

C:\Program Files (x86)\Steam\userdata\1839625405\gamerecordings\gamerecording.pb~RFe5e3c3c.TMP

MD5 6fa3e921c5f6dd717d95a6821a9579e8
SHA1 83fe21c546b9a1c542a30faea1b4918f2c0db9db
SHA256 d771d57e86bf8c5b319aceb87ec8610412e154b5139ec0aa9b3e1902473f32ae
SHA512 53920b19f730268e942478634cdb98f5c2efc74571452c218f0b5ed7005062827d2a704d8059601483f3305b6b39c3300833559b7b1d14e3bd149fda5abe53af

C:\Program Files (x86)\Steam\steamapps\common\VRChat\UnityCrashHandler64.exe

MD5 e20ed2e42b6867b20b8f76765ee99dea
SHA1 67aae8cb3ad36d1fd9f8713d4b0dd76f7e0d314c
SHA256 17ec01fe2cf53361374942eb2c2a2798c7812fe1ffe864fbbd263152d2858d83
SHA512 00a0514afc5fe9f760e871e7b63c8c0851c22a646c1b98953ff2fa53f3aa6ae4a646c2d2ee55a674f39ac7316a19b637f4e441c0936b816f5143aaec1b040afd

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 062750c9b67fd910e0c41191ef9eb29b
SHA1 a495b9b849df10097d9c8ccc2cf4c952cbc60c44
SHA256 728b7d93ced7a39e73afc434c4af449d2318a6ed2634cce2835ed7f9a31991fd
SHA512 eeb18df33b092be9fcffbcafdff09f250898b8f96fa03965042612f0e7a488e9293964ec45a1b4eccd1fbe7f2e5dedbe178333743fac0518e1e2e9da075b8270

C:\Users\Admin\Videos\Captures\desktop.ini

MD5 b0d27eaec71f1cd73b015f5ceeb15f9d
SHA1 62264f8b5c2f5034a1e4143df6e8c787165fbc2f
SHA256 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2
SHA512 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 a7b50c8dd4087936a0de75808b1a746c
SHA1 1faa95d3af63606cfcd6377cc3fdc368a0b9c673
SHA256 394b24e8a4f21b831e1d5f3bd7531c86f37439902f51de5af4b5a7fddb79695b
SHA512 b25f71edc3cc3706f337f3022ddfb4218ce7bbfb77a1db370365c49a377052eb5a2f0d8678d76427cd131ce2c152d98db67d0eb9f3ffbb8ee650c2d1c89c57d2

C:\Users\Admin\AppData\LocalLow\VRChat\VRChat\Unity\99b1a9cd-c61e-438a-8e39-fbd94680de47\Analytics\ArchivedEvents\173090964600002.dfbae3d5\e

MD5 98ee149af6e6076454c03e9e4a5914eb
SHA1 aaeb83acbf144ae4ebeea5f346d9f7613862d466
SHA256 0a4ba7e8d2d879ffa690fabbca08a956c4d5ea1ace65ccf880dbd81bc503ccd1
SHA512 fc10f6c7d015d576db36756558c485999968f67222b38c8f64508706240e5037e56d1a3ad50d8e1c15f7ec66df667adde73865957fccda17589d468d4f5ca7be

C:\Users\Admin\AppData\LocalLow\VRChat\VRChat\Unity\99b1a9cd-c61e-438a-8e39-fbd94680de47\Analytics\ArchivedEvents\173090964600002.dfbae3d5\g

MD5 c81e728d9d4c2f636f067f89cc14862c
SHA1 da4b9237bacccdf19c0760cab7aec4a8359010b0
SHA256 d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35
SHA512 40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114

C:\Users\Admin\AppData\LocalLow\VRChat\VRChat\Unity\99b1a9cd-c61e-438a-8e39-fbd94680de47\Analytics\ArchivedEvents\173090964600002.dfbae3d5\s

MD5 82e1bd1d735743c2d1639da8877ea83f
SHA1 8b570c0424667918217a0422c49b26fc25eb8ec9
SHA256 121788048dfbae9fe5f0b057beab4db8d669ad7cbe97552fb22461129bac758a
SHA512 a42f0e2bb747e598d8af10f1dbd3a7bc4ade4c1e57a7f613dcac75fa802cf6897e91f9f84b5a757de6e4ebecc2c652cb52344b25efd0f3f96c8d00e39395e9b0

