Malware Analysis Report

2025-01-18 23:57

Sample ID 241111-qhw21syncy
Target fafd551638daa4ab17ebdc71f2bffd8599332b1f1e95409af51870502cd65e38.zip
SHA256 d3bcd07cac842a5f7a0c99f07454dea366024baf3cd85fba3c12830a2c580f0a
Tags
steam defense_evasion discovery evasion persistence phishing spyware stealer
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

d3bcd07cac842a5f7a0c99f07454dea366024baf3cd85fba3c12830a2c580f0a

Threat Level: Likely malicious

The file fafd551638daa4ab17ebdc71f2bffd8599332b1f1e95409af51870502cd65e38.zip was found to be: Likely malicious.

Malicious Activity Summary

steam defense_evasion discovery evasion persistence phishing spyware stealer

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Reads local data of messenger clients

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

Identifies Wine through registry keys

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

Loads dropped DLL

Checks BIOS information in registry

A potential corporate email address has been identified in the URL: [email protected]

Executes dropped EXE

Checks installed software on the system

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Suspicious use of NtSetInformationThreadHideFromDebugger

Detected potential entity reuse from brand STEAM.

Drops file in Windows directory

Drops file in Program Files directory

Subvert Trust Controls: Mark-of-the-Web Bypass

Browser Information Discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Unsigned PE

Modifies data under HKEY_USERS

NTFS ADS

Enumerates system info in registry

Checks processor information in registry

Suspicious use of SetWindowsHookEx

Modifies system certificate store

Checks SCSI registry key(s)

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Modifies registry key

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-11 13:16

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-11 13:16

Reported

2024-11-11 13:35

Platform

win11-20241007-en

Max time kernel

1118s

Max time network

1120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fafd551638daa4ab17ebdc71f2bffd8599332b1f1e95409af51870502cd65e38.exe"

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\fafd551638daa4ab17ebdc71f2bffd8599332b1f1e95409af51870502cd65e38.exe N/A

Downloads MZ/PE file

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\fafd551638daa4ab17ebdc71f2bffd8599332b1f1e95409af51870502cd65e38.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\fafd551638daa4ab17ebdc71f2bffd8599332b1f1e95409af51870502cd65e38.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\gldriverquery64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\gldriverquery.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\Downloads\VencordInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\modules\discord_voice-1\discord_voice\gpu_encoder_helper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\modules\discord_voice-1\discord_voice\gpu_encoder_helper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\modules\discord_voice-1\discord_voice\gpu_encoder_helper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
N/A N/A C:\Users\Admin\Downloads\VencordInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\VencordInstaller.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\fafd551638daa4ab17ebdc71f2bffd8599332b1f1e95409af51870502cd65e38.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Reads local data of messenger clients

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe" C:\Windows\System32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" C:\Users\Admin\Downloads\SteamSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe" C:\Windows\System32\reg.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Detected potential entity reuse from brand STEAM.

phishing steam

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\fafd551638daa4ab17ebdc71f2bffd8599332b1f1e95409af51870502cd65e38.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_r2.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_rtrackpad_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_color_outlined_button_a_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0312.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\overlay_french.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_touchpad_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_touchpad_right.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_l_swipe.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_right_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_mouse_scroll_down.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_lt_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_dpad_left.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0402.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_list_disabled.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_button_x.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_mouse_l_click_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_dpad_right_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_rtrackpad_swipe_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_lb_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7\locales\fr.pak_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_button_share_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\avatarBorderOffline.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\steam_controller_spanish.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_dpad_down_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_lstick_right_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0351.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\switch_controller_english.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_button_options_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_l_click_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_l_right_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_dpad_left_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_lfn_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0516.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0308.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\stream_disconnect_notification.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\chatroom_unlocked.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_lg.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_up.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\templates\gamepad+mouse.vdf_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_forward_over.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_button_plus_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_lstick_click.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_sr_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\localization\friendsui_schinese-json.js_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\minithrobber07.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_right.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_dpad_right_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_rb_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_click_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\templates\controller_switch_pro_gamepad_flickstick.vdf_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_060_vehicle_0150.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\licenses.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\icon_collapse_friends.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_rtrackpad_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_070_setting_0060.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\html_lock.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_l_click_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steampops_ukrainian-json.js_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\chkSelDown.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\switch_controller_latam.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\steambootstrapper_korean.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0402.png_ C:\Program Files (x86)\Steam\steam.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\SystemTemp\chrome_url_fetcher_23032_2129548740\oimompecagnajdejgnnjijobebaeigek_4.10.2830.0_win64_dldxogwi36sxwpr57ta4lg57z4.crx3 C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping23032_399708922\manifest.json C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping23032_399708922\_metadata\verified_contents.json C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping23032_757169869\_platform_specific\win_x64\widevinecdm.dll C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping10520_379772288\LICENSE C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping23032_399708922\manifest.fingerprint C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping23032_757169869\_platform_specific\win_x64\widevinecdm.dll.sig C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping23032_757169869\manifest.json C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping23032_757169869\_metadata\verified_contents.json C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping10520_379772288\_platform_specific\win_x64\widevinecdm.dll C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping10520_379772288\_metadata\verified_contents.json C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping23032_399708922\Google.Widevine.CDM.dll C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping23032_757169869\LICENSE C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping10520_379772288\_platform_specific\win_x64\widevinecdm.dll.sig C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping10520_379772288\manifest.fingerprint C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File created C:\Windows\SystemTemp\chrome_url_fetcher_23032_599562417\neifaoindggfcjicffkgpmnlppeffabd_1.0.2738.0_win64_kj4dp5kifwxbdodqls7e5nzhtm.crx3 C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping23032_757169869\manifest.fingerprint C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping10520_379772288\manifest.json C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\VencordInstaller.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\DiscordSetup.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\DiscordSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fafd551638daa4ab17ebdc71f2bffd8599332b1f1e95409af51870502cd65e38.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\SteamSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\gldriverquery.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Discord\Update.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "179" C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133758046774706181" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Discord C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Discord\DefaultIcon C:\Windows\System32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\system32\BackgroundTransferHost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Discord\DefaultIcon C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\MuiCache C:\Windows\system32\BackgroundTransferHost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Discord\ = "URL:Discord Protocol" C:\Windows\System32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\system32\BackgroundTransferHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9169\\Discord.exe\" --url -- \"%1\"" C:\Windows\System32\reg.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Discord\URL Protocol C:\Windows\System32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9169\\Discord.exe\",-1" C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Discord\shell\open\command C:\Windows\System32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Discord\ = "URL:Discord Protocol" C:\Windows\System32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9169\\Discord.exe\" --url -- \"%1\"" C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2584844841-1405471295-1760131749-1000\{167A29B1-096D-473A-8DBB-FC0F9A008D8D} C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Discord\shell\open C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Discord C:\Windows\System32\reg.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9169\\Discord.exe\",-1" C:\Windows\System32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\system32\BackgroundTransferHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Discord\shell\open\command C:\Windows\System32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Discord\URL Protocol C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Discord C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Discord\shell C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Discord C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Discord C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2584844841-1405471295-1760131749-1000\{27E648A9-ADAC-42F0-BCF1-9C88128D325F} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Program Files (x86)\Steam\steam.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\VencordInstaller.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\DiscordSetup.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\fafd551638daa4ab17ebdc71f2bffd8599332b1f1e95409af51870502cd65e38.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fafd551638daa4ab17ebdc71f2bffd8599332b1f1e95409af51870502cd65e38.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4868 wrote to memory of 4564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 4564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 2076 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 4128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 4128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\fafd551638daa4ab17ebdc71f2bffd8599332b1f1e95409af51870502cd65e38.exe

"C:\Users\Admin\AppData\Local\Temp\fafd551638daa4ab17ebdc71f2bffd8599332b1f1e95409af51870502cd65e38.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\BackgroundTransferHost.exe

"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffa3f1fcc40,0x7ffa3f1fcc4c,0x7ffa3f1fcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1828,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1824 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2124,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2136 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2188 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3324 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3784,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4472 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4632,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4664 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4660,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4792 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4700,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4648 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4964,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4984 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4684 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5076,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4656,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3660 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4912,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4604 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5292,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5316 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5336,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5168 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3472,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3360 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5268,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5040 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5128,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5512 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5528,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4628 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5652,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5664 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5648,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5800 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5524,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4408 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1172,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3312 /prefetch:8

C:\Users\Admin\Downloads\SteamSetup.exe

"C:\Users\Admin\Downloads\SteamSetup.exe"

C:\Program Files (x86)\Steam\bin\steamservice.exe

"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=10644" "-buildid=1730853027" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1730853027 --initial-client-data=0x28c,0x290,0x294,0x288,0x298,0x7ffa5099af00,0x7ffa5099af0c,0x7ffa5099af18

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1556,i,2446722706222684078,15118219799484075233,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1560 --mojo-platform-channel-handle=1548 /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=2160,i,2446722706222684078,15118219799484075233,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2164 --mojo-platform-channel-handle=2156 /prefetch:11

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004E8

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe

.\bin\gldriverquery64.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=2732,i,2446722706222684078,15118219799484075233,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2736 --mojo-platform-channel-handle=2716 /prefetch:13

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,2446722706222684078,15118219799484075233,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3092 --mojo-platform-channel-handle=3084 /prefetch:1

C:\Program Files (x86)\Steam\bin\gldriverquery.exe

.\bin\gldriverquery.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe

.\bin\vulkandriverquery64.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe

.\bin\vulkandriverquery.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3696,i,2446722706222684078,15118219799484075233,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3700 --mojo-platform-channel-handle=3692 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3900,i,2446722706222684078,15118219799484075233,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3904 --mojo-platform-channel-handle=3896 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=4232,i,2446722706222684078,15118219799484075233,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4236 --mojo-platform-channel-handle=4228 /prefetch:14

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4348,i,2446722706222684078,15118219799484075233,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4240 --mojo-platform-channel-handle=4188 /prefetch:10

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3916,i,2446722706222684078,15118219799484075233,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3908 --mojo-platform-channel-handle=3924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/mobile

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa4ce63cb8,0x7ffa4ce63cc8,0x7ffa4ce63cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,2541598152103631511,13564050270350594259,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1864 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,2541598152103631511,13564050270350594259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,2541598152103631511,13564050270350594259,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2541598152103631511,13564050270350594259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2541598152103631511,13564050270350594259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3f1fcc40,0x7ffa3f1fcc4c,0x7ffa3f1fcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=4416,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3012 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=3008,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4996 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5948,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5852 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5816,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3376 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5176,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5940 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=4456,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3400 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6036,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=3192,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6156 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6372,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5980 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=5940,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6368 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=5028,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4604 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=5516,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=4488,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6416 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=3404,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5172 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6176,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5228 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6492,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5840 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=6408,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5796 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=5868,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3780 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=5052,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5888 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5124,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5192 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5772,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5132 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6696,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6496 /prefetch:8

C:\Users\Admin\Downloads\VencordInstaller.exe

"C:\Users\Admin\Downloads\VencordInstaller.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=4580,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6444 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=6256,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4676 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=6748,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6720 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004E8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=4972,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6676 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6632,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7028 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=7052,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5956 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4472,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7196 /prefetch:8

C:\Users\Admin\Downloads\DiscordSetup.exe

"C:\Users\Admin\Downloads\DiscordSetup.exe"

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .

C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe" --squirrel-install 1.0.9169

C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe

C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:4 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9169 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=32.0.0 --initial-client-data=0x550,0x554,0x558,0x548,0x55c,0x7ff6fbe4a538,0x7ff6fbe4a544,0x7ff6fbe4a550

C:\Users\Admin\AppData\Local\Discord\Update.exe

C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico

C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2152,i,17011605192345850802,13238103810824592174,262144 --disable-features=AllowAggressiveThrottlingWithWebSocket,HardwareMediaKeyHandling,IntensiveWakeUpThrottling,MediaSessionService,SpareRendererForSitePerProcess,UseEcoQoSForBackgroundProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2144 /prefetch:2

C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --field-trial-handle=2292,i,17011605192345850802,13238103810824592174,262144 --disable-features=AllowAggressiveThrottlingWithWebSocket,HardwareMediaKeyHandling,IntensiveWakeUpThrottling,MediaSessionService,SpareRendererForSitePerProcess,UseEcoQoSForBackgroundProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2184 /prefetch:11

C:\Windows\System32\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f

C:\Windows\System32\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f

C:\Windows\System32\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f

C:\Windows\System32\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe\",-1" /f

C:\Windows\System32\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe\" --url -- \"%1\"" /f

C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe" --squirrel-firstrun

C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe

C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:4 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9169 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=32.0.0 --initial-client-data=0x544,0x548,0x54c,0x53c,0x550,0x7ff6fbe4a538,0x7ff6fbe4a544,0x7ff6fbe4a550

C:\Windows\System32\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f

C:\Windows\System32\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f

C:\Windows\System32\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe\",-1" /f

C:\Windows\System32\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe\" --url -- \"%1\"" /f

C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2780,i,17405316617497515922,18294576752084722189,262144 --disable-features=AllowAggressiveThrottlingWithWebSocket,HardwareMediaKeyHandling,IntensiveWakeUpThrottling,MediaSessionService,SpareRendererForSitePerProcess,UseEcoQoSForBackgroundProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2688 /prefetch:2

C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip,sentry-ipc --field-trial-handle=3264,i,17405316617497515922,18294576752084722189,262144 --disable-features=AllowAggressiveThrottlingWithWebSocket,HardwareMediaKeyHandling,IntensiveWakeUpThrottling,MediaSessionService,SpareRendererForSitePerProcess,UseEcoQoSForBackgroundProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2876 /prefetch:11

C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip,sentry-ipc --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=3316,i,17405316617497515922,18294576752084722189,262144 --disable-features=AllowAggressiveThrottlingWithWebSocket,HardwareMediaKeyHandling,IntensiveWakeUpThrottling,MediaSessionService,SpareRendererForSitePerProcess,UseEcoQoSForBackgroundProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3304 /prefetch:1

C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip,sentry-ipc --field-trial-handle=4028,i,17405316617497515922,18294576752084722189,262144 --disable-features=AllowAggressiveThrottlingWithWebSocket,HardwareMediaKeyHandling,IntensiveWakeUpThrottling,MediaSessionService,SpareRendererForSitePerProcess,UseEcoQoSForBackgroundProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4024 /prefetch:14

C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip,sentry-ipc --field-trial-handle=4316,i,17405316617497515922,18294576752084722189,262144 --disable-features=AllowAggressiveThrottlingWithWebSocket,HardwareMediaKeyHandling,IntensiveWakeUpThrottling,MediaSessionService,SpareRendererForSitePerProcess,UseEcoQoSForBackgroundProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4012 /prefetch:14

C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip,sentry-ipc --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\resources\app.asar" --no-sandbox --no-zygote --enable-blink-features=EnumerateDevices,AudioOutputDevices --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4144,i,17405316617497515922,18294576752084722189,262144 --disable-features=AllowAggressiveThrottlingWithWebSocket,HardwareMediaKeyHandling,IntensiveWakeUpThrottling,MediaSessionService,SpareRendererForSitePerProcess,UseEcoQoSForBackgroundProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4132 --enable-node-leakage-in-renderers /prefetch:1

C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip,sentry-ipc --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\resources\app.asar" --no-sandbox --no-zygote --enable-blink-features=EnumerateDevices,AudioOutputDevices --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4128,i,17405316617497515922,18294576752084722189,262144 --disable-features=AllowAggressiveThrottlingWithWebSocket,HardwareMediaKeyHandling,IntensiveWakeUpThrottling,MediaSessionService,SpareRendererForSitePerProcess,UseEcoQoSForBackgroundProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4052 --enable-node-leakage-in-renderers /prefetch:1

C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip,sentry-ipc --field-trial-handle=4040,i,17405316617497515922,18294576752084722189,262144 --disable-features=AllowAggressiveThrottlingWithWebSocket,HardwareMediaKeyHandling,IntensiveWakeUpThrottling,MediaSessionService,SpareRendererForSitePerProcess,UseEcoQoSForBackgroundProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4156 /prefetch:12

C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip,sentry-ipc --field-trial-handle=4396,i,17405316617497515922,18294576752084722189,262144 --disable-features=AllowAggressiveThrottlingWithWebSocket,HardwareMediaKeyHandling,IntensiveWakeUpThrottling,MediaSessionService,SpareRendererForSitePerProcess,UseEcoQoSForBackgroundProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4392 /prefetch:14

C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\modules\discord_voice-1\discord_voice\gpu_encoder_helper.exe

"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\modules\discord_voice-1\discord_voice\gpu_encoder_helper.exe" nvidia

C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\modules\discord_voice-1\discord_voice\gpu_encoder_helper.exe

"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\modules\discord_voice-1\discord_voice\gpu_encoder_helper.exe" amd

C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\modules\discord_voice-1\discord_voice\gpu_encoder_helper.exe

"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\modules\discord_voice-1\discord_voice\gpu_encoder_helper.exe" intel

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Windows/System32/nvidia-smi.exe""

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discordapp.com/handoff?rpc=6463&key=6d46ee68-ba1d-4761-8a2c-addb9ad2301a

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa4ce63cb8,0x7ffa4ce63cc8,0x7ffa4ce63cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,12287846399804338368,3492889978912839293,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1860 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,12287846399804338368,3492889978912839293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,12287846399804338368,3492889978912839293,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12287846399804338368,3492889978912839293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12287846399804338368,3492889978912839293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,12287846399804338368,3492889978912839293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1852,12287846399804338368,3492889978912839293,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3860 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1852,12287846399804338368,3492889978912839293,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4356 /prefetch:8

C:\Windows\System32\reg.exe

C:\Windows\System32\reg.exe query HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord

C:\Windows\System32\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f

C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\Discord.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=UAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=4952,i,17405316617497515922,18294576752084722189,262144 --disable-features=AllowAggressiveThrottlingWithWebSocket,HardwareMediaKeyHandling,IntensiveWakeUpThrottling,MediaSessionService,SpareRendererForSitePerProcess,UseEcoQoSForBackgroundProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4600 /prefetch:10

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa4ce63cb8,0x7ffa4ce63cc8,0x7ffa4ce63cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,1161358021509735615,9371351431990770570,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1984 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,1161358021509735615,9371351431990770570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,1161358021509735615,9371351431990770570,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1161358021509735615,9371351431990770570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1161358021509735615,9371351431990770570,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1161358021509735615,9371351431990770570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1161358021509735615,9371351431990770570,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,1161358021509735615,9371351431990770570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=7436,i,4259759967294921835,14738153874634687427,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,1161358021509735615,9371351431990770570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1161358021509735615,9371351431990770570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1161358021509735615,9371351431990770570,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1161358021509735615,9371351431990770570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1

C:\Users\Admin\Downloads\VencordInstaller.exe

"C:\Users\Admin\Downloads\VencordInstaller.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,1161358021509735615,9371351431990770570,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2368 /prefetch:2

C:\Users\Admin\Downloads\VencordInstaller.exe

"C:\Users\Admin\Downloads\VencordInstaller.exe"

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa3965855 /state1:0x41c64e6d

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1161358021509735615,9371351431990770570,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2376 /prefetch:1

