Analysis Overview
SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
Threat Level: Shows suspicious behavior
The file SteamSetup.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Drops desktop.ini file(s)
Enumerates connected drives
Adds Run key to start application
Downloads MZ/PE file
Network Service Discovery
Detected potential entity reuse from brand STEAM.
UPX packed file
Suspicious use of SetThreadContext
Drops file in System32 directory
Checks computer location settings
Checks installed software on the system
Executes dropped EXE
Loads dropped DLL
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Access Token Manipulation: Create Process with Token
Browser Information Discovery
Program crash
Checks processor information in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Modifies data under HKEY_USERS
Modifies registry class
Enumerates system info in registry
Checks SCSI registry key(s)
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious behavior: LoadsDriver
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-06 16:06
Signatures
Analysis: behavioral7
Detonation Overview
Submitted
2024-11-06 16:06
Reported
2024-11-06 16:07
Platform
win10v2004-20241007-en
Max time kernel
33s
Max time network
41s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Steam.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\Steam.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Temp\Steam.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\Steam.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\Steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\Steam.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Steam.exe
"C:\Users\Admin\AppData\Local\Temp\Steam.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.steamstatic.com | udp |
| US | 151.101.3.52:443 | cdn.steamstatic.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 2.23.210.75:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.3.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.169.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.210.23.2.in-addr.arpa | udp |
| US | 151.101.3.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.3.52:443 | cdn.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.209.201.84.in-addr.arpa | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-11-06 16:06
Reported
2024-11-06 16:06
Platform
win10v2004-20241007-en
Max time kernel
9s
Max time network
4s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\bin\SteamService.exe
"C:\Users\Admin\AppData\Local\Temp\bin\SteamService.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-11-06 16:06
Reported
2024-11-06 16:06
Platform
win10v2004-20241007-en
Max time kernel
11s
Max time network
13s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 5076 wrote to memory of 3024 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 5076 wrote to memory of 3024 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 5076 wrote to memory of 3024 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ShellLink.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ShellLink.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3024 -ip 3024
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-06 16:06
Reported
2024-11-06 16:07
Platform
win10v2004-20241007-en
Max time kernel
30s
Max time network
31s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3416 wrote to memory of 2052 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3416 wrote to memory of 2052 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3416 wrote to memory of 2052 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2052 -ip 2052
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 616
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 20.242.39.171:443 | tcp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-06 16:06
Reported
2024-11-06 16:07
Platform
win10v2004-20241007-en
Max time kernel
34s
Max time network
35s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 856 wrote to memory of 3144 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 856 wrote to memory of 3144 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 856 wrote to memory of 3144 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3144 -ip 3144
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 644
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-11-06 16:06
Reported
2024-11-06 16:07
Platform
win10v2004-20241007-en
Max time kernel
34s
Max time network
36s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3656 wrote to memory of 3048 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3656 wrote to memory of 3048 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3656 wrote to memory of 3048 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3048 -ip 3048
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-11-06 16:06
Reported
2024-11-06 16:07
Platform
win10v2004-20241007-en
Max time kernel
12s
Max time network
14s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 8 wrote to memory of 2732 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 8 wrote to memory of 2732 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 8 wrote to memory of 2732 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 2732 -ip 2732
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-06 16:06
Reported
2024-11-06 16:51
Platform
win10v2004-20241007-en
Max time kernel
2700s
Max time network
2687s
Command Line
Signatures
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" | C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe | N/A |
Downloads MZ/PE file
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Videos\Captures\desktop.ini | C:\Windows\system32\svchost.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
Network Service Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\GameBarPresenceWriter.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Program Files\VRCHub\VRCHub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Program Files\VRCHub\VRCHub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
Detected potential entity reuse from brand STEAM.
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\dll\gdi32full.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\dll\advapi32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\dll\crypt32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\dll\ws2_32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\sechost.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\dll\userenv.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\dll\ntdll.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\symbols\dll\cfgmgr32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\crypt32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\shcore.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\gdi32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\symbols\dll\gdi32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\hid.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\dll\glu32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc100kor.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\dll\UnityPlayer_Win64_player_il2cpp_x64.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\symbols\dll\UnityPlayer_Win64_player_il2cpp_x64.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\dll\win32u.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\baselib_Win64_player_Master_il2cpp_x64.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\winmm.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfcm100u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\ole32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\symbols\dll\sspicli.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\symbols\dll\oleaut32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\dll\shcore.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\symbols\dll\shcore.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc100jpn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\shlwapi.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\version.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\dll\version.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc100cht.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\symbols\dll\userenv.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\sspicli.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\dll\AudioPluginOculusSpatializer.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\mfcm100.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\dll\msvcrt.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\ucrtbase.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\AudioPluginOculusSpatializer.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\atl100.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\symbols\dll\AudioPluginOculusSpatializer.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\WindowsPlayer_player_Master_il2cpp_x64.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\dll\kernelbase.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\symbols\dll\mpr.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\DLL\iphlpapi.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msvcp100.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc100cht.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp100.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\EasyAntiCheat\service.log | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc100chs.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc100esn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\symbols\dll\user32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\dll\ole32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\symbols\dll\shell32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\imm32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\dll\opengl32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\symbols\dll\dbghelp.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc100u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc100ita.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\ntdll.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\symbols\dll\msvcp_win.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\CoreMessaging.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\symbols\dll\advapi32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\dll\bcryptprimitives.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc100chs.dll | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 7920 set thread context of 3112 | N/A | C:\Program Files (x86)\Steam\bin\x64launcher.exe | C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe |
| PID 5512 set thread context of 4568 | N/A | C:\Program Files (x86)\Steam\bin\x86launcher.exe | C:\Program Files (x86)\Steam\steamapps\common\VRChat\EasyAntiCheat\EasyAntiCheat_EOS_Setup.exe |
| PID 3112 set thread context of 6544 | N/A | C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe | C:\Program Files (x86)\Steam\steamapps\common\VRChat\start_protected_game.exe |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Steam\config\libraryfolders.vdf.async5644.tmp | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_hungarian-json.js_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\icon_controller_bpm_over.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_ltrackpad_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_lt_click.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_dpad_left_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File opened for modification | C:\Program Files\VRCHub\ja\System.Windows.Controls.Ribbon.resources.dll | C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0010.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_110_social_0301.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_home_down.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_buttons_e_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_ltrackpad_up.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_gyro_yaw_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\resource\styles\gameoverlay.styles_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0450.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\icon_up_default.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\xbox_360_spanish.txt_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File opened for modification | C:\Program Files\VRCHub\System.Net.HttpListener.dll | C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0402.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_back_over.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\icon_install.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_r_right_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_button_plus.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_090_media_0200.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_030_inv_0309.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox360_button_start_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_l_up_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat_Data\resources.assets | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_rb_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_ring_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_button_x_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_l2_soft_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\resource\filter_profanity_russian.txt.gz_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\resource\layout\gamespage_grid_chrome.layout_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_ltrackpad_right_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\hp_m1_sm-1.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_l1_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\friends\ChatURLWarningDialog.res_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files\VRCHub\is-REJ90.tmp | C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\inbox_offlinemessage.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_button_home_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_l_click_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_sr.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files\VRCHub\is-JQUU1.tmp | C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt | C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Steam\steamapps\common\VRChat\EasyAntiCheat\Localization\it_it.cfg | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_down_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_mouse_scroll_down_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\pt-BR.pak_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File opened for modification | C:\Program Files\VRCHub\es\UIAutomationClient.resources.dll | C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\public\steam_tray.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_gyro_roll_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_touchpad_click.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steam\cached\steamui_postlogon_latam.txt_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_rt_soft_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat_Data\Plugins\x86_64\symbols\dll\dwmapi.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0210.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steamui_greek-json.js_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\public\steam_voice.ico_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File opened for modification | C:\Program Files\VRCHub\clrgcexp.dll | C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp | N/A |
| File created | C:\Program Files\VRCHub\is-187SK.tmp | C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\icon_security_unknown.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_l_touch_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\UnityPlayer_Win64_player_il2cpp_x64.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\dll\UxTheme.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\DLL\iphlpapi.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\dll\AudioPluginOculusSpatializer.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\rpcrt4.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\symbols\dll\rpcrt4.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\dll\gdi32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\imm32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\symbols\dll\ws2_32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\symbols\dll\winmm.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\symbols\dll\opengl32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\symbols\dll\GameAssembly.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\kernelbase.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\apphelp.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\dll\rpcrt4.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\CLBCatQ.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\symbols\dll\shlwapi.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\symbols\dll\gdi32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\advapi32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\symbols\dll\bcrypt.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\dll\winmm.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\dll\glu32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\symbols\dll\Kernel.Appcore.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\dll\userenv.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\symbols\dll\userenv.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID2E4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5dce3a.msp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\dll\GameAssembly.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\symbols\dll\sechost.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\symbols\dll\win32u.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\dbghelp.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\symbols\dll\kernelbase.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\sspicli.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\ntdll.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\AcGenral.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\ws2_32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\symbols\dll\glu32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\dll\Kernel.Appcore.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\symbols\dll\bcryptprimitives.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE545.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\symbols\exe\WindowsPlayer_player_Master_il2cpp_x64.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\symbols\dll\ntdll.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\symbols\dll\ucrtbase.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\opengl32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\CoreMessaging.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\dll\shlwapi.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\cfgmgr32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\dll\bcrypt.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\winhttp.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\user32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\dll\gdi32full.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\setupapi.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\symbols\dll\cfgmgr32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\bcrypt.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\crypt32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\hid.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\dll\baselib_Win64_player_Master_il2cpp_x64.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\sechost.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\dll\ole32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\combase.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| File opened for modification | C:\Windows\dll\advapi32.pdb | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Access Token Manipulation: Create Process with Token