C:\Program Files (x86)\Steam\steamapps\appmanifest_438100.acf

MD5 4fbf49b7c86462bb539686f5c050a1c2
SHA1 b2b3cd493374405a1b47f1add58d5e128c3126a6
SHA256 69b823e9031707870586c6d221c93061ed0bb3f20f4e12566c8900343658caf5
SHA512 9cbe0ae6a97e0f0902f7f78fc3eed3f4c07f850cd9c44b6381f3f9c010942aad04581cbf0a8fa4f2febad1e243a6ade433fbb6986c30adba0433c1e51f3a4287

C:\Program Files (x86)\Steam\userdata\1839625405\gamerecordings\gamerecording.pb

MD5 719d24f504a04a72298f532748b78fec
SHA1 fc8d3b0437aa3c09a9ce7461f4739f2382b4a0ca
SHA256 ce1a73472a1d98e6ebc02b21a85437e0dfdab4446c3dc19edd74cdaa53af99b3
SHA512 4bbe25a5b2b06c4381dbf5cbed80d6c4d4b86c582394716cc6c854173576894291f8a6201b607fbc2035521008cf34adebd746039e33026567390791d1473c99

C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached_timestamp.txt

MD5 e617004f34dfe694177ccb76cec8c10a
SHA1 786dee7c50ce1c59b3c74bc8510a39655dba0e87
SHA256 4758e043cb2eca019992ae414ad17c4b0c4f5ec38c905d89ff8d1c5994e73b99
SHA512 69ce1d132005c520a469d8afa06c6354083e2bdbc04e67cb7cb915c28f6638faa315cabe5c6c4d94b87d4df3dfc0824525515212a7ec6ebc498c68b94e3127f3

C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached.txt

MD5 0b8f38d6f219adb6af9a46e34c8b55c5
SHA1 abfb7eea3e2073ef536ef4c020b79dce54028174
SHA256 c6cced2a542c64817209699a48ba5c17f32ad47a5bb799d395d707f665378de8
SHA512 4a4dcd5efb3433f23848b7bcc18a430f05107985e48f280874f0058eac863b3ddac9f849ab55271f619c026a6282387f553f1ec25e16eba7cb68c850f314beea

C:\Program Files (x86)\Steam\resource\filter_banned_english_cached.txt

MD5 009ca439b8e68dbdb83850d51b07c736
SHA1 b8dd1986d15aef3dcba09c954577c780b549c582
SHA256 4bfbbfd0114ee78d7795835c64aae6dc6b525547748c5dd1150d7d1ff8757c43
SHA512 25e90b8b737b30879ec9073457cc7b30bdc46ed71b8885ce14f9c1946476d65c6bbdd0ddc19bb09c406cd9439837aec5c8ad007dbb5a4378842e1634429b093e

C:\Program Files (x86)\Steam\resource\filter_banned_english_cached_timestamp.txt

MD5 34dac22390cd9409c94ffb781bd147a2
SHA1 ed38e8cca3e779851c23e4c9c25c7e9faceb5a9b
SHA256 98a132958ba80fe8d1dadb076b5ed96e86d69b17d2676e0943d6160a5c5696ce
SHA512 1242dff7e37917613cae2debf1ce3f0e7defff5f9b268a2bb74e46b9c9e5280db569f01592d57ffe070efd56a2abd5a607175667a8ecb9591f979a901f5c7306

C:\Users\Admin\AppData\Local\Steam\htmlcache\GrShaderCache\f_000025

MD5 33a4d1f549eb8b8bf581f05c35768e10
SHA1 5e4478f1c14913a95e53401505a3c44daaa9ff25
SHA256 42ff2d9fd82409f19c07c976a28dd52730f348a6506daeb2265dbb9b8c0ae616
SHA512 89cc12d7a4a70c91f4ffd7e086de49f478503689f88849483156ec3831ea43f947c1609c76e898d391c5b2b79108f884fe86fe9a66e64c8fbc8a505531858051