Network

Country Destination Domain Proto
RU 185.215.113.206:80 185.215.113.206 tcp
US 8.8.8.8:53 206.113.215.185.in-addr.arpa udp
GB 104.86.110.97:443 tcp
GB 104.86.110.97:443 tcp
GB 92.123.128.146:443 r.bing.com tcp
GB 92.123.128.146:443 r.bing.com tcp
GB 92.123.128.146:443 r.bing.com tcp
GB 92.123.128.146:443 r.bing.com tcp
GB 92.123.128.146:443 r.bing.com tcp
GB 92.123.128.146:443 r.bing.com tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 146.128.123.92.in-addr.arpa udp
US 20.189.173.1:443 browser.pipe.aria.microsoft.com tcp
GB 92.123.128.134:443 www.bing.com tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 216.58.204.74:443 ogads-pa.googleapis.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 216.58.204.74:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
GB 172.217.16.238:443 play.google.com tcp
GB 216.58.201.110:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
GB 216.58.213.1:443 clients2.googleusercontent.com tcp
GB 142.250.180.4:443 www.google.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.204.74:443 content-autofill.googleapis.com tcp
GB 216.58.204.74:443 content-autofill.googleapis.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 172.217.16.238:443 play.google.com tcp
GB 172.217.16.238:443 play.google.com udp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
GB 142.250.200.14:443 google.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
GB 2.23.210.75:80 r11.o.lencr.org tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
GB 2.19.117.21:80 test.steampowered.com tcp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 21.117.19.2.in-addr.arpa udp
N/A 127.0.0.1:63198 tcp
N/A 127.0.0.1:63182 tcp
GB 104.82.234.109:443 api.steampowered.com tcp
US 162.254.199.165:27018 cmp1-atl3.steamserver.net tcp
US 162.254.199.184:443 cmp2-atl3.steamserver.net tcp
US 162.254.199.184:27018 cmp2-atl3.steamserver.net tcp
US 8.8.8.8:53 cmp2-iad1.steamserver.net udp
US 162.254.192.99:27019 cmp2-iad1.steamserver.net tcp
GB 2.23.210.82:80 e6.o.lencr.org tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.23.210.82:80 e5.o.lencr.org tcp
US 162.254.192.99:27018 cmp2-iad1.steamserver.net tcp
US 8.8.8.8:53 cmp1-dfw1.steamserver.net udp
US 155.133.253.36:443 cmp1-dfw1.steamserver.net tcp
US 155.133.253.36:27018 cmp1-dfw1.steamserver.net tcp
US 155.133.253.52:27018 cmp2-dfw1.steamserver.net tcp
US 8.8.8.8:53 cmp1-iad1.steamserver.net udp
US 162.254.192.98:443 cmp1-iad1.steamserver.net tcp
US 8.8.8.8:53 165.199.254.162.in-addr.arpa udp
US 8.8.8.8:53 184.199.254.162.in-addr.arpa udp
US 8.8.8.8:53 99.192.254.162.in-addr.arpa udp
US 8.8.8.8:53 82.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 36.253.133.155.in-addr.arpa udp
US 8.8.8.8:53 52.253.133.155.in-addr.arpa udp
US 162.254.193.103:443 cmp1-ord1.steamserver.net tcp
US 155.133.229.20:27023 cmp2-fra2.steamserver.net tcp
US 155.133.229.20:27019 cmp2-fra2.steamserver.net tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 23.192.21.216:443 store.steampowered.com tcp
US 104.18.42.105:443 tcp
US 104.18.42.105:443 tcp
US 104.18.42.105:443 tcp
US 104.19.230.21:443 udp
US 104.18.42.105:443 tcp
GB 142.250.200.14:443 google.com tcp
GB 74.125.105.39:443 udp
US 104.19.229.21:443 udp
US 104.19.229.21:443 udp
US 104.19.229.21:443 tcp
US 104.19.229.21:443 udp
US 8.8.4.4:443 dns.google udp
GB 172.217.169.35:443 tcp
GB 104.82.234.109:443 api.steampowered.com tcp
NL 155.133.248.43:443 cmp2-ams1.steamserver.net tcp
NL 155.133.248.42:27018 cmp1-ams1.steamserver.net tcp
NL 155.133.248.43:27018 cmp2-ams1.steamserver.net tcp
FR 185.25.182.52:27032 ext2-par1.steamserver.net tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.23.210.82:80 e5.o.lencr.org tcp
US 8.8.8.8:53 cmp1-fra1.steamserver.net udp
US 8.8.8.8:53 43.248.133.155.in-addr.arpa udp
US 8.8.8.8:53 42.248.133.155.in-addr.arpa udp
US 8.8.8.8:53 52.182.25.185.in-addr.arpa udp
DE 155.133.250.4:27020 cmp1-fra1.steamserver.net tcp
US 155.133.229.4:27022 cmp1-fra2.steamserver.net tcp
DE 155.133.250.20:27019 cmp2-fra1.steamserver.net tcp
GB 2.23.210.82:80 r10.o.lencr.org tcp
GB 172.217.169.35:443 udp
US 151.101.67.52:443 client-update.steamstatic.com tcp
GB 2.23.210.82:80 r10.o.lencr.org tcp
GB 104.82.234.109:443 api.steampowered.com tcp
US 162.254.192.98:443 cmp1-iad1.steamserver.net tcp
US 162.254.192.99:27020 cmp2-iad1.steamserver.net tcp
US 162.254.192.99:27019 cmp2-iad1.steamserver.net tcp
US 162.254.199.184:443 cmp2-atl3.steamserver.net tcp
US 162.254.199.165:27018 cmp1-atl3.steamserver.net tcp
US 162.254.199.184:27018 cmp2-atl3.steamserver.net tcp
US 162.254.193.103:443 cmp1-ord1.steamserver.net tcp
US 162.254.193.75:27018 cmp2-ord1.steamserver.net tcp
GB 2.23.210.82:80 r10.o.lencr.org tcp
US 205.196.6.132:443 cmp1-sea1.steamserver.net tcp
US 162.254.193.103:27018 cmp1-ord1.steamserver.net tcp
US 155.133.229.4:27019 cmp1-fra2.steamserver.net tcp
NL 155.133.248.43:27018 cmp2-ams1.steamserver.net tcp
GB 2.23.210.75:80 r10.o.lencr.org tcp
US 8.8.8.8:53 132.6.196.205.in-addr.arpa udp
GB 142.250.200.14:443 google.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
HK 103.28.54.100:27018 cmp1-hkg1.steamserver.net tcp
HK 103.28.54.101:27018 cmp2-hkg1.steamserver.net tcp
JP 45.121.184.20:27019 ext1-tyo3.steamserver.net tcp
JP 45.121.184.20:27030 ext1-tyo3.steamserver.net tcp
GB 2.23.210.75:80 e6.o.lencr.org tcp
HK 103.28.54.101:443 cmp2-hkg1.steamserver.net tcp
JP 45.121.184.21:443 ext2-tyo3.steamserver.net tcp
SG 103.10.124.5:27019 cmp2-sgp1.steamserver.net tcp
SG 103.10.124.5:27018 cmp2-sgp1.steamserver.net tcp
US 8.8.8.8:53 101.54.28.103.in-addr.arpa udp
US 8.8.8.8:53 20.184.121.45.in-addr.arpa udp
SG 103.10.124.5:443 cmp2-sgp1.steamserver.net tcp
US 162.254.195.75:443 cmp2-lax1.steamserver.net tcp
US 162.254.199.165:443 cmp1-atl3.steamserver.net tcp
US 155.133.253.36:443 cmp1-dfw1.steamserver.net tcp
US 104.19.229.21:443 udp
US 104.19.229.21:443 udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
US 155.133.229.4:27019 cmp1-fra2.steamserver.net tcp
US 155.133.229.20:27019 cmp2-fra2.steamserver.net tcp
DE 155.133.250.4:443 cmp1-fra1.steamserver.net tcp
SE 155.133.252.68:27019 cmp1-sto2.steamserver.net tcp
GB 2.23.210.82:80 e5.o.lencr.org tcp
US 8.8.8.8:53 cmp2-sto2.steamserver.net udp
SE 155.133.252.69:27019 cmp2-sto2.steamserver.net tcp
SE 155.133.252.68:443 cmp1-sto2.steamserver.net tcp
DE 155.133.250.20:27024 cmp2-fra1.steamserver.net tcp
US 155.133.229.20:27024 cmp2-fra2.steamserver.net tcp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 69.252.133.155.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google udp
US 104.19.229.21:443 udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
US 8.8.8.8:53 cmp2-seo1.steamserver.net udp
KR 146.66.152.53:443 cmp2-seo1.steamserver.net tcp
KR 146.66.152.52:27018 cmp1-seo1.steamserver.net tcp
KR 146.66.152.53:27018 cmp2-seo1.steamserver.net tcp
US 162.254.195.69:443 cmp1-lax1.steamserver.net tcp
GB 2.23.210.75:80 e6.o.lencr.org tcp
US 162.254.195.69:27018 cmp1-lax1.steamserver.net tcp
US 162.254.195.75:27018 cmp2-lax1.steamserver.net tcp
US 155.133.253.36:443 cmp1-dfw1.steamserver.net tcp
US 205.196.6.132:443 cmp1-sea1.steamserver.net tcp
US 155.133.253.36:27018 cmp1-dfw1.steamserver.net tcp
US 8.8.8.8:53 52.152.66.146.in-addr.arpa udp
US 155.133.253.52:27018 cmp2-dfw1.steamserver.net tcp
FR 185.25.182.20:27032 ext1-par1.steamserver.net tcp
GB 162.254.196.80:443 cmp2-lhr1.steamserver.net tcp
GB 2.23.210.75:80 e5.o.lencr.org tcp
US 8.8.4.4:443 dns.google udp
US 8.8.8.8:53 store.steampowered.com udp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 151.145.64.172.in-addr.arpa udp
GB 104.86.110.97:443 tcp
GB 104.86.110.97:443 tcp
GB 142.250.180.4:443 www.google.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
GB 142.250.200.42:443 ogads-pa.googleapis.com udp
GB 216.58.201.110:443 chrome.google.com tcp
GB 142.250.178.14:443 play.google.com udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.178.3:443 id.google.com tcp
GB 142.250.200.42:443 ogads-pa.googleapis.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.178.14:443 play.google.com udp
US 151.101.129.140:443 www.reddit.com tcp
US 151.101.129.140:443 www.reddit.com tcp
US 216.198.53.1:443 support.reddithelp.com tcp
US 216.198.53.1:443 support.reddithelp.com tcp
US 8.8.8.8:53 static.zdassets.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 216.198.53.3:443 static.zdassets.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 unpkg.com udp
US 216.198.54.1:443 reddit.zendesk.com tcp
US 104.17.249.203:443 unpkg.com tcp
DE 18.155.145.22:443 www.redditstatus.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 1.54.198.216.in-addr.arpa udp
US 8.8.8.8:53 200.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 203.249.17.104.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 22.145.155.18.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 142.250.200.42:443 ajax.googleapis.com udp
GB 172.217.16.238:443 www.youtube.com udp
GB 142.250.178.3:443 id.google.com udp
GB 142.250.200.42:443 ajax.googleapis.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.178.22:443 i.ytimg.com tcp
GB 142.250.178.22:443 i.ytimg.com tcp
GB 142.250.178.22:443 i.ytimg.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 172.217.169.46:443 www.youtube.com tcp
GB 172.217.169.46:443 www.youtube.com udp
GB 172.217.169.46:443 www.youtube.com tcp
GB 142.250.178.22:443 i.ytimg.com tcp
GB 172.217.169.46:443 www.youtube.com udp
GB 142.250.178.14:443 www.youtube.com udp
GB 216.58.213.2:443 googleads.g.doubleclick.net tcp
GB 142.250.179.230:443 static.doubleclick.net tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
GB 216.58.213.2:443 googleads.g.doubleclick.net udp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com udp
US 172.67.183.184:443 vencord.dev tcp
US 172.67.183.184:443 vencord.dev tcp
US 172.67.183.184:443 vencord.dev tcp
US 172.67.183.184:443 vencord.dev tcp
US 172.67.183.184:443 vencord.dev tcp
US 172.67.183.184:443 vencord.dev tcp
US 172.67.183.184:443 vencord.dev udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.110.133:443 objects.githubusercontent.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 151.101.65.140:443 w3-reporting-nel.reddit.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
GB 142.250.180.4:443 www.google.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.200.42:443 ajax.googleapis.com udp
GB 172.217.16.238:443 www.youtube.com udp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 104.18.160.117:443 cdn.prod.website-files.com tcp
US 104.18.160.117:443 cdn.prod.website-files.com tcp
US 104.18.160.117:443 cdn.prod.website-files.com tcp
GB 142.250.200.42:443 ajax.googleapis.com tcp
US 104.22.21.64:443 cdn.localizeapi.com tcp
US 104.18.160.117:443 cdn.prod.website-files.com udp
US 162.159.135.232:443 discord.com udp
DE 54.230.55.152:443 d3e54v103j8qbb.cloudfront.net tcp
US 104.18.160.117:443 cdn.prod.website-files.com udp
US 162.159.135.233:443 cdn.discordapp.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
US 172.64.155.119:443 geolocation.onetrust.com tcp
GB 172.217.169.46:443 www.youtube.com udp
GB 142.250.200.42:443 ajax.googleapis.com udp
US 104.22.21.64:443 cdn.localizeapi.com udp
DE 54.230.55.152:443 d3e54v103j8qbb.cloudfront.net tcp
US 34.126.226.51:443 stable.dl2.discordapp.net tcp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.201.99:443 update.googleapis.com tcp
GB 216.58.201.99:443 update.googleapis.com tcp
US 162.159.138.232:443 discord.com tcp
US 34.126.226.51:443 stable.dl2.discordapp.net tcp
US 34.126.226.51:443 stable.dl2.discordapp.net tcp
US 34.126.226.51:443 stable.dl2.discordapp.net tcp
US 34.126.226.51:443 stable.dl2.discordapp.net tcp
GB 216.58.201.99:443 update.googleapis.com udp
US 8.8.8.8:53 discordapp.com udp
US 8.8.8.8:53 discordapp.com udp
US 162.159.130.233:443 discordapp.com udp
US 162.159.130.233:443 discordapp.com tcp
US 8.8.8.8:53 233.130.159.162.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
AU 34.116.74.210:443 e2c10.gcp.gvt2.com tcp
US 162.159.134.233:443 discordapp.com tcp
US 162.159.134.233:443 discordapp.com tcp
US 162.159.135.232:443 discord.com tcp
US 8.8.8.8:53 remote-auth-gateway.discord.gg udp
US 8.8.8.8:53 remote-auth-gateway.discord.gg udp
US 162.159.134.234:443 remote-auth-gateway.discord.gg tcp
N/A 127.0.0.1:6463 tcp
N/A 127.0.0.1:6463 tcp
US 162.159.130.233:443 discordapp.com udp
US 8.8.8.8:53 gateway.discord.gg udp
US 8.8.8.8:53 gateway.discord.gg udp
US 162.159.134.234:443 gateway.discord.gg tcp
US 8.8.8.8:53 status.discord.com udp
US 8.8.8.8:53 status.discord.com udp
US 162.159.137.232:443 status.discord.com udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.133.233:443 cdn.discordapp.com udp
US 162.159.133.233:443 cdn.discordapp.com udp
US 8.8.8.8:53 images-ext-1.discordapp.net udp
US 8.8.8.8:53 images-ext-1.discordapp.net udp
US 162.159.128.232:443 images-ext-1.discordapp.net udp
US 8.8.8.8:53 232.128.159.162.in-addr.arpa udp
US 8.8.8.8:53 media.discordapp.net udp
US 8.8.8.8:53 media.discordapp.net udp
GB 216.58.201.99:443 update.googleapis.com udp
US 8.8.8.8:53 latency.discord.media udp
US 8.8.8.8:53 latency.discord.media udp
US 162.159.130.235:443 latency.discord.media tcp
NL 35.214.163.28:50001 udp
NL 66.22.197.133:50003 udp
NL 35.214.180.75:50003 udp
NL 35.214.137.136:50002 udp
NL 35.214.208.163:50001 udp
DE 66.22.243.193:50004 udp
DE 35.207.171.222:50002 udp
DE 66.22.243.44:50002 udp
DE 66.22.243.159:50003 udp
DE 66.22.243.15:50004 udp
IT 35.219.249.126:50004 udp
IT 35.219.230.140:50002 udp
IT 35.219.235.98:50001 udp
IT 35.219.248.63:50003 udp
IT 35.219.245.56:50004 udp
ES 34.0.196.207:50001 udp
ES 34.0.199.71:50004 udp
ES 34.0.194.214:50001 udp
ES 34.0.223.68:50002 udp
ES 34.0.212.174:50003 udp
SE 66.22.237.38:50002 udp
SE 66.22.237.139:50002 udp
SE 66.22.237.40:50004 udp
SE 66.22.237.41:50004 udp
SE 66.22.237.149:50003 udp
US 8.8.8.8:53 163.208.214.35.in-addr.arpa udp
US 8.8.8.8:53 235.130.159.162.in-addr.arpa udp
US 8.8.8.8:53 71.199.0.34.in-addr.arpa udp
US 8.8.8.8:53 68.223.0.34.in-addr.arpa udp
US 8.8.8.8:53 207.196.0.34.in-addr.arpa udp
US 8.8.8.8:53 56.245.219.35.in-addr.arpa udp
US 8.8.8.8:53 214.194.0.34.in-addr.arpa udp
US 8.8.8.8:53 63.248.219.35.in-addr.arpa udp
US 8.8.8.8:53 126.249.219.35.in-addr.arpa udp
US 8.8.8.8:53 174.212.0.34.in-addr.arpa udp
US 8.8.8.8:53 140.230.219.35.in-addr.arpa udp
US 8.8.8.8:53 98.235.219.35.in-addr.arpa udp
US 8.8.8.8:53 38.237.22.66.in-addr.arpa udp
US 8.8.8.8:53 15.243.22.66.in-addr.arpa udp
US 8.8.8.8:53 159.243.22.66.in-addr.arpa udp
US 8.8.8.8:53 139.237.22.66.in-addr.arpa udp
US 8.8.8.8:53 44.243.22.66.in-addr.arpa udp
US 8.8.8.8:53 40.237.22.66.in-addr.arpa udp
US 8.8.8.8:53 222.171.207.35.in-addr.arpa udp
US 8.8.8.8:53 193.243.22.66.in-addr.arpa udp
US 8.8.8.8:53 136.137.214.35.in-addr.arpa udp
US 8.8.8.8:53 41.237.22.66.in-addr.arpa udp
US 8.8.8.8:53 149.237.22.66.in-addr.arpa udp
US 8.8.8.8:53 133.197.22.66.in-addr.arpa udp
US 8.8.8.8:53 75.180.214.35.in-addr.arpa udp
US 162.159.130.233:443 cdn.discordapp.com udp
GB 104.86.110.97:443 tcp
US 162.159.129.232:443 media.discordapp.net udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
GB 104.86.110.97:443 tcp
US 150.171.23.12:443 rum18.perf.linkedin.com tcp
US 150.171.85.254:443 p-ring.msedge.net tcp
US 20.106.94.33:443 bc1778fef893c9fd8819ba7ba9f220e5.azr.footprintdns.com tcp

Files

memory/3108-0-0x0000000000400000-0x0000000000AB0000-memory.dmp

memory/3108-1-0x00000000778C6000-0x00000000778C8000-memory.dmp

memory/3108-2-0x0000000000401000-0x0000000000418000-memory.dmp

memory/3108-3-0x0000000000400000-0x0000000000AB0000-memory.dmp

memory/3108-4-0x0000000000400000-0x0000000000AB0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\dd6ea331-42b0-468b-a4cd-a9696086f5b1.down_data

MD5 5683c0028832cae4ef93ca39c8ac5029
SHA1 248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512 aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

\??\pipe\crashpad_4868_IKYTCDEXCYPTSHNY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Temp\scoped_dir4868_1246478831\decb373d-e863-4e34-a8c6-8237f8a28dcf.tmp

MD5 da75bb05d10acc967eecaac040d3d733
SHA1 95c08e067df713af8992db113f7e9aec84f17181
SHA256 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2
SHA512 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

C:\Users\Admin\AppData\Local\Temp\scoped_dir4868_1246478831\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 e3a1d851c5b2f4b040b72c271a1238c6
SHA1 a1190fbcb93885ddd3868bec20876e674ef542ed
SHA256 bca1aae583d372dcf68336798fe44a67cfaf3c86ccce16705458745e2c42d1cb
SHA512 a7246e021b80661c6dac61529bf580b2ab36494b2186af02cef7e03c0d2cdb632cfd64851d1bf4f7410105f1f786a63cd4389c276ebb232b74e9776ba498e91e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5573eba8a71fd38c85450d14963fd686
SHA1 cd18ce691a2c44da7eab613f56d50e2eea1885f0
SHA256 0c5607f94850ed2561ecd7933318d4d0fcdf1ff45c8e87cddb3da5c847660aa7
SHA512 6669b3326c0dfc3f90d103cf840d36cad332d1c069030c6c0b3c7fdea1cefca834f6188d888fd7004e1f758dc3e464143b97f8f2fa01aba3274a358feb1345db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 57570e424d78ba1ce01f6aa792f43488
SHA1 004dfa6d0b17e00efab2e13cea2604c16f7ca046
SHA256 0bc31c79e7ff12683c1eeebf5d80a22a98f28298499d943dd5182056dab79abf
SHA512 2d98e1b7c658ffd1c4ad3437880305b2f0a5d4a817d12a0671616c034a04f16b8fe9871d2c04b0097bc1bc6caac267e0e7a9914dea696a0e5cab4768b4b94d3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 934d0867fbadd825368f29b4ea55cdb3
SHA1 369c43a46f34acb673cc49ad286e705fbf61f799
SHA256 2b6c85bc8dc87b70e949cb128f5a39b5469358ad4ce219c74279bfc0b4d6e956
SHA512 af30c2942e292c2b0263e6e30c024c2bc9715405296c99863733220efb6b0461d76aff64969f6f3015c791cdcdc617288dc510e225d67f30bf3e88301bf04a0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 386306c56a2bb0ddf1f9261365795fbd
SHA1 83c6a08b99487936e0df314eb2fd7fa5ef94ba25
SHA256 888fa3342666d9250459cff7ae814177ef8bf0a90f1f3a826d960099b3c6d3dc
SHA512 782563794b68d1e0946a3c4649a72a0dd28eab4c1d56c24007d947be251343d1c6d97c7f7522fc7c1939afea838b545929e813a719bed201614b7d8ef1b62dff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 fadab0243ab279a7177ef40deffb928a
SHA1 297e2dc2afa4600f5dd031f5f0b9f46dcf402b39
SHA256 4114eb29b0acd5461c1e0c0d8a6948c1214771c99a3fc39673d94be5f4adfc5c
SHA512 c718aea0ce77a5d76a8fb5bae830f7783e9b57d8a58db48446a66f52e76a146ae0a840d236bc9f773c86bea3d33f9dbd82b3472b4dcd0092e6448ce2029787ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e9d6e0e376ed5d27253f3b2e1a11becb
SHA1 162c0bdfcac158dd434727babd872b757252ff85
SHA256 572092b2f12034244ab38a8107bdb9df8c15a0833ca033f14a598b76998ed43b
SHA512 995321759b574d365fa63d984a4545fc68b2bdab4c96024772744372062d6290e68afdb41125b84b8169977545765fed2c1e65147246ee7ffeafb8a089de444b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 49a3793c173f0030c57c300f1f898f4c
SHA1 10ae2ad0f7a188e2134ea34bbb92345d2ceed2d1
SHA256 7baf274071bf1c231192f448671f62d848f1b5221e6d178bfd271d9aa6e517c2
SHA512 bd98dc1a23a4968dcd048f360c462e80f2ce06fe643dd16fcc2e3434bc6ce4a463115f524c931b777104a0f45b034a41d41a240a45c4c735a9a24549b98999e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0ee136199ca1fd114e445e1d48811847
SHA1 c7fda0efde9ea006286392a7a07e8fe43ef0b851
SHA256 a7bd376d083d0d4bce4496d4114235800ddf9a9d3c19090775fd06abbd45bfc3
SHA512 832e66774e9424a810195be0fc2244a374352d83dac4012c8ce19fe9df3e0f6d9a0a0dd653f73d0715750571a31e46b2284f826e45375c8b60d68aae7300ce5a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 89b39f4fd95de402d3f5a7fa7b926dfe
SHA1 0a17a15190bb59bfa2ffab6ddb191b84f64b2f1c
SHA256 35072efada7994680d8974194198ea0fff7db7a9961994e9034145444bca1292
SHA512 a222a1865e99ac79901dfb8629c13d3d530475676d49f35574f98fcbe05a82b724458f3c7a12cb808ec9d1cd41a59de07920b115ac520e0660817ca1b76286a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3ca0556bc4b45b0588dbc779ea0ae099
SHA1 063832075f1409ab6a2adefc911fbe13551f76f2
SHA256 43bd7ed59ca6638e862962da33cd50ba0ee221a43f1ee333b84b43fd12c99b00
SHA512 48983b3db26412b96ac95708fcec4e657907bd08f3cd46e5612b6efc15cab922a45c16cb89277eb323aef23b76f3c44f853b6a58ff9458aebacb3fc0f1e713cf