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Common Files\Steam\steamservice.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\bin\gldriverquery.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2010\vcredist_x86.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x86.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\VRCHub Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\{4E1D1858-88A5-4997-AEFD-3BD2DA91ACAB}\.cr\VC_redist.x86.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\{F382EE27-E8CD-4592-821A-26ACF2D107A5}\.cr\VC_redist.x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\bin\x86launcher.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\steamapps\common\VRChat\EasyAntiCheat\EasyAntiCheat_EOS_Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | \??\f:\81bd88d56c11da6e16b3\Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2010\vcredist_x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ZER0.Certificates.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ZER0.Certificates.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Common Files\Steam\steamservice.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | \??\f:\5b89c399c4a5f9140449c776\Setup.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | \??\f:\81bd88d56c11da6e16b3\Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | \??\f:\5b89c399c4a5f9140449c776\Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | \??\f:\5b89c399c4a5f9140449c776\Setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | \??\f:\81bd88d56c11da6e16b3\Setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Steam\steam.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\CRLs | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133753828689015903" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\steamlink | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.dp\ = "VRCHub.dp" | C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VRCHub.dp | C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1D5E3C0FEDA1E123187686FED06E995A\KB2544655 = "Servicing_Key" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steam | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A\ProductName = "Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1926E8D15D0BCE53481466615F760A7F\KB2524860 = "Servicing_Key" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A\SourceList\LastUsedSource = "n;2;f:\\81bd88d56c11da6e16b3\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1926E8D15D0BCE53481466615F760A7F\Version = "167812379" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\VRCHub.dp\ = "VRChat Asset Package" | C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VRCHub.dp\Shell | C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1926E8D15D0BCE53481466615F760A7F\Patches\Patches = 3400440035003400300037003600430045004400340046003500420041003300320042004200440033004500350046004100440031004300440034004300390000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1926E8D15D0BCE53481466615F760A7F\Patches\4D54076CED4F5BA32BBD3E5FAD1CD4C9 = ":SP1.1;:#SP1.1" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2437139445-1151884604-3026847218-1000\{BA3FE3F8-A88F-48DE-B710-52C9CFB1F088} | C:\Windows\system32\svchost.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VRCHub.dp\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A\Version = "167812379" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1926E8D15D0BCE53481466615F760A7F\KB2549743 = "Servicing_Key" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1926E8D15D0BCE53481466615F760A7F\ProductName = "Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1D5E3C0FEDA1E123187686FED06E995A | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steam | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VRCHub.dp\Shell\Open\Command | C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam\ = "URL:steam protocol" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1926E8D15D0BCE53481466615F760A7F | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\ = "URL:steamlink protocol" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steam | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VRCHub.dp\Shell\Open | C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Patches\2D0058F6F08A743309184BE1178C95B2\SourceList\LastUsedSource = "n;2;f:\\81bd88d56c11da6e16b3\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1926E8D15D0BCE53481466615F760A7F | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam\Shell\Open | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\ = "URL:steamlink protocol" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\Shell\Open | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1D5E3C0FEDA1E123187686FED06E995A\KB2524860 = "Servicing_Key" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1926E8D15D0BCE53481466615F760A7F\KB2544655 = "Servicing_Key" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2437139445-1151884604-3026847218-1000\{618BA95B-D79C-4304-B7FA-1C9D6B1B4334} | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam\DefaultIcon | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\URL Protocol | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\VRCHub.dp\Shell\Open\Command\ = "\"C:\\Program Files\\VRCHub\\VRCDataMod.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A\Patches\2D0058F6F08A743309184BE1178C95B2 = ":SP1.1;:#SP1.1" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Patches\2D0058F6F08A743309184BE1178C95B2\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Patches\4D54076CED4F5BA32BBD3E5FAD1CD4C9\SourceList\Net\2 = "f:\\5b89c399c4a5f9140449c776\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7B9D7E1F96BA7FF50AC0D201383FD1F07412E59E\Blob = 0300000001000000140000007b9d7e1f96ba7ff50ac0d201383fd1f07412e59e2000000001000000d3050000308205cf308203b7a00302010202147d7bd06f0a46a1d10d3dad668239b834249f5fc4300d06092a864886f70d01010b05003069310b30090603550406130247423116301406035504080c0d57657374204d69646c616e64733113301106035504070c0a4269726d696e6768616d3110300e060355040a0c074d61676d614d43311b301906035504030c124d61676d614d4320476c6f62616c5369676e301e170d3234303831363133333331335a170d3339303831333133333331335a3069310b30090603550406130247423116301406035504080c0d57657374204d69646c616e64733113301106035504070c0a4269726d696e6768616d3110300e060355040a0c074d61676d614d43311b301906035504030c124d61676d614d4320476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a028202010093210f529d7445a998218a94ebaa50e6dc11038451ad30469459b44d716ece5f54eb3fd38b305e29ba3b60bcf3f5f980d261cc391ae519f1e05c221c80e5da1f46eef851bd4b768f8ef4471b80f52043e01f59966df78d4e717b8be427162989da8d828db463fce97cbbe0b75452a63b24222605308b3add6123be8a4e92e53ceffbf41484d874624c113d43e2a51e086a39bf30830310f0423ad1d934ca41b7b85cd885fdd5865378932111b73227d6574c26b9102d4a29de2a7003f8fdb2f295fa39ab8b1b6f8c62d2e5ae90f6d614ee6464fd807a4c4872e4a56cf6edb0cc73ea2ecc644d2b1bbc682bb75f1b53204cf8b16861d278c9ffc32ad9a700e9d5de035bc2b7ec0b2258899b31b285192040d97aeebea70968e6029bf0fe5bf3ecf3c2144dc9e6fcce39720a3e5f03288f8cc0af6a1d929c15ccfc187a20dd6897659fb45da7bdd45559afb1a4b577d4980ac359aa00089fb66adcfc79c263c515d9e3db19d201e76a0db2ab26d2ece0b282d57811299f8a7f2ab72d58c27f29c82b881c96fa2f30d8229d6d06ff55bf41276552723f9260285b0a685ac4c0ab23c04ff7cdbf9bc94574d82f43fb622d34f1d9d1ea6f4fe0cf4dd59f8b631f2a59dda59542383a8c4411932c51413b3a77915281e2518b51c08486e846b588cf2ce7b0b0a9331e706e9f7ae6ec9f0bd513524d0ec57720f0cc6dbef1ebd6209c490203010001a36f306d301d0603551d0e0416041400e97016ef3bdf351cd1ce322c1188324a352151301f0603551d2304183016801400e97016ef3bdf351cd1ce322c1188324a35215130090603551d1304023000300b0603551d0f04040302078030130603551d25040c300a06082b06010505070303300d06092a864886f70d01010b05000382020100587a2cd58f10ac6407ec028b511d1363a9ef269ee78c7a2d6fbcfb10f87fcd4c2b9e9c1086a0dc03af5f4ef5bf91e500c96d071896ab3770d2110b26fc047fed1c8124b8066c3d19de9b3e47bb9a7bf0959877acf807e5c318fc38a46ecb81657119d554383472c517a9709e57936b4fda72603d909d4d6312d1671356bc6b77efb73ce60f66ca0d5f3cc54db8e4977ba92f859e0a7eb528a5ba770ede910a77d655ae42180f863614480374fbe3efeff32baf7b6f7db12e7b0d776f3b5fb1edbb5dd5dd20ef9d08a94104dbdd8ef082080148af43510b3d8e869dfec42ddda578319ca601f99aedd598f52d56b9a4c77fc8a35370d35a9b0e258319bc0e2ad67aa37a41f99b0e9d45de208141f8f3e97718974a5a02a5c0a9e45d3f6b7cd4f97a7ccf4042eaa381ffb1307abde103c0bd64a470e3c07170633f66985841d373cbf1c5bf9f2e18b3847dc6d72d9e76ad5d0e4003abe684cab66053b25a50d1e287b6c0b797936e9603c937beb9e49c2a551e197005e7a838f2a909b944aebdc23dfbaf7de3ad183c909f88de6c3f6fa1af9100a69c071ca3dc6599b70da0c0cce68d0e2cb23b5eab785e496bba843db233196d155c15457c01dfb3e9ed4a248c68750ce187351806aa7b7d85421d56f733400c64f4010b0c9cd078a801599d9fb7080eb7f6987cd12323a5653fa7e88dc3279b9333dd87de3ae622c9e67c327e | C:\Users\Admin\AppData\Local\Temp\ZER0.Certificates.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Program Files (x86)\Steam\steamapps\common\VRChat\start_protected_game.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | \??\f:\81bd88d56c11da6e16b3\Setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | \??\f:\81bd88d56c11da6e16b3\Setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Program Files (x86)\Steam\steamapps\common\VRChat\start_protected_game.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\C9B4CA6DE60F5398B21CDA1841CFD9081D3960F7\Blob = 030000000100000014000000c9b4ca6de60f5398b21cda1841cfd9081d3960f72000000001000000c5050000308205c1308203a9a003020102021464f260997509be7e207b99fd968f2bc20afed4b1300d06092a864886f70d01010b05003062310b30090603550406130247423116301406035504080c0d57657374204d69646c616e64733113301106035504070c0a4269726d696e6768616d31123010060355040a0c095a455230205465616d3112301006035504030c095a455230205465616d301e170d3234303831363133333330385a170d3339303831333133333330385a3062310b30090603550406130247423116301406035504080c0d57657374204d69646c616e64733113301106035504070c0a4269726d696e6768616d31123010060355040a0c095a455230205465616d3112301006035504030c095a455230205465616d30820222300d06092a864886f70d01010105000382020f003082020a0282020100bd166a791cc1ea6f5af331e87fa3b54ca042e47ad224a08f23f19cb5cb0fcaae58974f5b9526e558518cdb1ba133cb95eba881c04a8ed2e738e907c9593e2da4796195220cdc297c0cf7e28502de9ecf15e0aa3cf1efa78ecbc7ca65ec6129c2bb3db786a74624598907f14f19a8a8adc71da369fac97599323eb6d5ee0b0ef6a188037f91c87dd7453fac3864d06f232fce044e00a50820476c221daf3a3e8e3182891fdd49102767605fcd610cae1a6c8a3e76e98933bca0c6426a61a41a2f77e5017e76b18e2986fec3cc839bb1173e136d3e41a6dea72dac4715ab38117595f6db905d3770567331b9ff924d65443b83bf9cad4043ff73d0f5767fa8c4cbc1fe3dac34d96c47a99a96eba1f2ef9762904af25401b8a2175a8cac765589549dca49b56fc46510200571b062cecaed8ad1a1c2165de6c40b9ba101416c4b046cfaaa22c81370fb969074368aa49532ffc1395a93b74ccb74256c123c0af26041f70f4e203d784a5e7feb59680c748f91cb9523c5f4c006559ac3ed37bc69c4b40f0c5fe447a134c94d4b2600731c024ddfd201c3710655d4082b4f4f9990c97c0752fe21bf7d95041f9a8ba7fa84929a8e348da7ad32c4e923a7cea00cd78873376f761e90a29c8311a792241c307658496917d6f058c6c6eaa077f5753bd3c1e14de6c150052b3ba13a6832e7b326e19a23647a555c8d5e95c8199474df770203010001a36f306d301d0603551d0e04160414817e1ff385f7063b05692cc2ff235d83e560a366301f0603551d23041830168014817e1ff385f7063b05692cc2ff235d83e560a36630090603551d1304023000300b0603551d0f04040302078030130603551d25040c300a06082b06010505070303300d06092a864886f70d01010b05000382020100657115b65f2af264dca34ea1d2c90daa2afe9198e172370d5b1f59a56595602a41e565810a2f5b7bd07f783dbe110010a3fad5ec8c0089ee31aedddd0dee8f60c2af3ca947aa1b136cec53e53633941572d2581fee3c742f68bb4023f9d463027af6c9a7a5bf52b636b09412c24503e5d30bed11128001eca664e27d08b6af0e2cfa76fb96a6ca9017c08391b5ca9d423e0122643eb157ee22ae71c94c9c9991839361e294cc811e00f18196b304d76fb777978dbf1795a44591d240e3e94bee2df678fbcbc4d080544202958d4556d76f56b976e0da56fd162bea45f15fb3273ca031355b1fffbd814aa40dc3159dfdacb2bd59598c3b0addb3c4ac903bcdcea43a7ccb11718ac0bb93274d83627577aab763d3e52a9fb692c29a9c4ba0bc5d4bd354d2bc09e2f72bc8a005924c0fe59ebdc548371e7b5f64241d0c63fcbc9cce1cfdec0ef946a84809266a4cdf3dd2325bcd92792da9b52220c7d9825c02ffbb6abe224e1285252129bc9c3cafe28113793ee84ed13d9212446cc3f99a386fd5176bccfac01e08187208b0e83c038b1a6fa81b3e90ec249263c5faf2fbe167acfc8fb780d9ba857550bb0b06cf529375cbe9fc76973cf65167b327840929e4947299722ede77af1db718a31f27a4f13c668b616c910dddfdb4d2f1e288cb09f48e5cf075b3db7da245b1c69ecda75875522348a0728909f01cd861e0ac637f | C:\Users\Admin\AppData\Local\Temp\ZER0.Certificates.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\388678CFB6A9627CB62083131A1D88B2E2306381\Blob = 030000000100000014000000388678cfb6a9627cb62083131a1d88b2e23063812000000001000000930500003082058f30820377a00302010202144a2c64052856febaea3118c40bf04be2fe536c5e300d06092a864886f70d01010b05003049310b3009060355040613025553311c301a060355040a0c135a45523020436f6d6d756e697479205369676e311c301a06035504030c135a45523020436f6d6d756e697479205369676e301e170d3234303831363133333230315a170d3439303831303133333230315a3049310b3009060355040613025553311c301a060355040a0c135a45523020436f6d6d756e697479205369676e311c301a06035504030c135a45523020436f6d6d756e697479205369676e30820222300d06092a864886f70d01010105000382020f003082020a0282020100c610f7f764bf52f8b59bd35a766109f610e83fba15381006d8ee4827f813a2de5a7b55458a0c8fa97373fbbe48f9884e78aa4d20a4cf343db893884af2137959e5cbb76a1ea5f068fe196e05bc5d1e803c220c0b586f134f8ab47e0a9a698b28fbb421c87d5aa412e1cb477b078b8dd1adf814d3e643707b4c6f00746266000b6a647d3ae833ff1f5559de05c45fafe398b4b5540ccfd16675c8920583d04377f7f9da3aaa9f7d5766adf1c69e9a8246e5ae650bec36781d8a32bfe4537e7f4b2dcb9fb1d72f9145b9376fb4d78eae94bc47a8ad58a6d66e07382c2d5078315dcf99a3032323e3e7f804a59d1eed5e4eb54c6bd8d2a3761585960c53e6c8f7652b5e224f54a9691d347ae16107c79a0ce482e14a17cfb6338804e8e07851c3756d69ac86731835f8b996ff1fab0c36fd9865c557be8a517db7c1ddc877342302ccdf46ea5d0072e107b14e6c39ecde53e1d0bd804ad6e94df79f6e2635152ce6b197fd3a78e6e5083f93b8f3a9de811f0d5005bbe12494bad3a3ebe940cbd8128163ab856d767eab1eb22d4e890b5083c431cbf3b1358fb8c9b5808e32aa94a5e21d028011023d202eebcac4d6001ed2650027cbffd1fc581708ad3d2337f8cd3a7e6d67af2e814f9cbebd7f5f24aee21d5ad9a73f7f0b0f3f4b6057b24a7318e7d27d5528a39bd6715a209c464123c8db5bd683183f82ef9ab923242bf094150203010001a36f306d301d0603551d0e04160414c91d69e12acf625f9580b637cbeb812ecddee01d301f0603551d23041830168014c91d69e12acf625f9580b637cbeb812ecddee01d30090603551d1304023000300b0603551d0f04040302078030130603551d25040c300a06082b06010505070303300d06092a864886f70d01010b05000382020100088cc3dd2e60ce7066cbd369c07a90d14082130f13f70ae7c5ba0fde9548a87910e2868169251b1fd6a393c4aaa59e54db55428bebf6ae35e885fbf6bc9b79a485c40b0fe2352147d5a36608dd191cbd8c42f15c6f15cb074a5d8610a0708828c4624b1423ad3262841d80b644a529fb06f0dc93963e083fbbf2b417854671708e549606335caba89ca48bab35827aa1addf75157b080bfbc6d4ac81812b6e7231b0a878498ec426b66bd64e7637acb473dd8512cb33caa7547507e5cedbc476ca3c4b24ffb4a2fed8da8fd945806d5059aa37925952937262b4321aefd626d2e797a31db05169b7bccea5028ebba1c49468bb254d333d826a4604a87fe022edd02742af8d9a0b5ecf88ccd6cd04c4b45a8aa43869bcd60ddaa499e7cb2e8d5332aadbf9477e7d238518779340e566253b19620543f79aebde89258935002810becf4818ebf1e4894d41c270e1d82037cc4de7fd58646e9733933a52ea636cffb68348a15c7d893dde42221fb65b693b77c6eb05545901f839e36d7a1a713de4f119880df7143a7d11e251f55aee24cd6023e23c4a5d295d78092904afc98ab8311d22a7ed2f37301365186f4fb1d6070fdc3facf8f86c4685a490c695c95ddb6f77ee167e17a51bb56dadd0bcda9bd483a6891f39af58b9cf2e3e32cdb0789889472d19c765aa7063790b8f869682648632a15b1fa1a1b639400ac011a0db7f | C:\Users\Admin\AppData\Local\Temp\ZER0.Certificates.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD | C:\Program Files (x86)\Steam\steamapps\common\VRChat\start_protected_game.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 5c000000010000000400000000080000190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0282000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\C9B4CA6DE60F5398B21CDA1841CFD9081D3960F7 | C:\Users\Admin\AppData\Local\Temp\ZER0.Certificates.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\388678CFB6A9627CB62083131A1D88B2E2306381 | C:\Users\Admin\AppData\Local\Temp\ZER0.Certificates.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0280f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | \??\f:\81bd88d56c11da6e16b3\Setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD | C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7B9D7E1F96BA7FF50AC0D201383FD1F07412E59E | C:\Users\Admin\AppData\Local\Temp\ZER0.Certificates.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Steam\steam.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe
"C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe"
C:\Program Files (x86)\Steam\bin\steamservice.exe
"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffcc0bfcc40,0x7ffcc0bfcc4c,0x7ffcc0bfcc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1944 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2204,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2304,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2264 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3116 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3156,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4536 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4388,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4720 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4344,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4732 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4028,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4856 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4492,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4456 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4848,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5108 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5148,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3700 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4664,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4476 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3264,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4416 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3140,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5340 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3132,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3332 /prefetch:2
C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=5644" "-buildid=1730853027" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1730853027 --initial-client-data=0x280,0x284,0x288,0x27c,0x28c,0x7ffcbbf3af00,0x7ffcbbf3af0c,0x7ffcbbf3af18
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1584,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1588 --mojo-platform-channel-handle=1576 /prefetch:2
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=2276,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2280 --mojo-platform-channel-handle=2272 /prefetch:3
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x324 0x2f8
C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
.\bin\gldriverquery64.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=2732,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2736 --mojo-platform-channel-handle=2728 /prefetch:8
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3176 --mojo-platform-channel-handle=3168 /prefetch:1
C:\Program Files (x86)\Steam\bin\gldriverquery.exe
.\bin\gldriverquery.exe
C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
.\bin\vulkandriverquery64.exe
C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
.\bin\vulkandriverquery.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3696,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3216 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5076,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5424 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5520,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5524 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5468,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3128 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3300,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5516 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4932,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3376 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5828,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5836 /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3844,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3848 --mojo-platform-channel-handle=3840 /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3984,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3988 --mojo-platform-channel-handle=3968 /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=3796,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3784 --mojo-platform-channel-handle=3804 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=860,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6024 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5812,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5840 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5288,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5884 /prefetch:8
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4268,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4264 --mojo-platform-channel-handle=4380 /prefetch:8
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4264,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4260 --mojo-platform-channel-handle=4100 /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3868,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3740 --mojo-platform-channel-handle=3876 /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4324,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4308 --mojo-platform-channel-handle=4436 /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4580,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4692 --mojo-platform-channel-handle=1992 /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=4488,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4804 --mojo-platform-channel-handle=4528 /prefetch:8
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4608,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3644 --mojo-platform-channel-handle=4332 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=3392,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4476 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5640,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5096 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6472,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6476 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6468,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6632 /prefetch:8
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3916,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3892 --mojo-platform-channel-handle=3544 /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4000,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3760 --mojo-platform-channel-handle=4016 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6156,i,7770683987928978061,1952029570323014580,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6168 /prefetch:8