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 9c74fed4ffb5d178a774e66214346b86
SHA1 d64e80f25dff4361c12469f50bfd20b71147fe97
SHA256 0bb4f4ad57f506c042ea37ac20ed2244ae1bc66d956cf99f01be37e232962278
SHA512 11b48b39a81fe6f841b16192825f753a2d59728e2e462d50ca5d7c2b78693aaa90e4fff3c8ea7a14da24ae7bdddc3d16043ac81fca4c4e1a7a928cd2616a195d

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 9366345605af97455231de3f1c92c797
SHA1 a254a0c7cc2565a3b175a116e4e7087a44986a83
SHA256 a0a79cd591a55d4eeea0615390461f6574590fd2139367447d9ed17b6a7ba4db
SHA512 fe6136bc6d8d893448aca8d5f71ae58d699cf589df3f7b76c8f430252ee1b4b3b25105a20a2f8d3025852df32a98c8b67e5a540d36caf635e145e7451f7f2645

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 12a04840aadb7c43299512fa4a0662d6
SHA1 1619fc11c410c00f4ef0b4a519eb09ea096d5492
SHA256 538b4f74a5530778dd1c9c9da611e9e1afd3bed09376e870a454868251809df7
SHA512 67b141db0026639d317cf059d2e03fcbefcb16afd5ca095186fac95373fd5ca638180974be76b24e7530952b634c0e20d91e6709fee808aef2b2138c2933dadf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 61cef8e38cd95bf003f5fdd1dc37dae1
SHA1 11f2f79ecb349344c143eea9a0fed41891a3467f
SHA256 ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA512 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\efa5a131-44b4-4a1f-9e9a-24ac8e4cd93f.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 59f5ad9f2826e12f0ad8fccf984bd2e4
SHA1 9fe0d235e219feb7ca9a439da003a2b7e9d7a2d0
SHA256 5812a37af572805dc5825446c3901c2f835db4393910f374a8b76308c757e08e
SHA512 5650f4ee5559882e50e5d623c5bb1ec70c0de917580ee79d578cc1737fd3e258b6825ed25765991cc1cdf3432e98cae4bd956fdec1ad064176637111ddfd4883

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 242cd90082ce1b81c074ec7ed168380b
SHA1 51e07320b7a38c1b375402dc370cc97021b866e3
SHA256 174688c10b45fc5dd85cd4ff4bd23d0182754ecae8477036959ac8e9c0a2609e
SHA512 6d15ece76e077802d7c81169a4e34f448ce1da28bdcfded4c1edd8b38ad19937a7d38354dc4c1d10d5d301227fa670344e2454037ed432a12163b8c732fa6c0d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 90fa1f873d7e7f23687d96a61337f14f
SHA1 0af93fe888786d16b039dad6c80092f19e17286a
SHA256 fccdf84b75870b633d0e48e3fe1e45a9ddd32b0599a84e6dcff42cca4d9cab89
SHA512 df5f66f2a958e6266b8797f9f1d579ec5b31b1578506fa8035e65bfc7cbc2f0fcfb9bf38650e86397f2612da5ff3a243d84c212b289ad52718d29e8e88dbac5f

C:\Program Files (x86)\Steam\steamapps\appmanifest_438100.acf

MD5 90209e06a497cba0db4d878cb6809513
SHA1 3c62d62576b06be5a5efcb79b5e212dc18d54b8a
SHA256 a82c2202314d7c7be2ddb98fc29a76bbd2a8e8c6f82cb9e748d63c201ac57442
SHA512 8d27ea2f66abce00733e757fdf9d784fe21f7b1abda0ad47bd04c3d88f779df4c4c54176cee6f01ca874d7c1a516057fe6f94ccbcc886ac232a266390448e02d

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 d1ecc82aeca2dfa03ff5d61052c68fa8
SHA1 ca5253ad69173dd63c25e4daf4ac3a3d9f3c901b
SHA256 ba174893120d065ce1886de498173e106d14982d14fa7c62d966e651d6055ecc
SHA512 16d3d4653622a9799c21175609d665535c3ef18389947798450c5a6d40e3201ea442a40ff90bc4a70d356c4c66fa14eb7aec80046f58a98d015fd81e8dff4ff5

memory/5408-20020-0x00007FFCCB090000-0x00007FFCCB0AD000-memory.dmp

memory/5408-20019-0x00007FFCC0830000-0x00007FFCC08C7000-memory.dmp

memory/5408-20023-0x00007FFCC16B0000-0x00007FFCC16F6000-memory.dmp

memory/5408-20022-0x00007FFCC1780000-0x00007FFCC17C0000-memory.dmp

memory/5408-20021-0x00007FFCB4150000-0x00007FFCB4605000-memory.dmp

memory/5408-20018-0x00007FFCCB0B0000-0x00007FFCCB0D1000-memory.dmp

memory/5408-20032-0x00007FFCCB090000-0x00007FFCCB0AD000-memory.dmp

memory/5408-20034-0x00007FFCC0830000-0x00007FFCC08C7000-memory.dmp

memory/5408-20031-0x00007FFCCB0B0000-0x00007FFCCB0D1000-memory.dmp

memory/5408-20030-0x00007FFCC16B0000-0x00007FFCC16F6000-memory.dmp

memory/5408-20033-0x00007FFCB4150000-0x00007FFCB4605000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 a87e584d5bd976bc31c73eecc482df57
SHA1 33ba4fd3825c31e01726d94b437b8a11d12223c3
SHA256 14a8e404c34ec048fa117318acb73ac63de05b8439956aea7622346897adcff6
SHA512 48becc84d5bde6aac6df1535858f1ef87ae0b453cdf01b9720ac55f20f4fd9d0080fd680d4e5c4b0d6fb63705d66604368bd949b571a99386f3fd5186f1b4e7d

C:\Program Files (x86)\Steam\userdata\1839625405\config\localconfig.vdf

MD5 2e6fa158b928521e5a29c0087ff09009
SHA1 5019724efabca13fbd3fa09727485fac24e31e46
SHA256 73e2e1ef7d906f21c18ea11d5576361d5ffd18c36ecb50c9523adfacf6bc4a37
SHA512 03873d3ae17f5cba803633ddd56f3559da1d5547600d61933795ab2352815a2f4155c3abd43d72fe9ec5af50d28d82686782c88701f0ea539d1c2e8cfc5d27c3

C:\Program Files (x86)\Steam\appcache\appinfo.vdf

MD5 1c8b6ce48763f604f3b911859979e7ac
SHA1 6c0ca8a60d60e6133b129ee52a7069088e069f99
SHA256 d939aaf4f0123cb1a03852286d7a587f5631b0a20a83377df8b60caa1a2b7194
SHA512 017488a6b5f5542ea27d830c3597b083409c41a59094d3af4e37138db0b2f66f7300fddacfb46b010d5010607fb5771e9ea4e149275c451dafb312313f061bfc

C:\Program Files (x86)\Steam\userdata\1839625405\config\localconfig.vdf

MD5 bb2e6313d74fa6d0288238d4166c133f
SHA1 4c76c0593450a8260e2cba33870a68c2fb1029de
SHA256 593bbc0822260ed4b1ac98ae4ac059f4c46ccef0057ba50f7dbc7a6f7cd2e442
SHA512 0e831c5ebc546e1df80ec90eec19cf0ffd64754a8c9f2d3f387182f2bbd2af8fb893dd3817e3479a7f5a17714df9c04c682d15bf2a615a3d09c3c2c780035d31

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-06 16:06

Reported

2024-11-06 16:07

Platform

win10v2004-20241007-en

Max time kernel

31s

Max time network

33s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2252 wrote to memory of 5064 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2252 wrote to memory of 5064 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2252 wrote to memory of 5064 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5064 -ip 5064

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 620

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-11-06 16:06

Reported

2024-11-06 16:07

Platform

win10v2004-20241007-en

Max time kernel

33s

Max time network

35s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsProcess.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4180 wrote to memory of 4412 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4180 wrote to memory of 4412 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4180 wrote to memory of 4412 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsProcess.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsProcess.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4412 -ip 4412

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 600

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 104.209.201.84.in-addr.arpa udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-11-06 16:06

Reported

2024-11-06 16:06

Platform

win10v2004-20241007-en

Max time kernel

11s

Max time network

12s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\LangDLL.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3816 wrote to memory of 2668 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3816 wrote to memory of 2668 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3816 wrote to memory of 2668 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\LangDLL.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\LangDLL.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2668 -ip 2668

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 600

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp

Files

N/A