C:\Users\Admin\Downloads\Unconfirmed 381581.crdownload

MD5 1b54b70beef8eb240db31718e8f7eb5d
SHA1 da5995070737ec655824c92622333c489eb6bce4
SHA256 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
SHA512 fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 88600c86740a1f13116883d3a145fcda
SHA1 23cf39a4059bc34d3267b6976dd3bd2d0532699b
SHA256 0a48c61fae13df4ab6ee6fda2cad219bfb74e911c01a7813bef082abce1c9269
SHA512 73a3f813a9b11d7977d9d53c16df0bb0236a0e6ff8a1e733bd59d80614f5623633f38874d0628195a4b6d08e8c324a0b22fb52bfee0ed39c424f79181222188b

C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 92bebe7bf98c37c2b6b224e29070f57d
SHA1 d4150c1c2fc88861fef2a69d061c9a09dcff8394
SHA256 1792d83e6579d4d37b52bff9406f37b646b43409c06192a51d9c0bbac3fb517b
SHA512 e14fed15d0c29fdbdc7729cb4ca8440998269170ff7e63bbe14e9342b27eb627810e146008509f85bc7fd7c46ec278131cc3c4a5bd5b8ec8317bc944e7fa89b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d4fb5d7813d181588460790b96b00c65
SHA1 5557f439a7d5174dad32b6775f70095b078a5376
SHA256 fe0ffecfa5a2bd5e4edf7f9176387a629f20512d10abde56dfaf5080c6a5dc04
SHA512 fe64dad7a98e3665e721a70cb29891af9b5c51d068c5a4a18aa71bd3653fe659650316bbe8290776bfc73632270fe4cce5bf6190a81722d4b0fe45f223b13b2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 31273cf24c1e5ede90f3208c7cdbf52f
SHA1 e8596648b97ba512628b6c0b3c93801751cb2925
SHA256 dd04aa109eebf8dcb6e1f803e2d7bbac002af777582d383b312877a7a18df2c5
SHA512 fcc9448e3b35754509bd4cded7e79ba8c269bfe36041ad42b1bf078ed5bbc4569a6e6475605616e048cbbda5f503d8f7d9dc6e80640df4d08ee3fe0a6aac0c57

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 122e37385cbcf3f57707d3acc67b3b1d
SHA1 268afbd16cdcb46d554a8fc9093c29d1a145e842
SHA256 ab9bdcd4d6134f62cb05af75086023c4dc3c837cbbc1298001aacb2d3c7e3b21
SHA512 3a86435f05c567aa9a7657cd41534427da8c2fbe0d0d77150b2e312136b5ad0be56eaee28e84298465c1b18ca5abbd532e02206931c37422ed962fed1fa1af1e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f6b6877293306ec0cdd758e27541bf30
SHA1 775aeed42b052afa86c2a40fa25d0c6a289617b8
SHA256 b3e0106db20d2c0cd715a012fbb92a931d72c0d57f7718d916714c5a03996db8
SHA512 9cdc168b2221743b6c12cc170396ba907bb3208cd4ab95befa1f3ceb460f08f7be6f70ac400ba7ff637e0bc0fb0318c72dc9046796e852d938cab6bdccbf66d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 667212c02e2a3c9b2fa53bcd5c79deb5
SHA1 38c923df6490db1353744ea6d2ed84699fcdad99
SHA256 d96854baff65636f4c6b0615a5253251610bfbe552d437c1145e7fb31c0825e6
SHA512 ebf633c153b321c0d882885ca93247f61c84dd1107757aee202a954b35d3f0484348a538d59e2506e6979436d561bba94527dbaec77be73fb4543598d6a052d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 78a8042e7c13a5aa3652da134ba60bca
SHA1 d05a9dad1bb30e36d3e55a82a1800c69c1cc0af3
SHA256 25b61cb005fadfd3f7a46dd1f322aac67c23d78f9dbb64d585320f609848ae26
SHA512 ce87cf52350fee17718f1d5d727924e121122be965016a4e757373ca098e58438d808da088453b28ac0d034133c9ad3a077882adb53fc1286b4bd911f8def69b

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\Temp\nszB25B.tmp\System.dll

MD5 a36fbe922ffac9cd85a845d7a813f391
SHA1 f656a613a723cc1b449034d73551b4fcdf0dcf1a
SHA256 fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0
SHA512 1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

C:\Users\Admin\AppData\Local\Temp\nszB25B.tmp\nsDialogs.dll

MD5 4e5bc4458afa770636f2806ee0a1e999
SHA1 76dcc64af867526f776ab9225e7f4fe076487765
SHA256 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0
SHA512 b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2f690faab737a5885834b1688ffd032f
SHA1 d8d6ed05ae69cc8851b560b67761360a29d1f499
SHA256 d8d0b26805ee98af0e934ff655882be61783ac282f470b68d2a7c45d60bde4ff
SHA512 3738176894742aff17ada22118ace7d7ecdc691a4725a0392e87a19a4187b30e5d3e41619e37168338dee806f19276526ad159d0b68e24a35674b640d6236b13

C:\Users\Admin\AppData\Local\Temp\nszB25B.tmp\nsProcess.dll

MD5 08072dc900ca0626e8c079b2c5bcfcf3
SHA1 35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37
SHA256 bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8
SHA512 8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

C:\Program Files (x86)\Steam\Steam.exe

MD5 33bcb1c8975a4063a134a72803e0ca16
SHA1 ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA256 12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA512 13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

C:\Users\Admin\AppData\Local\Temp\nszB25B.tmp\nsExec.dll

MD5 2095af18c696968208315d4328a2b7fe
SHA1 b1b0e70c03724b2941e92c5098cc1fc0f2b51568
SHA256 3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226
SHA512 60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

C:\Program Files (x86)\Steam\bin\SteamService.exe

MD5 ba0ea9249da4ab8f62432617489ae5a6
SHA1 d8873c5dcb6e128c39cf0c423b502821343659a7
SHA256 ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d
SHA512 52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

C:\Program Files (x86)\Steam\public\steambootstrapper_turkish.txt

MD5 29f9a5ab4adfae371bf980b82de2cb57
SHA1 6f7ef52a09b99868dd7230f513630ffe473eddf8
SHA256 711675edb20b3cb70acf6cf75f2eea8e0d87c8ace3e11c8df362b4517427a34f
SHA512 543fe63f791250e05e8fda24fd2ceadebb4c8925e8927de49ae490895c87eed3e61a9ad50237532649f99fe3165836261de215ee3f66ffbfc6d677ddeea7732a

C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt

MD5 53f7e8ac1affb04bf132c2ca818eb01e
SHA1 bffc3e111761e4dc514c6398a07ffce8555697f6
SHA256 488294b7faff720dc3ab5a72e0607761484c678b96d6bcd6aad9ee2388356a83
SHA512 c2e79c2505a6fd075df113ffce92ad42c146424ca39087601daa4ed15a2b5528d478a093921d9d8a738c7b6b963275a0693ebe526b6e2135d14ced03639d0e70

C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt

MD5 194a73f900a3283da4caa6c09fefcb08
SHA1 a7a8005ca77b9f5d9791cb66fcdf6579763b2abb
SHA256 5e4f2de5ee98d5d76f5d76fb925417d6668fba08e89f7240f923f3378e3e66f6
SHA512 25842535c165d48f4cf4fa7fd06818ec5585cc3719eff933f5776a842713d7adb5667c3b9b1a122a1152450e797535fc7a8e97ebdd31c14b4d4900a33ede01f3

C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt

MD5 b2248784049e1af0c690be2af13a4ef3
SHA1 aec7461fa46b7f6d00ff308aa9d19c39b934c595
SHA256 4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690
SHA512 f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c

C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt

MD5 66456d2b1085446a9f2dbd9e4632754b
SHA1 8da6248b57e5c2970d853b8d21373772a34b1c28
SHA256 c4f821a4903c4e7faea2931c7fb1cf261eba06a9840c78fdca689f5c784c06c4
SHA512 196c2282ba13715709ece706c9219fe70c05dd295840082e7d901b9e5592e74b1bb556782181cdbe35bd1ab0d6197fef67258b09491fabc6f27606dbed667d49

C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt

MD5 56dcf7b68f70826262a6ffaffe6b1c49
SHA1 12e4272ba0e4eabc610670cdc6941f942da1eb6a
SHA256 948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f
SHA512 c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2

C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt

MD5 e04ad6c236b6c61fc53e2cb57ced87e8
SHA1 e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4
SHA256 08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e
SHA512 0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt

MD5 6367f43ea3780c4ee166454f5936b1a8
SHA1 027a2c24c8320458c49cd78053f586cb4d94ee6f
SHA256 f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998
SHA512 31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32

C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt

MD5 eb8926608c5933f05a3f0090e551b15d
SHA1 a1012904d440c0e74dad336eac8793ac110f78f8
SHA256 2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04
SHA512 9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

MD5 9b0b0e82f753cc115d87c7199885ad1b
SHA1 5743a4ab58684c1f154f84895d87f000b4e98021
SHA256 0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32
SHA512 b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

MD5 58e0fcbee3cca4ef61b97928cfe89535
SHA1 1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b
SHA256 c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425
SHA512 99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

MD5 7913f3f33839e3af9e10455df69866c2
SHA1 15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25
SHA256 05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c
SHA512 534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

MD5 202b825d0ef72096b82db255c4e747fa
SHA1 3a3265e5bbaa1d1b774195a3858f29cea75c9e75
SHA256 3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314
SHA512 e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

MD5 7e1d15fc9ba66a868c5c6cb1c2822f83
SHA1 bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7
SHA256 fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265
SHA512 0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

MD5 8958371646901eac40807eeb2f346382
SHA1 55fb07b48a3e354f7556d7edb75144635a850903
SHA256 b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585
SHA512 14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

MD5 1514d082b672b372cdfb8dd85c3437f1
SHA1 336a01192edb76ae6501d6974b3b6f0c05ea223a
SHA256 3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4
SHA512 4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

MD5 18aaaf5ffcdd21b1b34291e812d83063
SHA1 aa9c7ae8d51e947582db493f0fd1d9941880429f
SHA256 1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5
SHA512 4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

MD5 189ba063d1481528cbd6e0c4afc3abaa
SHA1 40bdd169fcc59928c69eea74fd7e057096b33092
SHA256 c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695
SHA512 ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

MD5 5c026fd6072a7c5cf31c75818cddedec
SHA1 341aa1df1d034e6f0a7dff88d37c9f11a716cae6
SHA256 0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382
SHA512 f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

MD5 10c429eb58b4274af6b6ef08f376d46c
SHA1 af1e049ddb9f875c609b0f9a38651fc1867b50d3
SHA256 a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13
SHA512 d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

MD5 9e62fc923c65bfc3f40aaf6ec4fd1010
SHA1 8f76faff18bd64696683c2a7a04d16aac1ef7e61
SHA256 8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7
SHA512 c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

MD5 da6cd2483ad8a21e8356e63d036df55b
SHA1 0e808a400facec559e6fbab960a7bdfaab4c6b04
SHA256 ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6
SHA512 06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

MD5 31a29061e51e245f74bb26d103c666ad
SHA1 271e26240db3ba0dcffc10866ccfcfa1c33cf1cc
SHA256 56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192
SHA512 f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

MD5 03b664bd98485425c21cdf83bc358703
SHA1 0a31dcfeb1957e0b00b87c2305400d004a9a5bdb
SHA256 fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115
SHA512 4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

MD5 2158881817b9163bf0fd4724d549aed4
SHA1 c500f2e8f47a11129114ee4f19524aee8fecc502
SHA256 650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7
SHA512 f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

MD5 4c81277a127e3d65fb5065f518ffe9c2
SHA1 253264b9b56e5bac0714d5be6cade09ae74c2a3a
SHA256 76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9
SHA512 be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

MD5 0340d1a0bbdb8f3017d2326f4e351e0a
SHA1 90d078e9f732794db5b0ffeb781a1f2ed2966139
SHA256 0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544
SHA512 9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

C:\Users\Admin\AppData\Local\Temp\nszB25B.tmp\modern-wizard.bmp

MD5 3614a4be6b610f1daf6c801574f161fe
SHA1 6edee98c0084a94caa1fe0124b4c19f42b4e7de6
SHA256 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b
SHA512 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

C:\Users\Admin\AppData\Local\Temp\nszB25B.tmp\StdUtils.dll

MD5 db11ab4828b429a987e7682e495c1810
SHA1 29c2c2069c4975c90789dc6d3677b4b650196561
SHA256 c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376
SHA512 460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a213f2fa0548dffc58a2d7aa07fbe179
SHA1 c1355963c5a97bd3dc3567c8ce375ea02298a297
SHA256 c05dfa471560d09b507e71058590f5b937cf585be7913d5602ba9a36e4b9b976
SHA512 078a37a29bf1c382d263e0b30ce5eb357eeac86543cc57224f0dc011ffc99e35bbb300358284f0c2281d494f0927aba43f58fc19e372e31d48613eed5b6fc6c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b9b539bf8f9a9532f437d5e7f7aaeec4
SHA1 5cb5ee3db705f660d2cc9ec468ce1942e976c850
SHA256 17180b5589e606737f5bd6bc131391c21225ac3b8fec9d527efa9b5024b4a549
SHA512 01a4a393977a4a9254c442f585182cd6a7998d05116fd7a5fd156aa871f056bb3cc6656a2b43960c4d542443ab4468042d83cba4cc072c451c844a449f9c2290

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 340a513e3ed9c6869bb2533beb0ad7ff
SHA1 92e7973c281ded1ecd11d8bb1168fd254e8930db
SHA256 1b7c713a97dc6e7a29ac163545d9f8de64a872cc2028391e9f4fceb8d4043d1e
SHA512 3b24c2acb4897871f59f1a5353c6a1124856f0b659bb3d4c7d1eb30e7316ae1fa21f6c6e07e7adddff899fb0fcbfe2e1e9c6e60df75bcab582a5df6a5783b95b

C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

MD5 836dd6b25a8902af48cd52738b675e4b
SHA1 449347c06a872bedf311046bca8d316bfba3830b
SHA256 6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64
SHA512 6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

MD5 00bf35778a90f9dfa68ce0d1a032d9b5
SHA1 de6a3d102de9a186e1585be14b49390dcb9605d6
SHA256 cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2
SHA512 342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

MD5 577b7286c7b05cecde9bea0a0d39740e
SHA1 144d97afe83738177a2dbe43994f14ec11e44b53
SHA256 983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824
SHA512 8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 619d6e5390b1390b5779b56514cdd64c
SHA1 d95df461fa68ac3332161e6aa0ce642e99280745
SHA256 bce11780eb4975ed98f1741a427417ce2b32474544934fc1fb6dc46ddfaa4cff
SHA512 70458db54afd07af728577b6555c1c588930f3dc74009727682df6965ad22cc15e5b60e210a9144824a949acc4aa29618731bb0cef67ee02ea150d2b0aa98584

memory/4596-13289-0x0000000000CE0000-0x0000000001192000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/12692-13324-0x00007FFA5FFF0000-0x00007FFA5FFF1000-memory.dmp

memory/12692-13323-0x00007FFA5FFE0000-0x00007FFA5FFE1000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Shared Dictionary\cache\index-dir\temp-index

MD5 5c1936192eccdaa43c2f072f295ef14e
SHA1 e6d3b1f698065068b914de17c43b5b7051cef293
SHA256 19507c796695710290c28622ddd484a0e1ee3d5297e51513dbbdfd8678ddf3d6
SHA512 ae0d1d8b54b597247f26b15c628ecb4725a9d9379d03d3ec04e456fe4926b762dbb4a8fa2471ad2d870c2ab19c8f51995133184daa15bdf285ac7a68d3fe7604

C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Program Files (x86)\Steam\config\config.vdf

MD5 6e6a2b18264504cc084caa3ad0bfc6ae
SHA1 b177d719bd3c1bc547d5c97937a584b8b7d57196
SHA256 f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53
SHA512 74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

C:\Program Files (x86)\Steam\config\config.vdf~RFe5bab40.TMP

MD5 3cdebc58a05cdd75f14e64fb0d971370
SHA1 edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe
SHA256 661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7
SHA512 289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

C:\Program Files (x86)\Steam\config\config.vdf

MD5 a2ec2e91c3ef8c42e22c4887d032b333
SHA1 e2c738a2e9400535b74e2263c7e7d1ecefe575f2
SHA256 8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3
SHA512 b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 893e715ab2cb6be5d89fd20539938400
SHA1 966a8cebae66635b7bb98a85000e86d6dfd72dec
SHA256 9c63b73c1df090cf5a9ba094b0928d472db85ef766de44d2bfaf7b1b31242068
SHA512 c8f08c2f066e86ba9716e0cd84c8dffef16104ca1231fba32fcf05a2ec842d646109baf968e54691cf84277b49ba50dfcca2af35493fba1a574ea0509b9283ec

C:\Program Files (x86)\Steam\config\config.vdf

MD5 551b380f9b72d9a9523b01a003e04c13
SHA1 2a0899a963bda6649a690731343afbd9b0c47181
SHA256 fb95a4e3d1f417a0d4fca9f6e900e8f55ebb98bdeb5c109b03f517278a6c1e0d
SHA512 432aa0c6a9200b5245a40533d9af6e03cc8381e23ccad129b0c22c421579d831b6c72eff29bc88e2031db6f57e7846e4f75de3abb2687508c975b202c4fbb094

memory/10644-13455-0x000000006EC60000-0x000000006FFA1000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000003

MD5 9fa060a599b0ee1912f2073ed59df3c8
SHA1 eaaeef616747d09506c6ed1d96901d2c8d1ad4e0
SHA256 7924474a8f327264982347dc932997ed49890ea4114925024ba678fba2d4e90c
SHA512 93837c0d1bf848ff603073bce6ac252f770a35fad094b294609682e11b04b463292c74c8440891e89741f28fa67a888ed6fdc1575fda99a3c2b6065ccc4e7b47

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000004

MD5 544a6e4b1b34c5132739a0d2ba39b18d
SHA1 683d474bf1ef4998ae5e37bdd219f34f15a12eb5
SHA256 369ca10d1b319a8fb94a6cd6143f4a524833faec18688d733508dd2c4f6db7e1
SHA512 efa73011d5933b27c23282e0e3caaaec3485d6db3b92212106fa6636b18365704904e7cc444a8b51d0e32d3a29c13e1bc2dc296214c492675b912de85824d4c3

memory/11000-13570-0x0000024147B20000-0x0000024147B21000-memory.dmp

memory/11000-13572-0x0000024147B20000-0x0000024147B21000-memory.dmp

memory/11000-13571-0x0000024147B20000-0x0000024147B21000-memory.dmp

memory/11000-13573-0x0000024147B20000-0x0000024147B21000-memory.dmp

memory/11000-13579-0x0000024147B20000-0x0000024147B21000-memory.dmp

memory/11000-13578-0x0000024147B20000-0x0000024147B21000-memory.dmp

memory/11000-13577-0x0000024147B20000-0x0000024147B21000-memory.dmp

memory/11000-13576-0x0000024147B20000-0x0000024147B21000-memory.dmp

memory/11000-13575-0x0000024147B20000-0x0000024147B21000-memory.dmp

memory/11000-13574-0x0000024147B20000-0x0000024147B21000-memory.dmp

memory/10644-13580-0x000000006EC60000-0x000000006FFA1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 20a29c71d35dcc37987e72885b925f75
SHA1 6510e44cc3c7e7f9eb35d37fab81b3b05109313f
SHA256 e89ec7196eadafb1a0452fee47bceb3f74fe0be31babb945f2ab1a8addf75329
SHA512 208412f208b2c778a970f620d626d4c632020285d7c76008e5a5aa83a13d2a6bb304de5567a70d2dfefa727412851087bab746ad1b7394570a2f71cf49388fe9

memory/10644-13593-0x000000006EC60000-0x000000006FFA1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ae3ff0bbc92e3861d80be4ddcb2f7a95
SHA1 a7cc332ab34189f275116c593ef12aca36ab65cc
SHA256 4ac85eb63c3abefe5a4d325a4586d241d8d132fd5975dbfd28ec4985719517c7
SHA512 31380e8b352dc0263de98461c45d29edd8d69fecb4107a213e6ecc845aca94a61702e5ccf5e9927e579487cca95af769b8de9a302a9bdd4eed81cd60dbcda115