C:\Users\Admin\Downloads\VRCHub Setup.exe
"C:\Users\Admin\Downloads\VRCHub Setup.exe"
C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-OE1LG.tmp\VRCHub Setup.tmp" /SL5="$70300,71276599,905216,C:\Users\Admin\Downloads\VRCHub Setup.exe"
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5028,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4536 --mojo-platform-channel-handle=3540 /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4752,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4740 --mojo-platform-channel-handle=4764 /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5016,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4936 --mojo-platform-channel-handle=4792 /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4920,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4992 --mojo-platform-channel-handle=5076 /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4056,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4088 --mojo-platform-channel-handle=4924 /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4972,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=5064 --mojo-platform-channel-handle=4068 /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4764,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=5012 --mojo-platform-channel-handle=4704 /prefetch:1
C:\Program Files\VRCHub\VRCHub.exe
"C:\Program Files\VRCHub\VRCHub.exe"
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" EasyAnalytics.dll,OpenAnalyticsPort
C:\Users\Admin\AppData\Local\Temp\ZER0.Certificates.exe
"C:\Users\Admin\AppData\Local\Temp\ZER0.Certificates.exe"
C:\Program Files (x86)\Common Files\Steam\steamservice.exe
"C:\Program Files (x86)\Common Files\Steam\steamservice.exe" /installscript "C:\Program Files (x86)\Steam\steamapps\common\VRChat\runasadmin.vdf" 438100
C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2010\vcredist_x86.exe
"C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2010\vcredist_x86.exe" /quiet /norestart
\??\f:\81bd88d56c11da6e16b3\Setup.exe
f:\81bd88d56c11da6e16b3\Setup.exe /quiet /norestart
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2010\vcredist_x64.exe
"C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2010\vcredist_x64.exe" /quiet /norestart
\??\f:\5b89c399c4a5f9140449c776\Setup.exe
f:\5b89c399c4a5f9140449c776\Setup.exe /quiet /norestart
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\Microsoft Visual C++ 2019 x86.cmd" "
C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x86.exe
"C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\\VC_redist.x86.exe" /q /norestart
C:\Windows\Temp\{4E1D1858-88A5-4997-AEFD-3BD2DA91ACAB}\.cr\VC_redist.x86.exe
"C:\Windows\Temp\{4E1D1858-88A5-4997-AEFD-3BD2DA91ACAB}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x86.exe" -burn.filehandle.attached=580 -burn.filehandle.self=588 /q /norestart
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\Microsoft Visual C++ 2019 x64.cmd" "
C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x64.exe
"C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\\VC_redist.x64.exe" /q /norestart
C:\Windows\Temp\{F382EE27-E8CD-4592-821A-26ACF2D107A5}\.cr\VC_redist.x64.exe
"C:\Windows\Temp\{F382EE27-E8CD-4592-821A-26ACF2D107A5}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x64.exe" -burn.filehandle.attached=580 -burn.filehandle.self=688 /q /norestart
C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe
"C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe" --no-vr
C:\Program Files (x86)\Steam\bin\x64launcher.exe
"C:\Program Files (x86)\Steam\bin\x64launcher.exe" -hproc 1094 -hthread 13a4 -baseoverlayname C:\Program Files (x86)\Steam\gameoverlayrenderer64.dll
C:\Program Files (x86)\Steam\steamapps\common\VRChat\EasyAntiCheat\EasyAntiCheat_EOS_Setup.exe
"C:\Program Files (x86)\Steam\steamapps\common\VRChat\\EasyAntiCheat\EasyAntiCheat_EOS_Setup.exe" install a4a57ff548934dbeba0cc7c62cdf9f34
C:\Program Files (x86)\Steam\bin\x86launcher.exe
"C:\Program Files (x86)\Steam\bin\x86launcher.exe" -hproc 3a4 -hthread 3a0 -baseoverlayname C:\Program Files (x86)\Steam\gameoverlayrenderer.dll
C:\Program Files (x86)\Steam\steamapps\common\VRChat\start_protected_game.exe
start_protected_game.exe --no-vr --startup-begin-ts=89353721752
C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe
"C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe
"C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe"
C:\Program Files (x86)\Steam\steamapps\common\VRChat\start_protected_game.exe
"C:\Program Files (x86)\Steam\steamapps\common\VRChat\start_protected_game.exe" --startup-begin-ts=92253912886
C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe
"C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe"
C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe
"C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe"
C:\Program Files (x86)\Steam\steamapps\common\VRChat\UnityCrashHandler64.exe
"C:\Program Files (x86)\Steam\steamapps\common\VRChat\UnityCrashHandler64.exe" --attach 6332 2451030609920
C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3164 --mojo-platform-channel-handle=3116 /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4960,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=5116 --mojo-platform-channel-handle=1992 /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5040,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3760 --mojo-platform-channel-handle=4272 /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3328,i,16732428340416335108,13873251109916396363,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3332 --mojo-platform-channel-handle=3220 /prefetch:2
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://hdzero.mysellix.io/pay/9b069c-20bb91bd74-877091
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffcb47446f8,0x7ffcb4744708,0x7ffcb4744718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,8523047973517730181,11200991102576332216,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,8523047973517730181,11200991102576332216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:3
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,8523047973517730181,11200991102576332216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8523047973517730181,11200991102576332216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8523047973517730181,11200991102576332216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\23d50ff898444cb98d5cc4716f2a5892 /t 896 /p 4632
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\424abf664adb4089b1178cf956774938 /t 4380 /p 6332
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
C:\Program Files (x86)\Steam\steamapps\common\VRChat\UnityCrashHandler64.exe
"C:\Program Files (x86)\Steam\steamapps\common\VRChat\UnityCrashHandler64.exe" "6332" "2451030609920"
C:\Program Files\VRCHub\VRCHub.exe
"C:\Program Files\VRCHub\VRCHub.exe"
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" EasyAnalytics.dll,OpenAnalyticsPort
C:\Users\Admin\AppData\Local\Temp\ZER0.Certificates.exe
"C:\Users\Admin\AppData\Local\Temp\ZER0.Certificates.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.steamstatic.com | udp |
| US | 151.101.67.52:443 | cdn.steamstatic.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 2.23.210.82:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 52.67.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.169.19.2.in-addr.arpa | udp |
| US | 151.101.67.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.67.52:443 | cdn.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 82.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.169.42:443 | ogads-pa.googleapis.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 172.217.169.42:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 216.58.213.1:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 1.213.58.216.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | dns-tunnel-check.googlezip.net | udp |
| US | 8.8.8.8:53 | tunnel.googlezip.net | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 172.217.169.42:443 | ogads-pa.googleapis.com | tcp |
| GB | 172.217.169.42:443 | ogads-pa.googleapis.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.34.239.216.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | test.steampowered.com | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| US | 8.8.8.8:53 | ipv6check-udp.steamserver.net | udp |
| GB | 2.19.117.21:80 | test.steampowered.com | tcp |
| US | 8.8.8.8:53 | ipv6check-http.steamserver.net | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| N/A | 127.0.0.1:49245 | tcp | |
| N/A | 127.0.0.1:49228 | tcp | |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.82.234.109:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.234.82.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | ext1-lim1.steamserver.net | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| PE | 155.133.244.34:27037 | ext1-lim1.steamserver.net | tcp |
| PE | 155.133.244.34:27020 | ext1-lim1.steamserver.net | tcp |
| US | 8.8.8.8:53 | ext1-scl1.steamserver.net | udp |
| CL | 155.133.249.180:27033 | ext1-scl1.steamserver.net | tcp |
| US | 8.8.8.8:53 | ext2-scl1.steamserver.net | udp |
| CL | 155.133.249.164:27019 | ext2-scl1.steamserver.net | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.244.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.249.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.249.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ext2-lim1.steamserver.net | udp |
| US | 8.8.8.8:53 | ext1-eze1.steamserver.net | udp |
| PE | 155.133.244.50:443 | ext2-lim1.steamserver.net | tcp |
| AR | 155.133.255.100:27022 | ext1-eze1.steamserver.net | tcp |
| US | 8.8.8.8:53 | ext2-eze1.steamserver.net | udp |
| AR | 155.133.255.164:27028 | ext2-eze1.steamserver.net | tcp |
| BR | 155.133.227.50:27020 | ext2-gru1.steamserver.net | tcp |
| US | 8.8.8.8:53 | smailpro.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.17.245.203:443 | unpkg.com | tcp |
| US | 172.67.141.155:443 | smailpro.com | tcp |
| US | 172.67.141.155:443 | smailpro.com | tcp |
| US | 172.67.141.155:443 | smailpro.com | tcp |
| US | 172.67.141.155:443 | smailpro.com | tcp |
| US | 172.67.141.155:443 | smailpro.com | tcp |
| US | 172.67.141.155:443 | smailpro.com | udp |
| US | 8.8.8.8:53 | 50.244.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.255.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.255.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.245.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.141.67.172.in-addr.arpa | udp |
| BR | 155.133.227.50:27025 | ext2-gru1.steamserver.net | tcp |
| CL | 155.133.249.180:443 | ext1-scl1.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp2-ord1.steamserver.net | udp |
| US | 162.254.193.75:443 | cmp2-ord1.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp2-dfw1.steamserver.net | udp |
| US | 155.133.253.52:27018 | cmp2-dfw1.steamserver.net | tcp |
| US | 172.67.141.155:443 | smailpro.com | udp |
| US | 8.8.8.8:53 | e5.o.lencr.org | udp |
| GB | 2.23.210.82:80 | e5.o.lencr.org | tcp |
| US | 8.8.8.8:53 | app.sonjj.com | udp |
| US | 172.67.211.113:443 | app.sonjj.com | tcp |
| US | 8.8.8.8:53 | 75.193.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.227.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.253.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p2p-ord1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 113.211.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 216.58.213.14:443 | fundingchoicesmessages.google.com | tcp |
| GB | 216.58.213.14:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 216.58.213.1:443 | lh3.googleusercontent.com | tcp |
| GB | 216.58.213.14:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.200.34:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.34:443 | ep1.adtrafficquality.google | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.179.250.142.in-addr.arpa | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | udp |
| US | 172.67.211.113:443 | app.sonjj.com | udp |
| GB | 142.250.200.34:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.temposearch.com | udp |
| NL | 81.171.31.78:443 | www.temposearch.com | tcp |
| NL | 81.171.31.78:443 | www.temposearch.com | tcp |
| NL | 81.171.31.78:443 | www.temposearch.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | afs.googleusercontent.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 216.239.32.3:443 | csi.gstatic.com | tcp |
| GB | 216.58.213.1:443 | afs.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 216.58.212.206:443 | syndicatedsearch.goog | tcp |
| GB | 216.58.212.206:443 | syndicatedsearch.goog | tcp |
| GB | 216.58.212.206:443 | syndicatedsearch.goog | tcp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 3bde6f0a88f40217cf2e24602caab1e2.safeframe.googlesyndication.com | udp |
| GB | 216.58.213.1:443 | 3bde6f0a88f40217cf2e24602caab1e2.safeframe.googlesyndication.com | tcp |
| GB | 216.58.212.206:443 | syndicatedsearch.goog | udp |
| GB | 216.58.213.1:443 | 3bde6f0a88f40217cf2e24602caab1e2.safeframe.googlesyndication.com | tcp |
| GB | 216.58.213.1:443 | 3bde6f0a88f40217cf2e24602caab1e2.safeframe.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.31.171.81.in-addr.arpa | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 216.239.32.3:443 | csi.gstatic.com | udp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 23.192.21.216:443 | tcp | |
| GB | 2.19.117.22:443 | tcp | |
| GB | 2.19.117.22:443 | tcp | |
| GB | 2.19.117.22:443 | tcp | |
| GB | 2.19.117.22:443 | tcp | |
| GB | 2.19.117.22:443 | tcp | |
| US | 104.19.229.21:443 | udp | |
| US | 8.8.8.8:53 | 216.21.192.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.229.19.104.in-addr.arpa | udp |
| GB | 2.19.117.22:443 | tcp | |
| GB | 2.19.117.22:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| NL | 74.125.8.200:443 | udp | |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.8.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 104.19.229.21:443 | udp | |
| US | 104.19.229.21:443 | udp | |
| US | 8.8.4.4:443 | dns.google | udp |
| GB | 216.58.201.99:443 | tcp | |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.35.104.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p2p-ord1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| US | 8.8.8.8:53 | ipv6check-udp.steamserver.net | udp |
| US | 8.8.8.8:53 | ipv6check-http.steamserver.net | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.82.234.109:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | ext2-maa2.steamserver.net | udp |
| IN | 155.133.225.21:27030 | ext2-maa2.steamserver.net | tcp |
| IN | 155.133.225.21:27019 | ext2-maa2.steamserver.net | tcp |
| IN | 155.133.225.21:443 | ext2-maa2.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp2-sgp1.steamserver.net | udp |
| SG | 103.10.124.5:27020 | cmp2-sgp1.steamserver.net | tcp |
| US | 8.8.8.8:53 | 21.225.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.124.10.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | e6.o.lencr.org | udp |
| GB | 2.23.210.75:80 | e6.o.lencr.org | tcp |
| SG | 103.10.124.5:27018 | cmp2-sgp1.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp3-hkg1.steamserver.net | udp |
| HK | 103.28.54.102:27020 | cmp3-hkg1.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp1-hkg1.steamserver.net | udp |
| HK | 103.28.54.100:27019 | cmp1-hkg1.steamserver.net | tcp |
| SG | 103.10.124.5:443 | cmp2-sgp1.steamserver.net | tcp |
| US | 8.8.8.8:53 | e5.o.lencr.org | udp |
| GB | 2.23.210.75:80 | e5.o.lencr.org | tcp |
| HK | 103.28.54.100:443 | cmp1-hkg1.steamserver.net | tcp |
| US | 8.8.8.8:53 | 75.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.54.28.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.54.28.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ext2-bom2.steamserver.net | udp |
| IN | 155.133.224.23:27033 | ext2-bom2.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp1-fra2.steamserver.net | udp |
| IN | 155.133.224.23:443 | ext2-bom2.steamserver.net | tcp |
| US | 155.133.229.4:27023 | cmp1-fra2.steamserver.net | tcp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | 4.229.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.224.133.155.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | e2c57.gcp.gvt2.com | udp |
| IT | 35.219.224.178:443 | e2c57.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 216.58.213.14:443 | fundingchoicesmessages.google.com | udp |
| GB | 172.217.169.35:443 | beacons.gvt2.com | tcp |
| GB | 216.58.201.99:443 | udp | |
| GB | 216.58.213.14:443 | fundingchoicesmessages.google.com | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 178.224.219.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.169.217.172.in-addr.arpa | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| GB | 172.217.16.230:443 | s0.2mdn.net | tcp |
| GB | 172.217.16.230:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | store.cloudflare.steamstatic.com | udp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| GB | 172.217.16.230:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| NL | 185.89.211.84:443 | ib.adnxs.com | tcp |
| US | 172.64.151.101:443 | dsum-sec.casalemedia.com | tcp |
| GB | 142.250.178.2:443 | cm.g.doubleclick.net | tcp |
| GB | 142.250.178.2:443 | cm.g.doubleclick.net | tcp |
| US | 172.64.151.101:443 | dsum-sec.casalemedia.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.178.2:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 230.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.145.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.211.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| GB | 2.19.117.27:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.19.117.27:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.19.117.27:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.19.117.27:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.19.117.27:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.19.117.27:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.19.117.27:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.19.117.27:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 27.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| GB | 2.19.117.23:443 | tcp | |
| US | 8.8.8.8:53 | 23.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | client-update.steamstatic.com | udp |
| US | 151.101.67.52:443 | client-update.steamstatic.com | tcp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| GB | 2.23.210.82:80 | r10.o.lencr.org | tcp |
| N/A | 10.127.255.255:27036 | udp | |
| US | 8.8.8.8:53 | clientconfig.akamai.steamstatic.com | udp |
| GB | 2.19.117.14:80 | clientconfig.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 14.117.19.2.in-addr.arpa | udp |
| GB | 2.19.117.14:80 | clientconfig.akamai.steamstatic.com | tcp |
| GB | 2.19.117.14:80 | clientconfig.akamai.steamstatic.com | tcp |
| GB | 2.19.117.14:80 | clientconfig.akamai.steamstatic.com | tcp |
| GB | 2.19.117.14:80 | clientconfig.akamai.steamstatic.com | tcp |
| GB | 2.19.117.14:80 | clientconfig.akamai.steamstatic.com | tcp |
| GB | 2.19.117.14:80 | clientconfig.akamai.steamstatic.com | tcp |
| GB | 2.19.117.14:80 | clientconfig.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | shared.steamstatic.com | udp |
| US | 8.8.8.8:53 | steamstore-a.akamaihd.net | udp |
| US | 151.101.131.52:443 | shared.steamstatic.com | tcp |
| GB | 2.19.117.22:443 | steamstore-a.akamaihd.net | tcp |
| US | 151.101.131.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.131.52:443 | shared.steamstatic.com | tcp |
| GB | 2.19.117.22:443 | steamstore-a.akamaihd.net | tcp |
| US | 8.8.8.8:53 | cdn.steamstatic.com | udp |
| GB | 2.19.117.22:443 | steamstore-a.akamaihd.net | tcp |
| US | 151.101.131.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.131.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.131.52:443 | cdn.steamstatic.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 2.23.210.82:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | 52.131.101.151.in-addr.arpa | udp |
| GB | 2.19.117.4:443 | tcp | |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 151.101.131.52:443 | cdn.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 4.117.19.2.in-addr.arpa | udp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| N/A | 127.0.0.1:27060 | tcp | |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| GB | 2.19.117.13:443 | tcp | |
| GB | 2.19.117.13:443 | tcp | |
| US | 8.8.8.8:53 | 13.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | shared.steamstatic.com | udp |
| US | 151.101.195.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.195.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.195.52:443 | shared.steamstatic.com | tcp |
| GB | 2.19.117.27:443 | steamstore-a.akamaihd.net | tcp |
| GB | 2.19.117.29:443 | tcp | |
| GB | 2.19.117.27:443 | steamstore-a.akamaihd.net | tcp |
| GB | 2.19.117.29:443 | tcp | |
| GB | 2.19.117.27:443 | steamstore-a.akamaihd.net | tcp |
| US | 8.8.8.8:53 | 52.195.101.151.in-addr.arpa | udp |
| GB | 2.19.117.27:443 | steamstore-a.akamaihd.net | tcp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | 29.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | cdn.steamstatic.com | udp |
| US | 151.101.195.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.195.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.195.52:443 | cdn.steamstatic.com | tcp |
| US | 8.8.8.8:53 | shared.steamstatic.com | udp |
| US | 8.8.8.8:53 | steamstore-a.akamaihd.net | udp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| GB | 2.19.117.19:443 | tcp | |
| US | 8.8.8.8:53 | 52.3.101.151.in-addr.arpa | udp |
| GB | 2.19.117.19:443 | tcp | |
| US | 8.8.8.8:53 | 19.117.19.2.in-addr.arpa | udp |
| GB | 2.19.117.20:443 | tcp | |
| GB | 2.19.117.20:443 | tcp | |
| US | 8.8.8.8:53 | 20.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clientconfig.akamai.steamstatic.com | udp |
| US | 151.101.67.52:443 | shared.steamstatic.com | tcp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 8.8.8.8:53 | lancache.steamcontent.com | udp |
| US | 8.8.8.8:53 | cache13-lhr1.steamcontent.com | udp |
| GB | 162.254.196.23:443 | cache13-lhr1.steamcontent.com | tcp |
| US | 8.8.8.8:53 | e5.o.lencr.org | udp |
| GB | 2.23.210.82:80 | e5.o.lencr.org | tcp |
| US | 8.8.8.8:53 | cache1-lhr1.steamcontent.com | udp |
| GB | 162.254.196.8:443 | cache1-lhr1.steamcontent.com | tcp |
| US | 8.8.8.8:53 | 23.196.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.196.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cache16-lhr1.steamcontent.com | udp |
| GB | 162.254.196.26:443 | cache16-lhr1.steamcontent.com | tcp |
| US | 8.8.8.8:53 | e6.o.lencr.org | udp |
| GB | 2.23.210.75:80 | e6.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 26.196.254.162.in-addr.arpa | udp |
| GB | 162.254.196.26:443 | cache16-lhr1.steamcontent.com | tcp |
| GB | 162.254.196.26:443 | cache16-lhr1.steamcontent.com | tcp |
| GB | 162.254.196.26:443 | cache16-lhr1.steamcontent.com | tcp |
| US | 8.8.8.8:53 | cache11-lhr1.steamcontent.com | udp |
| GB | 162.254.196.18:443 | cache11-lhr1.steamcontent.com | tcp |
| US | 8.8.8.8:53 | 18.196.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | steamcloud-eu-ams.storage.googleapis.com | udp |
| GB | 216.58.213.27:443 | steamcloud-eu-ams.storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | cache7-lhr1.steamcontent.com | udp |
| US | 8.8.8.8:53 | 27.213.58.216.in-addr.arpa | udp |
| GB | 162.254.196.6:443 | cache7-lhr1.steamcontent.com | tcp |
| US | 8.8.8.8:53 | 6.196.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lancache.steamcontent.com | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.187.195:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.187.227:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vrchub.site | udp |
| US | 172.67.204.5:443 | vrchub.site | tcp |
| US | 172.67.204.5:443 | vrchub.site | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 172.67.204.5:443 | vrchub.site | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 142.251.107.94:443 | csi.gstatic.com | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | 5.204.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.107.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | software.vrchub.site | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | lancache.steamcontent.com | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.8.8:53 | video.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | video.akamai.steamstatic.com | udp |
| GB | 2.19.117.35:443 | video.akamai.steamstatic.com | tcp |
| GB | 2.19.117.35:443 | video.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 35.117.19.2.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | lancache.steamcontent.com | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| GB | 2.19.117.13:443 | tcp | |
| GB | 2.19.117.13:443 | tcp | |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 8.8.8.8:53 | vrchub.site | udp |
| US | 104.21.77.37:443 | vrchub.site | tcp |
| US | 8.8.8.8:53 | 37.77.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.vrchub.site | udp |
| US | 172.67.204.5:443 | api.vrchub.site | tcp |
| US | 8.8.8.8:53 | datapacks.vrchub.site | udp |
| US | 104.21.77.37:443 | datapacks.vrchub.site | tcp |
| US | 8.8.8.8:53 | software.vrchub.site | udp |
| US | 172.67.204.5:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 8.8.8.8:53 | api.segment.io | udp |
| US | 34.223.74.168:443 | api.segment.io | tcp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | modules-cdn.eac-prod.on.epicgames.com | udp |
| FR | 52.222.201.96:443 | modules-cdn.eac-prod.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | 96.201.222.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:56144 | tcp | |
| N/A | 127.0.0.1:56146 | tcp | |
| US | 8.8.8.8:53 | gossip.easyanticheat.net | udp |
| IE | 52.51.109.253:443 | gossip.easyanticheat.net | tcp |
| US | 8.8.8.8:53 | api.epicgames.dev | udp |
| US | 44.199.1.61:443 | api.epicgames.dev | tcp |
| US | 8.8.8.8:53 | datarouter.ol.epicgames.com | udp |
| US | 54.208.220.37:443 | datarouter.ol.epicgames.com | tcp |
| US | 8.8.8.8:53 | 253.109.51.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.epicgames.dev | udp |
| US | 18.215.87.180:443 | api.epicgames.dev | tcp |
| US | 8.8.8.8:53 | 61.1.199.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.220.208.54.in-addr.arpa | udp |
| N/A | 127.0.0.1:56213 | tcp | |
| N/A | 127.0.0.1:56215 | tcp | |
| US | 8.8.8.8:53 | 180.87.215.18.in-addr.arpa | udp |
| FR | 52.222.201.79:443 | modules-cdn.eac-prod.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | 79.201.222.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:56296 | tcp | |
| N/A | 127.0.0.1:56298 | tcp | |
| US | 8.8.8.8:53 | gossip.easyanticheat.net | udp |
| IE | 52.208.91.56:443 | gossip.easyanticheat.net | tcp |
| US | 8.8.8.8:53 | api.epicgames.dev | udp |
| US | 52.44.234.237:443 | api.epicgames.dev | tcp |
| US | 8.8.8.8:53 | datarouter.ol.epicgames.com | udp |
| US | 52.2.171.86:443 | datarouter.ol.epicgames.com | tcp |
| US | 8.8.8.8:53 | 56.91.208.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.234.44.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.171.2.52.in-addr.arpa | udp |
| US | 18.215.87.180:443 | api.epicgames.dev | tcp |
| N/A | 127.0.0.1:56335 | tcp | |
| N/A | 127.0.0.1:56337 | tcp | |
| US | 8.8.8.8:53 | config.uca.cloud.unity3d.com | udp |
| US | 34.111.113.40:443 | config.uca.cloud.unity3d.com | tcp |
| US | 8.8.8.8:53 | api.vrchat.cloud | udp |
| US | 104.18.26.36:443 | api.vrchat.cloud | tcp |
| US | 8.8.8.8:53 | 40.113.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdp.cloud.unity3d.com | udp |
| US | 34.107.172.168:443 | cdp.cloud.unity3d.com | tcp |
| US | 8.8.8.8:53 | files.vrchat.cloud | udp |
| US | 8.8.8.8:53 | 36.26.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.172.107.34.in-addr.arpa | udp |
| N/A | 127.0.0.1:56374 | tcp | |
| N/A | 127.0.0.1:56386 | tcp | |
| N/A | 127.0.0.1:56402 | tcp | |
| N/A | 127.0.0.1:56428 | tcp | |
| N/A | 127.0.0.1:56441 | tcp | |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| N/A | 127.0.0.1:49245 | tcp | |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| GB | 2.19.117.4:443 | tcp | |
| N/A | 127.0.0.1:49228 | tcp | |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | api.segment.io | udp |
| US | 34.223.74.168:443 | api.segment.io | tcp |
| US | 172.67.204.5:443 | software.vrchub.site | tcp |
| US | 8.8.8.8:53 | hdzero.mysellix.io | udp |
| US | 104.18.5.210:443 | hdzero.mysellix.io | tcp |
| US | 104.18.5.210:443 | hdzero.mysellix.io | tcp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.5.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 172.67.204.5:443 | software.vrchub.site | tcp |
| US | 8.8.8.8:53 | perf-events.cloud.unity3d.com | udp |
| US | 35.190.78.8:443 | perf-events.cloud.unity3d.com | tcp |
| US | 8.8.8.8:53 | 8.78.190.35.in-addr.arpa | udp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 172.67.204.5:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 172.67.204.5:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 104.21.77.37:443 | software.vrchub.site | tcp |
| US | 172.67.204.5:443 | software.vrchub.site | tcp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | clientconfig.akamai.steamstatic.com | udp |
| GB | 2.19.117.41:80 | clientconfig.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 41.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-fra2.discovery.steamserver.net | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nscB21C.tmp\System.dll
| MD5 | a36fbe922ffac9cd85a845d7a813f391 |
| SHA1 | f656a613a723cc1b449034d73551b4fcdf0dcf1a |
| SHA256 | fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0 |
| SHA512 | 1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b |
C:\Users\Admin\AppData\Local\Temp\nscB21C.tmp\nsDialogs.dll
| MD5 | 4e5bc4458afa770636f2806ee0a1e999 |
| SHA1 | 76dcc64af867526f776ab9225e7f4fe076487765 |
| SHA256 | 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0 |
| SHA512 | b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162 |
C:\Users\Admin\AppData\Local\Temp\nscB21C.tmp\nsProcess.dll
| MD5 | 08072dc900ca0626e8c079b2c5bcfcf3 |
| SHA1 | 35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37 |
| SHA256 | bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8 |
| SHA512 | 8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c |
C:\Program Files (x86)\Steam\Steam.exe
| MD5 | 33bcb1c8975a4063a134a72803e0ca16 |
| SHA1 | ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65 |
| SHA256 | 12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1 |
| SHA512 | 13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49 |
C:\Users\Admin\AppData\Local\Temp\nscB21C.tmp\nsExec.dll
| MD5 | 2095af18c696968208315d4328a2b7fe |
| SHA1 | b1b0e70c03724b2941e92c5098cc1fc0f2b51568 |
| SHA256 | 3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226 |
| SHA512 | 60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5 |
C:\Program Files (x86)\Steam\bin\SteamService.exe
| MD5 | ba0ea9249da4ab8f62432617489ae5a6 |
| SHA1 | d8873c5dcb6e128c39cf0c423b502821343659a7 |
| SHA256 | ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d |
| SHA512 | 52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b |
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt
| MD5 | 0340d1a0bbdb8f3017d2326f4e351e0a |
| SHA1 | 90d078e9f732794db5b0ffeb781a1f2ed2966139 |
| SHA256 | 0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544 |
| SHA512 | 9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93 |
C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt
| MD5 | 66456d2b1085446a9f2dbd9e4632754b |
| SHA1 | 8da6248b57e5c2970d853b8d21373772a34b1c28 |
| SHA256 | c4f821a4903c4e7faea2931c7fb1cf261eba06a9840c78fdca689f5c784c06c4 |
| SHA512 | 196c2282ba13715709ece706c9219fe70c05dd295840082e7d901b9e5592e74b1bb556782181cdbe35bd1ab0d6197fef67258b09491fabc6f27606dbed667d49 |
C:\Program Files (x86)\Steam\public\steambootstrapper_vietnamese.txt
| MD5 | f350c8747d77777f456037184af9212c |
| SHA1 | 753d8c260b852a299df76c4f215b0d2215f6a723 |
| SHA256 | 15b6a564e05857a3d2fd6eec85a5a30c491a7553d15ffc025156b3665b919185 |
| SHA512 | efb86809a0b357b4fcd3ba2770c97d225d0f4d9fb7430c515e847c3dd77ee109def4bef11b650b9773c17050e618008fc03377638c1db3393ac780b5b0bc31b2 |
C:\Program Files (x86)\Steam\public\steambootstrapper_ukrainian.txt
| MD5 | cadd7a2f359b22580bdd6281ea23744d |
| SHA1 | e82e790a7561d0908aee8e3b1af97823e147f88b |
| SHA256 | 3dd0edfbe68236e668fb308f92fe7c6493dbb05bfca85a48de93588f479ccc99 |
| SHA512 | 53672dd13e6ccbe96f6d4a61297c595b6d6cba8de92caa51ccf8ab1d8a82eea5a425eab348f295b9ec27de0026ef849d9230f751a46e040be8863923f91b8519 |
C:\Program Files (x86)\Steam\public\steambootstrapper_turkish.txt
| MD5 | 29f9a5ab4adfae371bf980b82de2cb57 |
| SHA1 | 6f7ef52a09b99868dd7230f513630ffe473eddf8 |
| SHA256 | 711675edb20b3cb70acf6cf75f2eea8e0d87c8ace3e11c8df362b4517427a34f |
| SHA512 | 543fe63f791250e05e8fda24fd2ceadebb4c8925e8927de49ae490895c87eed3e61a9ad50237532649f99fe3165836261de215ee3f66ffbfc6d677ddeea7732a |
C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt
| MD5 | 53f7e8ac1affb04bf132c2ca818eb01e |
| SHA1 | bffc3e111761e4dc514c6398a07ffce8555697f6 |
| SHA256 | 488294b7faff720dc3ab5a72e0607761484c678b96d6bcd6aad9ee2388356a83 |
| SHA512 | c2e79c2505a6fd075df113ffce92ad42c146424ca39087601daa4ed15a2b5528d478a093921d9d8a738c7b6b963275a0693ebe526b6e2135d14ced03639d0e70 |
C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt
| MD5 | 194a73f900a3283da4caa6c09fefcb08 |
| SHA1 | a7a8005ca77b9f5d9791cb66fcdf6579763b2abb |
| SHA256 | 5e4f2de5ee98d5d76f5d76fb925417d6668fba08e89f7240f923f3378e3e66f6 |
| SHA512 | 25842535c165d48f4cf4fa7fd06818ec5585cc3719eff933f5776a842713d7adb5667c3b9b1a122a1152450e797535fc7a8e97ebdd31c14b4d4900a33ede01f3 |
C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt
| MD5 | b2248784049e1af0c690be2af13a4ef3 |
| SHA1 | aec7461fa46b7f6d00ff308aa9d19c39b934c595 |
| SHA256 | 4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690 |
| SHA512 | f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c |
C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt
| MD5 | 56dcf7b68f70826262a6ffaffe6b1c49 |
| SHA1 | 12e4272ba0e4eabc610670cdc6941f942da1eb6a |
| SHA256 | 948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f |
| SHA512 | c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2 |
C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt
| MD5 | e04ad6c236b6c61fc53e2cb57ced87e8 |
| SHA1 | e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4 |
| SHA256 | 08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e |
| SHA512 | 0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331 |
C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt
| MD5 | 6367f43ea3780c4ee166454f5936b1a8 |
| SHA1 | 027a2c24c8320458c49cd78053f586cb4d94ee6f |
| SHA256 | f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998 |
| SHA512 | 31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32 |
C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt
| MD5 | eb8926608c5933f05a3f0090e551b15d |
| SHA1 | a1012904d440c0e74dad336eac8793ac110f78f8 |
| SHA256 | 2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04 |
| SHA512 | 9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a |
C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt
| MD5 | 9b0b0e82f753cc115d87c7199885ad1b |
| SHA1 | 5743a4ab58684c1f154f84895d87f000b4e98021 |
| SHA256 | 0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32 |
| SHA512 | b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df |
C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt
| MD5 | 58e0fcbee3cca4ef61b97928cfe89535 |
| SHA1 | 1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b |
| SHA256 | c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425 |
| SHA512 | 99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2 |
C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt
| MD5 | 7913f3f33839e3af9e10455df69866c2 |
| SHA1 | 15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25 |
| SHA256 | 05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c |
| SHA512 | 534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804 |
C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt
| MD5 | 202b825d0ef72096b82db255c4e747fa |
| SHA1 | 3a3265e5bbaa1d1b774195a3858f29cea75c9e75 |
| SHA256 | 3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314 |
| SHA512 | e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566 |
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt
| MD5 | 7e1d15fc9ba66a868c5c6cb1c2822f83 |
| SHA1 | bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7 |
| SHA256 | fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265 |
| SHA512 | 0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406 |
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt
| MD5 | 8958371646901eac40807eeb2f346382 |
| SHA1 | 55fb07b48a3e354f7556d7edb75144635a850903 |
| SHA256 | b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585 |
| SHA512 | 14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554 |
C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt
| MD5 | 1514d082b672b372cdfb8dd85c3437f1 |
| SHA1 | 336a01192edb76ae6501d6974b3b6f0c05ea223a |
| SHA256 | 3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4 |
| SHA512 | 4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55 |
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt
| MD5 | 18aaaf5ffcdd21b1b34291e812d83063 |
| SHA1 | aa9c7ae8d51e947582db493f0fd1d9941880429f |
| SHA256 | 1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5 |
| SHA512 | 4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154 |
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt
| MD5 | 189ba063d1481528cbd6e0c4afc3abaa |
| SHA1 | 40bdd169fcc59928c69eea74fd7e057096b33092 |
| SHA256 | c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695 |
| SHA512 | ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903 |
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt
| MD5 | 5c026fd6072a7c5cf31c75818cddedec |
| SHA1 | 341aa1df1d034e6f0a7dff88d37c9f11a716cae6 |
| SHA256 | 0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382 |
| SHA512 | f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12 |
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt
| MD5 | 10c429eb58b4274af6b6ef08f376d46c |
| SHA1 | af1e049ddb9f875c609b0f9a38651fc1867b50d3 |
| SHA256 | a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13 |
| SHA512 | d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46 |
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt
| MD5 | 9e62fc923c65bfc3f40aaf6ec4fd1010 |
| SHA1 | 8f76faff18bd64696683c2a7a04d16aac1ef7e61 |
| SHA256 | 8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7 |
| SHA512 | c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035 |
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt
| MD5 | da6cd2483ad8a21e8356e63d036df55b |
| SHA1 | 0e808a400facec559e6fbab960a7bdfaab4c6b04 |
| SHA256 | ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6 |
| SHA512 | 06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925 |
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt
| MD5 | 31a29061e51e245f74bb26d103c666ad |
| SHA1 | 271e26240db3ba0dcffc10866ccfcfa1c33cf1cc |
| SHA256 | 56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192 |
| SHA512 | f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8 |
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt
| MD5 | 03b664bd98485425c21cdf83bc358703 |
| SHA1 | 0a31dcfeb1957e0b00b87c2305400d004a9a5bdb |
| SHA256 | fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115 |
| SHA512 | 4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d |
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt
| MD5 | 2158881817b9163bf0fd4724d549aed4 |
| SHA1 | c500f2e8f47a11129114ee4f19524aee8fecc502 |
| SHA256 | 650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7 |
| SHA512 | f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28 |
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt
| MD5 | 4c81277a127e3d65fb5065f518ffe9c2 |
| SHA1 | 253264b9b56e5bac0714d5be6cade09ae74c2a3a |
| SHA256 | 76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9 |
| SHA512 | be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a |
C:\Users\Admin\AppData\Local\Temp\nscB21C.tmp\modern-wizard.bmp
| MD5 | 3614a4be6b610f1daf6c801574f161fe |
| SHA1 | 6edee98c0084a94caa1fe0124b4c19f42b4e7de6 |
| SHA256 | 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b |
| SHA512 | 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281 |
C:\Users\Admin\AppData\Local\Temp\nscB21C.tmp\StdUtils.dll
| MD5 | db11ab4828b429a987e7682e495c1810 |
| SHA1 | 29c2c2069c4975c90789dc6d3677b4b650196561 |
| SHA256 | c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376 |
| SHA512 | 460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88 |
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_
| MD5 | 577b7286c7b05cecde9bea0a0d39740e |
| SHA1 | 144d97afe83738177a2dbe43994f14ec11e44b53 |
| SHA256 | 983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824 |
| SHA512 | 8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0 |
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_
| MD5 | 00bf35778a90f9dfa68ce0d1a032d9b5 |
| SHA1 | de6a3d102de9a186e1585be14b49390dcb9605d6 |
| SHA256 | cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2 |
| SHA512 | 342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041 |
\??\pipe\crashpad_7780_YXVZOFYSETUXTAGA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_
| MD5 | 836dd6b25a8902af48cd52738b675e4b |
| SHA1 | 449347c06a872bedf311046bca8d316bfba3830b |
| SHA256 | 6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64 |
| SHA512 | 6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir7780_1431819758\20b83c73-8a48-428a-96db-7c46e2db105f.tmp
| MD5 | da75bb05d10acc967eecaac040d3d733 |
| SHA1 | 95c08e067df713af8992db113f7e9aec84f17181 |
| SHA256 | 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2 |
| SHA512 | 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0c98132e362bc21df98d222b401f80b3 |
| SHA1 | b61ec41ad32fe3f8cfc1087ffab99cfd80c37cf8 |
| SHA256 | 0bbcd7acde49e6a12b25a6b8115b2a97e2dded3418c759c1f7c63980d35a63ae |
| SHA512 | 677cd236af66f1075e79598d7f4277e63ddbbd2d9d6abfa291585c908b90c074aaa407f989c8ea86e47d395c52f819475ee9396e3cae2431b9b63ee0904d6d33 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0f2a60e57731d7a4ff88baa3aed5783d |
| SHA1 | ea03e1ad0911079c8de8b3c32808fc636a2a042e |
| SHA256 | fecb8ce4394e4f5a1c51abb418e88f47dd7a25a66468fc2cc0ed1c6f2d799987 |
| SHA512 | 876afba73f6a629f07b93a1d0225ad06438f3a735545299210ac24c7dc0d196cf52dafa1299bbdd60fc002aa4436aba58dc7e4bf5a9e131803549619667b6cfe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 14adbd47827dbf5e8874be31d3240920 |
| SHA1 | 03633b81e32e6dffe06505bb905a321b292e3e9e |
| SHA256 | d55c628b280065c0e04c70be22bb96fddfc67a183c80458a4f347a93eb3aa35c |
| SHA512 | 0b3dee05322b7b41d539d99eba6efec0e049acc08eda014fd6ca37e161d7d932102e91169592f91d455d82babd76e23a688c9a19838db0adf1b35fa52ac1a9a7 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir7780_1431819758\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f2e51c1a0a05bbc6e9bde85235aaad2e |