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 a552c9c4feb0f594211322858904ab03
SHA1 0eb4bc3a101acae37bb825efb355b826ae9b555c
SHA256 31d89c945a76a16e401e4f999ebc39aa43d5bc529c91d1e9ab5f9048a6989ae6
SHA512 e4993bad407efe4fd7267635e61989c6d1c8e4aa72c2ad44b4e8e18df21ffbc6865dac6ad59de49dcb0c1c4aca9db269e13b7d09ed083858dbdebe1cb84fff35

C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

MD5 602c49f9246967bdcff45b4f43cf2fb0
SHA1 4c5796e0c724bbd7a9244cc8a0fc9e8f40181f2d
SHA256 a3ad9649c1038078038be1abd591cdba73b4b4f5cf30e11bb6cb7a432b746114
SHA512 2f273c0dd0127071f4c768cfe7277c6efff84c1ef4f4271c1326db3658c84261794b106af3198717f349fbaaaf276163700bbb50ae20fe52ed0a88a192d46f77

C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe5c3010.TMP

MD5 68b20851ccb9834d21fb32615e42bd43
SHA1 88fab935f0b9484994097c08f785e9ecb7d68127
SHA256 a954b528dd65ad6c4c2091fa32f17abdb7a49454ce88e10bb6c377734c70c26f
SHA512 dcb0771120c8fe35213d60e9abf4b242af807324759e3c99e9b2569c00a941d885d53ef6fadfe69e6b740e0b52a6008602605d643801190a2d29175a7d065e15

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 f8e6b18b052ab8bacccaa9891a577e78
SHA1 e4721e6cbbc0ee29f9c266cb126406d848de2f57
SHA256 718c4aaef80a66bdd40a8add985aecfa433eace33366d399bff080d164c25779
SHA512 6cbc39db66a6a32b10ab85fbc4bf6c93f981847e4d6cee728ee1fce945a63df5e9757108104c7cd39e520c96c457e9f8e47a16efa771260da9a98c54dbaf8ed4

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe5c302f.TMP

MD5 c1d4d7c1377092cf2c7484655cfe2014
SHA1 855c2fe50d31976ef532b3567332796f4bf0e5b2
SHA256 641835e765b99d90f34a072e82097a536323d16942a75e457691c4b6bf4b4ac6
SHA512 56c60a9d6f54160ce0d25ac6bebe26e561f9e7a2f73c86dea3f166d230af929802bb377ed778c9b8580a2b318b5123b204c51b59ff2818a17976a3cc63705413

memory/10644-13630-0x000000006EC60000-0x000000006FFA1000-memory.dmp

memory/10644-13631-0x000000006EC60000-0x000000006FFA1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9a6f6b150cc46665dde8a8f9d45653bb
SHA1 7c9b718f6d46c96bab47750dc2824fd6ac68a0a2
SHA256 35450633d0c70c2dd9294a6a56f4e524f859bd0dd516b9343561268ba0727c71
SHA512 edef23fda831ba3ba58c6663962c8ddd2efee2c521ba0bc5a32293befb52733004a71166a62dbefbecf418b6664c08f16786a140d7e6569a16b4ccbdd207c162

memory/10644-13652-0x000000006EC60000-0x000000006FFA1000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 f23b73c5bfaf6c970f4cbe93ece17406
SHA1 ea7c8757b13e0f6816625eb1323f8707aa90cfe3
SHA256 be88a9b351e09e272f2f5c026ca73156d83f7cc6ff0cc76401e3498e7ef1f34d
SHA512 446f4014be3255bc5eeb3a682be1b1cec7149809db0015f7a75118bf6b4920ee5f4a194a64fe02901e560fe28078fa814f137817dc425c4eab77d567b1de2755

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6b16b1bcb59ffcbad1a5cc4b7cffbc7c
SHA1 8c688e934659b3b14c6cdefaf1092b8609c73c81
SHA256 f192906d5cb35f3f15e534dfd4d3555882a31bff74d0f7d9e1442b9a2e26f65a
SHA512 27e0175299f829e2f768427a780dde071344f630a16b40340bef10e960dbfb4e3539f764fc476f839f29b4f4dd40197cff61a4b7917a09a5b1bd8b706cd719ba

memory/10644-13674-0x000000006EC60000-0x000000006FFA1000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

MD5 c53430e3d60aad647494eeeb6cc86d3d
SHA1 74321a54609c633cde288ef0653cd006dbe18c76
SHA256 135d0aa0b0373875adc45ba57827db846a7908f4662fde1b3fd76b2dbab71f83
SHA512 f5fd6090df428d621f5f99ca900ac984920878caec119d5b48102d8eea4caec1ea06f38f0e0cf9ce5259337d4c61cd111fdb10d60864ac79467838af8ea968d8

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5cb899.TMP

MD5 d61ad99d4962274173b48cd43b61b46b
SHA1 b2e643ff6c00242de0dcada24f4b36b79b1a1de2
SHA256 36d6a08a1b411212a99637d61448d6993ed1da0db1ce35444dc133afb3c330d5
SHA512 72a943e04d3656252f56328020c50bad7d194ae6612f7fefae00f47c236fc85f21819678b4e1aecab4ab5b7e1003898541da02f73b857028c50734999caf9da0

C:\Program Files (x86)\Steam\config\config.vdf

MD5 3594f1b0a67bdbdb342654d54a67ff04
SHA1 75c4186b4875d4b7e1a5b6dcb2f8daf59d79bf90
SHA256 ac7d81db97029f68a7b05cc5b5e2c5216ddc7925b803cf62e1fd7086cc5602d1
SHA512 f2d3f28c39e3906b3f43ac5b0daee8d5ed0125802df09728ad851351f66764ac6557bebd4020294a2ab4d71f34a5d0dcf76833be6f416271b58b2236730d4f8d

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 51a495c5f614aa14b797e59d8410c29b
SHA1 8fe294c0a29c92f5237e277c92bf93a41f74238d
SHA256 b32e7676ae0ca78c2c4efa23de3ad4e8896fb45944b2f41f5ddc820e3df17620
SHA512 c11fdc9bdad65ec45b25edfbc41ef81efb043d6af5f199deefc8da6ed53e4aac03e2152bf01bee79310f9f6bc0d3d77cb2e5c63a690655e5c042585d7f3c3f43

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 6e123610c29f767e9540270db3c11acb
SHA1 d45643a4cadf61ae8e5890fe235cbab3841b4140
SHA256 c69a9f6ead8e0edce69c0313eabf1b50cdb77de2d3e5b81b57081c130f87c80e
SHA512 ab430b7597b5e8cee69bc6fd3369568955130075c5d59975029fe815bbd5f511b49ef68bfaeeb8531f48d185841113027f3f196bb2515bee4fd9b469acb18c18

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5ccc21.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 93463f99c50cd04e9195f96f43df249a
SHA1 cd820506793335dbf3928f3092fc3710cd6c1651
SHA256 a549f0dafe55a32430eb083d9810f32ed0a4ce26e8430645d6ef473b5434f89a
SHA512 029f7d4ed8106165d9d107ca94c5a0c0ff28e23117f3c1fb53ad7a7c8396bb2e7b1d4d87b22a6c6192792478965924f48ae4eabff772ee8f084ad655ee0aa1e6

memory/10644-13741-0x000000006EC60000-0x000000006FFA1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 39ac47e05735228eba218d8903815f69
SHA1 042742c15b27ebefb5f05e206ba3da9abd9c8c6d
SHA256 493d75977e143694da7b6724fd52e03162b6f4eb9cbc18b3b639990241687257
SHA512 c67bc9aabed84e4e11928d433921051e5ca0ecd15a5af302a7f7c88de6e2db6b7df0383aafcf7b3fbd056f9eb1007fdaa5c27495992d0cd55d5c9dd5e20b7f26

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping10520_379772288\manifest.json

MD5 2ff237adbc218a4934a8b361bcd3428e
SHA1 efad279269d9372dcf9c65b8527792e2e9e6ca7d
SHA256 25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827
SHA512 bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping10520_379772288\LICENSE

MD5 f6719687bed7403612eaed0b191eb4a9
SHA1 dd03919750e45507743bd089a659e8efcefa7af1
SHA256 afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59
SHA512 dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

memory/10644-13790-0x000000006EC60000-0x000000006FFA1000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 eb8b518b235146c140c6f633481eda7c
SHA1 dd1625f06195875784bba6932e7962976ea78471
SHA256 3dd0fb435451581d88a2db495034e9a0bb9aaf58663aea74e20da02a3ed7a91d
SHA512 3b633834693104ba61ea368c91f0d7fb93a62070842bc1e23a1a96b76344b28926a3258b3d39a287b19144c17e5766f20857b0621952a29ae90a482f0f190b5f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e2192db4425b5f63cdf8417c19782a20
SHA1 470932d12f66ad1a0567c22e41561059b4b9a002
SHA256 48a9b17b82d424a7a39c7b3102b76ef098a3e494d967c49ced8ff4491bdb7f85
SHA512 a6fc9fd849e7584c66ea1417924bd9eb5b161a5f860c13193f0f57bd99310981f9c860dc182d011b0c4f3ab9b5a14693afc51c70cc7e88a420c78f40dbf373e3

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

MD5 bb28f16364e29eb2bcf76d8b8bf9b55f
SHA1 99845904efd777d98d0f343a466e9ac6ac44f055
SHA256 52fba44e37426472370006b2513d0ecba6c9f9b0295b704e396c6a76a0f82da0
SHA512 ab86664aebd70a5fbdc5c09af6a0b27fc334463fc86aa4b226b8ac575c57e7af1753c2c530df6da69bbfb43e1dccae40395a4c140dbfe96d629799ff12b61f12

memory/10644-13820-0x000000006EC60000-0x000000006FFA1000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 7dffc6002800e9b20cd92138b31be01c
SHA1 e61195b62f80871655d32d2ce147391aad0c6a77
SHA256 692d6e0051bee1f7dcdc50d6f81544c7eca3f99d501608c4a66517236c9078c2
SHA512 6968fa92e7f803d7b0dcdafd74d8cb42fe379d5d2181a0dd9d4af3bee029d55d8b38d40665b625acc9a3a19cacf15dcdb7120b5f90bd0240cf16d16da443e867

memory/10644-13830-0x000000006EC60000-0x000000006FFA1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ec70b9cbe770d598e0becd524809911a
SHA1 814dd377ee4ad857e7159ce0855cdedea167684e
SHA256 7675d6ce6632f0ccdfe8c58a8b67054953fce758ef94e3c5e27f174d2f2baf52
SHA512 c34672c8b60970158267d220ecc6f555ea9be8810f2ce947a53b5a2185b8b2cb246ba4fabf8697b05c8907cf0fa54c07e23a72403f1765dc3aae1b78002a81f5

memory/10644-13840-0x000000006EC60000-0x000000006FFA1000-memory.dmp

memory/2228-13843-0x0000023FEE9D0000-0x0000023FEE9D1000-memory.dmp

memory/2228-13842-0x0000023FEE9D0000-0x0000023FEE9D1000-memory.dmp

memory/2228-13841-0x0000023FEE9D0000-0x0000023FEE9D1000-memory.dmp

memory/2228-13850-0x0000023FEE9D0000-0x0000023FEE9D1000-memory.dmp

memory/2228-13852-0x0000023FEE9D0000-0x0000023FEE9D1000-memory.dmp

memory/2228-13849-0x0000023FEE9D0000-0x0000023FEE9D1000-memory.dmp

memory/2228-13848-0x0000023FEE9D0000-0x0000023FEE9D1000-memory.dmp

memory/2228-13847-0x0000023FEE9D0000-0x0000023FEE9D1000-memory.dmp

memory/2228-13851-0x0000023FEE9D0000-0x0000023FEE9D1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8cde8478d7f3b2f5f1e8a0dea9405ecc
SHA1 94b9d7987497845666041683c53175f65900d39c
SHA256 85dd968bbd33aa6b9ab433a55abefad78e9be955c33f9730e617d016dd545a3d
SHA512 c8062be6d3704c92d9350ec4f324cda972f5d7a7947708d93dfc24139d2979ab0987ab32c7e9b6455c963f175d99abf1a53f32fee1c0ddd45be7187d457c3680

memory/10644-13870-0x000000006EC60000-0x000000006FFA1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 82bd1cdefc8fddd34d8b4147801cee51
SHA1 1fde864158f97700f97df23dc2f7bf3121f65471
SHA256 b2848f9f36bf118f02af6fe73e3b763e1f591dfd04853ea312def20112caf159
SHA512 0dbcc67be8e457c3084386d5a8d50bc75df3af43cb5c54c7b63227b2252b491a19407b38ee42edb32291c2e692399d716185028a580687e1ec645dedb61c926c

memory/10644-13871-0x000000006EC60000-0x000000006FFA1000-memory.dmp

C:\Program Files (x86)\Steam\config\config.vdf

MD5 66f15870049addc792b8dc84ea033f1e
SHA1 8adccd8e05c55967f2d69303bec470d14b09b532
SHA256 427d6234621099dd4446ebabe9d7b8beb25c120d25ded1118d6b831551dc3492
SHA512 9e34b132380be3167aa6153c1263d26590acc8a3fef5b5c9ff9d5bbcbde7b59a2c9cf4780c107d6e83e442ecec692802441311927c81c2d9e7566bdf93276fad

memory/10644-13896-0x000000006EC60000-0x000000006FFA1000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 6e37b35236e3f113a8266e2dd6bbc340
SHA1 713a84ec3d84fb3ca10aefd25bed581d74c910aa
SHA256 424bec75738e96768ee25c455290235f1fd63c3eb1a37c2ebb2d7651e6999fd0
SHA512 7de267a353e50c614950bf21428beb0dcc96606f8fc879f2b821ad3b57f8a8d4be72b6f390dbc0a599b74f38396006b08677a1571cb1ff4631cffce5210e05a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 743c8f804079cc84784ca485211b4b9b
SHA1 e640afb1a92af159f29415e2be6bb27e9f48d7c7
SHA256 9165c2175e8b29bf0b667fdb3bfe6b1ceb215c3a0b382908c7b373f4512e2264
SHA512 94bd6fd4fc302162e394fb67e9aeb37f798a17e0e6090d1198e8a4095f7f3d54fe4eb520f2b50e74878b6e4b5f8bca35f0ba5d0783f83ad5eaf83ea378e9a450

memory/10644-13915-0x000000006EC60000-0x000000006FFA1000-memory.dmp

memory/10644-13916-0x000000006EC60000-0x000000006FFA1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 281e7b7af623e815351d86163dda8cb7
SHA1 9e5e76ebaa7f9833605feaaa00fd70495db2e9ff
SHA256 58c1ddc984244725756d80f7de1b73d19f81fab25fda35784a93677c3a330b60
SHA512 542503cac3dc2530db8328a98f38882613f60469e58d0e0f7bd69b8d1737697f46c9dbaf0cd1fac589445ebc8de4c736b6c61e9a145702a0ef67872afcabb20f

memory/10644-13926-0x000000006EC60000-0x000000006FFA1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 266605da42ce56cfcf19c77fe6ea9992
SHA1 9f29bddb01264a1781eb3347e39a8d54254bb6ce
SHA256 4e23695b3e980cd21639efb5cc893747c4657e8262e724c1f7c685576ef0ae86
SHA512 8e4ab22b74f024711e84a57a28d0f205b5d4cadf176a3c0552e971303d49a1fa1a5d3b623c7bb93cd335992739057b815bd39565473558d1f4ff681e05175d85

memory/10644-13936-0x000000006EC60000-0x000000006FFA1000-memory.dmp

memory/10644-13937-0x000000006EC60000-0x000000006FFA1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5352486b04a99f58e01a0c019a6a86c5
SHA1 21bd65c6fb2b12b31dfe84216f2ed0f1747855cd
SHA256 73559b27ee715880b45d7e9d498a4116851b55abcc7d4dff0afff26845b1eb7c
SHA512 ed50247ad9474afaa30ad12b8e464fe4bd97f4e0dc8da161bcfd112b09ccf30a09060bd245ef6e4bb2212974712808258d884cdf0eecadef05c22b0a8e083794

memory/10644-13947-0x000000006EC60000-0x000000006FFA1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c07f71dcc0bd5312364e96ed67752f85
SHA1 200dcba4fc26d12302fc31adbe5f29622153dc8a
SHA256 6bc9b5456cf4ce1d045c6b7320923e35c3a0cf337ad53b33480bc0f610d7e875
SHA512 76e900cbf65c1ecfcb00190f738382a9cd627ae1209bd4c08be8ddf1faf157d2eb06bd0249eed9f1a4bce070affbaed2db97c3695689c7f8a79c8232f10abd6c

C:\Program Files (x86)\Steam\config\config.vdf

MD5 4e70b4c562250a5287b6d0db8f2ab89d
SHA1 83fe2efddf73f4bb04b31514b2b1cbe5d95f1cfa
SHA256 99568fe26af0c22439b9308e4898c86154c0a86b9d3d9866d154a7caba833a16
SHA512 4a3f48976daeea2ad639bba2a5eefd97c8bb11f0615272974e48d7780d6e098b9d1f5a29cc75908e2b2bebb7afcb1f2178d95d3e5fa305516985fb440fea023c

memory/10644-13975-0x000000006EC60000-0x000000006FFA1000-memory.dmp

memory/10644-13976-0x000000006EC60000-0x000000006FFA1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c7339a8323c2284a0834c9faa198c53d
SHA1 f2bd83cbafb504c99ddb80fcead8a57b310b0f97
SHA256 952258fd211f1bdb1a1d7640f986adb8d7171a6de40c2adcddbde7f50fdc1b05
SHA512 c58d3888d1789c82c9f169905daedc3aa30ff86b0aef8e599ad31f346b72efb21bdcbd7008d32cb542ea8179f31f4e05bd7bec51cf375c88c26b74e067808fd0

memory/10644-13986-0x000000006EC60000-0x000000006FFA1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fd4d92d19dcc8e908a86990e92c0d42b
SHA1 10798bbd2297a70b8cf34b17f5b730b2985f1904
SHA256 94a8150b45150dc5e97ea58664e85f0895860cfe1950fe80dc59c0e374301898
SHA512 c745b509f44ae2a8a34ec0f141189841adc632cafef8da2883b14e8b5cd8b702cbdabbe3395ecf3df1ab2a160033f8db585a67572ca490cd70cbdf1b522323d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3dec3a74a431f4fb3b59ebdef2aa776e
SHA1 97fa2d1933fe949006dc6afd9c5b3c9054a75734
SHA256 e972b47e948c1e90fd4f8a8229377dcbaa6a07cdede503e94eae34c484243257
SHA512 457cd20fb43623c09fb1f532e7dab3df0fcb0234c2f961e4f5b63939f4ff247455dc602ca152047e0d1b0a3ee67c125d155efb55a5fa090c98119c86dd41a66d

memory/10644-14005-0x000000006EC60000-0x000000006FFA1000-memory.dmp

memory/10644-14006-0x000000006EC60000-0x000000006FFA1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 237965f1fa583e90bceda732243552cb
SHA1 a93a8687b7ff8b7ef291dfa674cdbf18dfcc3dc0
SHA256 f51bb774634160331e0b50abebfa4c2cd054d9c0c878d6387f6504e78eeb65c9
SHA512 7261729eccb5cfc12864d379aa99e64946e8b859ca9ba40350b59baa12e93a344974ff14dcbc038c6ea935c4a03d300aca841f247544ab760202322c1af80466

memory/10644-14016-0x000000006EC60000-0x000000006FFA1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2ee694123e754d2d59493a0502e57f41
SHA1 27b2be67472328aebde42d150f465bfdc1bfb6a3
SHA256 9b16c962ff41cb4f6aa0b46f45cd70799438ee4a7526d84b20e834da59634f72
SHA512 f59b47fad125294a5079350f7961d6fe26b8f1166d843f2912b496533ed6a3fc2a098019709cc36d4f09d1395f2a607b14abab9621c79fd380bc7a8207e317dc

memory/10644-14026-0x000000006EC60000-0x000000006FFA1000-memory.dmp

C:\Program Files (x86)\Steam\config\config.vdf

MD5 6aca741a9b691c26db03a3dffef43337
SHA1 afd507bc142f4b4a46911a7b6150458a2c3f502a
SHA256 99b9708dd1a01bfa7149b084b69ce0a937cdd34a3c4d1635488eed4fbaa94323
SHA512 f50de97e504cc55caebcc97fa3bea4fcb18cc6db23e2e41bbf5e12c1cb6dec32a281ed92b2978eff7a9566c1f6f84c4aad4cde8d1e2d815ad8fab42e7838f03f

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 32d9f513dfb6afae5d480fe73f67b1f1
SHA1 4bae5c41628118f2909ab5ee81edc7aa3a3913bd
SHA256 3b73a1a4a3651ae513a58fd2360cda9fa80a9859fa4fe1315f0d876725c13161
SHA512 081843f3fa2542181f18bcaa124052ee06fdebea890f281605c70ebdc6a349fb7df9eca183fa00585cc7c78099d0a75b79ebbef800682ecfc42fb6c6ec4b5f91

memory/10644-14055-0x000000006EC60000-0x000000006FFA1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 505edb0b9d9559b869a841f92d87dd71
SHA1 1d171be13c64927ab8246d2810f9d570f7614546
SHA256 a0c1f1ea1a59f9d417424a0ff599432f5a062299a4eadb3090bd4c711787f019
SHA512 c28342a3735bdbbbb6bcc98674c021c35340983f50bab7f1e57203b0d7763eb10167645033b9555aa7637b45802df2980e5593dc32a37ef3ea57e427792c5a27

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 4f56929cd408d5f8f0b98cc748816082
SHA1 4b150c4c9b6ff130b6411e90c6d271038732140d
SHA256 2f91cbf55775ec096fdb7dafb6176e4d1be8bd39462514c7a665c13243ebdc6e
SHA512 e769ea5ccf464dd98487814203716ea2ca9d90cbd0e54c9202d1d4adbc819f90542451283f8524a2205f8b69f1d5857e6dc0190b4dded14b26d0a176fd4e7658

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a26735bebb0a5f317bdde367239896c2
SHA1 b2b6bf36c4e3cae0e3f5abc9759080bc86a5e8ff
SHA256 12e8020adff9737428be5be52471fe70b659dcfbc75f07f39852d52feb13ce85
SHA512 2d0bc1c9cff5903af6ba87537d49425be0b64f344026067e35d8478f53c301c62d5ad475ccde30ee02a17f6295822e284296136625c983cd9c5e59107d226bd0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3f9070a046d8e2fdd7ea481b9c017f86
SHA1 51835662b53462799d606039a7d09e69a184204d
SHA256 ecb6590110c5b87f8b904c78636a914c6b3b857344910e5866e387cd0b8b2d26
SHA512 5fa06e9e52af1d4e402d0299b8901ded3f0eed37aa965fd62172ddd284070f1ed4d84aed590044743a88a61a16d5943280ed270a6608248db67d314d09ccaf4a

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 fd640a72f8b8f08f0c46b50fd4466580
SHA1 3637df52947758bf9bd65cb3d89fdddde5bd9d69
SHA256 7fdbdaf2be2b4e639f4349f4b5fe07317ba2f5db588788f78f1cb3baed38dee7
SHA512 1cd694451b3efee9fa34ca991bd905c8bdc77bddc1534c4e2ac7c5facd8dee3937169367f89cde1b41ce2b8f67eb8a0be7928828205180621e8f30bc14206467

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000013

MD5 3037c0077b941dc351df78fd549ac9fc
SHA1 7aa416ed095359fc1140b5fab3c55754650961bf
SHA256 72994185cb2873448f157cbf8cf0b6230abee6886060fdbf6d814be95e1e92a3
SHA512 27ed138b8cad4f3e1b768714a72c833dad25475ac5619fd74dfbee779683a6500e0b726d53c703d08a13983347a5dd472eafdd674c12857df058c0b775b6f61c

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 f6860a7ceb62d7185db1e37e09ae4182
SHA1 af2d4bf2e9ff5904961331fb5ee50528e5f6beed
SHA256 2e010396a1494bcee49bb3859b2889998d8c5932b10490a8a46bc5222965c421
SHA512 57679ce34b47f91881e0c866298c3d3648b85085fe17c04aead10b99eac195c7c8d6fbc67f36b498f80f3a7df0b3093271c3e248fe27ba25d48afb7e373dce0c

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\temp-index

MD5 6f4231b0297c91e9b2d425c8f2a377c3
SHA1 7283485cc09731f154ef0dd021f4206af1614c52
SHA256 158a1e534a0ac92c6af3516ab8a91353fa7e5dbfc525e765996061b37b18e523
SHA512 d5852b4b9d80a8ff412126a6c1dff0165c8851b2fedbb25c4182e3e4a6fab529099e76770a3032fcc2c0a36ffa1c91280cf228eb11dc64ec8f84335206a5fa24

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 42e017525ee6e8543b7a73a3ee362c50
SHA1 de4eab02321bf90b7ea4401eaee649a828757f0f
SHA256 d442f07698e8fc8ca7c22e9a6dc548394abbc32c05490536eea222fe2ca70c9e
SHA512 e01eebe0abd6ea11b79090ec05babe7276b9f824785f181d8e6162520b67a06646558642b8ab4ac36fb32f4fe22d5d49a5c95bfff42feb46aba17d9f08117f43

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 181f8a79df06cce5ec4f103ebf6e3213
SHA1 f5826e0163b502aef6c92015c72b0ee88380f07e
SHA256 71b143db96c80da98e2ea382711c763c51676a3437b2c9f951820bcf0afb8cdd
SHA512 28553e5c1d2b89f7043a79621c0c68c02ed97a6a3727d595390725d5440fdacce5223f700111c835bf95a2e63861bee19ed0c927f84921cbe227afb340033b5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7d129db4e3ccb6d8e7414065c05e3b45
SHA1 136629a71b9948df57bbc6c9b8c0ab565a72c43a
SHA256 822cf7a2df399fdf43de81274bac0031b4fa70012bfb9bc9881328d4262f34b0
SHA512 4f5394e222a59aaf2528e1767fe29c2dec94759f7df9ef1dd80719a8d101b6a0f1bdef665cfc0a6792824779db74495aea2094ccae47ca28069c42debbb5568c

C:\Program Files (x86)\Steam\config\config.vdf

MD5 b05ff1d012c0cae494f5468054b8a350
SHA1 177505956c200d6cc1b9139a3cf5c1f162a3dfad
SHA256 70c0fbd0c7d5f65918408ce1ec7b617acbaecf1f87408fca3b70201f1c831b61
SHA512 fa1f16455361c3dd12247e1899eeae60fa030ca99094360289ccdfbd448ced17c00472b4b1d2d9ccebe698cbbebc31aa29643186a1f2725fe2a99d69360aeb27

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 432310455fd8ad2799298b7bfbd273d0
SHA1 97ff9acfca286b77086edabf2c5b66aca4607312
SHA256 35f6749bcd4f9446234300e851431971924f640aafaf9318b598c315079b6616
SHA512 9d0f4fd0e43517583223b170a895359758e6edd768fa029ce4e12568c503630f4d244e931aa0cbfbf23834b8f203cc8519b34bcfa7622dce5a9c5ed2d96e1ead

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 46afcf3f8d68875560c0e569e6069c4a
SHA1 82be91d3948fd6cec7c7e241fd702bd984ad7c94
SHA256 77c0e266ab04b4bd2997159f861430d95278c232d97062ce661b0368e33a0f30
SHA512 07414f2b82158616ecd10cc1bc0a30ca9a477a7f7b06e5fc17653ca90556f8d0fe313fc78f73c7141af2234420ab438c7ce1d8569f83a7f580d61fa29a5c4fb9

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 b8c55a4ddb78a8cecbf83a9b52ae6fa9
SHA1 da0a3f4ea7b1249608bc439b2f137b1e76a2b419
SHA256 d79f72bc3ae60868aa128dea2299f154b27c4be187d9256173ba383fa91f88bd
SHA512 75c13c9316885ec7a8086a0f8e4a153136dfc0e7ac77aaa8e11d404edcbd0b1bebf62122e86c6d5462b822d715ef57b721fb5e767141282f8beea17b78d9f573

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 d9f7c14edc28798088b9c040d9890db2
SHA1 55b3f2d9b27b6449b81cfe7c5fd404b79f5acd96
SHA256 283ac92825ce30305a87b14cd5b2cfc5e1411ace6540f254d4fdd8807fdef13d
SHA512 2b0e3823135206f4cd9138f3b5b1ec1edb7f219abe46e82f4dd339edd64951e93cd01e7a103d6abe29e3901ad127ccf7d78923897d656792f646826cd63991a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8473c8ca11d1f88e6fd18bf1449b4554
SHA1 def6104f25d2f25b5b99b213b109b40108a5b0d1
SHA256 d3b3635589f15e9fd7456473225a826a3024f03f0065e82aeed3a808a8f331f2
SHA512 de573639d155f62892381c3df0c3c2b8b2a95290c3696da1ce58b95442b589756e2edae384d7876906c3c70a9e703de2dab6d7c8051c74982e89568a47feaca2

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 dab637c7e064480f739d329d3e576160
SHA1 e410f90baf0204501fc3aefb9280ca5b52364ca6
SHA256 cef7105bc2418e132facf03197c046d76cf070a01876b90c5697f1b3825d335f
SHA512 2ff325a7834c687ac1ce6e2f8147d87c0f4a2409e2e6b95d90b03d949a412aace40b527cea630987badd4e2939da6c1bb71742e677041773457f29888e5a631e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e419cb03d693ce91e407e696c7c5acff
SHA1 dbd5402c66a5bc72eb971134b8b7c6869075f2fa
SHA256 fa46832b3f7908c0551faa2e1b26f82ec0ff21704786e403e038df385fcca287
SHA512 6a29f0d8a373f0274e9f7e7495427dd470d7fddb9eb7a24994dbc6fdb5f4869984d739f874de7ca9909e3d69dbd9e1f8bea5430ddff8d4cd04ba67e8b28b0a31

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 ce54558487285e14cfa41b6150436c55
SHA1 049af65ac240d9bfcc1ea16f77174112f631af6c
SHA256 b232b2b9ef52d4801ebf2216f6fe6afb3026053f7dcf60f8d160211525a6f6bd
SHA512 69abd7eea46df82084ac74515e2b328535b6b46555ac068824815f0712222ba4bbdd2db64dbab88d6d1bbc070b9ba744cd5dfdc5f95d87b13c8cc9ea1606bce4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 02a4b762e84a74f9ee8a7d8ddd34fedb
SHA1 4a870e3bd7fd56235062789d780610f95e3b8785
SHA256 366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da
SHA512 19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5ff330b1-b76b-4b35-a293-790d12d7ae77.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 826c7cac03e3ae47bfe2a7e50281605e
SHA1 100fbea3e078edec43db48c3312fbbf83f11fca0
SHA256 239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab
SHA512 a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 72310b650cf8502ecf1fe27529328aa4
SHA1 1484bef54ae6a8ccc670f1eb139f24c726ae2d96
SHA256 3fb86db93ac1da71a35d0005350968ee69308cd06e03fdc43714735ab1ee43b4
SHA512 3a60afa6455041b504db5a88b099e388807852c0914bfde3a71411c858db49199c5e9e3f04536bf4d1f6180951288beec876ab766e2286d8a38cacb34aec7b88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 ef94e26e09fd6962f86f29c1c30f7447
SHA1 c574353d60b5973522a96fe726b0d26092167386
SHA256 2c3a7f1d3f5524c76c35942871974ee222eb012c65ec7f19d83c392f87b50847
SHA512 77abdad3b1f76fdd8eaa4cb3b2dcb9e5e0c00f46f25b52420e24129c4b178b34103329de52c15b130c3dec214c77e25eecbd2294855c1b3ca39936c8c94a5b26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 c9e90bc8ec6a09d8a69f4a4dc6fe8b6a
SHA1 f099ace175891bb8b81eea2595bf8de8027bec6b
SHA256 8fa6b37e750ce1df8e880691ea6dcd4aa922b55a722aa0b1df8ed6302aaf723e
SHA512 c4bda62806935165c94191234b8782408876f1336279a26d58ab3a75f41c51433ad24516c0354a8a047c1e743c4fbb8989938b6a1ff29ae0585b3fd08230a497

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 1cd9f819fae888ce4860b7f6093347f1
SHA1 04f78da120741f1198d595af811b2c42ca9d5406
SHA256 d90bde2cee49d26d93cc149da64ebfe3b57b6f391c1fe84c696a2d5e3f33b3ad
SHA512 2f7e22a0b36ed64c6be176f48f91663bbaca60d7a4ea862a6a81678fadc1d8df31c59a3266d1097654fb52345e0d2e292b8bf48e9497be9c3e3be89cf43bf90b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 fb8a686df2e4d5987c9e43e10b480df7
SHA1 bf85d7c64d6c23fb859989f0229c083aa857197c
SHA256 b6b6c978ff263141e66d878ec683c0092f651fb874a21556d921e62e6c7ad887
SHA512 e21e7287672434bfdeb7de3cc63bf98ebf923fc709941364f68a8fe4ff19259c7518ebef4aa1ae5218ae845450deff5d10dfcc114f562bceeb24b0244900ee57

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 47d88f0e30322831ac51429e321af624
SHA1 0a3a50ae8c9d61a6d96b872f91b4694187be0bcb
SHA256 ff066f3e1ab3028b7bf326825772da1a50d4c9bfe92ec0abcb52f17ed996482c
SHA512 416fa132223c396c6ec4ba581383ff0859ee02a7e73acca4836df0e8154600cc9cfa4249832d0370fc7c45232e0114994e7da36d094cd459a6f3c77be539cece

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 e13edde4a25e96e573f37bdd11e020aa
SHA1 84a0c3cc6cd74b149cc27de2b0fe48bc2acb70d2
SHA256 45b526e6aa5356b278aa37e67593a25d09c9653e8a0e71fb8e155111d3b7a515
SHA512 9ba4cce47994f949731e594538f56f423ee46a8e602fe922ab6e1d173b87831ae5a80d967d695fc45a08b25aef5c494518b43cde6b4709db690e904b2cc1c053

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 b507567f09861406425726176430b282
SHA1 ef31ff9a5a918797c76752018a667e29e415e580
SHA256 4390634070a440bead4ea3dc609984097da973983ac140b094149b4bbed1349f
SHA512 23e8a4e14a2a8608c817b88080fabce226ef7c280f5c87baa27780dc1307d60f75d215a91c3de6651f17e6df71219b3e51f2665ce9553c71f427a38e7c81d65b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 cc039445c6c92d32fb74a942a2876d71
SHA1 71cc9c01cf705b61ba163bceaa62651865ef5ee6
SHA256 1a71cffdaadd8f15a6268dfd76f3524409eb5fbad791ce30def403ea13a373a9
SHA512 1834c2c6d6529e69746be6ef8b441997a7e05b00303b10cd2dbc16b0d18cf89a6ead9fb943732f56f7f9b74e347b1bb889a71f08baee17b6b69afbc7350311ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 57613e143ff3dae10f282e84a066de28
SHA1 88756cc8c6db645b5f20aa17b14feefb4411c25f
SHA256 19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14
SHA512 94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 176bf12e62ad3ffb5490c848dadac7cb
SHA1 14eda27178b0fb84305b8d43cd8d0a1e3cb70d45
SHA256 0d73ca82feb846da33a99cc3193418d917fc973cbb290c94234c0e27f3da7bdd
SHA512 f15a03143846cc5255c0552bbcff6de07bfd19896051172edd655e62d04e16a9fad82af735ad9052d2db22326be7561d217c890896394d683a12a88689bf7c21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3e743fd9823104e11e085eea80fc2294
SHA1 2f8b1b33a755210b7dede07e06070b8ba1585b89
SHA256 6ec1f2f22fcb383ebe93043c8ffa9cbc252b0955e204c4e2aa1ef54c95bc0e5a
SHA512 6034582b51a05fec54a90750b836c3fbcf8a5295d56fb9042f68e0f043106a3177c6d496e04cf98e243219b8a933b63d10f641c6d0eb62e090819d9dbd5834cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8b4cfee836dabce374874cf25de8a42c
SHA1 fd5ba203092bbb4744686110666bbd0a0796801d
SHA256 9fbb4faf068900a7fee4a7d1d60b2a03bb3beacf1b28b8de713af4aafc6632a7
SHA512 e0a5f2af921e77b36b0ed8a38c30aa3a3db7d2f2263847df2cb215c20d4d9778d7aa3b15afb4b5cb39cdb40e81fd077616db5b4b4a0f87cd1905e061e00f930e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2dd2ceef-52a9-4fff-aece-f8197c9f6ae3.tmp

MD5 dd516f48efc1e18f39e2ad1045b683ea
SHA1 7066790367390fa6ad60dd4cfe5664db085cb410
SHA256 399740592f4bd953a3d452e7e098b8e5f703582d56cd4189a1361f801dfb0009
SHA512 edca86ab288b19a214f36f1401eb03daeab5e9833a8489a64d58df241aa90c9bcb7c60e351379fec15b06c52a2c965a8b0aa196e518cbaab38f25786db6d6975

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 137a7f5b1c90676589085d05601a5bca
SHA1 0cdf1409baa35aa32b368e3f6b03618701118507
SHA256 80ffd15c0e6a93cc0a87015bae9ddbd5cad788832c128c03dd890db3d386ee1f
SHA512 d04189aaa7683cd05067caf27dfafe20f3c91418d2c26d5154d867c5075d769fdf7f233cb6d4e8faf949af005629532d9b64ec6c4d8703776996d181bf20f17d

C:\Program Files (x86)\Steam\logs\cef_log.txt

MD5 e42a740db6f42779c38cfad382708f83
SHA1 50aecda95c7a1f259c5f281147dea8bfddaf263b
SHA256 8af339271371082bcc85c7b5480cdefd6f1aee36aeaa79230d17ad7b17205aa4
SHA512 07f2e874dc566990a082bfb822426134c2f2c7de927c24e08a5d478fe63bfe00a2dbb163c9c208dd4fdd59ee5f87ccdd06736c5d6151bdc61011a222a42c257f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 95115a1584a9f436e16c6d8c2347900e
SHA1 c8b4c4a60d86d7083fc76be33a7349220a4026e0
SHA256 41212819dbe0f75ef9a04425f5e03283b22856e334ad54176b9bbd83d1aa0f3b
SHA512 fe5cfe52fe9c8154938f0c1954dedfdf562de58ace46862171f3225b151330ce0c5bb2ac0723c6c96e3414092a8e4ca6e2e0b4c0b2b8f82c79f92cdba858cc62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 79e90b79849ab24f7077995c4e45f1d5
SHA1 3dae744f25bcaa1b690d61b789a8b1e58a790953
SHA256 3d2a7a2b6c89618f30d26fd5dac9ff7d52d6cf1d3651fd7aaa1d1229464b1507
SHA512 6169379e245102bc4b1ff74bc2c7cf356f24fdef55e5f3f8a7323da36f6ca92f1ec38bf230cacecc89c33e12e1b201de417a570a998f31cb281bed3ae8f8deb1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2a68e44212695262c6e38bd9c8ab9301
SHA1 e45ead2592d5e8f9dc92cf2a22ac11272a9e1333
SHA256 e201ee5b37c02833c25bc849628789b9ca388c4a63dfdf266199e9162a1d1939
SHA512 5e93b656cdf1ce6f2c520da0045efff307db533aafb09a21457cf33ca8733886f61cd596ee53976e1920af9a6d16c5619934975e05d2772acf711fc9bec360f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9610407b4ce110e0d78dd31ebd74c3df
SHA1 0ea037cad25784b39b9c93e8d24358f244350319
SHA256 580b5ae7407099c8c45b7f8317df04e9ea0ae4ff1d7508005ec8e9891354d4a8
SHA512 59a3c8991e25764d97e8d7dbec0dc7ebabf667bf17c635e991e0857412faa9c7fb76278ebd0c3c75fa2749426a6d2cc92f682d0007411274396d7a028406786d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4f9825afc4ba9b11bc7dc60a4e46c606
SHA1 1a163b6ef38957b33416cc155d3342c76a731ff3
SHA256 88b751e5d1f6cce29c29c4a1affa15946dd7169b8e15018e52e8658fdba0e73c
SHA512 e0f112401ce32f63e7f3c4d68772f16f07df585e8929da68779d3c3eebc68d533c52ca04bfa57644ec9fb1b87f7e58bebcd95a80fedb80b43e51a6b4792c19ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Guest Profile\Code Cache\wasm\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3a23422a4e7e532925858a1fbf290ece
SHA1 4664e34ce67c69dd52719a01b8fec889a856eae3
SHA256 565014ace25fdfbafe5886a0b0e5c292e067f80e935dad86dc604613f16b9242
SHA512 499d3af2b58947b3a7862b4dbf77dbff4dc04d6c02477f2091c21c97f1ad76082d771f0f9ee09d3bdfd4261169b670b4e0376e76f4511ab01de5c24dc1dc76d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 afdea07a0e070a6079e7e1f1f9fc78a7
SHA1 e48858d42a49db1b31ab431508d9175f26438119
SHA256 b2783fccbfefc18a159821b716e42eaa27578e05da1862c53172a91048d6012e
SHA512 698020063d256ef5b63585f5d205c2f7def4ef8ca3e433b23a5960fc66f0e27d8c5c45311653ebec06827c7af602a4d4d77a331ec36350c04ea6e9c7a79fbfdc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Guest Profile\Preferences