| SHA1 | 615880af70ce87f22f17bbe9ea757333a4f6f73d |
| SHA256 | 603a62c54354221f0bd466f5c6308ee0d9e19a67a5119a6ea535fab8c9f76e46 |
| SHA512 | f0b9fa5ee9927e2876a8561d8dda82e2d80ac8ec56d7c0af426e4f913e8bf0876414c3d8c0773387b625f480b68ac1e8a5610baaff07b3cc16a1a1f93aae7676 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 44836f9d62ae8f03c2382b102ab2e182 |
| SHA1 | c74e3a52f36fa1f55932fe8007a593255ae912fa |
| SHA256 | 5ac7e376cc67f9aa58a66c1a69e496afc1b2c55233a7971401c0254a04d24e88 |
| SHA512 | 6778bc95d40adaa7f2f5d889ead597ea361cc864011fe0fff2a8895aa12dd8f6e1b973224ea57cc872d317172f8acd6f984a4cf319419ef53352981ce051220c |
C:\Program Files (x86)\Steam\steam.exe
| MD5 | 52d06173e5995fdb588e56840ac7343d |
| SHA1 | 0e3a1de21cfa9652adec0e9385db153e494f07f0 |
| SHA256 | 0ab4f7c0d72361c9c37c5ce59f1df39f1a138f258c380a9bc1328ce146651721 |
| SHA512 | 7e6e0159afa4fd02d9bec216d6861e425cf44d15e2742c05454aeccf4408be36cb43d57ec89094e5ba64e25c1282f912a956a66e297ef8e62b130a809dcd5693 |
C:\Program Files (x86)\Steam\logs\bootstrap_log.txt
| MD5 | fccb8417c15bac43abce69702ef1ed21 |
| SHA1 | d8c331674f38734507c86b0ca47365b11eec1c06 |
| SHA256 | 4e30e0f0a9b9cc75afbb177dcb3eb13318a9e7a28fb84f27adfb528c16fe4d4f |
| SHA512 | 4411eee86ced3a723e7ae6b903b4441cc675bd71c53a2a5c20c8b792d26c2334981676363eeaf76e790df0d21a16bc898cb8cd53c16caae2cc85d8a5d5dded77 |
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt
| MD5 | 27993eb75894ca4894db266ad9b5e61b |
| SHA1 | 4def653ee04b0514822b690052598435ec25e686 |
| SHA256 | fbc09c1b9a55d04b57be8fb2ad5ab58b38f76054ecd3d1b70440a2d08191b05b |
| SHA512 | eaebeee5b1a7dfb9bdf661623554793d7ef7e15d9f9cf01f94da1eb0b84b88c8f24176463d15c407ebf670c5b7fd4052daea33ba43e75c1de2979487c4987bab |
memory/3504-12619-0x0000000000340000-0x00000000007F2000-memory.dmp
C:\Program Files (x86)\Steam\crashhandler.dll
| MD5 | 020ad894f0395691f728e74614adbd96 |
| SHA1 | d9c479da05f8cd20f42842ab9c6cb76170feaced |
| SHA256 | ed97c4061db76f43a87aab8c226a6be0a68bbdf9cb331b3974bb9eb3da60a399 |
| SHA512 | db6bcf95135da7c247e7750e469c806c75c96622c1f765989d13e09439e3d52d434137cf9322470ffe3ad19b0bfb38ad23f8f015063511e7c77525173e6ee8a2 |
C:\Program Files (x86)\Steam\package\steam_client_win32.manifest
| MD5 | b1a967b318030e275d3bf19635f17644 |
| SHA1 | ab036db9ca9c485e64333333d18b1b27655461b2 |
| SHA256 | 5b1efdcd684821cf4d00e8fb4c7133d1e6a8b40d511c62c7e6fca6e3fa2c9e36 |
| SHA512 | eab0a2fa354481a8db92bf503437ed0d200e4727fb454834aab7f5125cebb901ee53b9bea44227b44bdbb3bb1280290699b4cf8fdbf3bbbef8b121c621d95a85 |
C:\Program Files (x86)\Steam\package\steam_client_metrics.bin
| MD5 | b1854227f1511ff11ad77c1c101d4caa |
| SHA1 | fe8b2131d6c99ef574b799213c64528168ccf1bb |
| SHA256 | 2bdd2cda09567e8c42982f83582e8d18a0481673cb096721793dd089094c826d |
| SHA512 | a37afe9c699bd173e502f98d24692998e368b1d55545a1a50a587f8f983b78b870e311eac9a65ce9d0b8ffff271eec7db02088cdaa256d0354a72a3fca9e2fa3 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Shared Dictionary\cache\index-dir\temp-index
| MD5 | 40ea7c3c7529ef6315cad8aa7bd2ae71 |
| SHA1 | 35492520d50a06d4d3959b04627e44dadca1e8a0 |
| SHA256 | 5d320233b3ceab0d7f5a62631a44905513035e6f233cca08eb721ebb1c256c50 |
| SHA512 | 2c613ac57dc9d61ceb344ee521d8f1eed9f20db920002c0fe490c81c599b9fe9ade5037bdde3d66e8965c49328a62ed263a80795d39bbe0b691e97daf53be8c2 |
memory/1820-12667-0x00007FFCDE6B0000-0x00007FFCDE6B1000-memory.dmp
memory/1820-12666-0x00007FFCDE170000-0x00007FFCDE171000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | 6e6a2b18264504cc084caa3ad0bfc6ae |
| SHA1 | b177d719bd3c1bc547d5c97937a584b8b7d57196 |
| SHA256 | f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53 |
| SHA512 | 74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679 |
C:\Program Files (x86)\Steam\config\config.vdf~RFe590b8f.TMP
| MD5 | 3cdebc58a05cdd75f14e64fb0d971370 |
| SHA1 | edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe |
| SHA256 | 661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7 |
| SHA512 | 289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6 |
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | a2ec2e91c3ef8c42e22c4887d032b333 |
| SHA1 | e2c738a2e9400535b74e2263c7e7d1ecefe575f2 |
| SHA256 | 8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3 |
| SHA512 | b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dab3ed66dce2c8761a454591dd3c13f0 |
| SHA1 | b720995b8a312e1a91aebe3231f1f74a7b9897fa |
| SHA256 | ff65ae4458cec8cc7537b554ea43b1f0f1b068469dff73eb0774af0fff6381a9 |
| SHA512 | fad032f7e0da3ecc2c2716e054b61f9bf7de332bfe86e6e669fbf80055117667198f7a5aa1da247caa057a9fc7dc6c8ce0325072b13676b16c967f60ee7910fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 725acd538cb612dbf3e27337ba98f73b |
| SHA1 | c142eecbc64b89a8df06f237be8cf93f3690cb0f |
| SHA256 | a4e5d0e249a6f594072179e603037d0fa3dd821d92bb8906ccc3c8db58379cd8 |
| SHA512 | 37e19ce151abbcf2e12bc8a6f4fe66ed694f6a8d3f0856449a096500783e1bbc418753449ba289069b335dae67e52d93dab9624bbe68c78193d92e9bcae8be6b |
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | 1dc776f5f1d6e6afaa88496c7dec7bfd |
| SHA1 | 1a7d8100e45f001d9fdcd9bb30c5c73c4154d9f1 |
| SHA256 | 3d4da4ab6daa76e36ecd53d743df10cb89703d3b8f5cd8eee7453d24fffea74d |
| SHA512 | 3dfcf05686a57f186a7c1e8a81d99b5f8fbab377e06553be0de6992862f7eaedd9f39af4053ddab5202bebd534812a107ba40930ac0da6593009438ac9926c99 |
memory/5644-12856-0x000000006E280000-0x000000006F5C1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 24dadc43f8a556a7637dcbca54ae3c59 |
| SHA1 | beaf9557361f8d3b919ccedcd9055048dc111e8e |
| SHA256 | 8d7487a0b55d0d0844409e5be36c862c031a3596144d583b852031f7ef6f3cf6 |
| SHA512 | bdd3bec4ed68abf2d824cd6df4724d5cab0a8e9cb1d31f7c0176376cbd3143a4c7cfeb0698aacbb8a6f6b62897e30b9b4f9a12af57c68566b9d7b845aabb7b53 |
memory/1820-12870-0x000001BDB3D80000-0x000001BDB40D5000-memory.dmp
memory/6208-12871-0x0000022FCFF00000-0x0000022FD0255000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9fc31c93a31bc372d861b8963dc6a39a |
| SHA1 | 0cbc1d31d8a7d3d0b46da4acee1b13765aa16c03 |
| SHA256 | 20d448f128734a7b7bb4aeae3d0ba77f2209ed9875c3d5c4d423e49564630f62 |
| SHA512 | 2c8863b9f9c0ee83df21da8b866cbfe5a43cea59c2f39ba376562621020a9228839bdc80e879548df79ddf1d61a70c0f5fe8a219f8c5dbab2fa40c01797fdc42 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b6e67a5ce3ddc4a7f9dba56484fc63c6 |
| SHA1 | e925bc5969be7617a104186aa36cd8d88aef607f |
| SHA256 | 71bfe9089465c6ca03d2bc302ae277788a155912ed859001a555185e0f4407f0 |
| SHA512 | 8ef7ff06a16617dfc4c8a06285e97052db3e7d979820a41e89d9545d11e6829f359d942b4ed85e98f8ebaffc1bd5144227742a8a3464bfec553bf1ac858e3e4b |
memory/5644-12957-0x000000006E280000-0x000000006F5C1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7375947e537dab6be9d815edb2a8f76f |
| SHA1 | 6e136b0e5de98b2cf6e7362866bf4528b3ac5be8 |
| SHA256 | bc08f01eee761c0641e090fcdba0f65dcb4f5b89508cbffa75aecd4163489360 |
| SHA512 | f77a0703cb8c7b5e71c25dc694404b7a463b66314881be827559f7c013bf29a2c61bfac6e49d019bffec8bf29763f81da8846db60036ac6eed8e972665962d08 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
| MD5 | 38eecd6bb9ad36b6a4a2122f39f555c9 |
| SHA1 | 02d8f1a675f9fb19515e77020e8fb3b273273e8f |
| SHA256 | 84bdf27bbc523ace528022c17550ed321e1c0355f659755798fdd70a504f9c6e |
| SHA512 | 64dbed48bb8a89cc80b78b4a70bb189142ab4acca8a293ec697057e373cda07f0b3f7be97babd7bd7cf3b98687c02e36c522c507f5fbb23192ee0b9dc650358b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5abb031fb78b2acc3a454b1ba5363165 |
| SHA1 | 243302551d4f9d1a91948282a162e41ae5eb7d4a |
| SHA256 | 57e75337b6454cc6a06e41cd8f45b6ce19dd28d283aa4ce25bd26b5cc6f65c10 |
| SHA512 | a8840cc4a8747c283cc18d584ab158a3c3f6cf298d6d0f0ec3b568d750c5cc413157be763e708b15e4c594ee68dc8e959954306003a5af533ea8248205a40b46 |
memory/5644-13028-0x000000006E280000-0x000000006F5C1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bb381650f1684124df5f292b7c097403 |
| SHA1 | af47402b4dfb11c0434a2ab3a3b12e197221f692 |
| SHA256 | 3f7bdff5f8e515b68635ca983b9a31bca5c698912b1fda1c11b2786b6ed0100c |
| SHA512 | f241dc8b6bbd17f83b956a6533ac0cab7a5c3202dc30923d808ac96165b532b5b4fb8dcb9eba0a5e62bd5d5c192a1db91bb43098742e097a437df1f0d786dbe4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f12356a672558f3dc6dc7959fa1011ab |
| SHA1 | 1b5acbcbb64ac966a3b17334f4d330628922bf1e |
| SHA256 | 06fcd54baccbc52fe4bd3e10e659262a076fbbf2a7bba78924f33972bee685a6 |
| SHA512 | 2762de1771b3e6dfa96be23148de14ff955c943c8ca17faa28e2f03e1419dc9a1e5d05a570f760ac6f8d388591596a5c917a82503168bbde16688365c4c82cbf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 75167e6ce984abb4a6a041010ec76fdd |
| SHA1 | 98f4c3f831a7cd2f534d3e202246a218f0dc59a8 |
| SHA256 | 8bf84583ed836ffbcb6675f45fe430a03ee2b8c5a89b81d48519ea0f55e6c1e5 |
| SHA512 | 1575699b2c84f1ed0e09f75687b295e6ccee8600a707fa46c704a5b683c2a0a9f5dde81e9c17f035c9e81cd33bb1ffc97db847e70851388579ebe4170c288d67 |
memory/5644-13074-0x000000006E280000-0x000000006F5C1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | eb758fbf0b0d4f66436b3aa806441777 |
| SHA1 | a835f3201c87ece230d6bee7c5d6a6b4e1cb1d65 |
| SHA256 | d8b556825288e5e665cc575453eb58c3cbbb02c58c617ab0cc6ddd7e56ee6272 |
| SHA512 | 81d01783ede16166b4fc40f05dfc95d60ba4190d994c45fc335a06e3187365ad32173984dbc6c7a26c7321c2382fd23d75579809291795a02c84fc300d4505de |
memory/5396-13195-0x000001C94EAD0000-0x000001C94EAD1000-memory.dmp
memory/5396-13197-0x000001C94EAD0000-0x000001C94EAD1000-memory.dmp
memory/5396-13196-0x000001C94EAD0000-0x000001C94EAD1000-memory.dmp
memory/5396-13200-0x000001C94EAD0000-0x000001C94EAD1000-memory.dmp
memory/5396-13199-0x000001C94EAD0000-0x000001C94EAD1000-memory.dmp
memory/5396-13204-0x000001C94EAD0000-0x000001C94EAD1000-memory.dmp
memory/5396-13203-0x000001C94EAD0000-0x000001C94EAD1000-memory.dmp
memory/5396-13202-0x000001C94EAD0000-0x000001C94EAD1000-memory.dmp
memory/5396-13198-0x000001C94EAD0000-0x000001C94EAD1000-memory.dmp
memory/5396-13201-0x000001C94EAD0000-0x000001C94EAD1000-memory.dmp
memory/5644-13208-0x000000006E280000-0x000000006F5C1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c27a19b203caef777cdcc051dc85a5b0 |
| SHA1 | 360f365bb6ef7e331c29ebee99be882f33ae67c5 |
| SHA256 | 8283db3c47c43804f06c0aed851cd49c74c8958246b2931d6d5761b47e7c1818 |
| SHA512 | 6727791d29135648f67d2613d5635863dcb2ae209724aaf17bd5a22a061e2c4a15da009479ee5c237c8d9660a1423cff5323c3f09be8336a96abfb8da000df3b |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | 24f3a1857da8e9099fd9a81d137dda75 |
| SHA1 | 5e525bc3c71a6fed9d9b444f6d41a7477c6ca890 |
| SHA256 | 24232015a1d9427b58fb7f28e913857b0ddee1260984f14dbcf5f0af3077e1c2 |
| SHA512 | b907f8b5c11a09d016048f24aafd2d861c77e133d4c9e836269b4944d12f31bc276cbe651d6d5231e572766cc5b3c37b0f68744a85ee72fa24312b510fe6a34b |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe59d874.TMP
| MD5 | c23d18e83043dec9022168bed520b6c8 |
| SHA1 | 9b9a109e353858bd2bdf00d0d7e08a82e8ce3045 |
| SHA256 | f6490131e2dcf7d5942e90a77d187f53f47c5d8abcf7beb103bafaea5cd12270 |
| SHA512 | f3cb5d459fcf66383f3241d040ceaf4d7fcb4ebd59aaf4eb64967a41e6c190c3cd42bf5797abf13a3385ffce5dc5739934bd8e65b6ef3bd7f82d25f62d1e5622 |
memory/716-13236-0x0000017D6EE70000-0x0000017D6F1C5000-memory.dmp
memory/6036-13237-0x000001D5B7A90000-0x000001D5B7DE5000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2189686d12112ea3caed27ac41836b5c |
| SHA1 | 5037cfb78eb746f74c2a04e6443b9695eaf57a0b |
| SHA256 | ec953c8428587e262b5f4eb5b3bf42d1d11d4d46f33e8fa86cc4627543b62da2 |
| SHA512 | ecb9c32688f83923e3fe91eaf0ed7b2a84252f21761ead2760488e4bf0b3b20471917f4c53c4988b5052232d450cc9d03127d5b2182b8f09e0627cc51353ca90 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json
| MD5 | 602c49f9246967bdcff45b4f43cf2fb0 |
| SHA1 | 4c5796e0c724bbd7a9244cc8a0fc9e8f40181f2d |
| SHA256 | a3ad9649c1038078038be1abd591cdba73b4b4f5cf30e11bb6cb7a432b746114 |
| SHA512 | 2f273c0dd0127071f4c768cfe7277c6efff84c1ef4f4271c1326db3658c84261794b106af3198717f349fbaaaf276163700bbb50ae20fe52ed0a88a192d46f77 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe59e4e8.TMP
| MD5 | 68b20851ccb9834d21fb32615e42bd43 |
| SHA1 | 88fab935f0b9484994097c08f785e9ecb7d68127 |
| SHA256 | a954b528dd65ad6c4c2091fa32f17abdb7a49454ce88e10bb6c377734c70c26f |
| SHA512 | dcb0771120c8fe35213d60e9abf4b242af807324759e3c99e9b2569c00a941d885d53ef6fadfe69e6b740e0b52a6008602605d643801190a2d29175a7d065e15 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 247e20c02ddf4a21c541b94365882a21 |
| SHA1 | 5e148e7cf79ab29158b5429276465dbc4b0e4a97 |
| SHA256 | 63cbb544dd9ab0f928a4e7813476399c5e8f77b4f0d1be943e5dbad02ed1c370 |
| SHA512 | af12b3943daad0c00fc76f280c7bcebff3424f64d261b626091f8a979438b6a10484e1c28dceff451dddddb7758909678cfa533ad87c1c1653c75491bdb052cf |
memory/5644-13263-0x000000006E280000-0x000000006F5C1000-memory.dmp
memory/716-13267-0x0000017D6EE70000-0x0000017D6F1C5000-memory.dmp
memory/6036-13268-0x000001D5B7A90000-0x000001D5B7DE5000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b7310437a3f8979c0189e6c86d52d8e9 |
| SHA1 | 7831f0a1c58124999df1c351cdcc8ee0dac8a1b6 |
| SHA256 | 5f2f723087bd8b5ea0c0fd68802167730f8faf67e248eca7944d219702c2a843 |
| SHA512 | baddd98456e37d5e5de7d94be472fbd1587a77abc6c0d29c9d85074de5363428b82a22ca046f99ae4064c45bc2133806444239ee3a934264ef2ab44f70cdd683 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | 5231d981149c0254cc195a4834f9658f |
| SHA1 | 717956bc88ae780865e21275f6a494dbe5697908 |
| SHA256 | 99fb9dc2196b1bff14d96528cbcc73d5802bc3876eac5b7f42b40da626c5cfb8 |
| SHA512 | a65c7439e6e68df0843fd1cc12ed09bfae40807025fdeae550a17306422fc72dce98184537075d5fd313fb15e9506df695fdbda7565bfbf218579a5cb27865af |
memory/5644-13287-0x000000006E280000-0x000000006F5C1000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json
| MD5 | 4804c67a7bc8153ff59b0807c3062d72 |
| SHA1 | 827e4c6b25c3bd20139d8cf55e5c19311bf75ce2 |
| SHA256 | 60f2885b872d78f8c84bc8abc2ac7a6d8f7db11e07cc4aeb0d1b35bf7cdbeb38 |
| SHA512 | d2c3b91fe4fd3a8c250c85b753e59ce9d656945c2f46623cc6641c29480a1143c388f0032d1ce1fea9b98d529f6efb5ad69f99bbb901288a347a606daaf4636d |
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5a1936.TMP
| MD5 | 64b3b9548a0640a743f9380db0e6110b |
| SHA1 | dc7d069fad9908032b0eda3403212a8d973e6a3c |
| SHA256 | 13b2fba01fd388be26ece69243fc56f338b8cf4e02191d6c86704da5d1faf423 |
| SHA512 | 6c89bc85b8d327fbdf557311239ed86606b0d545a880b86edd138776ef0a23777ca77d855a235499ce593585b7a308b5fc658dd7385e1d3adda4c0cca6896375 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
| MD5 | e279a93271cfd8644c23db0331d21655 |
| SHA1 | 4a09a2f67ce4bdba0f5e7d414c3fbf6b65f4e75a |
| SHA256 | 0d57817ab4262a59e7aad454c94544f949f1e0fa20723fa21a6fd2849b76e2ec |
| SHA512 | 202a92fb433f40d28c051b7bd03b43ece99f08f838b7782deda810db146810110333cfd1dc4484b92b198fe4b353f6dfdfaa592a65ebb747786824d3b3160f83 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f02ed6a84e75fc6efed28ab5ec83b239 |
| SHA1 | 9fe550b7ab006214e2e1d46cfa7e3ecf3c25a084 |
| SHA256 | 8a86ae5b35c01b22f9728819d25dde85edca018a887b8ee05e70754b9f4f3088 |
| SHA512 | 9146e5e5c504f769d78ac25dcc7d79b19e30e217658535c7801944bf9dbb9b201cc6d0b66eafdcf02e5ae245d3a90fee4853098d08691680fc1349551042bd2f |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5a2ced.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State
| MD5 | 77b78933a52534ae79283db70ae8306b |
| SHA1 | 619d99a1fd48e759b077cdd3d24d542f99fa6b2b |
| SHA256 | d9d681f542b0582e5f5e43eb96a89c4a67a2d0a59f88dab2b503646a848a4496 |
| SHA512 | 7f008745cf8a27b8b0e14e963a6d8b7ba0cf765be1414cdb5c0ed5660368f067a3e1cc0f2cd4aba4b9bb33574223a349d2afdbf5ac0083bce3fadfb5837d1125 |
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | 84cbab3211e164e99f3354d536bcf35b |
| SHA1 | 13b5f0d84606214b9b3ef871b42ead535c42be9d |
| SHA256 | 4633280aab743351f393756b24363e13f6543c93e3646397bc279adaea222330 |
| SHA512 | 24b0c56fcdb065c288130378c0e8c611284648226bf4dce78bf9329e7288cffb65fb9784b5271a0482cba23999c9337ed3ef9ffe12e211a5e7c8dacb8110e9a7 |
memory/5644-13353-0x000000006E280000-0x000000006F5C1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | def2d2e0af8c3e436b55f2f658f78cd5 |
| SHA1 | ae90852b4171939fe03398809ac7787b53df6c02 |
| SHA256 | c101ffd0260dc0ce760a6a1ccbaca46dd0472a2808092cb186a9bd7dd3745ee0 |
| SHA512 | cc9623917649cb175714d0dad3494591a3c93128846c15aae971568edde99251d1079d954134d839369f0722ec8805151bacaf25d47a120fe656775de86a306d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c
| MD5 | e579aca9a74ae76669750d8879e16bf3 |
| SHA1 | 0b8f462b46ec2b2dbaa728bea79d611411bae752 |
| SHA256 | 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf |
| SHA512 | df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | eb4ffd1dc7e1c8b60126a3df9c324f30 |
| SHA1 | b13d6e9c2502bf08546304881556b27f9bc489ae |
| SHA256 | d53c382e9a28ddd52e0f0fe4272569d329bb59d23d48a96f8ea4295b682950f0 |
| SHA512 | e84f51620c812914f5e169d9f96a7cd05f789f19db8103b1cf6279d599f403dfe213f79a112ce837442053e0299a84721446718244e70762b9a04742c3673e96 |
C:\Program Files\chrome_Unpacker_BeginUnzipping5380_1163699812\manifest.json
| MD5 | 2ff237adbc218a4934a8b361bcd3428e |
| SHA1 | efad279269d9372dcf9c65b8527792e2e9e6ca7d |
| SHA256 | 25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827 |
| SHA512 | bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542 |
C:\Program Files\chrome_Unpacker_BeginUnzipping5380_1163699812\LICENSE
| MD5 | f6719687bed7403612eaed0b191eb4a9 |
| SHA1 | dd03919750e45507743bd089a659e8efcefa7af1 |
| SHA256 | afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59 |
| SHA512 | dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56 |
memory/7576-13437-0x0000020BAFE70000-0x0000020BB01C5000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020
| MD5 | faadcf8e5560b92714ce7b761dde2589 |
| SHA1 | 5d9c9821f596422ae8578944708f3e28d77f29f1 |
| SHA256 | 0640afcd97e6533478c36a8e0b03c79d0e5f144ac5debe63e4dab8df67447740 |
| SHA512 | f810ab293e402c384576ef1688d6b6604323f050774cec3188a76e5cb1d724753611945ba3a4da95bdd3ea29c52f6a6935201d168dc6923b808f689b2e3df5fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
| MD5 | 3a8ad551ebf9122274a160d7a22100ac |
| SHA1 | 1bd2fcd6b86c37a717b387186e510de5c8a2ef2c |
| SHA256 | 4c1ee3e726da9b0dd3dae0c2ba58824daaf0e132d9ede9721a8c7dc190a4c099 |
| SHA512 | 7d6f1986a535b21a45399d13024f28298fd74c4e0e08737b47df6050fdee324ebd7f86b912615287a4cf6d71597ac78805b3aed16c1da0f561c724648ed9e98e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a020658ad58cb5ececb259c777ea6287 |
| SHA1 | f8ea2dc3fa43b25ccd382242e4c81b3d53f109c6 |
| SHA256 | 96c0e77c01e5dedfeb44d03941584886a7e2fef7c3cfe12dc9c6d51c212b9d67 |
| SHA512 | 1b44719ea90643362f024882c0b9b7a6688f28ddb443c33e60760158ad9002ac6db98223fa1ea7120c0f00151aefd4ff7341de336e3357812de03f7cc05e0ce5 |
memory/5644-13514-0x000000006E280000-0x000000006F5C1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 19553067210f71536f54810fafe398c0 |
| SHA1 | 373dd5ab49e66ba6ffbc79e146c2b9121df64df3 |
| SHA256 | b562536c1514371aecf5f7313bfdb21be74fe8feb4a39c4e9d6c86032df2ad0e |
| SHA512 | 941136c6bfc8fbdfc4c23879a2a60c5b7b1c72a1c47b1b013f9268c462370d26e7cb57a97e2de3081f590d187b44060014811c86e85128488dfd267abfc50acc |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000002
| MD5 | 2fed1645b3d6857e061b7bc0d2850494 |
| SHA1 | 4cceae6416b4275b18a172eb9dec60c16e874753 |
| SHA256 | bbe87edc7f708e4f75d90f09135220e03a29ca93730f30da17be4869d0a1a436 |
| SHA512 | b968593188c7558f41c9d809d027ae9b29a6fde2be2c5184a8c6bab579eb572be9a9df5b4a2ef4e15698a00377b36b839f80bbd9e4e7b2a401f528b9560452be |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000003
| MD5 | 9fa060a599b0ee1912f2073ed59df3c8 |
| SHA1 | eaaeef616747d09506c6ed1d96901d2c8d1ad4e0 |
| SHA256 | 7924474a8f327264982347dc932997ed49890ea4114925024ba678fba2d4e90c |
| SHA512 | 93837c0d1bf848ff603073bce6ac252f770a35fad094b294609682e11b04b463292c74c8440891e89741f28fa67a888ed6fdc1575fda99a3c2b6065ccc4e7b47 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | 633d0280c3487195fd103c50d25e5fc2 |
| SHA1 | ee07b4920a889f16166fd7115ba541f2bc8d9664 |
| SHA256 | 59d80a64a4e631bf1bdc5d8f87fa143297b1751e63dd229e9cf4fea1f84d1e35 |
| SHA512 | 2bca03e0b723a49556e37099ad6278ca23ac0d93243af18f591fb66558517b98802faf0b7b83117c1d7258c7501b85a11f56ff20c3f555c155c484c8a822681f |
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json
| MD5 | 6623063e8cc3991d6c79fb9f5917a080 |
| SHA1 | de20411ade4457c6a4506f4739d058d88bbf2890 |
| SHA256 | 300eee3dd847a6fdb2035e2c376b9920c43e5b03597cca5980e163885f827f1c |
| SHA512 | 2184a311e582e9ae01bfa24358e8f662ecb923e576069592b5c219c7ec6ad25461ec3d5edd9e22756e9be61c46dac6eb7cab7f2f9334f8ec870f1bd3d7b4ea1d |
memory/5644-13651-0x000000006E280000-0x000000006F5C1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1267d96bd1e5b7e882e15bc251a79675 |
| SHA1 | c392529b6b0b295af039d5ee292a34d608526db5 |
| SHA256 | 7120f099203827ab90735a7a83be06d9a35169aee10b2facb8c680497cb36438 |
| SHA512 | 962a10c479c21173e0480c3752d9b6f28031762d13b12fb99d326b6b459ea5f1ba9195e3f05291c0a33d77192351c727d19ae4fd595c9556482f66e21967e26f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b5d848a899cde336a8bdc253a21f1034 |
| SHA1 | 90a1ce73e902d089e43dce00915e961525497a64 |
| SHA256 | bb9905cb976776cf8a90694c1ce8f4736ed1aa7a2e80495eaef4b8fb50af80d0 |
| SHA512 | aae2ec4a60bf4726b040932cbaece55e18eaf0ee98e608eb4ae3aa4e3058d28c92add2f55e658097999ba72cd6956955e1509ce8b2165756e0052e893d9ea073 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6011ce8824b43da4350686ac680dea67 |
| SHA1 | 43c00b32ade73f0ac370c20a9da427b100b3b6cf |
| SHA256 | a51a8a52be52bfcfd34070e566781e80f195415402737ec2661f99dedd1434d9 |