MD5 40ff6d522996e56c0f6c83b5d5f3c52f
SHA1 42c42c2a79b772916e96f21c359d9048e8a41755
SHA256 f89697d6d99e27a4f7f4064db8c5492c4cc980b80f8777f92e731df28510d880
SHA512 2c397158472a55aae689d06353bb5e9d8ba8117378499a14cf83a591e5f9100a9047fd81eb064a39df67bb78fef6d0aa7ed8f5e57d7f65244646d6be7454446d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Guest Profile\Preferences~RFe627ecf.TMP

MD5 9d08e04fc512792a0bf2b3a1a11ac35e
SHA1 dee5602963c5da8679bdceb41cb6b6f9d0108e31
SHA256 0530d952a30fda0dc2dc49471cbefe01d57aaaeae46878703b531b9e0cb90eca
SHA512 067de552dec7e599579a76f69b8e8149d07c333a45f8174552182a9f48be15ff540596c28a23282ea9230e70a36cbcb83f78de8ceb7d41fe522589e660ab0fac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bd77687182c2aa2853365e67551a9afa
SHA1 2abc9b9958f8aba829dce9cd9734407ebb31dd6f
SHA256 41dc1090034a730c5093bc6e530923e2915fd428859dcf40bb7c2f0f76dc5b38
SHA512 f83dd38b7e0686f525fa375590aa9044beebac0674b9b59428ffe0d1fd58e8f926a416a856a14a5912df916bbc8a7c264cfcdc147c9eba3333339dea143f7877

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 63e0b0aca6492966d824639bc8e410c1
SHA1 7113109d454129bbd04935f8f3eb33fd700b02f5
SHA256 be0fce03b5c2e877cdc9aa859123e5b36f9ebcb6f7a27784f0d678005cd53f1c
SHA512 f144d1737f2181cd67f71f9b2013697b9d168ba199616471ff8bafa7f6fc74b0abdfb4e7efe4a913e92e12a3ed58e4bd15902048ef2f1adf2219dac3ef95985b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2c7e59616fd7ed731271bcdaf6c33265
SHA1 c1e4541a11efda8dd0308ff0dee22381cca5de7d
SHA256 db1ac128f3803c751e1d7ee5708e8396e32d2c0c31648ff496a5fc599587c128
SHA512 82cbee20a5f5c8355b5b9bce7f1d001d0621be4b0d9d19b8f22cba4006604da9d7185097fde601418a1492d47b3804fd1f6c562e36576653c75c8198d50db320

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bc3a223edb3c612c1021d94dafc170ec
SHA1 63c3ca65a01655f36492000727ac015250e4dcf7
SHA256 e3c0b783850bdfacedd05bcd6cc237cb975178019bc4f4b31653861525113754
SHA512 8864ba88203f8223ad62acb8c8f6aa7f3132da429654f65439790b1bd623da6f5d01dfb5210e0f279cd0967d0ac2a63141e37c40244ecef9a918dd931d7c438d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 69beb1431668da45637722d42bcdd903
SHA1 d944c73c7544fdf9634fba04663b76fefbd16e5e
SHA256 36db8a675775bbcf62c6e7b73968e5b48fedf498f5ea6813ea2c4523b3356396
SHA512 69379503be49683363627c90c324f9c5c8516d975bb054c7155e63997d09488cb0f4b4a6ae2e8d7a4985284ea93bff85fc9e04b32922ac7824c6328d2ff454b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 55a673a5a2e5ca226d4f23592fc91793
SHA1 637339d5e344cdf77f630b45ffb738bb9c5f5a05
SHA256 a7b038616f87fd1c1edde57e19e14afe1603f6c043387982ffa1d6fcb6feb6ac
SHA512 d0f62b03d1900d8c6a68cca7656054617eb6819da3601afdd2f31dc2b3223cfba4ec62add31a98daefa83b89fd57c76058ce2beaa62859bbde9f0530652a5cee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4577a74529ff9580395391e07224cc7f
SHA1 50f647a3ae0e74e394301322d7d2d58adbeb1adf
SHA256 0eeed02550d7ea20ecf193e0b689d95699077983adab2852f6ae2fa0bb7ffb85
SHA512 dd7d52b241d8e49d8dba85fd9627668bf6ddcc945d4d0f8b730ff5d1522a9b721710e11ae71c69dd98c3cd0d626f7a7e7df1b43b38efb4bed3b6b80b0c02773a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 25cfec8b6a23e10b66283a92faae0787
SHA1 2bd15a3d62410ddde6921bb8a81f8026c45744b0
SHA256 19816152ee8cf5d11af4a88185db7a329b3b3d22b20cb2032b07bc4666d56a50
SHA512 f8b7f43d0c7fb52b5e728c044128768a7e8d306caa040b790b107018c888972267de9e6945c319f239541328311dfd296e6a2fed51335061dd267c77244ae87c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 02c95a7cce91e162d7a47e79dee5c931
SHA1 cd7b59221d7b30bba2b9a56b7e8bae5e31807440
SHA256 9f8649840cffaaf516c32526fb97c693eb84b8cf4828447c5dd866494b04623f
SHA512 ac5606c2435e356d0f91a31970a7620b83c217b0429e94feaa1ad842c8ccf126372959497090f24a9d2a6027ebd61706c9dc99f7cfd8a4bc81dc65d0c8a0fba5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 24393e2ccc4e7a164f062df993d27335
SHA1 c8f960244677439e72295d499440f295ae5be7c5
SHA256 3ecbdf289749ebf07b749a91eb3db3d1f8fc338e5cae2dae22730fb893736130
SHA512 a675af57b19197f17a1be1351c3cee6a291f23dc2614081bd7bd71adbe5eb0d191c4d50b295d43b3a002d48454a24ef9e4dc52510f2db54dcfe0c8e71948d10c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 d4586933fabd5754ef925c6e940472f4
SHA1 a77f36a596ef86e1ad10444b2679e1531995b553
SHA256 6e1c3edffec71a01e11e30aa359952213ac2f297c5014f36027f308a18df75d2
SHA512 6ce33a8da7730035fb6b67ed59f32029c3a94b0a5d7dc5aa58c9583820bb01ef59dd55c1c142f392e02da86c8699b2294aff2d7c0e4c3a59fce5f792c749c5ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 6e16a0e00a70defc9c40ae9ece97c9e5
SHA1 9772b4012ee94ed05356c98ba7e27e71283211d7
SHA256 82c83658c88de47b8e7da9904ca19299fc174763fcee974dd3c087b80b9bd532
SHA512 5e3984a7985a21d5644f5b579f32f408b28bfcb4de59764f403e4e10e08085e7b3f099748fa6e22180b6097edb4d8c20b676de182999155b13fdec4fae93367d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 aeafd491196dab8035b7ab772b227583
SHA1 f5e6679413bd1db32b111705a698c7da369b5dd5
SHA256 a7f840bbec7f5d42326dd2a1d578fabd9021e2c862180459a5a35befa2b5465b
SHA512 e5d5f4d537be2442e78a2aadeb8751f519dab3c1ca09a6f84d8ebd62c332e4f7e7f4d0c98012a47ad4b4bc246a33f44da32e034716a2f904642c527f626f5d0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a42ae80d664e671a38e8099d59a78663
SHA1 5b62d96b7ec94c119502b96b8cd9ca3d6b6aee83
SHA256 5e62cd3b4f3827248f014115d25ac9cdb941d20b0b84653a7fe1465f08b3efa2
SHA512 99ce04921e0adc5fa522a111570a17b92a4bd2137239211087d6431a3894ca02fd7381fffdbcf3275e25647fb28de07a38fb54a55b3fd97af0bf43bdc5ebbe8e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

MD5 a7a2f6dbe4e14a9267f786d0d5e06097
SHA1 5513aebb0bda58551acacbfc338d903316851a7b
SHA256 dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc
SHA512 aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe636576.TMP

MD5 f3cb44cd6d37b00ebd07908bf76f2a31
SHA1 42f1d6a7850012842e5e19938007f11dcf5b28ac
SHA256 105e96f7297df5c754ce582ff43207acbc1cc199f15fbe8dae227449384f3aeb
SHA512 d91ccafbbb4fe197ff1c55783ac839df337949ce0979c36ad42a8c2a281367cbdd21d39c605994f3a51c7c2ec8311a1124a04f63b1511aa29ee4010d1ecf9cd6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c924dd6c086a8be99fce263b4ca3d1ac
SHA1 8a4fd3d5868542afde5c99fb60004c7c6b190a7b
SHA256 5c61d18bd14a2de45e562ca3bdaad0049a089b33072dfbe69b90239827c88e28
SHA512 b2db85099f8f96cec2628e25ae08bc3d89b8893645630673baf3c164c8bdac20ee7bbcadff31db171e1782130744f1c282ff705d9c53eaae468e5a4bc7c5b129

C:\Users\Admin\Downloads\Unconfirmed 192247.crdownload

MD5 1b8ee61ddcfd1d425821d76ea54ca829
SHA1 f8daf2bea3d4a6bfc99455d69c3754054de3baa5
SHA256 dc0826657a005009f43bdc3a0933d08352f8b22b2b9b961697a2db6e9913e871
SHA512 75ba16ddc75564e84f5d248326908065942ad50631ec30d7952069caee15b8c5411a8802d25d38e9d80e042f1dde97a0326f4ab4f1c90f8e4b81396ca69c229a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8a70b513f590cbb9ffac527eb1430ef1
SHA1 ac25d6f6b012734668b5f905adc232407c5483aa
SHA256 2da93a06ad0ca7090c3f622b8d100dcb134d3a6e899c80b3da68a97f2f46d5b3
SHA512 1b2bfa8a2d7a03da3e9199289d6928493b4725405b362bb9e7500ab1b9ee8c8d73bf3ab5d1a5b82d34800e20b284a2024f794d1ea05ea95bcd6d19a0b14ad897

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1a39d9ce83f7a25feb1bc3b3d013b8d7
SHA1 a2b5e6163bba5d0936404cf096842b4303548e2e
SHA256 ce993ae9f3f0ad72b2b4bf2da4fa2c2711306f5786ec468855b72a62202adbe7
SHA512 cd0092b168f8bec8e9ce68bfa13b78c94389463eddd87d0c68a54daf95cbe1848a0c18a4d5b85533298a9adc13402c0613cb30c19e411bc4e2edfeb882de7fcb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b17296a20134f02afce77083e7c341fd
SHA1 36443b46a1149fe77d39df2c2cfec9db56e8f352
SHA256 4bd6498a43b26e0eadd6e006b0ce1ab4efc71a217119efdc19aa30852c9f1631
SHA512 d7aefd36e41860889f4b6a52ec8db754c096c90bdcdf6b4f403f7d928a752a25a606bf45d61c884a8b4b87270d5990c047865e975d6c06b9927e306dee284a32

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c1e5f6a074a3d4e1e21e423caddbaa40
SHA1 1c36fb378a272cfb5e03e66efe9de774c78f1381
SHA256 70d125b7cce507ced96ce0110a7afab21676b24d66151eaa713bb43cf9db3987
SHA512 5ad41692aa0d089dd34466c0cf503b279db1e78ade90a98f2c354b837c80a405e4eee4ab6b79d7d29252e694e9864d94037ad3746c4d8eeb6977b24e35e61646

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fcb682690ef96d295410fcc982e89b35
SHA1 a1840ac0a2eeebc528fd80664a92eff87c1a5691
SHA256 bfdd143c71caed21d6424f48f180f4d49154f51c44f4743b5ad69218639b8593
SHA512 c2ad9176283b70db992ab627eb7874f14c5f63d4a1d2fa2b30de6fca201bbc211ea0db7d8abe17f5297ab691fd5198001aebe834721e00934339abb3b19c9137

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f6213b2ae1e39206e77e06346142a087
SHA1 a42cf3e0027f4a9c27aa525aad5a52f76c1bddfb
SHA256 567801567b2e642903599aed864b0276d4d2a95b8774985ec13a3517884dfd37
SHA512 39b052f49abf5f8b36a0b6dde74dacf0b1ad37c6ce71b284d2d36a544a8d5a06e0e7285073b826d67e6bb28ee5bdf62fa4e4006a256074d26a4946bc1e363313

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 87c2b09a983584b04a63f3ff44064d64
SHA1 8796d5ef1ad1196309ef582cecef3ab95db27043
SHA256 d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512 df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000070

MD5 426c1d4aa7fe56b861314f187d0b4861
SHA1 3d37c109b681cc7ebff22a2c8f4a14c6cc5d692f
SHA256 e4fd1935c4541594e2e228e44c4d6b4beb95bdcd2d47037d9f24abbf7f51179c
SHA512 f586f08ab3db26090fe61f3daa4287e3e9b8fbeefabd9c8b88ad8ffcf456eb5bca7ac57a984ad6c96bad21e0ffcfcfe1f6a476688deeeaa75fcb831b6e4236e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 375c7f41c8d3cebbacd756f65d3b3c3c
SHA1 46c661efcf5c299e936c5869e9190b7804cc550a
SHA256 cbb0c69e0c24e46c9cc508c6912eb0c8bfc5d4c577b6b069050e5f60f892ccb7
SHA512 c26d51f5793ec9c2ee7503f358686d6c1a4a44efb130c1653c99c180dc94481921607bfc99304a38ed26e0b8bab60738e48257702bef80a23dbd3aa448b0e4a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 5f3c81d09c7b6028fa27eefe5a1511bc
SHA1 b91c0c84ad6de8db8abd24762045c21507c40cd7
SHA256 09b662ebd00a7c8c28abaa3dd5f61e84f2d3ede36b2b716aa5215b307f985d82
SHA512 0a7fb163eec8cb8ea3fed1755d43811c6ab32db5503aa65052dbb7cc1e26ec1fc88f36fab5c1cd6404a0b36901f1b62e7e94902433f39f582ca221678476b2ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 9f309ce7463cc38ded13626598f9c9ee
SHA1 1fa34958a5346b0fba21f5ee252269d0f5b2e96d
SHA256 16ca01bb60fb7bfe8b387aa353e00f96215ee415be25ad9c89b76cd1b49a3e3a
SHA512 1d198d3783eecf920d7fa23d3412411156f9a84e3c0a5918de2eb0e46d38da86381a81aec7c08bca7c4d81e2cd6e959522ffd717de413d7694295e0e1fa9565e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 aa1ba6a018081200f673133373409f2f
SHA1 b91c0277ac609bbb493bf14e5e80df318b32839d
SHA256 aa799901ae0a54f38ea56b1a3390da0b540a25b7847b0430ea2cc9dc1683cb9e
SHA512 916f226d0b2fed5bac3e16ee2b3ee7f1799a3b314b908c057e5d68f2268dc3ff247ecce18823c32f58b413d4d864bdcfb0a3ca513193f61a41a203e593b931e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 44d166b8b0bd3dfc449815dc1acda567
SHA1 0e216757ce7d958453f335ffbc94fddd7e5b41bf
SHA256 0d8407d223691ec7be2fa00698cc7b05ab57d4d65b51fc3bf72bd6c2ada3aaed
SHA512 5de1d65654ba596ad9882418168ce46b289b3f2354295182fd53db1a7054cef02e5019a677eec8e34167ee312076d6f04db65e203926ab61c6e94823167e8e9b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2c580292736338451544613a5f6c3bdc
SHA1 55acee3d2ed3d85f8836172b869c58446a7afd83
SHA256 8d5789914f0035f9a6930f4d456112040dad11ab8642a695ef1c5c882d3194b4
SHA512 d74c8d981b66f7fade301a8f1b27a228386086385c53b2e96c5ccac652fbf205a1dc9d7130c7f04a0503564f8833ccf2a29cc486e2f6642c72b64b35cb5d70b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c5b9c5f5cacf646acbfff0fdca9a30d2
SHA1 ad7c836a4eebb46f5c3f396b8e62de355b8e5dc7
SHA256 7c65445ca62a00547ed42b4c807923ee543a8df24bd628d8fb545abc7783f1cc
SHA512 bde7b77abf9817ac099a024ad30f0d55e1a619cb1b75ab751ffbb91f6098ece5ecd11387f24ba08bcfbbdfe22118171509c99c3af4206ba2318679c50f433774

memory/20020-15557-0x0000000000210000-0x0000000000386000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e7803d6e005940ebdc85ad911da95c0e
SHA1 6c6166fe4458253f64d682aad6084fb91df78527
SHA256 77f81b844e51210a36932b19c35525d37d1046e1d2bd0ce2f6d1e126f383497a
SHA512 35e4011a1501602e10e36c133c0b1b2e2089656d884bae5ec813da71ce641db7df9d2afab97b398073626cc096010a0db474f3d353f1196eaf3211ec4ce891be

C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\icudtl.dat

MD5 ffd67c1e24cb35dc109a24024b1ba7ec
SHA1 99f545bc396878c7a53e98a79017d9531af7c1f5
SHA256 9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92
SHA512 e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79

C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 bc9a218df5e5e6678369704d2946bbb1
SHA1 786c01ef7845bf0585a4197c270277fdc60c20ae
SHA256 d92988742e78078d4d8bb32250fac114df4cbccf58feb9c9acfadf74b4098ed6
SHA512 74755eaae967c540fd88ec9ecab2f8f7c3c1aad5d2cb7b3e6c431e91d1f26ef6bb1b58eeed9c00c8edb867adb3a679070767a8fea0bbb9d7b0a1989c6ef6b6dc

memory/20020-15759-0x0000000006F10000-0x0000000006F18000-memory.dmp

memory/20020-15760-0x0000000006F90000-0x0000000006FC8000-memory.dmp

memory/20020-15761-0x0000000006F70000-0x0000000006F7E000-memory.dmp

memory/21588-15778-0x0000000005440000-0x0000000005460000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

memory/20020-15844-0x0000000009C50000-0x0000000009CE2000-memory.dmp

C:\Users\Admin\AppData\Local\Discord\packages\RELEASES

MD5 1c7f193f8669d55cf67a923219d166b4
SHA1 c61b2c5f9af4d32c63b836e46e8c979c1894e0d3
SHA256 e3d4568e1405893a8fba71448ab98e6009972ee6a6a073d386875d7f35c4230e
SHA512 d2719883629564e73e15f3cd4eebbf4e6e8d85dce6803b03a3971754afe1dc6a3627592590661260fc4cbb1ce36ae9ce27742f3ebbd361f3b34a2bbcdcc626d4

C:\Users\Admin\AppData\Local\Discord\app.ico

MD5 084f9bc0136f779f82bea88b5c38a358
SHA1 64f210b7888e5474c3aabcb602d895d58929b451
SHA256 dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43
SHA512 65bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping23032_399708922\manifest.json

MD5 bbc03e9c7c5944e62efc9c660b7bd2b6
SHA1 83f161e3f49b64553709994b048d9f597cde3dc6
SHA256 6cce5ad8d496bc5179fa84af8afc568eeba980d8a75058c6380b64fb42298c28
SHA512 fb80f091468a299b5209acc30edaf2001d081c22c3b30aad422cbe6fea7e5fe36a67a8e000d5dd03a30c60c30391c85fa31f3931e804c351ab0a71e9a978cc0f

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping23032_399708922\Google.Widevine.CDM.dll

MD5 477c17b6448695110b4d227664aa3c48
SHA1 949ff1136e0971a0176f6adea8adcc0dd6030f22
SHA256 cb190e7d1b002a3050705580dd51eba895a19eb09620bdd48d63085d5d88031e
SHA512 1e267b01a78be40e7a02612b331b1d9291da8e4330dea10bf786acbc69f25e0baece45fb3bafe1f4389f420ebaa62373e4f035a45e34eada6f72c7c61d2302ed

C:\Users\Admin\AppData\Roaming\discord\component_crx_cache\neifaoindggfcjicffkgpmnlppeffabd_1.c900ba9a2d8318263fd43782ee6fd5fb50bad78bf0eb2c972b5922c458af45ed

MD5 f265d47475ffd3884329d92deefae504
SHA1 98c74386481f171b09cb9490281688392eefbfdd
SHA256 c900ba9a2d8318263fd43782ee6fd5fb50bad78bf0eb2c972b5922c458af45ed
SHA512 4fd27594c459fb1cd94a857be10f7d1d6216dbf202cd43e8a3fa395a268c72fc5f5c456c9cb314f2220d766af741db469c8bb106acbed419149a44a3b87619f1

C:\Users\Admin\AppData\Roaming\discord\MediaFoundationWidevineCdm\x64\1.0.2738.0\_metadata\verified_contents.json

MD5 3e839ba4da1ffce29a543c5756a19bdf
SHA1 d8d84ac06c3ba27ccef221c6f188042b741d2b91
SHA256 43daa4139d3ed90f4b4635bd4d32346eb8e8528d0d5332052fcda8f7860db729
SHA512 19b085a9cfec4d6f1b87cc6bbeeb6578f9cba014704d05c9114cfb0a33b2e7729ac67499048cb33823c884517cbbdc24aa0748a9bb65e9c67714e6116365f1ab