| SHA512 | 975e55770f34561ad8d00d6c922035b59fa3a82e160f4ef4d97547f0a2fa0263acbb3b40b04a1fc970d916a71c67420764f2e0058d2a3ffc6c1a05e1dd9d0d53 |
memory/5644-13692-0x000000006E280000-0x000000006F5C1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | edac3e8c4237ae394a8ae62adad9976c |
| SHA1 | 635917307bc422bc441b099c0b1505aeb23483f9 |
| SHA256 | 6af5196c4a99921aa76bd9feeac6be7c525d84c9092df2c1d352e631ab15e1e6 |
| SHA512 | c959eee59918dbf9d79aaf8f5957002d7d63032bb401c142a9b450463ecf74baca7d699fe1f32fc6b60d0f6bca5fc2aecff9f22afa4dca3646091fec52464f6d |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
| MD5 | 0cb6901d97f1e3ed9397627f53e973a6 |
| SHA1 | 057467106a69914edf9ef64fe825bc3a1acd2b4f |
| SHA256 | cf243347b607a23eb68bc932d1ab501bd983bdba7d6040d64d268e5c2fe0e4f1 |
| SHA512 | f82076e0cca42d4ce289e6a64ac2cfc87b95e0c6abe87b846828d319fdb80a20c390d192bbde2c20bf6dbca58f130f3c4b5b6b7a1908eadca9073c0516d1e297 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 21382031c8dffb2becfc1d3de6b38ef7 |
| SHA1 | 13af0fd1282c3f5595aedf4f5f68af953c866c4b |
| SHA256 | 7ac2b26c02f7f5b15d5ec2ff49f3d189046e75cb71ef29fb9ac58d9d763a5efa |
| SHA512 | a7e73e3c5ddc20eac29f2f34189a30075968cb39f7166090f9ca514efcb49ccc031c870c67a2c879bd9932f6999c21aa9c6bc7a50017ee2fbcb39749e8481080 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | 81d836bc9ccc833ba44b635cd4e22670 |
| SHA1 | 17d9d7803d5fc47af6df5f5eca324b6ebe6748bc |
| SHA256 | f956080869c8f90f6d3ab4f88f7045637e43ba6d122ed7e1e786f2225be275a1 |
| SHA512 | 671579ee3f8d64a88b6eb583140996e114816df146d2c7296f4216da848dc15536aab15ca88fe506bced7115ca01a28d0e6edbdb4dce106bd461b4b8e7ea06c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a009546d29a0051be55948be99564f1e |
| SHA1 | d69529563bb36cb8963dbccd8d9e27cc5a586682 |
| SHA256 | 5c63c3631fff69bb811c6afa33f66c965c551fb664575f02feb3c623af372966 |
| SHA512 | 7a5c64c00ec938d011aed61a5e13e73f0b61d395a37c72631e2cffb95019ec4c1bab75c10fe18a6b3dc54319aa90415399e1ef647a061ee03a5966fa68f07d59 |
C:\Program Files (x86)\Steam\userdata\1839625405\config\localconfig.vdf
| MD5 | b6629d40dbd79fc3d5dbf8b1bf1d2906 |
| SHA1 | 3841abe4cf18b03f3b24041eb27d09cacdea878c |
| SHA256 | cd2c95cf708ce7b8b24e890e80a9ed9cc683626996c6348d7b988e5c8f760bc5 |
| SHA512 | 701bdd5372fd0486dcadc89a7e89268aeb039769dc10fcad249af69bdfc745e9fa077cfba8afa9c89968a3fc94c8b249b51db0afc9d5013131faab783bcf2e9d |
C:\Program Files (x86)\Steam\userdata\1839625405\config\localconfig.vdf~RFe5af8a9.TMP
| MD5 | 67a80d556d3e3d102e5b1af66f18457d |
| SHA1 | fb8dc46c539800f018c273d8609c9a507cf573cc |
| SHA256 | a9862e819d0e7e46682e712b1917c52598b4600c527cf1ab7900cb450b98950a |
| SHA512 | 028ecbb5dcd05d02edea591254c4095e79399f153c41bbfd46ce967ad76a9d411fc843cd7120215cc16fa5bcab47744c06231335d90391e5100ed2abd5c83076 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | d92181230f390b1c16f363ae765ea8a1 |
| SHA1 | afaae1d30d766099fad555d8dcbf2ce5f8997285 |
| SHA256 | 046605772f97af2286f681aaac253225e8aaa5ab787d2d34ab221b50e409ec1e |
| SHA512 | 2acf183bb02c5be00497697ff092ab79b063bd24dbb78e04477eda1f4da682132864199328cdbd163bb93d5852947c62e11f3e73a9af34fc7e2fc88b168968ba |
C:\Program Files (x86)\Steam\userdata\1839625405\config\localconfig.vdf
| MD5 | b3f75776fd8d044759ef335189e6d906 |
| SHA1 | abbb8a9b253b08c3a58f4e7355770c7385766869 |
| SHA256 | 76af104db022b894388b103e231bff002d5cda3544f36c7146a20dbe2c6c53c3 |
| SHA512 | 66af74f2bb73dd77cc303fbd8c5ecdb0241ea5f1ea2e61174edbde073d2005ae044ad68ee75d6f9f743d04ab0982fbe84fca1c5836d8f67d1b6693ef3dc9bd90 |
C:\Program Files (x86)\Steam\userdata\1839625405\7\remote\sharedconfig.vdf
| MD5 | 68708327762cc976d8a5644885f0e426 |
| SHA1 | 144f5dcce93dc374b1535db0dcd63ccab22d2178 |
| SHA256 | 71e9aa671ce0ce62eb959318d5e8e5eef7fd41c653d22db497fee72a4f71dfd8 |
| SHA512 | 7226991f245967c0d450cda00408462cbc64c73fda3621d941088beba78d862b8ef25fd3dfcc67f91ba13f945f6b80571a3a109c44453da3da3d2cb9c3b8e893 |
C:\Program Files (x86)\Steam\userdata\1839625405\config\localconfig.vdf
| MD5 | 7f14b497099a0c114e2a7ba21feefa15 |
| SHA1 | 30b745426014934177126d7f5d7da2f251fe2c11 |
| SHA256 | 35d229d23a5c280fe1d53269b64ea95e92bab0d1207217ac1c9fb508665c2a95 |
| SHA512 | 76643c7996ee740a7d2aa3d5b272ce571aa15152867392c529754f7e3cf42d3ceb0a73678177b5353741ad3fdf854e916a6833764cc396e893a1b85cd8370900 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | fdd89654f952b393b5d69819c741adb6 |
| SHA1 | 1cb7475b9c220ab57bd692bf908034956d320783 |
| SHA256 | d7fc8f68fbeb8c10369b6e26733cb89d44bdc61d26e7324816fa46c13aa9f82a |
| SHA512 | 9977671fba5543455cb2ffabf17df61be0d641a283f31ae96fddb17774f95185fc0653a0ace6ea69dc7c9cbf2b76cdb22cf2528203806c89c9d63ace6af9ca47 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | e8e0987e4aa59b768b8da41d5f7972fb |
| SHA1 | f6068f6d19a365bf68f9ccdb6a3cfba3ff47512e |
| SHA256 | 289244801e1cd3685dd5395f4b71658b619c3bb4e1be8a169679ef981f90d9fa |
| SHA512 | 0174a976472cc4ff5c8fb101f4cf9f10c04ef241088543e030f7d121f3b12e0128a6b571bbbbe34857fecababdd30fe1e4530ab3c1a32dfe6d46405777924709 |
C:\Program Files (x86)\Steam\userdata\1839625405\config\localconfig.vdf
| MD5 | b23e760aed49bab61ab84fc20d36a9bc |
| SHA1 | 35cdc4c8307c9c9c54cc1b1dcce72718a0a98cb6 |
| SHA256 | 252e9dfbf7f44f556d22e430af2030a294406ea56ae51168282fdd01db9cccf0 |
| SHA512 | f107540540bc0db6bc9347806ec647c08918fdc922042dab8145c9a4f233af21ca4b1051efc2531c079c09639c6be4c0290602cab2310f0c5471e62c43c41b30 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | 65b0779408325dd99a6281e6c656f38a |
| SHA1 | c80b3cad1f5c29348c6ee18b0b7dc29a2db05c31 |
| SHA256 | 80459ae253696201bd37ebcecb6562966573024e8e24e9d78e25ebb6c657c1f3 |
| SHA512 | b703c9eb731dd4f44ccbaf7fab9d9b24bc9a8b12dbcb3ac4f1e0b3dbf965a814b48d294b549e62ac1a2e22fec824d6ba551355bde3f0ed9d8f1b05970b8593db |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000006
| MD5 | e13edde4a25e96e573f37bdd11e020aa |
| SHA1 | 84a0c3cc6cd74b149cc27de2b0fe48bc2acb70d2 |
| SHA256 | 45b526e6aa5356b278aa37e67593a25d09c9653e8a0e71fb8e155111d3b7a515 |
| SHA512 | 9ba4cce47994f949731e594538f56f423ee46a8e602fe922ab6e1d173b87831ae5a80d967d695fc45a08b25aef5c494518b43cde6b4709db690e904b2cc1c053 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000004
| MD5 | ccca1d507e618047398d2b7925f6ccea |
| SHA1 | 107b142dfa77a1df956f8051b1569e7767d4a2e7 |
| SHA256 | f56b99fc2b763e22df8d023fb1d9dde3afa04c52560abfbf0fda5c75649c599f |
| SHA512 | f1d40a2ae4369811f1fc44ade60b0321d42eaa1369f17ec998010470291c60b536e5a563bc01cefa3776b6aab3214c6e2c9b50234eae4b0fc70647df3212a37a |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000005
| MD5 | c5e39337f681f1c40f0efa29366109b6 |
| SHA1 | 3df6cdfb2a6ef5d2e0b0b2832154986629dc3e70 |
| SHA256 | 70707407660a3f4361c5b197db2be83f96fe74e2f1f95f0753e985ee30b7b84e |
| SHA512 | f73d25aa88d2ff3bdfc4d569d20c327883b16600f76410c883e07eba51715cc65d8983cebfb681f2a0c6f888394749f9975ecbf5c9af428ec5f3e433874d6534 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | 167b838878adac1e0fc90935cf597985 |
| SHA1 | 1f782daa36f37b3bfe36fbd69e9aff46056f09cc |
| SHA256 | 7615741b6940cbfc71efd3091ec630e4c14aff4db80c76ac25cdef9ec7c9c329 |
| SHA512 | a89ec9eb5da94a2428b1c19f7e0e343d2a1e6a6ccfcfa1150211d4fdbac5159bd20fab4279c12e8f18d44e5447a9dd2399e024765341de2a6a196e1a9b39b2f7 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000007
| MD5 | c9e90bc8ec6a09d8a69f4a4dc6fe8b6a |
| SHA1 | f099ace175891bb8b81eea2595bf8de8027bec6b |
| SHA256 | 8fa6b37e750ce1df8e880691ea6dcd4aa922b55a722aa0b1df8ed6302aaf723e |
| SHA512 | c4bda62806935165c94191234b8782408876f1336279a26d58ab3a75f41c51433ad24516c0354a8a047c1e743c4fbb8989938b6a1ff29ae0585b3fd08230a497 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000008
| MD5 | 029f7cc33ae75fc214f920e50ec8e1ed |
| SHA1 | a9944bb45acaa6ff7481e33d1dae8720e660a0dc |
| SHA256 | 7afcb7387ce3e780abf62bbe0fb5746a01f4778d2f05ead46cf1b0380ce7d445 |
| SHA512 | e98ca79dc7fe5f16542f5e7d191b87e1081941dc94b39336eb36b5451d8573fb7dd243412af1eb3722c2a7b9147129b9ba2c1487449c27b78f3ce4895eb5c622 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000b
| MD5 | b507567f09861406425726176430b282 |
| SHA1 | ef31ff9a5a918797c76752018a667e29e415e580 |
| SHA256 | 4390634070a440bead4ea3dc609984097da973983ac140b094149b4bbed1349f |
| SHA512 | 23e8a4e14a2a8608c817b88080fabce226ef7c280f5c87baa27780dc1307d60f75d215a91c3de6651f17e6df71219b3e51f2665ce9553c71f427a38e7c81d65b |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000c
| MD5 | 6b7e9d2fca3a807995e65c6a12decc75 |
| SHA1 | f4a3e5d132c45cbbd0d065b748adcdb9a18a5e47 |
| SHA256 | f301268c5c18183b9460ee7d520564377a3c47ecd7dbe9926e4db054e33bd5bd |
| SHA512 | d8ab7c2535353bc6ebbe9b2432bdce618ba3a9a759e413629dc94fb752e08e6d9ffe19871d1f4dc226a85320c4f91a0804dd2748d28cfe3964f5369bb269656e |
C:\Program Files (x86)\Steam\userdata\1839625405\config\localconfig.vdf
| MD5 | a1e3910064cca2c427f0e0261371e027 |
| SHA1 | 6e783fe8208bd522f99b2c6256bcaa438454be26 |
| SHA256 | 9c8b3db71c0ce9990cc963931f8a442178bad49400e5f91557ae4fc34442f7ff |
| SHA512 | f0fd18e19644c2db03765c3d53fb5e345e080902c2a37fda5c8fa70236354d409131fdac3bd5acf013c5233e422068f5f1ca9debb93661e8f4823fbb019b1dd4 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000e
| MD5 | 1046f118e94b9be80b93c392ef392601 |
| SHA1 | 7964bff232ba386ef811f90528a06ecae45e0ed9 |
| SHA256 | 7562e901ec3a9d3b876691fbd4e13d72c7746641d91bda979f533994d106813d |
| SHA512 | 9a3c02be4a6792151728957bccb52003c8d14c8bd4be8ab69000ab2db372599e54b55241c74fcd1af1fac69403f4582c6497b9268146f3ff622c730e8fb0d2d2 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000f
| MD5 | 23dccd50c1598cf87c321dd0e788e2e4 |
| SHA1 | 4697f41531098e96b97de4ca6626fd86621efb1e |
| SHA256 | 167b5e3d2fc6a069ef986144f71f70ca1ed8c4332846757c8aa4792703420635 |
| SHA512 | 00174629a41be7b3d69e0ef03041aab41adae416c39209934b8a9c3923350010ddf01ce8d37cedd6bd57769796b41ee3c18c1b393726988039b556416c20f676 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000010
| MD5 | 9c4296981d7c3c8f68fdb015c70988ed |
| SHA1 | 58529bab31b3bba803b568d3d2bdc999d6224622 |
| SHA256 | b056d8d14fa59a3c0f743c90e6a89440e1cfddd5b8d020804e499594b63ec918 |
| SHA512 | d430833da2b82b02d926f86743e623fe7320c83bdafb3a2f89364adf48ec2b3412cc84d0f3546f41150cfab924d8f5853ba81b20cda742ab3e2f240dfd754c88 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000011
| MD5 | 57613e143ff3dae10f282e84a066de28 |
| SHA1 | 88756cc8c6db645b5f20aa17b14feefb4411c25f |
| SHA256 | 19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14 |
| SHA512 | 94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000012
| MD5 | ce6bda6643b662a41b9fb570bdf72f83 |
| SHA1 | 87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8 |
| SHA256 | 0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6 |
| SHA512 | 8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c75362e16657530b4a4375060e936f80 |
| SHA1 | a233285a85bb87bd17340db50177d424e4e3ab2e |
| SHA256 | f65c5880a327c3f47890b54c2d9849579d646c48ace07a73fdb45d5271be5c14 |
| SHA512 | 514f5dee2b9a2d38c761ab2ed38d5c8f740b6e173a4ff92947895fb67225186220fd20a5f5d5c92be8fcd95504efd3305001cccf2ea5f1a7e0a05e0c4329472c |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | 6dd59c5abe67150e91d61933e59d3783 |
| SHA1 | 64b2e26789c0cbcf7477435c5bcb3b9200ef17cf |
| SHA256 | dcf282f6e6e64940bce4ce868903dc93d2af88830d551d1871f83b0fd335fd95 |
| SHA512 | cbf216ce25022adf272fe48f788568ac678772e7964992fc1455a8502c350ed76f4d1f8596261f6a6ad7857de33091cbbdbb897d93f3cf60f7e42533afcbf00a |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000a
| MD5 | 1cd9f819fae888ce4860b7f6093347f1 |
| SHA1 | 04f78da120741f1198d595af811b2c42ca9d5406 |
| SHA256 | d90bde2cee49d26d93cc149da64ebfe3b57b6f391c1fe84c696a2d5e3f33b3ad |
| SHA512 | 2f7e22a0b36ed64c6be176f48f91663bbaca60d7a4ea862a6a81678fadc1d8df31c59a3266d1097654fb52345e0d2e292b8bf48e9497be9c3e3be89cf43bf90b |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000009
| MD5 | 47d88f0e30322831ac51429e321af624 |
| SHA1 | 0a3a50ae8c9d61a6d96b872f91b4694187be0bcb |
| SHA256 | ff066f3e1ab3028b7bf326825772da1a50d4c9bfe92ec0abcb52f17ed996482c |
| SHA512 | 416fa132223c396c6ec4ba581383ff0859ee02a7e73acca4836df0e8154600cc9cfa4249832d0370fc7c45232e0114994e7da36d094cd459a6f3c77be539cece |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\3626258c-c18a-4b95-8e41-7dd22c38ad22.tmp
| MD5 | 65dcc8fa6ea39f7f8ef40665b7a410e4 |
| SHA1 | e75c8a0e13594b0ed32ddbf78b92fa0be46f3443 |
| SHA256 | 31c9707f4ca9d6f4a1e0ae340f0ace23597992b5dc01fa47e991ac8653232e73 |
| SHA512 | 48f394c6f15cf620c4be621da060e07a351b38438525f2729286b5af9bd29272a4be3cc5bea9799cdaaed161fa81b69469b5a6ce39d4b2450d31c7d4f7b73e5d |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | 4d264140338b9578a565bb8d817f7274 |
| SHA1 | 16f57fdeb92bffed2d6c85db7df2ff0fdb935e4f |
| SHA256 | 246bb764ea2e1f999fc68187b62a86d70eff30762be7a46bcd0a315668b2cba6 |
| SHA512 | 6912bdea3b7b90f1001430c18e7891e4446e79978e43d35491fe9cb0873b42f88e146700d5922515da0634ac623b5a25a3b0a6d460bc19ab9bbf37ccb559ac34 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9fa5717b1b6fc37f978dd583bd43dbda |
| SHA1 | 3ca2b3ecef1c1bcec09c4725cd3285ea2ccd58f9 |
| SHA256 | 9262bed65388f84335d150beb5771448a6651d904604026670d8bfbc96d91ebd |
| SHA512 | d1eef942e45927524f72b62e0b38afc2193493d20ac87d25993c35866e63f77102216c73070256aaacfe75c7896c87dc8269ee7160e631f694b2d6b469aedab8 |
C:\Program Files (x86)\Steam\appcache\librarycache\1161040_icon.jpg
| MD5 | 7ecdaf8a54ec52b20640a88527512903 |
| SHA1 | 3133a4d748ad3be61fe9db759339cd5de73339b5 |
| SHA256 | 7bd8b75aec0a4d4a377f3ca3a023fd8b7c5fc7dc6a2a66d17f8cdfe5b731ab0c |
| SHA512 | 60ae2031eed0c38264f0d8db22a9b6efeb3f80c791e916e15a1730853162d56e0da014dbd93a5479bae4f3bdd5705ca89be70c90574a524abd1c276ed5c55a2d |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Dictionaries\en-US-10-1.bdic
| MD5 | 4604e676a0a7d18770853919e24ec465 |
| SHA1 | 415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f |
| SHA256 | a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100 |
| SHA512 | 3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774 |
C:\Program Files (x86)\Steam\userdata\1839625405\config\licensecache
| MD5 | 6974b0f6af072db332d4f609cf3718bf |
| SHA1 | 8e29e1cbd61563f050e338dabb342fe56baab4c3 |
| SHA256 | e46d6c16c4a1b99c9e7160cd4507bd8ad58ca7ade2efdef7c8682d6ba7278888 |
| SHA512 | 78435e45b6b4f4891da0973d3fa3d306a7bdbb5d8a6a31e4391a70788ddc0a9f8f2f4cf933a2e858547783bfef4cfa342a2f7b509316b59081c938eaa34b0090 |
C:\Program Files (x86)\Steam\userdata\1839625405\config\licensecache~RFe5b77cc.TMP
| MD5 | 95cdb6b05fdfa9c153101142f75ddbfc |
| SHA1 | d99339142107dce443f412c5df6201470fe1ba7d |
| SHA256 | c74d82a3ee6e1d104196c0e895faee0741233e28fb0c1b37efc02cdea4578427 |
| SHA512 | 3f946b531204d9f173e5d4988422791a24d1b462cdba9b4f0a8af46cc9af6b99b1cf8df41956bd7cb5c0985a3d77b1e0bcb3191290480231b4b9fe4dad77ae56 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | 0492b527a0afdc3d0ecd5e87826e920c |
| SHA1 | b4bb02a37bca13153fbf77b08d7ae8484d26ddcc |
| SHA256 | f2e59c232cd5a0b9ebaefa4e98a05d600d7036fc3767d3a30fad26c0bdd3d9bf |
| SHA512 | 59ed804967df412d665c0f136179f45e28caf4a52d051ae30392bcef1dfa3f7c76aec186bf64e2bf4cb2e3cd3b958602f1f7116a3bb831852dd7eb4b909d0ca1 |
C:\Program Files (x86)\Steam\appcache\packageinfo.vdf.async5644.tmp
| MD5 | 3d8debc2f8cb5c708ef3630ee87ce755 |
| SHA1 | 4a292e8b67ff56197e5466db469d1a3e3ddc38a8 |
| SHA256 | f1f1b953d7994d99f45cacd5322bf42b37225fa8e5de41af03fdb012c0380b31 |
| SHA512 | fe3634313f4b71043d195d4969c1406bca9098941d6fb0c31506819176fb5afbbbdeaa4a80a8713ed221a23c3a5833e875b6eadb1c46c92a382e39eb733476b2 |
C:\Program Files (x86)\Steam\userdata\1839625405\config\localconfig.vdf
| MD5 | 3f560a43e6a4f25dd66e768977ab42e2 |
| SHA1 | 5c4f6cd34575c11060a6c659b95e0b7a909fae27 |
| SHA256 | bb05375026419bb6fd531f8360c873cadce04adbca074e8ee96ee0e1c6bdf368 |
| SHA512 | c2be42e732fc2446ecb1db0abf3e2d9183ac7ece8bd4b0db4dd9dda101c10c43395c53eb33753199ca32f2d1fbd3e12aeae3ef3dece57f2f5c3e69acd59486fa |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | f97078a30814a9d4dd2af326dc10a9e9 |
| SHA1 | 70cd04b3a1043a51fbb6f308f2e6dc6682ba5b23 |
| SHA256 | ba7c2e3993269bac6c10a2072a4000be13ea87ae5ad7d7a86539026c6557b543 |
| SHA512 | be94d95875c613047f5779c9d25d5362d021b40ea63aacaf39d0a5f6764285350476bd9ea76733f07ca049a72ec50a1ea70b367b9ad936d508fb8d7e10af277d |
C:\Program Files (x86)\Steam\appcache\librarycache\438100_library_header.jpg
| MD5 | dbac976a6c6f15648a833640ab4fea17 |
| SHA1 | e778b0ec3fe0baa5522ed822cb9189ce79b38431 |
| SHA256 | 2c66e2b298652df099b28d69fe0b41980872253cdfbd99c823ab1c2295f7cb35 |
| SHA512 | 31fd1e6f38b9b9031c62dac0f129bcd073d612f5ee7cd61343048c88daad0b116612490ae4d7885cc0bd113ab7ae998924dc6fca6c7a5b647b3aa7761626fb1d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | b4fc7160a8a978c8153fe1426be01ac2 |
| SHA1 | 27442e218e3a57afa701907f9e72db71926b92e6 |
| SHA256 | ecabe42450314f9c81392e66a620a7ca29033c89c1f26e4a9cbb071ecffb2e7d |
| SHA512 | e01de051d6cbeaebac1c26971252c0381d7b0e4e2f8a73ed0767b32ebbbee7527c2dbef9a157d5d85a4505fc83ba25b00c377a3c5b362857d381c49a84e5b915 |
C:\Users\Admin\Desktop\VRChat.url
| MD5 | cf121d41d50f71b94bdc4d745322e58c |
| SHA1 | 2632887d0e170bc7fddd4d18f6f202e3f0d9607c |
| SHA256 | d23501f6a273c258d2439cd44ac23a21324d4236ad90b2be23f8530f824062a0 |
| SHA512 | 321bcd707c8e570adef67e5ea818a16699b61030773f4b0e3d164d9d314451255212016360e74c37fe62dc0f44fbe5e6914b6b8795c4301f7a8e35ca21b3611c |
C:\Program Files (x86)\Steam\userdata\1839625405\config\localconfig.vdf
| MD5 | c32e576ddc2cefde45dc5dc927e41710 |
| SHA1 | 197bb4a18b507154a3f36b906c7133e8d2b8cfcc |
| SHA256 | fc82361b742c086b3b7936ec4386c516d6deba1f12bf55b56478d6b51b2bf78d |
| SHA512 | 2280d356198b7acfd4c3634b040d14fd94772cb963ff8fd709356c3f4f58c24b643f04ac4514356c1e0661711c1d8801827c08bdfccf38d34063ea75c1bb7dcc |
C:\Program Files (x86)\Steam\userdata\1839625405\7\remote\sharedconfig.vdf
| MD5 | d92d40266ba4959eb7dc6d98801806b1 |
| SHA1 | 5cc6b193b1fd0c6a3166cc1e4b8f898889233318 |
| SHA256 | c9a0952bf1bcafcd1f1bf5311a86397888b792522cf50815976743c3c181b6b4 |
| SHA512 | 1e9b4b79aa97fe4830122eb1d3dd774e1da5b09fbc8f8818aa1eba8cd176df652202e1ac6dad300bb0cced2c32646c30c7f223e2a2c76447a6b90d8f7a4bc145 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | ae4aab4530fe709b28f540af0960b07d |
| SHA1 | 1a69e95af26f5c37fd72c06387e09b4bd2982446 |
| SHA256 | d5755bdd985dc222bb583d9ba41d99dea917cc9edbe0931954af3813ed307440 |
| SHA512 | a5140ad4f0f6dbf77b7b6b0ac1481c2391d7d2bf49c9bcff27f8ebedcca1b75b60c3cb861068ea82fe0a4d96677a985a32897263828d6ad389d232b4053098c5 |
C:\Program Files (x86)\Steam\steamapps\appmanifest_438100.acf
| MD5 | 50c771023e370924ce9656910151dc95 |
| SHA1 | 2d62c1baf4f72560d00aadb00ae7c898020332d0 |
| SHA256 | 8755ebb5f2f206d995d9d66250f0bf351424bb5c58ba5ff5ee3389deb18c636d |
| SHA512 | a1aeeac89ecdd7b53a1deedc056de5548e6a991fda8373ebdb99738ce8e655e09f44a6db007e7a3e7ad4e21cfd69a9de5caedfc88413b1e1278db464f5ab91c2 |
C:\Program Files (x86)\Steam\steamapps\appmanifest_438100.acf~RFe5b9da4.TMP
| MD5 | 01daf861cce2d69a28a4fdd2f290a610 |
| SHA1 | d188c0ef26488763b0cb31768eb1409862792faa |
| SHA256 | d5146e031a8dc5a587d96eacb6b96c09a2efc0ae0fbf7fcd22d79b9b79445a71 |
| SHA512 | 85048f6d03b8b7a9feb2502131d06b0195ada3b66bd8eac2ecd571d3bb419fe14170986e0a36f58185ed2c309992b36e1df0946d0cf185f7b5f8535dbb7d13d5 |
C:\Program Files (x86)\Steam\steamapps\appmanifest_228980.acf
| MD5 | 9036e5ffdd48a272988d38c882be4ee6 |
| SHA1 | e032db769c8437053a35476298e807cae4944473 |
| SHA256 | 31fbeca467f6e0b5c1530059e7dba1e08503646781de9b1460843b5a020ea294 |
| SHA512 | 72d535e7dfed83bd79e76a2ef1ceb2a530d195fe3cf9da32779c4b644d07e7e2493c371a868605e61689cac6dcc8c9cc09f90ca68603a24ba7671b25a6435df2 |
C:\Program Files (x86)\Steam\steamapps\appmanifest_228980.acf~RFe5b9d94.TMP
| MD5 | d661702721b5f234b7a7e729629c957d |
| SHA1 | 6a6ea8e4a48ef67da9b0c35127fc9a0c38e9a951 |
| SHA256 | 1774c5d46b834a00f98ad8b20e6cbb2cec85b641b4dff4d1a62a86b690fc4236 |
| SHA512 | 5e19018318532b9022eee88b7ead2ca73b2e064120403f89188b1cbfdcf641f4372713008c6528d8a1e45282cc8e5b63b23af02cfc4252fb2e1987b4d589aa5e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a59f394b1eeccd46d8f8732b1bfe4632 |
| SHA1 | 5f6a799a0e6624ea47a20735b0ed9adfc5fad20a |
| SHA256 | 397e0351f8d4760374ca16bbf5d4ad7d13e8044c22ffc8163a3b9486f0074041 |
| SHA512 | 55279b9588b745635f6acc5527ab12f9fb1945ac60676b502ec40dc13b86298093ce7da345235335a6edc0b5214819d7764da65070ad80c774def592827ae2df |
C:\Program Files (x86)\Steam\appcache\appinfo.vdf
| MD5 | 316872b5dd635ccbee1086a37de4130e |
| SHA1 | b9830cac2f5326eaff80ff39b023989eab4f6232 |
| SHA256 | 4e3e608ffae1ca881531b65482314430e469ba566a30fa7fd55cd5c7aeffb269 |
| SHA512 | 35d70dbb3f5c7650b7ad2eea0017052b7272694c520e15807071270a6f976cbe9bbf146164a3207fc56580d50f74d82348a21ac4dfef279e3a2f3b3e5bf9c749 |
C:\Program Files (x86)\Steam\appcache\appinfo.vdf~RFe5bb3cc.TMP
| MD5 | d17b776c9aaf9e9638bfe57df6fa51d2 |
| SHA1 | 296014dd18eba39a1e1ecb57b90a5d38f9260844 |
| SHA256 | beaa31b4c340c5b31be5c92c09743353ecbd893d9f06d40b4d2bee8558203c38 |
| SHA512 | bcf8ce2ac8c868331769bfd01f12c01b3f14e9d3ac866adcb59c2a3e23d2005b084cbac53c8546258ea1f956f21d11a0fd859a963265c4618698eeb8927dc345 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
| MD5 | 45ee3661b0eea11bfc1d44616c381e1d |
| SHA1 | c537dac37c79882e1c39221d1ab45c0be677efa3 |
| SHA256 | ad908369a51bd47e911119a9776ad2a27afce2f07c289b9cf1f47596ab0dcb5a |
| SHA512 | 09a640270afada2a6b7e981bff4e762ea5649aa4426516afbeb954f5541d97cf117241fa9c369803deae366bd46f249373853871ab249df6b08de7363378263f |
C:\Program Files (x86)\Steam\steamapps\appmanifest_438100.acf
| MD5 | c03076553fc2ef373e0e798ed6b4319f |
| SHA1 | faf1e5f366242da6b03d1879bc1fc7c389a6ebc2 |