C:\Users\Admin\AppData\Roaming\discord\MediaFoundationWidevineCdm\x64\1.0.2738.0\manifest.fingerprint

MD5 d30a5bbc00f7334eede0795d147b2e80
SHA1 78f3a6995856854cad0c524884f74e182f9c3c57
SHA256 a08c1bc41de319392676c7389048d8b1c7424c4b74d2f6466bcf5732b8d86642
SHA512 dacf60e959c10a3499d55dc594454858343bf6a309f22d73bdee86b676d8d0ced10e86ac95ecd78e745e8805237121a25830301680bd12bfc7122a82a885ff4b

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping23032_757169869\_platform_specific\win_x64\widevinecdm.dll.sig

MD5 a19ec48b4b28f3aa9c32150dca8c0e39
SHA1 02981e40b643c2a987d47bf58f42b7f3ca5aaf07
SHA256 d363751b0ee48517da1b56c17ffcd78dd57f25b092b09879667db10338077621
SHA512 718a24e1fb45ab0fd3db5a5c45b0e0061d9061d8615e2a8d6db2150bf72267e96774094a6fc07a250d5bbbc5133a1cb635d8f7adc5b1751fa99327fce9555941

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping23032_757169869\_platform_specific\win_x64\widevinecdm.dll

MD5 9d76604a452d6fdad3cdad64dbdd68a1
SHA1 dc7e98ad3cf8d7be84f6b3074158b7196356675b
SHA256 eb98fa2cfe142976b33fc3e15cf38a391f079e01cf61a82577b15107a98dea02
SHA512 edd0c26c0b1323344eb89f315876e9deb460817fc7c52faedadad34732797dad0d73906f63f832e7c877a37db4b2907c071748edfad81ea4009685385e9e9137

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping23032_757169869\manifest.fingerprint

MD5 5bfbcc6e7aa3e9c1570c5c73f38fa8ea
SHA1 497bafa5658c6ce8c8010d12f104eebec7a1bae2
SHA256 84470096167ea43c0880b39fe44b42f552014e4f85b66805c2935c542ba3cb8e
SHA512 41bbed6cc317ff190189d63d6d5910d30e23a5160e5ff5f635ff408aab13452da8174556d7120db176701435a3329a93a7450583404d56c34a37b67f1a332edc

C:\Users\Admin\AppData\Roaming\discord\component_crx_cache\oimompecagnajdejgnnjijobebaeigek_1.567f5df81ea0c9bdcfb7221f0ea091893150f8c16e3012e4f0314ba3d43f1632

MD5 3db950b4014a955d2142621aaeecd826
SHA1 c2b728b05bc34b43d82379ac4ce6bdae77d27c51
SHA256 567f5df81ea0c9bdcfb7221f0ea091893150f8c16e3012e4f0314ba3d43f1632
SHA512 03105dcf804e4713b6ed7c281ad0343ac6d6eb2aed57a897c6a09515a8c7f3e06b344563e224365dc9159cfd8ed3ef665d6aec18cc07aaad66eed0dc4957dde3

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping23032_757169869\_metadata\verified_contents.json

MD5 98b310fc33843d771da0089fa155edb2
SHA1 5690a43f43673b947eb4c433cb4f5488a287e29c
SHA256 28f09a4af935d2894689cc00658d597257422caff20a01055efd8e78ad5e829f
SHA512 e76830974ea54c94e857179ca0da893e088034367ca5c33e71c1016b788e737d65ab49ad9a9e6feb85385b963af5c13db0a91e3f3072ac91600e91a1cea0ab6f

C:\Users\Admin\AppData\Local\Discord\download\b20346575ea70bfbc0bf53a9387d8967fe931f062fa6905b08ab8e97a195e273

MD5 5a93e4fb2f70429b653b42c7b20498f2
SHA1 c7e54d8367332d41c485a700e2d1373d1126e710
SHA256 b20346575ea70bfbc0bf53a9387d8967fe931f062fa6905b08ab8e97a195e273
SHA512 ade9b8b523579d22e99fd46bb26b1aeb9cccd025a2f6a3e380590c6835ed241152a04b3d20a50d40d663d158774412cd984bc391335ed2032d5274b3bd99cedc

C:\Users\Admin\AppData\Local\Discord\download\8d94b02abe8825fed1279db6f04a122170da21a4b69979b2ac6059d0549f7229

MD5 519429598ef8fd890679495d8ee35757
SHA1 687a4b8c91fdb1bd41f81009f2e02eaf74388696
SHA256 8d94b02abe8825fed1279db6f04a122170da21a4b69979b2ac6059d0549f7229
SHA512 c2510c4fbde24a32a637db4c28e27c1de8c9d497f99d6d8b5fa2fd8e9a921a05fbb9f6e5a8ebfd53e416e24ba6181185e640eac83d9a6dc22fef509789c99725

C:\Users\Admin\AppData\Local\Discord\download\285047857268662f852fa79ab4b2768778cbd5e71d8eef5b42ef829a2e9d5416

MD5 c17f202bfcf06e072fb23b3be6069e67
SHA1 f478890ed7f6253ccd4df02a41de1fbbf6ed368a
SHA256 285047857268662f852fa79ab4b2768778cbd5e71d8eef5b42ef829a2e9d5416
SHA512 15ef275e2b0a1ece46add7c49e842c392da5b5eb59e3cf5509867ce55c7c75e99e5db6e081dc02d1fc82c56c62dbb7684d5b5540676c1c36ac3a7d20f37db18c

C:\Users\Admin\AppData\Local\Discord\download\b72e02de5bd91de5a22950a866577a74cebd6c88664c807960d51db481bfd665

MD5 9f86a61691187bf1ac1f8ecb94547a07
SHA1 77455aa03efa0c431dc6b013ead3fd554dcce4cc
SHA256 b72e02de5bd91de5a22950a866577a74cebd6c88664c807960d51db481bfd665
SHA512 53ab674cc847133bd8998a100913f30233bc41835a1c13f03530cc0ba0c13dfb78d564782c10b4dce0c77b357b85d83b0821aecb720f965999cc43120785d333

C:\Users\Admin\AppData\Local\Discord\download\3a7f59ae65b3c1d00e475736431673a42058739ab3b190b949a4c324fc8a1f51

MD5 ec6ae27f7ec3893d746ec036a8caf992
SHA1 e12e8af1515f69fed984f1c96453078de3b2f050
SHA256 3a7f59ae65b3c1d00e475736431673a42058739ab3b190b949a4c324fc8a1f51
SHA512 03f5843b4e5ea5ee05d02b7eb9a717cc0e47058a07efd935f5b6960eddb9c6f520ef84caed0bee4843e70746fdf0d39ac3b4cbc936a1083a3d04b6170506904f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c0d2a5deeb0b2cf1c7876fdac88a92ef
SHA1 880fa6b4530cf0d7efacaf35c3938ec047eab929
SHA256 e4c8ddecc5b3053582130f8f00dd6f2d55e7ce9643a3e10812a12082c0c8eb75
SHA512 37a23ca21c9cf704639a769253bd53f92017370554a8360ba6c61c17449a6fd693c768bd834127f0f8ef57173bee116dd16b195ce0ffd8fbb1a3dbfc2dba834d

C:\Users\Admin\AppData\Local\Discord\packages\RELEASES

MD5 e0622464b2263d73178e43dd0cf69a7d
SHA1 dd34559a8716c54c90061c9c76763a8060e24613
SHA256 9b0443beb19e5a6ce9d763e1a7a367a7f08437e4c4431a1cf48d9686f9cc5098
SHA512 c7bb7e6b854d44aa985ee266c2e7cc50c8a2d038383db6ac64d9753e36617db70b7522a190832f34175615c0d2ab1a150748d4edd42bc0b7077d356d2c65942e

C:\Users\Admin\AppData\Local\Discord\download\695e93c472c5d266d8762f694919796478a99bd8237eacebf74dcf4a8757223f

MD5 ead0a28287db0e9cfa987b08b7a3c2e1
SHA1 3b4c53cf34b6cd10682f92393826eb3c8bf2c469
SHA256 695e93c472c5d266d8762f694919796478a99bd8237eacebf74dcf4a8757223f
SHA512 08e5999fc509a92e2157815d70e3ec32e6508577d7b5f239933351c40776c108a9f0a0683d89f389eeed4a2729b99813a6d938b8702f5cb7717bb711c06aad84

C:\Users\Admin\AppData\Local\Discord\download\802d16dc0f84eb8492d310ff005beece72d3b7283c7b17412a73739a1fa03124

MD5 85f95ea1f67f0530f47e0783a72e9153
SHA1 458399216284213211866ce894777d064d957845
SHA256 802d16dc0f84eb8492d310ff005beece72d3b7283c7b17412a73739a1fa03124
SHA512 b9a3c5b6ae13ab812940b719e35e67065535b522443b7b1952e3345b385ee50f336ca8c307d495c07caa41968ff1e5b3f43f690c3453d1353c3906a3e59d888e

C:\Users\Admin\AppData\Local\Discord\download\b535d4c4e962bf74c2adee1fa43a9096ede785d68efb9fb2f1a336c1489f544f

MD5 aadd70c3721f3c4aa028534ad3ff0c56
SHA1 996d5a08ffc218f43f4b45b90e9005f0908ac600
SHA256 b535d4c4e962bf74c2adee1fa43a9096ede785d68efb9fb2f1a336c1489f544f
SHA512 827354b6fb3e37c21763166652961752b7b45e18cc29922fb3b8771d0098f045f1c4f32bcd8e813e385cc47080f395c5c1c78132cb2ac668ae7d641c4e6195df

C:\Users\Admin\AppData\Local\Discord\download\7135dc86981262b5463f2781a07a2ccf6d347b81d18a6585db1ca5e18d07f56f

MD5 027c21b569ce819e538b0e1ce20274dd
SHA1 171323c5460619cb88c0eb32c3a801ce9fd37f14
SHA256 7135dc86981262b5463f2781a07a2ccf6d347b81d18a6585db1ca5e18d07f56f
SHA512 1199cdf05d65dc255cb371cbbb73e5898802f84737b385bffdc900280c59ba9df1b33d55e3dbc2e11966b42147923bf8daa938eed0d5b61eed17cc12ac7b1c20

C:\Users\Admin\AppData\Local\Discord\download\4947e8789d12aa99e52189de11cce94c12071e974b19fbf0303cebdd35697cce

MD5 ddec8ff93f8cf72ccd37083a6f716b5f
SHA1 85148db24ba6b18d202381b0dc80547c79ef2c68
SHA256 4947e8789d12aa99e52189de11cce94c12071e974b19fbf0303cebdd35697cce
SHA512 fc5626c52064799c3050a73080daa9cacf9ac1ab0ded58ccd079b76e24afb6b8106f531e0553c52168adbbebdd2dde44165fa3ae077a8716d6c5e7552d44cc4f

C:\Users\Admin\AppData\Local\Discord\download\bb978c1e5a86fe89cd4b93d01d8f9ac8859113e7117aca538e10f6ff15472024

MD5 967a9770f0a950275e45f47389741502
SHA1 ce9352e62eb36c280770f64fc602fad38218a139
SHA256 bb978c1e5a86fe89cd4b93d01d8f9ac8859113e7117aca538e10f6ff15472024
SHA512 e0ec252c275822055b53a2cd80a1213a259a53e4adbfdf81b41141fc75cf41f6a7f9439e4fbd49b2dcedfad7504b3991d2ddc21d636091b9ba3810923d3bf2f3

C:\Users\Admin\AppData\Roaming\discord\Preferences

MD5 56dea1c278e20176d73dcf0fc0d29283
SHA1 c2218e67dfc27804842a2654f61eb1bedfb66644
SHA256 2df78323b8220b73b7ef1231335f8c447fb3bcdc7b567e8b316176e2580a2503
SHA512 99ca7f7ea1700660d2b05a4c31763843ddcc47577239f350e03abab98c8c505479dc6b200c5f25e9eac9554681e85f5fd364d457d13d9f94fe57e3c0d315e1f3

C:\Users\Admin\AppData\Roaming\discord\Local State

MD5 75cfda5e1a099e88297e102fc6d361b2
SHA1 4a16a719987de7a109ba458605886d667fa61d6e
SHA256 5a716bb5ecdfc85e79eb396d5c72a323ff2bfc2e397b84153576bb26c6a7b41e
SHA512 e9a33b645164147a79d4b8992b1db74f1cb1d0ca011751e798c6af22e870b82a329c69c360459d482ac37c2ffe585dc7d5a3a05ac81b6e855b9d254f1e90571e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 86235b5a657c7552bc3756e084e5e446
SHA1 e1eab22f8110f03152c78e03fa19347b417507e4
SHA256 1b850c834606bdc26fa5ec11f0b132231655cf1db24a8bc6e71a98346b3b0d33
SHA512 a4ecf9d08a29cb372148beff4e4ece969b5a78713d5e36750231862658a5d0f4287cebf1ab67f74d0459f00f95ffed3961762d4fb603462e41d191616e7517eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 01451050468e94373d45a5808a86d6a5
SHA1 adfe94988a7fb026776d5ed95a8199536a9da911
SHA256 30ec92905e2705875ee6668c761f9f0fb4b5e1e67af42fdec513f847b4dfe229
SHA512 44a3230da39bfcbd2ddc5de94cdbd97c6249b65720f6f8b2515a3dc4ce142220b0758e8dc490451323569bbf9090fee97157493aa08d8329d7b123c82cdae12f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 844de026da9375ef40dd141ffc66d416
SHA1 f396d84929bc7e781bb58e43bdd84e2e453ce5b0
SHA256 05a4ef0a432c7a83acc642ae5be90ca8846fd114b9d09ab43f26367dcf85b821
SHA512 5a4c3690c8814c37b47cff1028dee8a873a67e2c77967a61648ed50e9812ae181c882dbec640c8f723194cc8cb74e2d2f16d6637c925ab021c3c5572cd104782

C:\Users\Admin\AppData\Local\Discord\download\e59709e28f2ea558d6062fa3828d6ee5d95c08ca98cfb0ce5966aba9dc37e757

MD5 930ed5b99ee2d0326e3af3c64dc7d20d
SHA1 effc00dce13bbed3c3bcc0f14cd2d40c21afd98f
SHA256 e59709e28f2ea558d6062fa3828d6ee5d95c08ca98cfb0ce5966aba9dc37e757
SHA512 1555091f773379d9c52982bf79149c1adf558c7f84268774c97f7f325f704b114cc05d3f2e166fa7f7d266b874f88f20e78f517dbf1d9b356374988f6a3a15c8

C:\Users\Admin\AppData\Roaming\discord\Cache\Cache_Data\f_000006

MD5 ff5eccde83f118cea0224ebbb9dc3179
SHA1 0ad305614c46bdb6b7bb3445c2430e12aecee879
SHA256 13da02ce62b1a388a7c8d6f3bd286fe774ee2b91ac63d281523e80b2a8a063bc
SHA512 03dc88f429dd72d9433605c7c0f5659ad8d72f222da0bb6bf03b46f4a509b17ec2181af5db180c2f6d11c02f39a871c651be82e28fb5859037e1bbf6a7a20f6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 12101642f71480f78f3ad4cc27f70a99
SHA1 b1f05f08a9569b12cf9a44b06b333afc6e3b301e
SHA256 edefe79f8a9358ae3b0cb26f99bf14e085051a14ad9f2703decfc11e58c1b3b6
SHA512 34e63345c82462afdabb204c21ae36b802b36c37069a9033540719ed23a82e74719e74ac863eae40b693f10ac3e3a6a332c22388249787e70acf8c6afa5beb2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b767e0457860e4eaba7ac3ee402c8055
SHA1 81ae9376ec89bff0e673b1847b1363e3787e3e92
SHA256 6e2b813a24b8841b309f3f781b5fd8bfbe267feed5b4c66a7773559e3380e097
SHA512 c18b6fee714ffd6442c6469fa4260628a56bd617138a95786d34ed2f88beaf05d764ef665a1ed8de3af4012f9e3635c8d57d20ce2b2dd63724b0078e7a68162a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3216799698251b873672c3e357dd5250
SHA1 b185ad2800e4eefc3390d180d3ce6d97063c04d4
SHA256 c1468c3ed3b84035c15ff773e48a6d5bbcabe5bbf11fb6acbe8b1157948185c7
SHA512 c1fb78de0495f0cefb4e07984de5d49eb467b86d82eabb566a7b87452d684a467ca78bd1447a897ae8d0e1a5cbf2c2bc0ddf054a28e8666569963b2d7042195a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1ba0e4ee768a0f681f46fa04c596203f
SHA1 6431819fb8b5c034e7070920c5301405983a5d71
SHA256 3875c98f97218fc1f46a6505e2376dab816901b633c48ff3837842688de31c16
SHA512 1de726c3d35acf755687525ea4275732b4794cf0972dcba84d1b7b3234b486f751e15e1ca010ff2c3e17e516aba72b4759fb8c04afec8188ad67d3f33674d004

C:\Users\Admin\AppData\Roaming\discord\logs\renderer_js.log

MD5 c148b802bee604d5fc5018b85683efaa
SHA1 9e95f8df707a67bfa7f8096159334dba5fd99668
SHA256 b5741c41a2a03783bb8d1867617fbf9b25c87ca574d1265b547582e4afe5b5cb
SHA512 69f801e1b1dd2a856fb9fd55831ca65234a7d23e472207a4270038515c197767764182d3e539564bd93cdcc7b9dfc36bf7d0eaf64ae656f404e506c747039b09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ac33e86c196c2f3e644e6cf860d9f9c1
SHA1 37e3cb4f1b2aa74f6278bae687a7d0687ad381d2
SHA256 b6a5c6e6f0f188716868f48bc137cddf73925ce093bb975e9eb205937a55d28a
SHA512 23614d3b789b170cef3d1ceb2fea576c0c71ffd44f4d370dfc44684374cffe0562c8f9a2959bb21f76948c876edef0cddc21e0bbf2dc3bdd904a15519608a466

C:\Users\Admin\AppData\Roaming\discord\Code Cache\js\index-dir\the-real-index

MD5 1ebdb0a65430e9a055acf1dd4fafe4a0
SHA1 62243ce3d6950dbefed8b9cba82f68a174bef846
SHA256 7635454a21d045f926b1e91fe81605da69a2c9eb41bbeb25f46c48b11e882a19
SHA512 e9f46ba1507ff7b692c4f03a5b14579da978184967f06de0f50cd5b8b6326eef5f0a66b2b7cff79023d0805a4796d10bbff3973158c9567217962b00232f0c32

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 47e4df4f422fdf1b950dc7e95914e4eb
SHA1 98d67579e2c529015815449a93c7e582ad78b288
SHA256 5f137d21f93aff082977af81c75dcb88edd6a9a9088e717e604bd5b2d3f7886a
SHA512 a8bb24bb4e2349864858fb751ac0e87d3bd1bff7b428bbef9f38813828729466d044b395d298cb8ccca969d9328d6a3ab2825dff488b0cbec57fcc6bbf0c98cc

C:\Users\Admin\AppData\Local\Discord\download\a4fd4a4e7ad9396f47ab624e6cc7915776860c14266de4f708199699069b900d

MD5 d4ecc95f517683e4b1cf653fa2fea916
SHA1 a571d39e8a5ef68584eef324f092651ed5359c56
SHA256 a4fd4a4e7ad9396f47ab624e6cc7915776860c14266de4f708199699069b900d
SHA512 4d355c0460a67e76710043c575f6fe1434c5e9ed079bf67be1ea7f4a31e9b13839ff80e71ba31a039faf1b71d713a025879a0fc249ed8bc5b82354807c58249f

C:\Users\Admin\AppData\Local\Discord\download\0023e68388147f7802321cab39d44c1fc4f752f84516112cdbd36baacba1c15b

MD5 4fed8b50f643dbfca0e9e4dd5837d8b2
SHA1 ea69530829c607223ecadb19533ab9d9adb28ebc
SHA256 0023e68388147f7802321cab39d44c1fc4f752f84516112cdbd36baacba1c15b
SHA512 d6bc909ded97f3032cd8cc4d8cedce5e4bda3de987ee4d3721c3f3ca9fedc42affa7678eba8710adad2c97f4e233192b7bccba9b1f8c107bb06a03484dc0abea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 419560c837a17ff39f83c4830b5b16e0
SHA1 118da4463c55547e7a2d593ce839af7d90fb23cf
SHA256 06ea98766da2ca4c0c910915d669fbd80eeeedce22d46f5b50a42820be12561e
SHA512 571725d5f50cb48d8992e4e499f97f89ef59bdd64a2f4ebfbc1ba782de5c145a7d9f3d4b8ac6704e1c800190a74b4456489bc6ef8c30fa09be88bd7113ba9590

C:\Users\Admin\AppData\Roaming\discord\Cache\Cache_Data\f_00000a

MD5 7cf1be7696bf689b97230262eade8ad8
SHA1 8eb128f9e3cf364c2fd380eefaa6397f245a1c82
SHA256 a981989aee5d4479ffadf550d9ecff24a4ac829483e3e55c07da3491f84b12ba
SHA512 7d7c7dc08001079d93ef447122dee49abd2b7a84d1619a055ff3e7ec0009261ab6add018560bfd82ed22b29c1915bfd059f02cd83fed2e15e9af05a5d0654e06

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 a107c41dc4498f07cdda9ba4d31b276c
SHA1 1ebae0d88cc1e6cf1a3cf7a8ecc61bf8b4cdaaef
SHA256 07d5787ff076d68b75923839bf4e1a023cead540d85a1c18df51881bc19edb60
SHA512 8e0875ad0cd184b8952af69adfd3c3299628eb6faff71907192a0d4f0f4eb9274b4977eaf2223ef2ebf9fa09de6fe94eec8a65b33ab3a02440aa34a6ab54ac45

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity~RFe65631b.TMP

MD5 0769557501a531fd1e7a85a8b2e6de57
SHA1 cc1fc093c2ba8f1b61f3405c4f5ae14ead1a9fa9
SHA256 0edb54e27305e2daa3abf3e1871f22397e57974a20aa2d188e008e9efc03862c
SHA512 3e82422a2177c2215c1b6b7e9da851411f9fde87efdeb0f073d86143a475d5f0df0b5daaf9509c4604f60df4f2b834294f6677f339b7ce6dc794d40e90186d17

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 b3783d5fa786364ef584166f1787d949
SHA1 e355c0c8c1ecc8eadebe5db99ce51ae8148f6041
SHA256 f6faea19c5289e5b375bdfe8c951a5689d0fe67867c82ff6bb32425ffc71e1c3
SHA512 90a0196fd100be10092b73c6d161fe14153d5f25da7aa37d4ab8ab89c9c71d0ad3ee9af2c0eed98d9fb3cccae787f82de8f5428c0907b226a263dfa081a9aebd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 66595a882f61a5b0b19e6d4eda37c9b8
SHA1 4e2e4bfa26d4c11aa7f3beec9c0f1a01cc97e0c8
SHA256 1c2aed4e5b5e02422cd81e1f88521285577647459bcc1f4d75e4d7347d17be90
SHA512 0b18c07622221e34f2711c92c2e00e16458a7976319bfbe63bb1c9819c08cf7ffe005c9dbf4811e4717d4f7bcf3b8b71309b882c9b5259f26e0da72518771e74

C:\Users\Admin\AppData\Roaming\discord\Local State

MD5 579ae0812509ac607a0b0978b46958ae
SHA1 ff91e030f10f64b92dc25fd2808fdbacb3a5bae1
SHA256 300210dc2ee6977d0c220b8a7f151c175d9e8c568b7e38bc2972fb5d0b33f724
SHA512 a41cac23a308e17af9868bf5ad81ebe54d3aa2d198930fc2d2fbc6d145c82308a79a4e761dd3aa2dea658b1dcad8fe90a79943f7eab63ac5e2f1daae2841326a

C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

MD5 3d12c86525b64cff32fe1f02479525e2
SHA1 40a4ebea095eef3d65002e68c3e5bfb1a599f409
SHA256 db668d03d5b3ae768662cdc4e73f1b40e98fce55b66c60c0fc71195aec2574b6
SHA512 617398e5c9376b2c99586551c75b4fd46e2b9ae0471a5e7cb882c8448167d01172773134a27928cf77e82479bfdff2c87aa34a1455d61fdc196210bf2a5a77c7

C:\Users\Admin\AppData\Roaming\discord\Code Cache\js\index-dir\the-real-index

MD5 aad8f4e777628f9c794ec5e8b1f38098
SHA1 3d6ff4d8ad30bae2b01c8c9503c98d0168125877
SHA256 5dc204926bc26c42369ae9f3f0867b8dffdec09ff68f0a5672820d03acc80fc2
SHA512 ddbad5e2ccc177acc81a2479edc496c89ffa47c4309dd0f962a8652e57bdbe773d5ca342880a5b7ba891e3eb105d25a562a65fb51e11c0f76b6b38f79d0ef729

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c1fa97f94ec5fa42b0e5c5629b6a1f65
SHA1 c3912343e5d510616b53cd5847f16b980e2861bc
SHA256 646d9f09473c85220745f920ef05cf242bd71098fe9782c936f8b5b3a37a2044
SHA512 37cb5129dbb902f9f0c5e5792a5b41e59c4c256e0a84e5cb5cf16da0c332e78fe746164124eab29e4d5abc1f99ebfd37ccf18d1bb278f5078a26e39817e848ff

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 aeda5f249e1d330f9324f0a540cc6859
SHA1 e4eb81847005637a1c2eba7a028a762b4d68c39f
SHA256 c7aa04362a7707b4b825a232eebd61af1b5273b682ae27f6433d3975128a431f
SHA512 3f7df4d1930ba7428c0232ccb62a882ce8ef97042b4cf6bf3cd348c5cefd3f55dde777a41f9838c782303d4e7f86fd415fda1a328f02f65389a602b2430a1586

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 920b31b671c0e2146b269f67c15c4775
SHA1 d3f8eaa7edac2a2b9eabcd64e94d9163d3193b16
SHA256 fb6fdad1af2b69d4152e513d8a693fb09276403cb474e893a3a4f4994faa6c57
SHA512 e471fa75481314c0fba9dc2e48b0ce69b37288c031612122a7f19fb101be0e58ec7feaaf4bd56cdd3c4a4a470e1f8aa3c4d7c3b5bfa448a5baa9868c020aa2a5

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 2a45c80cc95ab3248fd5111f1737a907
SHA1 7a6f6206a3309ee84df8c1a34a030d4cba2d9310
SHA256 c2d8beacb1cd41b494f4202a9384c74599bfdb92e1465add46c4e048923524c7
SHA512 31c1202ebe6dd3949a416c0811f885c28e31fdf5cb885399a7a8e0cfec32f738efeae471544e4ca4065e9d99f7bca67ef71ca770f7b3fda7f5b9e67cc20eb6dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6f4f86150b585cfc82ec1fdd90d169a5
SHA1 05f09c5669f8f6a8a6fbca6611b74014adab377c
SHA256 384b7f332826ddc4270fbfc01e4eff7f5ade5b5a2b2bb2103709e70263490bed
SHA512 3572cd9bdf35d5c431c5fb39dad776bfb1d5bbe2f21be3005fcd0dbf370837fd5b562bcfa9356b6786e2bf6e8d1103288bcca5b1e9cf0e5b06a183ab7b8617f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e5f880f670352f674b240a3dcb3154fc
SHA1 f39aedfcc0029030724825d795ba3260b5e0e3b7
SHA256 f0869c44471f623de361852f7dfd0501a1645139414b11ada90b4b024f824f81
SHA512 1d6dbc9b4ee873ecdcee6b7bd432f2ca84ed38fb3fb0f67b7e0f10c4231c16f7efb96c215f490f2311686bf890c74e075692bba77f79a97c8caff149cd99d3ec

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 3a9c873096ace463e70109e2d3cc412c
SHA1 eb3362bced5e5f643724f5e40b12b9b6df696ae4
SHA256 1253eeefffe6e2986ba4fef1e0f06f76a0417239b824a8fd9afa70e63652143e
SHA512 950e9062841dc72aed3f116958fd877506871f8a1688e736c42a7f038db4756c728d2fce684147e94916bc6a090571d12be555ae68243ac13933c28866d5e182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2811cc86faf41caa331ba7f2027e30c4
SHA1 a50214480cac21afdd6c9494807f5f83e7c657c9
SHA256 872f024276f25e89e7d6549614d075b95d7248371119445ade7c761112134120
SHA512 7045b200480cee36e005cb0a341ccfdc8f022ba24ee36504ac45abf462b8e7883feab0ff9aead7d557995f47026efbe18eadf3ecc9026202ed005d3ab9b35369

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9bd0d54c04ff701251a10b8b7fa0e1d0
SHA1 f5b32e93801902d34235d5b6d664ebbd410078ff
SHA256 7290266005b98d230a66b9cf9e367052d618c82a539ee1f31eb2d8244131d887
SHA512 e41c3daf9accdee93ac210e8e01e3d38dc50fa4107ae312d1a52de3c31e029b81ce686dbafe7d4291be581d9d71f9e7fcc4f9627830081be330086edde67b815

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0febac845b098a6afe96287839d575a8
SHA1 e1dfc6154a0b1a55a7950b0f5859dc75c002175f
SHA256 80991e40948d6f7a15559d28f1557adbe70b11baee4c070e5cb14a498a54c25e
SHA512 e25dc13787eb1124909f4066ea7e20d4d767fded77f5aba55346e410023450c29ee494d0a0c8abc32524d79974516b84fe703aa03a45e94df82eb65d2dd03ee8

C:\Users\Admin\AppData\Roaming\discord\Code Cache\js\index-dir\the-real-index

MD5 1644907515c76b391288c43eec852193
SHA1 78fb57e3d079659a746a20d0a392f63442b3a176
SHA256 d3f2990ef077f3c4ea09f144b7c689e87db90a989decdf0316c10a10b3015644
SHA512 5c57a471aa28f216206cbec0018397714d4eeae11b70860de70d3346801ccb8cc8c6743d49e1d3736402fd41c9743a23b6a86f36e57aae578d91daacd63c5151

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e24d71383f6e63c67822ba5ae970c612
SHA1 1faf4664d7721a1d9bbc8f6ab37511e54112ae0e
SHA256 7876037eb1184872a21e92e7eecb6fc319cc1dcc5e13b84c6f8e64659cfd77e6
SHA512 02d796fa5a284085f6e507924a394c064e6a408d8736ff5b5aaa22979a969020060e6c8838458df6c208a83fd49a4f0c55ab8868f2edcdd99666e8f3e6bff788

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 97b49331e49bf1a40075bab81c15f5e4
SHA1 0c66c823bc73b16d263ac999aa6f917ffa323364
SHA256 54c4dddc112a41ebad1384d608d7550f1df69a8f8d58ed678ab80f9d0ee2af31
SHA512 2a032d6d1d49ebf8e51da165f6d9f894e996c94b4e5c9593f88c0b35dcf43a88b7207f3d65af0644281c8ae716c264c305ce4c4d465b156e822c51d346b9d172

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0eaf962c15f58c27c27bdb8bdbf33e46
SHA1 60dee560745d67e3e4b113b4975dd82525a41b58
SHA256 a60efe50891baf49e5762fc0560d5f9df1c49cb88ed81f21fed5f8a5e2914fff
SHA512 ca5b1fa964784e31a12ea2896108e308ca9fd1d058c1b6bbb0b8c31c804e3cce4cfc9f7b49bbc43070d8aacb7dc8652c5d28fd9c563ea744c32ed61fb0283b65

C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

MD5 963ef3cb24198353bf7d38ceabe10f4b
SHA1 de336ca4d5fc5eb19f45723126842f99a4530072
SHA256 e2e3c43fca67e18139a672fa29936b885d485b6297dff77234006ab4bcb928c3
SHA512 625540b64ab1d91c6d3bbdf4148e7be3eaeee612768009df2c3eeeab51633227d16c3bba1125b9f3cbdb6bf8c8dfebb29f7a576b9ff9084131bf80f997392c8e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e4069b1667619fccba5332c00dd465dc
SHA1 a79e84f9abeee4b35305c904bb8ae00e308ce7cb
SHA256 c2d53ee949917b3603570c1de30de19fed580540db630c8979a606baae231131
SHA512 870a9eda0a25c1395216c503e3c27334e557e2d6dac2e8ccbb55546accd93b00b29e62004f40091a42c895e368821b515ebf6bacda9f6678e085075e1876bbfb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b8fac67751069646fbf1b4c54f55e67e
SHA1 bb8d1627dcb4b9a0567406ba6716026ac3d1ed69
SHA256 70874baec1940c1712efe821e236ba8b0a49c8c392fd6dddd801c5dc9e058806
SHA512 c673814ea5a993b32d048567b271efd654ee8c48ab1f4e3eec6803b46f8bc2b2add4066af88274968bae90d56389aec5e51e37f75cb09ef1b29f77355e767f13

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 aaba441f2f26d7558a258677c0b03caf
SHA1 bd5bf757041e9defd19d65d7d691dad8f1f07243
SHA256 3f493c3f6a3bbdc23ef978ac348894d92d82783be3ebce1d7918eda92858510c
SHA512 2985c096142273672fc026b5317134f66a0ac83f82b141fba90c566fdf47c9153819ae70c6735c87908d2decbee7db3673e295d4710be7b16d023fc2343fab9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3b1a07085efd7cda2d720d848067757c
SHA1 db43c5718a0646308cfe82a79933058318e23cfa
SHA256 8a2b3859719988a3f3f2504c3eb9ade103513083d469b102416a0bc2fe92f5fa
SHA512 d5bf18ce2e90233ac14b600b3bd32eeb656f75bb4c39e839cf3c72ff14de02471a90b7b09c8364bf461a178b12dda982f8190aaa9578bd93207426df268638d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d2a1d5be7f0ef99a0cb848019ee71eca
SHA1 b5f473b4791f2125700d68359536802b6ace61c9
SHA256 d911cab622008929574cbc70a1e309f3c2f3384551a1ec0c032b9788bae92172
SHA512 c3e1daf49c52783037990b2e4c517b4a89ccdcfa4060e73921d43ca7249c4b0f6de58815406f1bd9dcc07a60d1e2cdea361af57d358099129f7e9458966097c5

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 fc1e7ffa1eacfecdc46817ed05ee8856
SHA1 8aa8ecd42dd3fc38ad5e90c1b3a1af6bb4bc18e6
SHA256 1c31cd55a93ea1a870377b98f755badf3ebea80d84cd11e8c95dbc3e80b9c526
SHA512 c7b60714eaae3ab9770283ce2f9d6001a87efca9927e581d0aaf7102c639a7724b425dcad392c795824d0e185aeef85188d7a3699bfce4cdd45bf2da931692b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\cd650db5-3ffa-40d7-a969-4939f8ffb401.tmp

MD5 e7e15937d5cca575170de91edbceade2
SHA1 5c2d4bffa1cfb056374581839d21587be4caa3be
SHA256 62b7e77718efe337fad754a5f69d3df23f3c16723bd797c8892a6f56d14a9958
SHA512 2047a02163b881ac90b3de103b65b7212bcf3b5da944d37c3dc81a6886cd916810716c5181611928e0cf3b79173212a8994fb45cbafc7ec7f8a3003ca3bd8018

C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

MD5 5c2b38f9d846ed630248f3f74c7bced7
SHA1 a1ae98da1801b760f4692f309ea036eeeb2a1c24
SHA256 b933f30dd2862b406b4b15c941088cf3793c14ab504e23d8172d98f7c6f27210
SHA512 770d1df5dc5bb4023b8a75892e2260d38a484d0541917b46acb9e63bf30e6d88ab1fa8c06e3a2e632138134c2c9a0dbaeed8992be2e40d1e99d985b931c22b17

C:\Users\Admin\AppData\Local\Discord\app-1.0.9169\modules\discord_dispatch-1\discord_dispatch\dispatch.log

MD5 c675e0307ccaa4c18f93bcb2de8f0bd3
SHA1 b03c727cd5f1316f9f7dd12195758b161ea86d5d
SHA256 0a3cad3011fb8cbd327524d33314a8d3faff2bcc67f3a813f9877a4c4812870f
SHA512 d0f8b6ce8c102e557d4214d9332ba56989a9beab1024d6555b6563a048be8e9db53a7e9d493d62c17ab6641315d87d0040fb270facdec77ef4dbce5f324d7556

C:\Users\Admin\AppData\Roaming\discord\Cache\Cache_Data\f_000047

MD5 e3b1f2f61bed83b43c457ccddf0b7be0
SHA1 3dca7e3e04bfe1404a3a58eb8591129b8c1bf26a
SHA256 4ca2b17f38c87cccbd681e2ec2972430d94baf93a707d6ba47aae48e6a68e125
SHA512 a3ebc89c583af026450d0f9acd8c8ab4e3a9303f0da2ff3fd070b9a801312a4a6732b0fb4540997e8c2928dcb072e5dca0f6ae761e0ee60a5fec2506a20ff6f5

C:\Users\Admin\AppData\Roaming\discord\Cache\Cache_Data\f_00003c

MD5 e71e883cd5c8b602d2561f02aaa84529
SHA1 4e6e9feec722f64c844a10e44c94b20bf9fd4fd8
SHA256 df41c54dff45d59594a2652763b4599b4a61c4e6ff0096afd4389a6a007f9ae4
SHA512 d30c04f0ac140ba54b6ef9aa6743b6b75a4535e5d96c76d30e0b4a233f76cb0128f5c72d283258cbafa01266d6bfa5eff4ee51849b9cf1b5009efc8e312690f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d70adc1c008ee3041b11b1b18ea2110d
SHA1 da5ba9a23761f7f83c214a643e47d4f9de237b47
SHA256 a1ec6d537af3f0c1e7314e1529d0e4652bf19148dda8282b45a8fd3a3a391ac6
SHA512 fe2aa489f41dfcf0db10cf815a418e42c43a718a3594cbb464980473eac0c443f5d6ca40d1c100458f53b56b8fa5da125ff3ada847000ad63142c822d0eaecc6

C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

MD5 f3ad09c819e39e6b7e0a18486e8708b2
SHA1 263f54ec13d41c8c894472aa8ac41ff647c6f47b
SHA256 6ceabd9a8b9e4953e16ce74f5b0857a4bc3f8dfb305566ee05e066b5e9b01bb5
SHA512 3d90a4d0bc93451e6305cc9141b830210eae14b7989599510e201e077ae2bdfec2feced041dcde483a3cb29259c86bd2363a41c4e21b000f3ee7fedb4634e9e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f01fcdb13a3e808d6d9f4ef2234ac646
SHA1 af86e1689a37a496c2d80b24ddaf91ac0f19d5f2
SHA256 4b4a5216660cb3afb3ecc35b68f124ca2aae06d7aee7aca260323f8b4de473b9
SHA512 2a5e5ac9f2bb1fc910dd778c606c50a4d4bcf4438266093251ff54cbc4d4fe6cb6986305285db01208ce74d3b4b23ade0ec09f6f4cd86f7b0b6b561a17e294c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f023e5d06eb060ee052e17e4d858e23b
SHA1 f12d0481b030449ba50d44a3ad65a38f5dae731c
SHA256 55e87c8d753220ce6c019d4e7c17d668793770325e60d34236107cb571bf7819
SHA512 6f4915e9e6d7f2f5999e8a2347bfe32002748052f0fbc2e7382d1770e2c1a42ee7697820883256e8ec166a5f435c33b8fb3cd0e03c5624d38f4bd61d230ff23d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5a4b3b10ca05448af33dbd2e9b87eb8e
SHA1 fc49d46e1df8ff22aeffcb2847fac1a49c45ed19
SHA256 540795d804745d074e0bf677c70674893ef7603b6b179e6c351317cbbd2aaf2b
SHA512 5956f7ca880fb8871cbfa69ca371ac0478f73547e6531181ea729651b861e26696646c1131e2c31bbd743b3617df1ea38dae6c5314981f7dba939211b620000d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 52759f19953c01b8baee7afe841c4803
SHA1 d733f74302ed7e9564781bfacaaaba31147ceb14
SHA256 6633fe44d6d6ccaf7d388912a007f401be77e8214e3136e683c080757bafd9f9
SHA512 57267654862a11adc9de13526b7656937d4773f76e72845ec32c2733b7c5395dfbb9618ac2e6575b47357be08383c3e20f5418982dfd2cd2f1a5afd3396744df

C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

MD5 cdcfad47dfd2d0508e0b3a5b6ccdfdad
SHA1 8e9f4704c351d484aac310d5de8680a1c1d7b96f
SHA256 39c107585bd0b871cb2630925d745a0594e4ccec01c48f74cee9778db112f022
SHA512 1a20a761425a0897de43ed5ec5943a6c856661fc78ff7849f7d2e8e160f4201d0cb387dc96031799f2d61a6c91a94d796e91e3971663f3f6bd0eee98df5aae9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 81084adadd434ab7e5205dfe5f5848ce
SHA1 76ae09ed649d65441cf657b4d081825f2988e2f2
SHA256 0b0b4c31fe2fab1a062b03bfd6068f2948e72ba4755bac9f3cd92df0c6fd0ee4
SHA512 964d494011a635d257f4f174c79fbd8582635c47aea25ddf959dc977e77677b30e1ae6b1bcfb03dce4e64facfb88531337e0a3a02fcd4199287a72b7922854c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7b856ad3b73f7b66c27387d1a34bff45
SHA1 c00f8eebef9a08bd2f245bff9309769da6c745b9
SHA256 ad488f077fe63557ae594f13dfb261499a1955d52f08b11f84ba0af1cc056349
SHA512 c8b018793a91223892244ec3e425ee522c5fb7c0008a4d60024017b3124cc4d439fb9de4b1ec7f23e0db0c54f5f4384f5a6963710804f903a6ea895774268f85

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 63b0721527deefdcdbaad558e5b73416
SHA1 edfc3a652485ce9316f16c60fb23d4bf0e2bd31f
SHA256 e9c58fc289be2a6d151d72c758b18cd00844dfb9d9b72b38a6565b7779ac6839
SHA512 54a4574b4be6895768ac78c936ca14d4bb3fa7bc23f62091c22f8569d80a888218a22cb01e9152b7ca181a87be5425a01f1bffd25431ab9b2b0a7b94e9e4b09d