| SHA256 | d22b3d6db903d9786145dc59fa39f05869345240a2957a35851105e6a0e4958d |
| SHA512 | 8c8f453cfe6d31c2e23b9103954997a5fd0d040dcd1a328c7a3c2afb3e9c563450829c824a0404599556999c5f938b537a87569c03080a10bcdf6726bc7f3bde |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | b9cdf24f60532bff18325899ba668508 |
| SHA1 | 24ce2c0007b6ee730f05b34cc6b8e077ed3242ee |
| SHA256 | 3e9a852df6fb2e3dd5109aec0cc84fe9a5c0b17090039127aa715f884304bd32 |
| SHA512 | 5582d583790687898d1982a97530db51c6b0759df5cb40fcc0b2166bc5c2531ba8cd69f0adefda39e0a25609897bd9e53b7e3709dbe4eea6b893036b7c6952b5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | de2311886212018754dc27d565f59322 |
| SHA1 | e6df42c56ef05a3105e3193fe6c5be99c8316478 |
| SHA256 | 6af417143b459dc6af4a8c37e5f5adf3494f9b03acd0d4e8fe82aac718c23710 |
| SHA512 | fbc490aaaac4f45074c16367594fd2da4755b44b9cfef8f1ce5356ce72936866f212376891731086d806ced688d26de7b54ea74fab858b7a0028a5b67b0d63c8 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | 65b0727adcc81c8f1051fbe718dc488d |
| SHA1 | ce631c6cafd06a905a6417d54ead149302fcf5a9 |
| SHA256 | 7b1962f893c72f0608258dca5139a0f364f830a8d445cdec5a63cb3a6c8749da |
| SHA512 | 996b0b264dad938d86f741e0c68b00da9428b37d878f9e61377ab62630e094293cbf36df11d84266aae5be9c8909ee132eeb41f1cfe86b4712dda881161b1403 |
C:\Program Files (x86)\Steam\steamapps\downloading\438100\VRChat_Data\StreamingAssets\Avatars\avtr_ad3617cd-a8b5-4dab-a2f2-66937f7721a2_v18_u2019.4.31f1.vrca
| MD5 | 34fb8919f90c055b31dfebd4cefbf407 |
| SHA1 | 273d641beff0d7cecb2162872f7e46790c19356d |
| SHA256 | be08b57af893cff8a152bb6535fdfb922d2147c07eb1859d8e2452eacc476bd0 |
| SHA512 | f08ebe6008a65d0ebb61c2c63c32125fe5520edc1aa885135a1ed980cb65dca81a792bcc390a4d149de392349cd8f19022a6a8da14d3aeaf54e09852df5d9b02 |
C:\Program Files (x86)\Steam\userdata\1839625405\config\localconfig.vdf
| MD5 | 82fd8e52736dd0091e34324e9246a618 |
| SHA1 | af5205831c94b1fc4def9825c108ca71eec685e0 |
| SHA256 | 94ed8f32a766c4e2a7a698ceec09c1e750c87c7d31b5744d08b7a2e75b338959 |
| SHA512 | 99000b7f9868c0d220d4bfdef1f4194dc85f881a8596758100b128ce3331bfeba1946722544742c846804ebdc7c9b2f60ebd3de5e484fa4d95ea014abda0aa51 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a3a35e003d97fc360f28cb29da3f54bd |
| SHA1 | c3ffc91e48892be3d593069ff482f1499d6987e1 |
| SHA256 | 7dc0c704ed4fbd7a22ee2aa04449b382dbe17b1c5da7e37987bb4ccbe50c8acc |
| SHA512 | a20f9bc794bd1974ff5b540a64ec98a5870645e26e1bb8ef253c428addf90df04254df6c4a6211eedf6ae081a2c861d7f4f4ef47f76c999f082da29f99670e31 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6b69d1c9e364f0dd70815486742ee148 |
| SHA1 | 7e914b555671eb7c5d4845454706b4b7cb6614ca |
| SHA256 | 6b82aa5fe83cf3bfeb1c42ddf894cfa093ab5d86420ed69ba5637dcb51f8854d |
| SHA512 | 433f074a70096973a9d6b8e9df398066bd59f83192bd67203dd252665f44be129975b2b1fdc9313cdb98c5935a81b0d866a76694b355f5a89c12063e8343adbd |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State
| MD5 | cb3ddf0ab9685cf1e874289274dd599f |
| SHA1 | 6f8f272836ecac8b1bd19adbdbb9f640e3c549e3 |
| SHA256 | 4b81c8863e83da84a35a01f7ddfd3354c98c38b051ceb4af1988200b53f12f37 |
| SHA512 | 2837322cb38acab35e37f5fb7e9e91f7641a4d129dc689a97cdb270737803d7a5e1d776fec18105b165f2bffd1aafdc5bdb320ae02d8b6fa2b92c703028449a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e01a0e5c2fdefa609a0e96d493c5dbcc |
| SHA1 | 6d6b95f968db013eeb6a97e297fb5bc4798a3a45 |
| SHA256 | 56a3bdb15ffbc4be0a9b70d963a421cdbb9e4dda126c82e81b6925fba8bc2862 |
| SHA512 | d72e05e759249fc7560d49be13d2619be19fca1f8e14f2d173df9cdc71a428f8d7b0e49513250e01b198184094920f13836348f1e64eadcc21c447b944749c64 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d78868013a0c283d8aeb351036e227bf |
| SHA1 | abe719d7132aa0cbcbcf54ef90cab2ef0ea6f8dc |
| SHA256 | 9908e88a9940ed58d3226b3e5f6d9fdbcf6bce8896f474730d93747eeef3853f |
| SHA512 | 7ce4b00586a9ec1c74ded4bc74436b45a178082ffc4e386e9daf81732f85dcfb64ac92d3466cc31d11c325f21e5bee684b0ffaf37bd47912d5eaf2255bf4bc33 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2322d37c57de71d21d7c527385357327 |
| SHA1 | 056163f5d717b794acb8f1fe23e22f8df9d46215 |
| SHA256 | 7a848079dead4a12a2921dd5fa8cea2221a313b3773d13998c4c0a1e06128807 |
| SHA512 | 765db82481b2c314dad03572a5b6a3fc6b96dcff6a583c17076d652efb774556ad3e64f824ee756f6455d901ff9e8dd725d8d8de73b4fb49c2a585bab1d5c993 |
C:\Program Files (x86)\Steam\userdata\1839625405\config\librarycache\438100.json
| MD5 | 5216ef382c2d09e344ae46f2c073acab |
| SHA1 | 91040770b2b51d00e6b7c32a37315eef249a55bd |
| SHA256 | 2200afe5bd5dccc0cfe9d34b29eedc49014dd673e5b9b2d1797e3f52a14b5617 |
| SHA512 | 0a5bc2a98fec77d33e0aca0934d547746883d5ce2b6cfe23e36dc9afe5fbd51dfe12d955213cd0123b4ca004e225182bea6722d0870ea65ba5a808756e893f7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 591b86a8d7a3996e148678e83c69f10c |
| SHA1 | 826ae5aa2cc15e15774a4ed1a3df1dbcd5e30cce |
| SHA256 | 65d1385b32f1f5f8651d06b77d05aa627f2bf63d03954ba16ee03810e45b61bb |
| SHA512 | e195f4ee33d72ce89fadd0e0a2867ec0c8a5f91ff5eb4545a3cf31511ead8911b72a6a496718e3f38cec9e5c7f056c01f6b02c57e8f1544abc04de2b61c3724a |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | 62941ce0c0ce81d6e894605ce1a1df2a |
| SHA1 | da15a3c2623211af3485730b4c325364a9235c53 |
| SHA256 | 0102e3499fbde1b74becb4bcd7050405e5e30191ab3ab3edd0955ef5611cefdd |
| SHA512 | 2253165a01a200875bdd2e868e77a4fbb0ae0b5696d65d70d1fa6cf2b316686c159bcc6c9caba675485b0fca5f46f0338c638d8172a6435c2d5c880a53562c70 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d798bd28ead1cc74294f189ae37b8ea1 |
| SHA1 | c5dbb8217569527042bf48f962ac0454a9727d0f |
| SHA256 | d7b2921d8ed98f25181ea45a3bc2f6df4fe12fc3aef8c043ce1caba5274bc8da |
| SHA512 | 853556f0f8b49b5c82d03e767f0fe758f0361d0456757196fd255655efdd448dfe06e08b0345541da5db6b01547a6adc33fa4e795b51154c46ccee6f53a3fe23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 22e425689ec7a83e3e504fb16a790139 |
| SHA1 | 10dc5f12024e77907f718ef4cef3ec6bbae630e5 |
| SHA256 | 41aec9e78dbba17ca9c89d475a066e8e0c12e7deec1d2bf4645fca5e6805fb4c |
| SHA512 | b670240a89aaba568b01811094adfb41dc506fcfa20d0be1845693a707106916d879ef941c841385d93bbcbc2213a606991ea5d2745d7e4cf4c066b5aa87b9a1 |
C:\Program Files (x86)\Steam\steamapps\downloading\438100\VRChat_Data\StreamingAssets\Avatars\avtr_a0012827-9ef5-436b-8d0b-02363afc5777_v130_u2019.4.31f1.vrca
| MD5 | 1773fac726b1f82857e925b9fe58097b |
| SHA1 | ca6ab31267d3b27eba3e27f7f9c789447cea95e4 |
| SHA256 | 2b6fad675b6973eeac6f1915d005282839635b31e319bca40adfa49749e1b695 |
| SHA512 | 0140ca8138121f000ce9e45a37ac5db46da9f1ce28098083103644a54966a5a7eab0c9b99ce0e02cabd2d1eadf609ce5eb5b24f9de876b59b8662bdd32ebec6d |
C:\Program Files\VRCHub\VRCHub.exe
| MD5 | c6aa5099b3eadf9a85c96def43d406ab |
| SHA1 | 83e525e2f05249be96320ea7aaa8132f52b2d2a2 |
| SHA256 | f350d0aa955968f2930ba9de394e00b3e79811a695547e89089a45b6f9f56dab |
| SHA512 | 4ead68b1a1d49854a9096ed3f72e90eaabcbba4fa90949fc9103365a6ef636b7fdfcd6deacec65209a594419524df686182940286b733e04a925ead5dab742ec |
C:\Program Files\VRCHub\ZER0.Core.xml
| MD5 | 68793b16d62309b2372887946034396a |
| SHA1 | c7def664308c8aa8a3483d62bc3402fdf8dcc969 |
| SHA256 | 6c451e4a79d132f9ef15ddee1fd01a8f477fff0319816d6a4bcff15f7418c2a3 |
| SHA512 | b7c64bdeefdcb90471266b732598aa0915d19a3b9b5bb101bb9e0a658cba8098a05704f2d1d40ab44d558fb30e8e9f6c6eb062b2f7dd7f9a4052509b45f0de5d |
C:\Program Files (x86)\Steam\steamapps\libraryfolders.vdf
| MD5 | de2fabb93e277fc30169757d69cb5642 |
| SHA1 | 46e8f21b3701fd61b8d85a4f4eb5a4284d1ca96d |
| SHA256 | 00c72466dba6a08cf33b6b992d10fe29fa70e47154a400f223134d07344a1252 |
| SHA512 | 2e494c6f5af99f8d0878e9e9d4fb2af52257f63b8d8c4d969bfce175439921b9b894e69807e51fd3c0193bd4688d78f327d8b7a58c1abb2db7cf875b59997d6c |
C:\Program Files (x86)\Steam\steamapps\libraryfolders.vdf
| MD5 | b9c05c624c8d7395c8dbe9457805c0b2 |
| SHA1 | e45861969d7b54d4afb9ea87b51fb07332f035b7 |
| SHA256 | f04c2830e88b775cdda9a17ed3facb4e2b813512b88c00d3a7ca03c5adddd189 |
| SHA512 | 9ead8bc4ad983a39cba91c4065581eecac3d652f4d55d87b5b627e3b40512f6891ea2c822d8af529f3e623bae746cc702afc63c5b4ba8cedb04ef2a892d7a36a |
C:\Program Files (x86)\Steam\steamapps\appmanifest_438100.acf
| MD5 | 141c6cd4e2694185c311aabf556fa64a |
| SHA1 | f53e51f584ba352036b99d8c8375c597ea8ebede |
| SHA256 | a0fe8665257df6375e635d5d7f49c9ee97e2b248782f3a04e023a3ecba0d77f7 |
| SHA512 | 4ee0d11ece463189081f11120fcbe238f4b09da3871232c3f9986d24e5fcfa714a4562db4907f6c732454d5b7f49cf60906ce29da77ff217a0a76b7e664f6f85 |
C:\Program Files (x86)\Steam\steamapps\downloading\438100\VRChat_Data\StreamingAssets\Avatars\avtr_e4f4c5fe-cb84-4b61-8ee7-c35f89a73495_v153_u2019.4.31f1.vrca
| MD5 | 860245847999dc13a6edee3a622f99f6 |
| SHA1 | 7388e9a15a9ee89ebb6804fb078532903188d97c |
| SHA256 | 152f0767eca79ec6f302147d922803485aa0ac4864b1b91bd86519d53d506057 |
| SHA512 | 2dab45fcd74a1319de2ec23088118dfe463abb9a52aa6e0983ab11e900eeeb915a016922656ba2bba3bb7f72ab77c5c0edfdccc8d818dad13148acf00a2fad33 |
C:\Program Files (x86)\Steam\steamapps\downloading\438100\VRChat_Data\level5
| MD5 | afe0592af1a555fb68194a3215a3972b |
| SHA1 | 3abc08b3bf301d2bb6dba1d08c38030e7ede5065 |
| SHA256 | ddfcb3bf21dbcb1f6f868b676854fc3f5d0a33a7af25a9b8553e89f81f230c35 |
| SHA512 | d1c7592eec0ddd41ff4fe790b422c7d120f090e37b4f24fbdc7a4e1155ede19d76b4fda1344dd04943c9055c036c0d959031fef0efd6418d143210ebb8192258 |
C:\Program Files (x86)\Steam\steamapps\downloading\438100\VRChat_Data\il2cpp_data\Resources\Sentry.System.Collections.Immutable.dll-resources.dat
| MD5 | 262003ff2013cf79d79518448d59f2b0 |
| SHA1 | 69d071b70b2d0f166e11d545345d5f601f06ba26 |
| SHA256 | cdeda19448b3c583d912ff379e24c5e390e088a91d6e92a2fbef9042c1a1c85a |
| SHA512 | bee9167f7cc6a3e2d0d9297c33b04487d41088816258995cfc3c57be8fef29e4bc839ee52679ec27e1d06c522c8476ace819cfe46593be053749c021335b944a |
C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2010\installscript.vdf
| MD5 | 081bca29f369001a81a328369a67bdac |
| SHA1 | 9056314563128ff716ecf15f542e7ffcc1f93c00 |
| SHA256 | f2d06079d05f4d9e1ce402ba0247127c403b5b12232ab38956d2765b32012e89 |
| SHA512 | ab787d0511295bcdb3edc67a744a82abc2df0b59cc50e0edb72865a4e4f4c471a0f4888af52d92d6ad4dd986dd35594dfed21ef8afaf9264f6b8826c50904f8c |
C:\Program Files (x86)\Steam\steamapps\libraryfolders.vdf
| MD5 | 3030c90b7c1b7d564e577742283340ae |
| SHA1 | ebe5bc3b54ae8d3eaaa25277454146fc728251a9 |
| SHA256 | e017cc98fdeef4f89905bf7f741f0bfe76cbae24867ae8fc0844256af20b709f |
| SHA512 | cbce5d8912be607120d6ed72d72c2b027cf491d35f29c1179bb1407b057adfc42f5b2aeb95f7b4b0e5b59a8c2ac0e22565edfab1abb9447584effb6e8e9b6a90 |
C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\installscript.vdf
| MD5 | 694f8b0b8b20547d4af535951021e82a |
| SHA1 | 398db427a34a04738b8215202cb6ad24f54336e3 |
| SHA256 | 331dcc846361ec44f1c7d1c0c080a5e7abddfcae454e5c1a3d779a89adb13446 |
| SHA512 | a43366eddfbcbfbffefd34cc7eec4f1d4a17bd441f45574275bc26154cef7023eec0c47f09847674c9cbbd1354bf7920f0635bd8936e55ae2da1ca928597a05a |
C:\Program Files (x86)\Steam\steamapps\appmanifest_228980.acf
| MD5 | a02a531f6ad03e88f9d674637ab64498 |
| SHA1 | 41445099ce01ca3d6db4d2eec71a7cca213fcffc |
| SHA256 | 025ea855d1366de8ae13bceaee93e53f9387559c3fbdcdb98851dc6f9b6a2c4d |
| SHA512 | 8f3a1df09621fd2a0680ca63ab599016876d2d92ac00039fe6b3fdc5c4dad99f676b1b9d456d8a8c304e55624da8ea003592f7488e92eddb03367f1842345e03 |
C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat_Data\Plugins\x86_64\vrc_image_loader.dll
| MD5 | 7524985ccc6c7de978674b05d9551789 |
| SHA1 | 3b982197d74b1246830ff0fac4d3c2042a1dbfb0 |
| SHA256 | e4090904693a5fb9b03b0a7ae1f0334b7f6ebed603972b46e26a397eaabd525a |
| SHA512 | 917cfd969089a110671b30ac6c241ab4fadaa24693e3cc33f49c54d75798dc7c72686e4055e970dafbf02b68da48b861b732b3c8bd69c43aa237419f1e3e1559 |
C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat_Data\StreamingAssets\Avatars\avtr_4fc72a98-9f44-4354-bc9a-e2abf53d6661_v15_u2019.4.31f1.vrca
| MD5 | e08f79766b64e1a95a359a23c4a03960 |
| SHA1 | b367145d65c01c6b317821590257bae39f2bdb9a |
| SHA256 | cab76914ef43a3f17e2e9e0c89b487586987d76a36c23dd5a96450d834263ae9 |
| SHA512 | 0dd88d443d2f5991e3b936974f25f4334a3e79e3c18c8ed361b899ec9b4ec9a141c7ed12e3ca054f1f4ef126563e7fbc1b1ffd15b168f7b6a4c38773e16a284f |
C:\Program Files (x86)\Steam\steamapps\appmanifest_438100.acf
| MD5 | 08c270c1284d28428cdef8b4cf06cdcc |
| SHA1 | b8b47675de2e884c00f34c1ab7bc64f8c2d3a52a |
| SHA256 | 91cad3b90223e4ba1e9557d14e8fa2d76d388fbca4de5eec59db6825294c47be |
| SHA512 | e21db9ed1a801a7a678f67908f839e48e70d23f2343bcc9c4e7e5cc9d73bd68e689186d30241e738ddecf99fda576b5c97d0ab44c20b53c394017e2e65efd6ad |
C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat_Data\StreamingAssets\Avatars\avtr_da64d92d-03f2-4f3f-bdd5-f587752f4b82_v7_u2019.4.31f1.vrca
| MD5 | f2da8250c1cdd7f77f7fcc32005425b4 |
| SHA1 | cf1c33f9fdacd67412bdebef4cff7c70d40d1a6d |
| SHA256 | 368e9628e01570d169d9f08a4dacd07f8cb2162fa93e763c0a627fdfc833921b |
| SHA512 | eb6019da5fc448a3bd115ac533e02ae4168b66ebb7a58ead98cea732a9e1429fc010e391971005d5eb41318ea0d4c3209932ec7ef1fdcebbc5ea351be6befbd3 |
C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat_Data\StreamingAssets\Avatars\avtr_a0e9acc2-7ebb-4af2-a946-f7ab23b896fb_v12_u2019.4.31f1.vrca
| MD5 | 5393ee7f2f21c8095541cae061bef03c |
| SHA1 | fb1fa62a0cf0caab4add59348284278c03983470 |
| SHA256 | e36ad400e07ef2e7a1bfc1b0569ef6d4c458d1752419f8a775fed27cab504a92 |
| SHA512 | 38d6f6a4b05be6c9605318743efe2d05aa7a47a168cdd4ae2fdd842b0701f113d97377c6133ad339bd979b014353b9ff035ccb8e1935c125cbde78deefd0e402 |
C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat_Data\StreamingAssets\Avatars\avtr_7d735b2d-31d1-41aa-9d35-f9683bb0a8ce_v24_u2019.4.31f1.vrca
| MD5 | 37cc00f5b1530cca7e9b656c3810a0c6 |
| SHA1 | 0cf4001f063593020f6b5a2749faa27f134c7b96 |
| SHA256 | 010ab74e8bab09633bf8c30de34ef849d932429411c333b49a18af9515bead17 |
| SHA512 | 7ed3bbe383e1efb60fa385a0ddfecf4492a76738651c934844733971a60684f20069a808e9ebfb0730353c377ee1341160d8b2ed108945ba7a4b77f4ca2d2bcf |
C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat_Data\StreamingAssets\Avatars\avtr_6f1e8cc9-1c12-490f-8a18-55e6e57e5ad7_v48_u2019.4.31f1.vrca
| MD5 | 986fd673df73ae071beef9af50985251 |
| SHA1 | 14c9bc8d6817d1b1e752600e4558fba88fa25a75 |
| SHA256 | 05d74fd16e770835ac3eca2f5e4459595082e882029c6d5a728ba72592c2e817 |
| SHA512 | 9ea4ad7a413eedbf313b024117d37f7877e8aa8f0468de778061d1f4d357fc1b3441cb0f4f54030e4f51c45368c32fa043873a9d18c2df74490c3168cac10ee9 |
C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat_Data\StreamingAssets\Avatars\avtr_4309bcf2-71de-4412-b035-4d617bccdb87_v3_u2019.4.31f1.vrca
| MD5 | c1d3a770bbae1b3b7e13f13402864378 |
| SHA1 | 802361c10844b0eab3e3a52993f0c284e81d5549 |
| SHA256 | d40ae6b715b16f4e2153c4c3c84f4a8fbeafc559af65a465e165104f46654ce8 |
| SHA512 | 57e2ed0aece93c30cd0e7519b7395d8ffef32744811edc7d2dabc62e556186aea210a28fec96e609a6463196c1e7b2d4a1901db1ed340c11703587f67464aae0 |
C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat_Data\StreamingAssets\Avatars\avtr_36e884bd-bf32-46b2-8386-57144593cd7f_v38_u2019.4.31f1.vrca
| MD5 | 1e3f7d15a345e6ed9f798167949d0692 |
| SHA1 | cd94cdfce46e764e10051b046cd7a8d2fddb99c6 |
| SHA256 | 291587961b8541d9b38176a7edd3695308e3f777370b7cf5b5287990ab2c9da2 |
| SHA512 | 5d47f9611b248a0d7c64f5afd0dc14a3ef6893ce4cd84fd803adcf94eda366cb89b84a8917247244ad9e43df3d3de67cc4e2bf7b187b8770d2220e9b0868281d |
C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat_Data\sharedassets1.assets
| MD5 | cd4fd0a49e13e8850e79df99488742ab |
| SHA1 | 998e89ca12fe28892b769ac53ae9368cb5ac2b2a |
| SHA256 | 843a897c59ac5ddd7bf476050181c30e59964bcae65ed74a9ca3212b6f52e205 |
| SHA512 | 60c0731c8188c219c8eec1bb9f44e69b05ca55aaa8a0beb94688327e2401ef91b09310040c239563d57ad27cd41b11e793f3c918accd0f7d702a0ba9b30a1fea |
C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat_Data\Resources\unity default resources
| MD5 | 143dc232c9457e1bb787ca819754dd9b |
| SHA1 | 86c8eefd06d786c341d8f563c1b56899f09e7d93 |
| SHA256 | 447caf3737cc58e2cf965f9829ae1c00c2c88505c055df2e8be0d8ede76b4da9 |
| SHA512 | de3d8771a43b0a0f584cd6d769dc0fe73c7279e3d0f19fb6975ce5f75430ce7312bc9057f8f2aaf2647dd6b07440f3b97f789e0ee0a6a51f8f8b56f0f764b3bc |
C:\Program Files (x86)\Steam\steamapps\common\VRChat\installscript.vdf
| MD5 | 43897a65b07266bd8bedf9cf22307c20 |
| SHA1 | d36943953760bfacf4c2ef79152d4b8edee68a30 |
| SHA256 | e44e3780c5fc1af584e1d095e4515bc534a3048de43b825066fbdef0dd6436c1 |
| SHA512 | aaef57e00a2c087bbb72643d2e11aad753bdd7a03d3da1c3c18382a680d128a523f8de9500bd62d620c592345394280a44913f482bc8cb9315475b6b2317e6c8 |
C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe
| MD5 | c1069547608ebb2810cc3424f1b99f82 |
| SHA1 | a12fff007753bc1f86536322a5d1ee69d800980b |
| SHA256 | 33a0bdbbacf3aa78432c6fa91dfb85a55299e25702ef6ffc059e43acc2b2e9ab |
| SHA512 | 488b5b62d58e2b67c471d139f9154292af2de1f2d39640ea6130dc589f97b3d78f345fbfabd5a8b71f345394dac1bf949ea9e9d62c5fc9ef2fafd95bdb151a27 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000019
| MD5 | 6168553bef8c73ba623d6fe16b25e3e9 |
| SHA1 | 4a31273b6f37f1f39b855edd0b764ec1b7b051e0 |
| SHA256 | d5692b785e18340807d75f1a969595bc8b1c408fb6fd63947775705e6d6baa66 |
| SHA512 | 0246cee85a88068ca348694d38e63d46c753b03afadf8be76eca18d21e3de77b495215ed2384d62658a391104f9e00df8605edb77339366df332c75691928efb |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000035
| MD5 | 2d64caa5ecbf5e42cbb766ca4d85e90e |
| SHA1 | 147420abceb4a7fd7e486dddcfe68cda7ebb3a18 |
| SHA256 | 045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f |
| SHA512 | c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | 434ef12b68eee07445a3a51a2d014488 |
| SHA1 | 24e9bd4425aaaa87a382b488dd36b5594acdebd1 |
| SHA256 | 30eb3b32668424e7e326f61c7fa216ce79eebb007abe7432f0f672eb8b67dbf1 |
| SHA512 | a2399f7739585be08c044f84782882888b992b506366ffe1d08cdd89fdc6db3c14c29e54e44dd77936448cc7996862cb60409a36b8f9481273b0f591808107ca |
C:\Program Files (x86)\Steam\userdata\1839625405\config\librarycache\438100.json
| MD5 | 14ea3871b3de5f8bac35265b79c4a7aa |
| SHA1 | 70754d3bea928cf3a3da5efd691905b210ce6b1d |
| SHA256 | 736475951eb3776b0b3582e5c9557aaf45004658c39a19173c86875324b2e9f6 |
| SHA512 | cd7fb4e4a5b6090723130b49b369d4ed67b8eeaa7ed33860a6ee49b1a2ff263183463533ba2aa5f784269090dbc92700b824516831dbb852e91ac57f8231da6d |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_0000ac
| MD5 | 745e2de9cdeacd04baab2f32ce734afa |
| SHA1 | c82ce4264d89daccfd8d0b336d0c3582cfbdd872 |
| SHA256 | 930141ac792b32840b235687955bc1deb386fff47146a7a4533afb7f4c1cb383 |
| SHA512 | 5edf52cb346f22e3a5a30560e85b4b129956ff658ee9235d408a57c08abc2cae6f7bc34c5454ec4bd4120b8cdc3461dc01c1b3160038d3f3221ffeb01c11f7ef |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_0000ab
| MD5 | 24d7666db8ce0bd3037911b1d1f25fcb |
| SHA1 | e691d836ddbe2919213ef12aca2e6bfed6fb5f71 |
| SHA256 | a4e5027acdd5e17f6de6cadc0e6310253d8c42f0a0bc9f40a0be57b2c333c303 |
| SHA512 | 249a1a5776b2ff8f74d2fa9e3f7e0161964ff3b076c010a3928e97de5bcdd859770119e2af3b3f567c8689ede037ee072be3630079c0fd1d3c8ac55e1b3e5ada |
memory/7604-18668-0x00007FFCC0830000-0x00007FFCC08C7000-memory.dmp
memory/7604-18671-0x00007FFCB4130000-0x00007FFCB45E5000-memory.dmp
memory/7604-18670-0x00007FFCC7050000-0x00007FFCC706D000-memory.dmp
memory/7604-18669-0x00007FFCC16B0000-0x00007FFCC16F6000-memory.dmp
memory/7604-18667-0x00007FFCCB0A0000-0x00007FFCCB0E0000-memory.dmp
memory/7604-18666-0x00007FFCCEFE0000-0x00007FFCCF001000-memory.dmp
memory/7604-18681-0x00007FFCCEFE0000-0x00007FFCCF001000-memory.dmp
memory/7604-18684-0x00007FFCCB0A0000-0x00007FFCCB0E0000-memory.dmp
memory/7604-18683-0x00007FFCC16B0000-0x00007FFCC16F6000-memory.dmp
memory/7604-18682-0x00007FFCB4130000-0x00007FFCB45E5000-memory.dmp
memory/7604-18685-0x00007FFCC0830000-0x00007FFCC08C7000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | 2f36e771bdade49c4040b2e37fbfbdd2 |
| SHA1 | cad4bb71b410efd3e5905133f4a254176540feee |
| SHA256 | e02f9c8ca54342c6ab1e64b4a85aac111f51e568ce7d4aa2dc1282bc21fe6b58 |
| SHA512 | f0072f345616836f4e0a2ec3fe6fd925da7b16d0abdb01ea190ffe1458570503a4fa92ffb1ab1647c449ddcc1687c205e5019def0f73e76bc6dcc9389ebd4b19 |
memory/6740-18703-0x0000000000F70000-0x0000000001050000-memory.dmp
memory/6740-18704-0x0000000005A00000-0x0000000005AA0000-memory.dmp
memory/6740-18706-0x0000000003420000-0x000000000342A000-memory.dmp
memory/6740-18705-0x0000000003410000-0x000000000341A000-memory.dmp
memory/6740-18707-0x0000000005B40000-0x0000000005BD2000-memory.dmp
memory/6740-18708-0x0000000005950000-0x0000000005958000-memory.dmp
memory/6740-18709-0x0000000005AA0000-0x0000000005AC6000-memory.dmp
memory/6740-18711-0x0000000005AD0000-0x0000000005AEE000-memory.dmp
memory/6740-18710-0x0000000005970000-0x0000000005978000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\temp-index
| MD5 | 1831bb26bf0dd2e0521d5d5deca7d4d7 |
| SHA1 | b6b1d2e2ace302e249efe5a2d9db586509a231e6 |
| SHA256 | 6a119f92d6897aa07ef50201fc661ca08477cf6fd1f2ce4f499f8c2a1e823615 |
| SHA512 | eb178bc58cd06afd3ce0f646e84c2353e0c35d9ce69f8c41fc7619965822e56f9438a1d143afaef1529c37100b445af099576bb32f919349df1bb1d2acbbe43c |
C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2010\vcredist_x86.exe
| MD5 | 1801436936e64598bab5b87b37dc7f87 |
| SHA1 | 28c54491be70c38c97849c3d8cfbfdd0d3c515cb |
| SHA256 | 67313b3d1bc86e83091e8de22981f14968f1a7fb12eb7ad467754c40cd94cc3d |
| SHA512 | 0b8f20b0f171f49eb49367f1aafa7101e1575ef055d7007197c21ab8fe8d75a966569444449858c31bd147357d2bf5a5bd623fe6c4dbabdc7d16999b3256ab8c |
C:\Users\Admin\AppData\Local\Temp\HFIC816.tmp.html
| MD5 | cc34ac05439713cbf8c5286b935460d1 |
| SHA1 | 53ee6ddb4023b1baa11c41b9a6a0157dff9b5094 |
| SHA256 | 6368baed9aa1dbb2b3939925c9e7e68c200132f8da5863f8a206fc84ab336a10 |
| SHA512 | a7d692cc81d5e60610de8261d7a3c41b80f218418249fb9025c3e019f32d9eb97262c7f4df1bd4580cb32f6eca3c904e36d2aabf8b892587aba59148dc8ce92a |
C:\Config.Msi\e5dce32.rbs
| MD5 | 6469d117485f808a46aafa8d1ad372be |
| SHA1 | c235252fa5fb924f77cc2b276a773cbe51436f65 |
| SHA256 | 1c4611247dee7f857148935a94be30dbce511981cb8f85eec521f3d301052cc0 |
| SHA512 | 203d008fb05b8fb461face0152e5b57d0843681b74c547f8db6f2f72e7eb2b078f0099a84c72347e574dd9703393c44448168d5337533d1727ab44e6d91100ab |
C:\Config.Msi\e5dce36.rbs
| MD5 | 218b233548b4f9e952e429c450e564d0 |
| SHA1 | 5b015f62835fd780c5dcbec3cd03930bf6cdecd9 |
| SHA256 | 0289e9b862ffcf91e8981417877b7b090f37c3c2acdd0835d1798aefac99e0af |
| SHA512 | b5f61fc4252dc10b4d43e35aa004f216278ab9029bea12d5d20442a6b0956476a3b016abe7a93c031ef671c33321784f992cc374d6e36e5102ca3040320f5259 |
C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2010\vcredist_x64.exe
| MD5 | c9d9eebccef20d637f193490cec05e79 |
| SHA1 | 15d032d669078aa6f0f7fd1cbf4115a070bd034d |
| SHA256 | cc7ec044218c72a9a15fca2363baed8fc51095ee3b2a7593476771f9eba3d223 |
| SHA512 | 24b56b5d9b48d75baf53a98e007ace3e7d68fbd5fa55b75ae1a2c08dd466d20b13041f80e84fdb64b825f070843f9247daba681eff16baf99a4b14ea99f5cfd6 |
C:\Config.Msi\e5dce39.rbs
| MD5 | 484c17c89d9e16f629bcba11c8ba5c24 |
| SHA1 | 8805dd37452ec05e73cdf5221c890c774bc61010 |
| SHA256 | 3185451212ab9f02db4e940e4e098ad7ecd3dfcbbf2d0da1a9f1ced977170b07 |
| SHA512 | de0f5b61b5f1f188073a1b4794c42804e0497babd8227cc006312a374142e34f0e2898ab2b6dc1723d4075f6a7a4a724a37749ab7299391d507e2d007014d3e0 |
C:\Config.Msi\e5dce3d.rbs
| MD5 | 54beaf966b28e6eb73bf8f305e38cd6f |
| SHA1 | 0843f254ced39fe56171bea05ef3b465f935b0de |
| SHA256 | 0076c6085d287142fee2559b9a78d009f9baaaa9bf8984186b0a0ed775310c83 |
| SHA512 | a2475ed830a14a84d02f46ad5fd45b7929e744ac16e9f92b355702b8a6e8c5ee5da38b73e1035b5c98fb8f17c65821682ace16783a48f071c2b4a2cb822bf2fa |
C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\Microsoft Visual C++ 2019 x86.cmd
| MD5 | a8d147a22093c77cdf20d663748877c6 |
| SHA1 | 7fe518339330ec20fc78352beb841e7a7b070b87 |
| SHA256 | 8098ebcc001ca152aec47352e9b7d8f086512519cc430a8ec9c82f67fa9c29a5 |
| SHA512 | 642676197b92ea837d475ccf2754217d1ed0bba7985cbd72202eb9b27541b08093c37dd3217b8946182bfd6b8a7f4f54357f294fc32d1449279390aa65a169d2 |
C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x86.exe
| MD5 | fedc87470a950d6c723e6538c5f27817 |
| SHA1 | 17674fcc6cf3a2ffdc391bdcde082aa936e37a89 |
| SHA256 | 5c7dfa4fd52809813cf9350c4e5807434d78a0bb1fd0d61c85e02b41646a5780 |
| SHA512 | 17d286311f8aee8866fb7dfbb12fc28fe98e57a460c086fd30bce421c1cd8c0549d92ba5a90c4557eb263ad29a0655da9022603979079022a414c0c5805cf9a1 |
C:\Windows\Temp\{ADCCE9C3-DBF0-48F7-B158-D5E29C3243E5}\.ba\logo.png
| MD5 | d6bd210f227442b3362493d046cea233 |
| SHA1 | ff286ac8370fc655aea0ef35e9cf0bfcb6d698de |
| SHA256 | 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef |
| SHA512 | 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b |
C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\Microsoft Visual C++ 2019 x64.cmd
| MD5 | 1c39b0799c57e7d2e97ba432faefc85f |
| SHA1 | 8b5029489d50b8b93ef9864dd056bd035d98d591 |
| SHA256 | c39c8d1d2065c790e39ec9dbd242d64340774e12db6ef90dbe2933106b46864a |
| SHA512 | ddfe19d501bdc713d85dc1ba96bfb2a14ea01661b5115e1374fc80c83d5d6ab6fffb2375ca5e0121725a3f6d853fe7ba72cf6791cdab699a3171bdd288d05948 |
C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x64.exe
| MD5 | ba584d9886d6eaee8daa852a0605dd00 |
| SHA1 | 1effe7db3f42d670a1352c5c9b451c4db3e57ab5 |
| SHA256 | c2d74d9b85d0030eaa134679a2392268baa773185c5a21657390e43f8b518f69 |
| SHA512 | 3076aa5583c2ee719f9755fb6aefc1f01f37a33491a7d336c39f9ad303e671574498a0dc16b64e3744098c86ac43ccb916557a4866caf1a5f4b1f5ec68446d47 |
C:\Windows\Temp\{E4FA0F66-5314-4600-9DFD-5B8A91945553}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
C:\Program Files (x86)\Steam\userdata\1839625405\config\librarycache\438100.json
| MD5 | 6598db6351fb5f00f91082a3171f8779 |
| SHA1 | 47d7b6e6fdaab2ce89542e19269ad8501b6ba55b |
| SHA256 | 4efc159ccef7773530dc27711d40c91582a74461b5f1b522e31c52bbb5c34098 |
| SHA512 | 401d78650ef23b714822d6776676be1133f8e82c6e12857b6d3a4a527ebcddc6f25d00f5cf6c01a2f0f5c88ee41e57c8df9c4775ff23bf911b4930787c34b04a |
memory/3112-19226-0x000001C3E0B20000-0x000001C3E0BB4000-memory.dmp
C:\Program Files (x86)\Steam\steamapps\common\VRChat\EasyAntiCheat\EasyAntiCheat_EOS_Setup.exe
| MD5 | 98bfc93faf00b1cb0dec008988d89b25 |
| SHA1 | 656de3845bd34bb1e7928e936415c5b9b3d854a5 |
| SHA256 | 94567bf0dfcf48bfd6a2fa073e854ff6c8fb38ea114d5913dbe2c1d2554bcaae |
| SHA512 | 1be9c7d533ad4a8f0bcefa69aef9505fbf8adb24bcd7a985b0ebac2b5f8d6b8112207b9192ea6082746f257539dce837fa7556044e98477f476a598e9e8a610b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | 9836179a1fd2b9bd58c08cac03844035 |
| SHA1 | 4ccb6f8bdc8df4d45144ba63e8bcfa9bcaadfc20 |
| SHA256 | ba6e11ba5b47526fcaae6dbcecd933d0b7346b7553edca6cf707faddda72437e |
| SHA512 | 72b79d2b7c1fa2df9ba8dd371cbb7d5be20db905be135d8aefc237a2a061aa1f35f529b035266345cc4e2bb2e43647244c5b3b9c9060a15dca18ac8d4574b713 |
C:\Program Files (x86)\Steam\steamapps\common\VRChat\start_protected_game.exe
| MD5 | d1e1a1feb8171aca968bb6ea84403281 |
| SHA1 | 95636ea7514e347114a4fa2e5d9a0a3af404da4b |
| SHA256 | 41505e16657a08b14450f3002fdcf9cd67f5ffcb08daa760cac5a9010ea57933 |
| SHA512 | 2d923c38c6f88869530e32bd611981b44142893f03381c7a9ab6ce34e6017856894882fbb8da42de01bdd5c96daa282241e163b7aee048c4d20d90c1368b15c7 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | 51d03b8186081b7bab0d3c7127df2441 |
| SHA1 | a50eb14951599a8f6d7744661c7ea82faa423d6f |
| SHA256 | 620c8adda4a6518959716061789ab7d8ae9dd769461d6af0d6a0e9e03c17eb6b |
| SHA512 | 6d2cf2bfde234274b9a80ba6e68cffab703a4cedef81ed40405a3f3820aff4125efcf5b001f1e65f26e907312c05ba239f4ff71a332e702004a24c0838927ac3 |
C:\Users\Admin\AppData\Roaming\EasyAntiCheat\badb4a68-68dc-5407-c59b-c03692712a8a
| MD5 | bed53153944fbb6981f63f3d2fef7168 |
| SHA1 | f476bf4dd0c6c9f61681d9bb2f26d3f2d4419d5f |
| SHA256 | 95a628655fefa1c2c3a9e24305a33f179db0891bb807332cb48e4e3c1550aeb0 |
| SHA512 | 273fdc55fb4fc5ec14d70922213aaa096f9c39e6c8d7633122a6a476c8e4fa3b5a60d021f2be45b91e570d9917090b9347ba0ee8712ea75258700f70f71adee9 |
C:\Program Files (x86)\Steam\steamapps\appmanifest_438100.acf
| MD5 | bca7df152c2e138c55301de01191d4df |
| SHA1 | 17c5e3a17ff89e2d61ea5520e6ba6905c32b5781 |
| SHA256 | 3714e586a1cfac7429893baa7f9c2310224d697c5ba2f7fc41744348fcb72252 |
| SHA512 | 492b0cbd7bfda75656a17ec11a47a429d46d755a571dfcc764de36f2ab079b895a28c937f4ae1cce91d2c5eb27916f3007b478badcaf9df1371a5fe96b5d4660 |
C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.sys
| MD5 | e736ab47b62aeafb5413140766419b85 |
| SHA1 | 4d33664ba441c11bf24c095209748a08a2882579 |
| SHA256 | 77120a24813ba880db7dafa8273286080e85fe023332fe3bdcdf0e6ee333e87a |
| SHA512 | d246e9442911f264e68eb0b3743d560b9bcf55007748abed0902446710160948f297503a38e90fda6bc9268ef5b9723412cdb3bd2430ecab6b6f7cf340758f59 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State
| MD5 | 78bce958237965a12097a589e963676c |
| SHA1 | ee3a012a32ce92a7ae8cc191396c858bee05e2b7 |
| SHA256 | 17dac53303802f3fde251567f6e8d97324eea21130125351aad8a76af071f3ef |
| SHA512 | 69ffa78954f7044b37eb2f7043768adc7469b52f50f16c0c7a5f5e84152d42d54e3c0946e84b5bf24ce53e913eac9f9a3d4c99fe8ae6b25091faf3c763f8c45f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | f077b3d1f538ccff9393923c3d2c82d5 |
| SHA1 | ebf221b5b257d546e91edc4d8bceb14460b4cafc |
| SHA256 | c1c12729e9d9c780670fdef7bc2dcf9b954d5006e4d93924e9a9ef64706a593d |
| SHA512 | 4813729b64c966456298504e7078d76f04f6242ded99db309d3e9e6c1b2ae3c065905081c60e091260e9a6e883bee7888faf056b97e87be45d875bff70c8922e |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | 085ff40b507a172534fb2398058cf7e1 |
| SHA1 | 20cc4277732ccba26fbffc8d2186f537a44ce097 |
| SHA256 | a8eaf6bd3c0978307bd019c3c81f78155d423470d675e6d89def230879284a0c |
| SHA512 | 86717b9734a1581c00d88d4969ad29de79b5aabdd63cf3410a0eb4d5900470fcb77e3d26dbf4df83cd36444500b97c8655a47d3189fad82fbe48861bd44121a7 |
C:\Program Files (x86)\Steam\steamapps\appmanifest_438100.acf
| MD5 | 5286c6e4561eb2eb992b1086f84ed34d |
| SHA1 | 68fe504d8fe42e00b88bd91349ef947b591ca5fd |
| SHA256 | e8d6c404a236b6cc5e968d8d80391e7ce54f6f52971d95d2a69dd8bd270ac60d |
| SHA512 | 007e719958d9d7d6961a2a92742c58edb6441e0bcc8c26dc9639094a97a47a1dd1ae77cf2113aebddd808fe4fcf72bce1df6dbd9ade632da2e23780fc0a18b0c |
C:\Program Files (x86)\Steam\userdata\1839625405\gamerecordings\gamerecording.pb~RFe5e3c3c.TMP
| MD5 | 6fa3e921c5f6dd717d95a6821a9579e8 |
| SHA1 | 83fe21c546b9a1c542a30faea1b4918f2c0db9db |
| SHA256 | d771d57e86bf8c5b319aceb87ec8610412e154b5139ec0aa9b3e1902473f32ae |
| SHA512 | 53920b19f730268e942478634cdb98f5c2efc74571452c218f0b5ed7005062827d2a704d8059601483f3305b6b39c3300833559b7b1d14e3bd149fda5abe53af |
C:\Program Files (x86)\Steam\steamapps\common\VRChat\UnityCrashHandler64.exe
| MD5 | e20ed2e42b6867b20b8f76765ee99dea |
| SHA1 | 67aae8cb3ad36d1fd9f8713d4b0dd76f7e0d314c |
| SHA256 | 17ec01fe2cf53361374942eb2c2a2798c7812fe1ffe864fbbd263152d2858d83 |
| SHA512 | 00a0514afc5fe9f760e871e7b63c8c0851c22a646c1b98953ff2fa53f3aa6ae4a646c2d2ee55a674f39ac7316a19b637f4e441c0936b816f5143aaec1b040afd |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | 062750c9b67fd910e0c41191ef9eb29b |
| SHA1 | a495b9b849df10097d9c8ccc2cf4c952cbc60c44 |
| SHA256 | 728b7d93ced7a39e73afc434c4af449d2318a6ed2634cce2835ed7f9a31991fd |
| SHA512 | eeb18df33b092be9fcffbcafdff09f250898b8f96fa03965042612f0e7a488e9293964ec45a1b4eccd1fbe7f2e5dedbe178333743fac0518e1e2e9da075b8270 |
C:\Users\Admin\Videos\Captures\desktop.ini
| MD5 | b0d27eaec71f1cd73b015f5ceeb15f9d |
| SHA1 | 62264f8b5c2f5034a1e4143df6e8c787165fbc2f |
| SHA256 | 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2 |
| SHA512 | 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | a7b50c8dd4087936a0de75808b1a746c |
| SHA1 | 1faa95d3af63606cfcd6377cc3fdc368a0b9c673 |
| SHA256 | 394b24e8a4f21b831e1d5f3bd7531c86f37439902f51de5af4b5a7fddb79695b |
| SHA512 | b25f71edc3cc3706f337f3022ddfb4218ce7bbfb77a1db370365c49a377052eb5a2f0d8678d76427cd131ce2c152d98db67d0eb9f3ffbb8ee650c2d1c89c57d2 |
C:\Users\Admin\AppData\LocalLow\VRChat\VRChat\Unity\99b1a9cd-c61e-438a-8e39-fbd94680de47\Analytics\ArchivedEvents\173090964600002.dfbae3d5\e
| MD5 | 98ee149af6e6076454c03e9e4a5914eb |
| SHA1 | aaeb83acbf144ae4ebeea5f346d9f7613862d466 |
| SHA256 | 0a4ba7e8d2d879ffa690fabbca08a956c4d5ea1ace65ccf880dbd81bc503ccd1 |
| SHA512 | fc10f6c7d015d576db36756558c485999968f67222b38c8f64508706240e5037e56d1a3ad50d8e1c15f7ec66df667adde73865957fccda17589d468d4f5ca7be |
C:\Users\Admin\AppData\LocalLow\VRChat\VRChat\Unity\99b1a9cd-c61e-438a-8e39-fbd94680de47\Analytics\ArchivedEvents\173090964600002.dfbae3d5\g
| MD5 | c81e728d9d4c2f636f067f89cc14862c |
| SHA1 | da4b9237bacccdf19c0760cab7aec4a8359010b0 |
| SHA256 | d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35 |
| SHA512 | 40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114 |
C:\Users\Admin\AppData\LocalLow\VRChat\VRChat\Unity\99b1a9cd-c61e-438a-8e39-fbd94680de47\Analytics\ArchivedEvents\173090964600002.dfbae3d5\s
| MD5 | 82e1bd1d735743c2d1639da8877ea83f |
| SHA1 | 8b570c0424667918217a0422c49b26fc25eb8ec9 |
| SHA256 | 121788048dfbae9fe5f0b057beab4db8d669ad7cbe97552fb22461129bac758a |
| SHA512 | a42f0e2bb747e598d8af10f1dbd3a7bc4ade4c1e57a7f613dcac75fa802cf6897e91f9f84b5a757de6e4ebecc2c652cb52344b25efd0f3f96c8d00e39395e9b0 |
C:\Program Files (x86)\Steam\steamapps\appmanifest_438100.acf
| MD5 | 4fbf49b7c86462bb539686f5c050a1c2 |
| SHA1 | b2b3cd493374405a1b47f1add58d5e128c3126a6 |
| SHA256 | 69b823e9031707870586c6d221c93061ed0bb3f20f4e12566c8900343658caf5 |
| SHA512 | 9cbe0ae6a97e0f0902f7f78fc3eed3f4c07f850cd9c44b6381f3f9c010942aad04581cbf0a8fa4f2febad1e243a6ade433fbb6986c30adba0433c1e51f3a4287 |
C:\Program Files (x86)\Steam\userdata\1839625405\gamerecordings\gamerecording.pb
| MD5 | 719d24f504a04a72298f532748b78fec |
| SHA1 | fc8d3b0437aa3c09a9ce7461f4739f2382b4a0ca |
| SHA256 | ce1a73472a1d98e6ebc02b21a85437e0dfdab4446c3dc19edd74cdaa53af99b3 |
| SHA512 | 4bbe25a5b2b06c4381dbf5cbed80d6c4d4b86c582394716cc6c854173576894291f8a6201b607fbc2035521008cf34adebd746039e33026567390791d1473c99 |
C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached_timestamp.txt
| MD5 | e617004f34dfe694177ccb76cec8c10a |
| SHA1 | 786dee7c50ce1c59b3c74bc8510a39655dba0e87 |
| SHA256 | 4758e043cb2eca019992ae414ad17c4b0c4f5ec38c905d89ff8d1c5994e73b99 |
| SHA512 | 69ce1d132005c520a469d8afa06c6354083e2bdbc04e67cb7cb915c28f6638faa315cabe5c6c4d94b87d4df3dfc0824525515212a7ec6ebc498c68b94e3127f3 |
C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached.txt
| MD5 | 0b8f38d6f219adb6af9a46e34c8b55c5 |
| SHA1 | abfb7eea3e2073ef536ef4c020b79dce54028174 |
| SHA256 | c6cced2a542c64817209699a48ba5c17f32ad47a5bb799d395d707f665378de8 |
| SHA512 | 4a4dcd5efb3433f23848b7bcc18a430f05107985e48f280874f0058eac863b3ddac9f849ab55271f619c026a6282387f553f1ec25e16eba7cb68c850f314beea |
C:\Program Files (x86)\Steam\resource\filter_banned_english_cached.txt
| MD5 | 009ca439b8e68dbdb83850d51b07c736 |
| SHA1 | b8dd1986d15aef3dcba09c954577c780b549c582 |
| SHA256 | 4bfbbfd0114ee78d7795835c64aae6dc6b525547748c5dd1150d7d1ff8757c43 |
| SHA512 | 25e90b8b737b30879ec9073457cc7b30bdc46ed71b8885ce14f9c1946476d65c6bbdd0ddc19bb09c406cd9439837aec5c8ad007dbb5a4378842e1634429b093e |
C:\Program Files (x86)\Steam\resource\filter_banned_english_cached_timestamp.txt
| MD5 | 34dac22390cd9409c94ffb781bd147a2 |
| SHA1 | ed38e8cca3e779851c23e4c9c25c7e9faceb5a9b |
| SHA256 | 98a132958ba80fe8d1dadb076b5ed96e86d69b17d2676e0943d6160a5c5696ce |
| SHA512 | 1242dff7e37917613cae2debf1ce3f0e7defff5f9b268a2bb74e46b9c9e5280db569f01592d57ffe070efd56a2abd5a607175667a8ecb9591f979a901f5c7306 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\GrShaderCache\f_000025
| MD5 | 33a4d1f549eb8b8bf581f05c35768e10 |
| SHA1 | 5e4478f1c14913a95e53401505a3c44daaa9ff25 |
| SHA256 | 42ff2d9fd82409f19c07c976a28dd52730f348a6506daeb2265dbb9b8c0ae616 |
| SHA512 | 89cc12d7a4a70c91f4ffd7e086de49f478503689f88849483156ec3831ea43f947c1609c76e898d391c5b2b79108f884fe86fe9a66e64c8fbc8a505531858051 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | 9c74fed4ffb5d178a774e66214346b86 |
| SHA1 | d64e80f25dff4361c12469f50bfd20b71147fe97 |
| SHA256 | 0bb4f4ad57f506c042ea37ac20ed2244ae1bc66d956cf99f01be37e232962278 |
| SHA512 | 11b48b39a81fe6f841b16192825f753a2d59728e2e462d50ca5d7c2b78693aaa90e4fff3c8ea7a14da24ae7bdddc3d16043ac81fca4c4e1a7a928cd2616a195d |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
| MD5 | 9366345605af97455231de3f1c92c797 |
| SHA1 | a254a0c7cc2565a3b175a116e4e7087a44986a83 |
| SHA256 | a0a79cd591a55d4eeea0615390461f6574590fd2139367447d9ed17b6a7ba4db |
| SHA512 | fe6136bc6d8d893448aca8d5f71ae58d699cf589df3f7b76c8f430252ee1b4b3b25105a20a2f8d3025852df32a98c8b67e5a540d36caf635e145e7451f7f2645 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State
| MD5 | 12a04840aadb7c43299512fa4a0662d6 |
| SHA1 | 1619fc11c410c00f4ef0b4a519eb09ea096d5492 |
| SHA256 | 538b4f74a5530778dd1c9c9da611e9e1afd3bed09376e870a454868251809df7 |
| SHA512 | 67b141db0026639d317cf059d2e03fcbefcb16afd5ca095186fac95373fd5ca638180974be76b24e7530952b634c0e20d91e6709fee808aef2b2138c2933dadf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 61cef8e38cd95bf003f5fdd1dc37dae1 |
| SHA1 | 11f2f79ecb349344c143eea9a0fed41891a3467f |
| SHA256 | ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e |
| SHA512 | 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\efa5a131-44b4-4a1f-9e9a-24ac8e4cd93f.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 59f5ad9f2826e12f0ad8fccf984bd2e4 |
| SHA1 | 9fe0d235e219feb7ca9a439da003a2b7e9d7a2d0 |
| SHA256 | 5812a37af572805dc5825446c3901c2f835db4393910f374a8b76308c757e08e |
| SHA512 | 5650f4ee5559882e50e5d623c5bb1ec70c0de917580ee79d578cc1737fd3e258b6825ed25765991cc1cdf3432e98cae4bd956fdec1ad064176637111ddfd4883 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | 242cd90082ce1b81c074ec7ed168380b |
| SHA1 | 51e07320b7a38c1b375402dc370cc97021b866e3 |
| SHA256 | 174688c10b45fc5dd85cd4ff4bd23d0182754ecae8477036959ac8e9c0a2609e |
| SHA512 | 6d15ece76e077802d7c81169a4e34f448ce1da28bdcfded4c1edd8b38ad19937a7d38354dc4c1d10d5d301227fa670344e2454037ed432a12163b8c732fa6c0d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | 90fa1f873d7e7f23687d96a61337f14f |
| SHA1 | 0af93fe888786d16b039dad6c80092f19e17286a |
| SHA256 | fccdf84b75870b633d0e48e3fe1e45a9ddd32b0599a84e6dcff42cca4d9cab89 |
| SHA512 | df5f66f2a958e6266b8797f9f1d579ec5b31b1578506fa8035e65bfc7cbc2f0fcfb9bf38650e86397f2612da5ff3a243d84c212b289ad52718d29e8e88dbac5f |
C:\Program Files (x86)\Steam\steamapps\appmanifest_438100.acf
| MD5 | 90209e06a497cba0db4d878cb6809513 |
| SHA1 | 3c62d62576b06be5a5efcb79b5e212dc18d54b8a |
| SHA256 | a82c2202314d7c7be2ddb98fc29a76bbd2a8e8c6f82cb9e748d63c201ac57442 |
| SHA512 | 8d27ea2f66abce00733e757fdf9d784fe21f7b1abda0ad47bd04c3d88f779df4c4c54176cee6f01ca874d7c1a516057fe6f94ccbcc886ac232a266390448e02d |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State
| MD5 | d1ecc82aeca2dfa03ff5d61052c68fa8 |
| SHA1 | ca5253ad69173dd63c25e4daf4ac3a3d9f3c901b |
| SHA256 | ba174893120d065ce1886de498173e106d14982d14fa7c62d966e651d6055ecc |
| SHA512 | 16d3d4653622a9799c21175609d665535c3ef18389947798450c5a6d40e3201ea442a40ff90bc4a70d356c4c66fa14eb7aec80046f58a98d015fd81e8dff4ff5 |
memory/5408-20020-0x00007FFCCB090000-0x00007FFCCB0AD000-memory.dmp
memory/5408-20019-0x00007FFCC0830000-0x00007FFCC08C7000-memory.dmp
memory/5408-20023-0x00007FFCC16B0000-0x00007FFCC16F6000-memory.dmp
memory/5408-20022-0x00007FFCC1780000-0x00007FFCC17C0000-memory.dmp
memory/5408-20021-0x00007FFCB4150000-0x00007FFCB4605000-memory.dmp
memory/5408-20018-0x00007FFCCB0B0000-0x00007FFCCB0D1000-memory.dmp
memory/5408-20032-0x00007FFCCB090000-0x00007FFCCB0AD000-memory.dmp
memory/5408-20034-0x00007FFCC0830000-0x00007FFCC08C7000-memory.dmp
memory/5408-20031-0x00007FFCCB0B0000-0x00007FFCCB0D1000-memory.dmp
memory/5408-20030-0x00007FFCC16B0000-0x00007FFCC16F6000-memory.dmp
memory/5408-20033-0x00007FFCB4150000-0x00007FFCB4605000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | a87e584d5bd976bc31c73eecc482df57 |
| SHA1 | 33ba4fd3825c31e01726d94b437b8a11d12223c3 |
| SHA256 | 14a8e404c34ec048fa117318acb73ac63de05b8439956aea7622346897adcff6 |
| SHA512 | 48becc84d5bde6aac6df1535858f1ef87ae0b453cdf01b9720ac55f20f4fd9d0080fd680d4e5c4b0d6fb63705d66604368bd949b571a99386f3fd5186f1b4e7d |
C:\Program Files (x86)\Steam\userdata\1839625405\config\localconfig.vdf
| MD5 | 2e6fa158b928521e5a29c0087ff09009 |
| SHA1 | 5019724efabca13fbd3fa09727485fac24e31e46 |
| SHA256 | 73e2e1ef7d906f21c18ea11d5576361d5ffd18c36ecb50c9523adfacf6bc4a37 |
| SHA512 | 03873d3ae17f5cba803633ddd56f3559da1d5547600d61933795ab2352815a2f4155c3abd43d72fe9ec5af50d28d82686782c88701f0ea539d1c2e8cfc5d27c3 |
C:\Program Files (x86)\Steam\appcache\appinfo.vdf
| MD5 | 1c8b6ce48763f604f3b911859979e7ac |
| SHA1 | 6c0ca8a60d60e6133b129ee52a7069088e069f99 |
| SHA256 | d939aaf4f0123cb1a03852286d7a587f5631b0a20a83377df8b60caa1a2b7194 |
| SHA512 | 017488a6b5f5542ea27d830c3597b083409c41a59094d3af4e37138db0b2f66f7300fddacfb46b010d5010607fb5771e9ea4e149275c451dafb312313f061bfc |
C:\Program Files (x86)\Steam\userdata\1839625405\config\localconfig.vdf
| MD5 | bb2e6313d74fa6d0288238d4166c133f |
| SHA1 | 4c76c0593450a8260e2cba33870a68c2fb1029de |
| SHA256 | 593bbc0822260ed4b1ac98ae4ac059f4c46ccef0057ba50f7dbc7a6f7cd2e442 |
| SHA512 | 0e831c5ebc546e1df80ec90eec19cf0ffd64754a8c9f2d3f387182f2bbd2af8fb893dd3817e3479a7f5a17714df9c04c682d15bf2a615a3d09c3c2c780035d31 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-06 16:06
Reported
2024-11-06 16:07
Platform
win10v2004-20241007-en
Max time kernel
31s
Max time network
33s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2252 wrote to memory of 5064 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2252 wrote to memory of 5064 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2252 wrote to memory of 5064 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5064 -ip 5064
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 620
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-11-06 16:06
Reported
2024-11-06 16:07
Platform
win10v2004-20241007-en
Max time kernel
33s
Max time network
35s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4180 wrote to memory of 4412 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4180 wrote to memory of 4412 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4180 wrote to memory of 4412 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsProcess.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsProcess.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4412 -ip 4412
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 600
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.209.201.84.in-addr.arpa | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-11-06 16:06
Reported
2024-11-06 16:06
Platform
win10v2004-20241007-en
Max time kernel
11s
Max time network
12s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3816 wrote to memory of 2668 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3816 wrote to memory of 2668 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3816 wrote to memory of 2668 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\LangDLL.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\LangDLL.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2668 -ip 2668
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 600
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |