Malware Analysis Report

2025-01-18 23:51

Sample ID 241112-2jckjssglj
Target https://www.cheatengine.org/
Tags
cobaltstrike backdoor steam discovery evasion execution persistence phishing privilege_escalation spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.cheatengine.org/ was found to be: Known bad.

Malicious Activity Summary

cobaltstrike backdoor steam discovery evasion execution persistence phishing privilege_escalation spyware stealer trojan

Cobaltstrike

Cobaltstrike family

Cobalt Strike reflective loader

Contains code to disable Windows Defender

Drops file in Drivers directory

Downloads MZ/PE file

Stops running service(s)

Reads user/profile data of web browsers

Modifies file permissions

Event Triggered Execution: Component Object Model Hijacking

Checks BIOS information in registry

Loads dropped DLL

A potential corporate email address has been identified in the URL: [email protected]

Checks computer location settings

Executes dropped EXE

Modifies powershell logging option

Enumerates connected drives

Adds Run key to start application

Checks for any installed AV software in registry

Checks installed software on the system

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in System32 directory

Checks system information in the registry

Suspicious use of SetThreadContext

Detected potential entity reuse from brand STEAM.

AutoIT Executable

Drops file in Windows directory

Launches sc.exe

Drops file in Program Files directory

Browser Information Discovery

Program crash

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Modifies system certificate store

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Runs net.exe

Uses Volume Shadow Copy WMI provider

Checks SCSI registry key(s)

Uses Task Scheduler COM API

Uses Volume Shadow Copy service COM API

Suspicious behavior: LoadsDriver

Modifies registry class

Suspicious use of FindShellTrayWindow

Script User-Agent

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-12 22:36

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-12 22:36

Reported

2024-11-12 22:52

Platform

win10ltsc2021-20241023-en

Max time kernel

889s

Max time network

932s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.cheatengine.org/

Signatures

Cobalt Strike reflective loader

Description Indicator Process Target
N/A N/A N/A N/A

Cobaltstrike

trojan backdoor cobaltstrike

Cobaltstrike family

cobaltstrike

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\drivers\rsKernelEngine.sys C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
File created C:\Windows\system32\drivers\rsElam.sys C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
File opened for modification C:\Windows\system32\drivers\rsElam.sys C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
File created C:\Windows\system32\drivers\rsDwf.sys C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
File opened for modification C:\Windows\system32\drivers\rsDwf.sys C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
File created C:\Windows\system32\drivers\rsCamFilter020502.sys C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A

Stops running service(s)

evasion execution

A potential corporate email address has been identified in the URL: [email protected]

phishing

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\Control Panel\International\Geo\Nation C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-67O57.tmp\CheatEngine75 (2).tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod2.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\Control Panel\International\Geo\Nation C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\CheatEngine75 (2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-67O57.tmp\CheatEngine75 (2).tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod1_extract\OperaSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1BBFD58\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1BBFD58\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\CheatEngine75.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1BBFD58\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1BBFD58\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8TLQ7.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e54ib5ao.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OQT60.tmp\_isetup\_setup64.tmp N/A
N/A N/A C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod0_extract\installer.exe N/A
N/A N/A C:\Program Files\McAfee\Temp1742326369\installer.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\windowsrepair.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411122237241\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411122237241\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411122237241\assistant\assistant_installer.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe N/A
N/A N/A \??\c:\program files\reasonlabs\epp\rsHelper.exe N/A
N/A N/A \??\c:\program files\reasonlabs\VPN\ui\VPN.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A \??\c:\program files\reasonlabs\EPP\ui\EPP.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files\ReasonLabs\DNS\rsDNSClientSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\DNS\rsDNSClientSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe N/A
N/A N/A C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe N/A
N/A N/A C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe N/A
N/A N/A C:\Program Files\ReasonLabs\DNS\rsDNSSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\DNS\rsDNSSvc.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-67O57.tmp\CheatEngine75 (2).tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1BBFD58\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1BBFD58\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1BBFD58\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1BBFD58\setup.exe N/A
N/A N/A C:\Program Files\McAfee\Temp1742326369\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411122237241\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411122237241\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411122237241\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411122237241\assistant\assistant_installer.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
N/A N/A C:\Program Files\ReasonLabs\DNS\rsDNSSvc.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" \??\c:\windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" C:\Users\Admin\Downloads\SteamSetup.exe N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\SOFTWARE\Avira\Browser\Installed C:\Users\Admin\AppData\Local\Temp\is-67O57.tmp\CheatEngine75 (2).tmp N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Browser\Installed C:\Users\Admin\AppData\Local\Temp\is-67O57.tmp\CheatEngine75 (2).tmp N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avira\Browser\Installed C:\Users\Admin\AppData\Local\Temp\is-67O57.tmp\CheatEngine75 (2).tmp N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened (read-only) \??\F: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zSC1BBFD58\setup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zSC1BBFD58\setup.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zSC1BBFD58\setup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zSC1BBFD58\setup.exe N/A

Modifies powershell logging option

evasion

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A

Detected potential entity reuse from brand STEAM.

phishing steam

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\RPCRT4.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\system32\symbols\dll\GameOverlayRenderer64.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\System32\GDI32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8BD11C4A2318EC8E5A82462092971DEA C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\symbols\dll\ucrtbase.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\wintrust.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\74FBF93595CFC8459196065CE54AD928 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\symbols\dll\ntdll.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\exe\WindowsPlayer_player_Master_il2cpp_x64.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\imm32.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\dxgi.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\SYSTEM32\PROPSYS.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\system32\d3d10warp.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\wbemprox.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\dll\lib_burst_generated.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\DLL\dhcpcsvc.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\dll\ucrtbase.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\symbols\dll\imm32.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\System32\KERNEL32.DLL C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\ucrtbase.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_8D9F08808C11FCC6158CE8C653BEC3BC C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\symbols\dll\UxTheme.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\DLL\audioses.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\ntmarta.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\bcrypt.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\symbols\dll\combase.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\oleaut32.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\System32\msvcrt.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\system32\dll\shlwapi.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_E88282161F8E94D7BBCBA82FF0D64C88 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\exe\WindowsPlayer_player_Master_il2cpp_x64.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\dll\winmm.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\Kernel.Appcore.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\symbols\dll\userenv.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\System32\ole32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\86844F70250DD8EF225D6B4178798C21_44AD5D0C299F1D4EE038B125B5E5863A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\bcrypt.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\dll\MpOAV.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\symbols\dll\WLDP.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\System32\oleaut32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\version.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\system32\symbols\exe\WindowsPlayer_player_Master_il2cpp_x64.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\dll\crypt32.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\symbols\dll\gdi32full.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_022B2B3B07D70EA5A73F2579070A87A5 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\symbols\dll\d3d11.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\symbols\dll\Engine.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\dll\user32.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\cfgmgr32.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\gdi32full.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\dll\oleaut32.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\winmm.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D84E548583BE1EE7DB5A935821009D26_5B98B6CD6E69202676965CF5B0E2A7A7 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\System32\combase.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\dll\bcryptprimitives.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_A89204531497D3661ACEDB6FB93ECB4C C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\explorerframe.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\system32\psapi.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\system32\symbols\dll\DXCore.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_050_menu_0302.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\SteamOverlayVulkanLayer64.json_ C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files (x86)\Steam\steamapps\common\Combat Master\Data\Plugins\x86_64\symbols\dll\msvcrt.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_050_menu_0308.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_button_share.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_outlined_button_y_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_button_logo_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\appcache\librarycache\1113280_header.jpg C:\Program Files (x86)\Steam\Steam.exe N/A
File opened for modification C:\Program Files (x86)\Steam\steamapps\common\Combat Master\symbols\dll\XInput1_4.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\osx_max_def.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_rtrackpad_up_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files (x86)\Steam\steamapps\common\Combat Master\Data\Plugins\DLL\audioses.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_l_swipe_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files (x86)\Steam\steamapps\common\Combat Master\gdi32.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File created C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-EHESR.tmp C:\Users\Admin\AppData\Local\Temp\is-8TLQ7.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\ws2_32.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\dualshock_4_danish.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steamui_norwegian-json.js_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_mouse_4_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_l_right_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-fr-CA.js C:\Program Files\McAfee\Temp1742326369\installer.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0337.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_050_menu_0307.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_l_left_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox_p4_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files (x86)\Steam\steamapps\common\Combat Master\wintrust.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File created C:\Program Files\McAfee\Temp1742326369\jslang\wa-res-shared-ru-RU.js C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod0_extract\installer.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\propsys.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0230.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files (x86)\Steam\steamapps\common\Combat Master\Data\Plugins\x86_64\profapi.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File created C:\Program Files\Cheat Engine 7.5\include\is-V7FCH.tmp C:\Users\Admin\AppData\Local\Temp\is-8TLQ7.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-variants.css C:\Program Files\McAfee\Temp1742326369\installer.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\bn.pak_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox_lt_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files (x86)\Steam\steamapps\common\Combat Master\Data\Plugins\symbols\dll\lib_burst_generated.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-tr-TR.js C:\Program Files\McAfee\Temp1742326369\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\rsEngine.Utilities.Browsers.dll C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_r2_soft_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_dpad_swipe_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_rstick_up_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files (x86)\Steam\steamapps\common\Combat Master\Data\Plugins\x86_64\setupapi.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-dialog-balloon.html C:\Program Files\McAfee\Temp1742326369\installer.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_lstick_down_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_p4_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\mwb\wa-mwb-checklist.html C:\Program Files\McAfee\Temp1742326369\installer.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\gridview_mask.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_l2_soft.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_l5_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-checkbox-checked.png C:\Program Files\McAfee\Temp1742326369\installer.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_r_up_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_r2_soft_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\friends\rampDown_1.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_l2_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_rstick_right_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\layout\uistatuspanel.layout_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\userdata\1840991693\config\localconfig.vdf~RFe64f3d6.TMP C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\System.IO.FileSystem.Watcher.dll C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_r_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_dpad_right.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_r_right.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\subscriptionexpirydate.luc C:\Program Files\McAfee\Temp1742326369\installer.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_090_media_0090.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\steamui_schinese.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_left_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\dll\shell32.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\DLL\kernel32.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\symbols\dll\user32.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\symbols\dll\combase.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\symbols\dll\advapi32.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\symbols\dll\winhttp.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\symbols\dll\wbemcomn.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\MMDevAPI.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\imm32.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\dll\combase.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\CLBCatQ.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\WindowsPlayer_player_Master_il2cpp_x64.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\dll\kernelbase.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\dll\sspicli.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\kernelbase.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\symbols\dll\imm32.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\ws2_32.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\dll\opengl32.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\dll\bcrypt.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\dll\win32u.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\symbols\dll\gdi32full.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\psapi.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\UxTheme.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\dll\Windows.Storage.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\dll\advapi32.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\symbols\dll\opengl32.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\symbols\dll\GameOverlayRenderer64.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\wbemprox.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\powrprof.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\symbols\dll\lib_burst_generated.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\dll\ntmarta.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\TextInputFramework.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\cfgmgr32.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\dll\user32.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6136_391763831\_metadata\verified_contents.json C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6136_391763831\manifest.fingerprint C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File opened for modification C:\Windows\symbols\dll\win32u.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\symbols\dll\opengl32.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\shcore.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\symbols\dll\userenv.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\symbols\dll\mswsock.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\symbols\dll\version.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\gdi32full.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\shlwapi.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\msctf.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\symbols\dll\d3d11.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\DLL\dhcpcsvc6.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\dll\ucrtbase.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\symbols\dll\ucrtbase.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\symbols\dll\shell32.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\dll\ws2_32.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\opengl32.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\wintrust.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\dll\win32u.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\dll\sechost.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\cfgmgr32.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\dll\opengl32.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\dll\Ext.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\dll\lib_burst_generated.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\dll\mswsock.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\dll\msvcp_win.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\dxgi.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\symbols\dll\dcomp.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A
File opened for modification C:\Windows\DLL\dhcpcsvc.pdb C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\sc.exe N/A
N/A N/A C:\Windows\SYSTEM32\sc.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod0_extract\saBSI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-8TLQ7.tmp\CheatEngine75.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411122237241\assistant\assistant_installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files\Cheat Engine 7.5\windowsrepair.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-67O57.tmp\CheatEngine75 (2).tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod1_extract\OperaSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC1BBFD58\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\CheatEngine75.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC1BBFD58\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\SteamSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steamerrorreporter.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\CheatEngine75 (2).exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC1BBFD58\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411122237241\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\gldriverquery.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411122237241\assistant\assistant_installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steamerrorreporter.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC1BBFD58\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e54ib5ao.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\Steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steamerrorreporter.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Service C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000\Control C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000\Control C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceDesc C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\dwm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000\LogConf C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\UpperFilters C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\UpperFilters C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\LowerFilters C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000\LogConf C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\UpperFilters C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\dwm.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\Steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\VendorIdentifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\Steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\Steam.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\is-67O57.tmp\CheatEngine75 (2).tmp N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ C:\Users\Admin\AppData\Local\Temp\is-67O57.tmp\CheatEngine75 (2).tmp N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
Key opened \Registry\Machine\Hardware\Description\System\CentralProcessor C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\FeatureSet C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\system32\dwm.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\dwm.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Program Files\ReasonLabs\DNS\rsDNSSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E C:\Windows\system32\dwm.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA} C:\Program Files\McAfee\Temp1742326369\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\ = "McAfee SiteAdvisor MISP Integration" C:\Program Files\McAfee\Temp1742326369\installer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open\command\ = "\"C:\\Program Files\\Cheat Engine 7.5\\Cheat Engine.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\is-8TLQ7.tmp\CheatEngine75.tmp N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\Steam.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\Steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\Steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\Steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\Steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.CETRAINER\ = "CheatEngine" C:\Users\Admin\AppData\Local\Temp\is-8TLQ7.tmp\CheatEngine75.tmp N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell C:\Users\Admin\AppData\Local\Temp\is-8TLQ7.tmp\CheatEngine75.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\steamlink\DefaultIcon\ = "Steam.exe" C:\Program Files (x86)\Steam\Steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\ = "McAfee SiteAdvisor MISP Integration" C:\Program Files\McAfee\Temp1742326369\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\steam\DefaultIcon\ = "Steam.exe" C:\Program Files (x86)\Steam\Steam.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\Steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\Steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\Steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\Steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\ = "Cheat Engine" C:\Users\Admin\AppData\Local\Temp\is-8TLQ7.tmp\CheatEngine75.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\Steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\steamlink C:\Program Files (x86)\Steam\Steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA} C:\Program Files\McAfee\Temp1742326369\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-8TLQ7.tmp\CheatEngine75.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\win32\\WSSDep.dll" C:\Program Files\McAfee\Temp1742326369\installer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\Steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\Steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.CETRAINER C:\Users\Admin\AppData\Local\Temp\is-8TLQ7.tmp\CheatEngine75.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine C:\Users\Admin\AppData\Local\Temp\is-8TLQ7.tmp\CheatEngine75.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\Steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\Steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol C:\Program Files (x86)\Steam\Steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink C:\Program Files (x86)\Steam\Steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\McAfee\Temp1742326369\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32 C:\Program Files\McAfee\Temp1742326369\installer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\Steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\Steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.CT\ = "CheatEngine" C:\Users\Admin\AppData\Local\Temp\is-8TLQ7.tmp\CheatEngine75.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\Steam.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\Steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open C:\Users\Admin\AppData\Local\Temp\is-8TLQ7.tmp\CheatEngine75.tmp N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod0_extract\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod0_extract\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 1900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Users\Admin\AppData\Local\Temp\7zSC1BBFD58\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zSC1BBFD58\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656\Blob = 5c000000010000000400000000040000140000000100000014000000ddbcbd869c3f07ed40e31b08efcec4d188cd3b15190000000100000010000000181c2be05851f96993e196f279954b230b000000010000002e0000005400680061007700740065002000540069006d0065007300740061006d00700069006e006700200043004100000009000000010000000c000000300a06082b06010505070308030000000100000014000000be36a4562fb2ee05dbb3d32323adf445084ed6560400000001000000100000007f667a71d3eb6978209a51149d83da200f0000000100000010000000e8a598be84828efeae701115013576b22000000001000000a5020000308202a13082020aa003020102020100300d06092a864886f70d010104050030818b310b3009060355040613025a41311530130603550408130c5765737465726e2043617065311430120603550407130b44757262616e76696c6c65310f300d060355040a1306546861777465311d301b060355040b13145468617774652043657274696669636174696f6e311f301d060355040313165468617774652054696d657374616d70696e67204341301e170d3937303130313030303030305a170d3230313233313233353935395a30818b310b3009060355040613025a41311530130603550408130c5765737465726e2043617065311430120603550407130b44757262616e76696c6c65310f300d060355040a1306546861777465311d301b060355040b13145468617774652043657274696669636174696f6e311f301d060355040313165468617774652054696d657374616d70696e6720434130819f300d06092a864886f70d010101050003818d0030818902818100d62b587861458653ea347b519cedb0e62e180efee05fa827d3b4c9e07c594e160e735460c17ff69f2ee93a8524153cdb470463c39ec4941a5adf4c7af3d9431d3c107a7925db90fef051e730d64100fd9f28df79be94bb9db614e32385d7a941e04ca479b02b1a8bf2f83b8a3e45ac719200b4904198fb5fedfab72e8af888370203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d01010405000381810067dbe2c2e6873d40838637357d1fce9ac30c6620a8baaa048986c2f510080dbfcba2058ad04d363ef4d7ef69c65ee4b0946f4ab9e7de5b88b67bdbe327e576c3f035c1cbb5279b3379dc90a6009e77fafccd279442169cd31c68ecbf5cdde5a97b100a32745413318b85038491b75801301438af28cafcb150191909ac8949d3 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zSC1BBFD58\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod0_extract\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zSC1BBFD58\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e2000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\925A8F8D2C6D04E0665F596AFF22D863E8256F3F\Blob = 19000000010000001000000014d4b19434670e6dc091d154abb20edc030000000100000014000000925a8f8d2c6d04e0665f596aff22d863e8256f3f7e00000001000000080000000080c82b6886d7017f000000010000000c000000300a06082b060105050703031d000000010000001000000052135310639a10f77f886b229b9f7afc1400000001000000140000009c5f00dfaa01d7302b3888a2b86d4a9cf2119183620000000100000020000000568d6905a2c88708a4b3025190edcfedb1974a606a13c6e5290fcb2ae63edab553000000010000002500000030233021060b6086480186fd6e0107180330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b000000010000006200000041006d0061007a006f006e00200053006500720076006900630065007300200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f00720069007400790020002d002d0020004700320000000f00000001000000200000001504593902ec8a0bab29f03bf35c3058b5fd1807a74dab92cb61ed4a9908afa42000000001000000f3030000308203ef308202d7a003020102020100300d06092a864886f70d01010b0500308198310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e313b303906035504031332537461726669656c6420536572766963657320526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a308198310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e313b303906035504031332537461726669656c6420536572766963657320526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100d50c3ac42af94ee2f5be19975f8e8853b11f3fcbcf9f20136d293ac80f7d3cf76b763863d93660a89b5e5c0080b22f597ff687f9254386e7691b529a90e171e3d82d0d4e6ff6c849d9b6f31a56ae2bb67414ebcffb26e31aba1d962e6a3b5894894756ff25a093705383da847414c3679e04683adf8e405a1d4a4ecf43913be756d60070cb52ee7b7dae3ae7bc31f945f6c260cf1359022b80cc3447dfb9de90656d02cf2c91a6a6e7de8518497c664ea33a6da9b5ee342eba0d03b833df47ebb16b8d25d99bce81d1454632967087de020e494385b66c73bb64ea6141acc9d454df872fc722b226cc9f5954689ffcbe2a2fc4551c75406017850255398b7f050203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604149c5f00dfaa01d7302b3888a2b86d4a9cf2119183300d06092a864886f70d01010b050003820101004b36a6847769dd3b199f6723086f0e61c9fd84dc5fd83681cdd81b412d9f60ddc71a68d9d16e86e18823cf13de43cfe234b3049d1f29d5bff85ec8d5c1bdee926f3274f291822fbd82427aad2ab7207d4dbc7a5512c215eabdf76a952e6c749fcf1cb4f2c501a385d0723ead73ab0b9b750c6d45b78e94ac9637b5a0d08f15470ee3e883dd8ffdef410177cc27a9628533f23708ef71cf7706dec8191d8840cf7d461dff1ec7e1ceff23dbc6fa8d554ea902e74711463ef4fdbd7b2926bba961623728b62d2af6108664c970a7d2adb7297079ea3cda63259ffd68b730ec70fb758ab76d6067b21ec8b9e9d8a86f028b670d4d265771da20fcc14a508db128ba C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod0_extract\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0280f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\925A8F8D2C6D04E0665F596AFF22D863E8256F3F C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zSC1BBFD58\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c000000010000000400000000100000040000000100000010000000be954f16012122448ca8bc279602acf5030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 5c000000010000000400000000080000190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0282000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 0f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob = 5c0000000100000004000000000400007e0000000100000008000000000010c51e92d201620000000100000020000000e7685634efacf69ace939a6b255b7b4fabef42935b50a265acb5cb6027e44e7009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030119000000010000001000000091161b894b117ecdc257628db460cc04030000000100000014000000742c3192e607e424eb4549542be1bbc53e6174e21d000000010000001000000027b3517667331ce2c1e74002b5ff2298140000000100000014000000e27f7bd877d5df9e0a3f9eb4cb0e2ea9efdb69770b000000010000004600000056006500720069005300690067006e00200043006c006100730073002000330020005000750062006c006900630020005000720069006d00610072007900200043004100000004000000010000001000000010fc635df6263e0df325be5f79cd67670f0000000100000010000000d7c63be0837dbabf881d4fbf5f986ad853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07a000000010000000e000000300c060a2b0601040182375e010268000000010000000800000000003db65bd9d5012000000001000000400200003082023c308201a5021070bae41d10d92934b638ca7b03ccbabf300d06092a864886f70d0101020500305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479301e170d3936303132393030303030305a170d3238303830313233353935395a305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f7269747930819f300d06092a864886f70d010101050003818d0030818902818100c95c599ef21b8a0114b410df0440dbe357af6a45408f840c0bd133d9d911cfee02581f25f72aa84405aaec031f787f9e93b99a00aa237dd6ac85a26345c77227ccf44cc67571d239ef4f42f075df0a90c68e206f980ff8ac235f702936a4c986e7b19a20cb53a585e73dbe7d9afe244533dc7615ed0fa271644c652e816845a70203010001300d06092a864886f70d010102050003818100bb4c122bcf2c26004f1413dda6fbfc0a11848cf3281c67922f7cb6c5fadff0e895bc1d8f6c2ca851cc73d8a4c053f04ed626c076015781925e21f1d1b1ffe7d02158cd6917e3441c9c194439895cdc9c000f568d0299eda290454ce4bb10a43df032030ef1cef8e8c9518ce6629fe69fc07db7729cc9363a6b9f4ea8ff640d64 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod0_extract\saBSI.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\925A8F8D2C6D04E0665F596AFF22D863E8256F3F\Blob = 0f00000001000000200000001504593902ec8a0bab29f03bf35c3058b5fd1807a74dab92cb61ed4a9908afa40b000000010000006200000041006d0061007a006f006e00200053006500720076006900630065007300200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f00720069007400790020002d002d002000470032000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000002500000030233021060b6086480186fd6e0107180330123010060a2b0601040182373c0101030200c0620000000100000020000000568d6905a2c88708a4b3025190edcfedb1974a606a13c6e5290fcb2ae63edab51400000001000000140000009c5f00dfaa01d7302b3888a2b86d4a9cf21191831d000000010000001000000052135310639a10f77f886b229b9f7afc7f000000010000000c000000300a06082b060105050703037e00000001000000080000000080c82b6886d701030000000100000014000000925a8f8d2c6d04e0665f596aff22d863e8256f3f2000000001000000f3030000308203ef308202d7a003020102020100300d06092a864886f70d01010b0500308198310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e313b303906035504031332537461726669656c6420536572766963657320526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a308198310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e313b303906035504031332537461726669656c6420536572766963657320526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100d50c3ac42af94ee2f5be19975f8e8853b11f3fcbcf9f20136d293ac80f7d3cf76b763863d93660a89b5e5c0080b22f597ff687f9254386e7691b529a90e171e3d82d0d4e6ff6c849d9b6f31a56ae2bb67414ebcffb26e31aba1d962e6a3b5894894756ff25a093705383da847414c3679e04683adf8e405a1d4a4ecf43913be756d60070cb52ee7b7dae3ae7bc31f945f6c260cf1359022b80cc3447dfb9de90656d02cf2c91a6a6e7de8518497c664ea33a6da9b5ee342eba0d03b833df47ebb16b8d25d99bce81d1454632967087de020e494385b66c73bb64ea6141acc9d454df872fc722b226cc9f5954689ffcbe2a2fc4551c75406017850255398b7f050203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604149c5f00dfaa01d7302b3888a2b86d4a9cf2119183300d06092a864886f70d01010b050003820101004b36a6847769dd3b199f6723086f0e61c9fd84dc5fd83681cdd81b412d9f60ddc71a68d9d16e86e18823cf13de43cfe234b3049d1f29d5bff85ec8d5c1bdee926f3274f291822fbd82427aad2ab7207d4dbc7a5512c215eabdf76a952e6c749fcf1cb4f2c501a385d0723ead73ab0b9b750c6d45b78e94ac9637b5a0d08f15470ee3e883dd8ffdef410177cc27a9628533f23708ef71cf7706dec8191d8840cf7d461dff1ec7e1ceff23dbc6fa8d554ea902e74711463ef4fdbd7b2926bba961623728b62d2af6108664c970a7d2adb7297079ea3cda63259ffd68b730ec70fb758ab76d6067b21ec8b9e9d8a86f028b670d4d265771da20fcc14a508db128ba C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A

Runs net.exe

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Cheat Engine 7.5 : luascript-ceshare N/A N/A
HTTP User-Agent header Cheat Engine 7.5 : luascript-CEVersionCheck N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-67O57.tmp\CheatEngine75 (2).tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-67O57.tmp\CheatEngine75 (2).tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-67O57.tmp\CheatEngine75 (2).tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-67O57.tmp\CheatEngine75 (2).tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-67O57.tmp\CheatEngine75 (2).tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-67O57.tmp\CheatEngine75 (2).tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-67O57.tmp\CheatEngine75 (2).tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-67O57.tmp\CheatEngine75 (2).tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8TLQ7.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8TLQ7.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\fltmc.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-67O57.tmp\CheatEngine75 (2).tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8TLQ7.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3756 wrote to memory of 3408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.cheatengine.org/

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff8cf4bcc40,0x7ff8cf4bcc4c,0x7ff8cf4bcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2004,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1992 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1872,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2432 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3156 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3192 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4524,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4552 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4576,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4336 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4800,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4820 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4804,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4928 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5132,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5124,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5292 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5996,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6032 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6020,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5828 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6600,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6612 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6452,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6352 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3804,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5308 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5380,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6372 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6412,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6432 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6340,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6176 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6304,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6280 /prefetch:8

C:\Users\Admin\Downloads\CheatEngine75 (2).exe

"C:\Users\Admin\Downloads\CheatEngine75 (2).exe"

C:\Users\Admin\AppData\Local\Temp\is-67O57.tmp\CheatEngine75 (2).tmp

"C:\Users\Admin\AppData\Local\Temp\is-67O57.tmp\CheatEngine75 (2).tmp" /SL5="$702A0,29027361,780800,C:\Users\Admin\Downloads\CheatEngine75 (2).exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=500,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4684 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6448,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5052 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6316,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6136 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5052,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5356 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5276,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5400 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5040,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6000 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod0_extract\saBSI.exe

"C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod0_extract\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB

C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod1_extract\OperaSetup.exe

"C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod1_extract\OperaSetup.exe" --silent --allusers=0 --otd=utm.medium:apb,utm.source:ais,utm.campaign:opera_new_a

C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod2.exe

"C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod2.exe" -ip:"dui=7bf069a4-a9b6-4a4a-be85-4546a5118e43&dit=20241112223709&is_silent=true&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100&b=&se=true" -vp:"dui=7bf069a4-a9b6-4a4a-be85-4546a5118e43&dit=20241112223709&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100&oip=26&ptl=7&dta=true" -dp:"dui=7bf069a4-a9b6-4a4a-be85-4546a5118e43&dit=20241112223709&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100" -i -v -d -se=true

C:\Users\Admin\AppData\Local\Temp\7zSC1BBFD58\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zSC1BBFD58\setup.exe --silent --allusers=0 --otd=utm.medium:apb,utm.source:ais,utm.campaign:opera_new_a --server-tracking-blob=MjI3OTdiNzA5YjVkNGRiOGYxYTE5ZWEzZGZmMTk5OGRmOWUxOTEwZDFiMGU0YTAyYzYwNTIwNjQ1ZDJiNDAzNjp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cyIsInRpbWVzdGFtcCI6IjE3MzE0MDkyMTIuNDY0MCIsInVzZXJhZ2VudCI6InB5dGhvbi1yZXF1ZXN0cy8yLjMyLjMiLCJ1dG0iOnt9LCJ1dWlkIjoiMTM5ZWYzNmEtODRlNC00MGNiLTk3ODUtZmM4NGFlMDk0OTEzIn0=

C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\CheatEngine75.exe

"C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST

C:\Users\Admin\AppData\Local\Temp\7zSC1BBFD58\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zSC1BBFD58\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.154 --initial-client-data=0x328,0x32c,0x330,0x304,0x334,0x7191fb14,0x7191fb20,0x7191fb2c

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version

C:\Users\Admin\AppData\Local\Temp\7zSC1BBFD58\setup.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC1BBFD58\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=3916 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20241112223724" --session-guid=7ed91625-07cb-4850-b0c2-8a16a3f2ebe2 --server-tracking-blob="YTc2YjdiM2Q1YWQ0ZDRhNzRmZjc1ZTg3NjQzYmJkMTM5MGYxZTA1MjlmY2E5NGVlYTQ4NmYyYmVlMDY4NjIwYzp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cyIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTczMTQwOTIxMi40NjQwIiwidXNlcmFnZW50IjoicHl0aG9uLXJlcXVlc3RzLzIuMzIuMyIsInV0bSI6eyJjYW1wYWlnbiI6Im9wZXJhX25ld19hIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiYWlzIn0sInV1aWQiOiIxMzllZjM2YS04NGU0LTQwY2ItOTc4NS1mYzg0YWUwOTQ5MTMifQ== " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=7804000000000000

C:\Users\Admin\AppData\Local\Temp\7zSC1BBFD58\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zSC1BBFD58\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.154 --initial-client-data=0x334,0x338,0x33c,0x304,0x340,0x7090fb14,0x7090fb20,0x7090fb2c

C:\Users\Admin\AppData\Local\Temp\is-8TLQ7.tmp\CheatEngine75.tmp

"C:\Users\Admin\AppData\Local\Temp\is-8TLQ7.tmp\CheatEngine75.tmp" /SL5="$20210,26511452,832512,C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST

C:\Users\Admin\AppData\Local\Temp\e54ib5ao.exe

"C:\Users\Admin\AppData\Local\Temp\e54ib5ao.exe" /silent

C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe

.\UnifiedStub-installer.exe /silent

C:\Windows\SYSTEM32\net.exe

"net" stop BadlionAntic

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop BadlionAntic

C:\Windows\SYSTEM32\net.exe

"net" stop BadlionAnticheat

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop BadlionAnticheat

C:\Windows\SYSTEM32\sc.exe

"sc" delete BadlionAntic

C:\Windows\SYSTEM32\sc.exe

"sc" delete BadlionAnticheat

C:\Users\Admin\AppData\Local\Temp\is-OQT60.tmp\_isetup\_setup64.tmp

helper 105 0x468

C:\Windows\system32\icacls.exe

"icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10

C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod0_extract\installer.exe

"C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod0_extract\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Program Files\McAfee\Temp1742326369\installer.exe

"C:\Program Files\McAfee\Temp1742326369\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe

"C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe" /SETUP

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5604,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5420 /prefetch:1

C:\Program Files\Cheat Engine 7.5\windowsrepair.exe

"C:\Program Files\Cheat Engine 7.5\windowsrepair.exe" /s

C:\Windows\system32\icacls.exe

"icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)

C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe

"C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe"

C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe

"C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1056 -ip 1056

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe

"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 2496

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1056 -ip 1056

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 1356

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411122237241\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411122237241\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe"

C:\Program Files\McAfee\WebAdvisor\UIHost.exe

"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411122237241\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411122237241\assistant\assistant_installer.exe" --version

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411122237241\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411122237241\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.21 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0x3b17a0,0x3b17ac,0x3b17b8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6156,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6440 /prefetch:1

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5660,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5704 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5760,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5716 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6308,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5348 /prefetch:8

C:\Program Files\McAfee\WebAdvisor\updater.exe

"C:\Program Files\McAfee\WebAdvisor\updater.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5752,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6800 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c IF EXIST "C:\Program Files\McAfee\WebAdvisor\Download" ( DEL "C:\Program Files\McAfee\WebAdvisor\Download\*.bak" )

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c DEL "C:\Program Files\McAfee\WebAdvisor\*.tmp"

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xml

C:\Windows\SYSTEM32\fltmc.exe

"fltmc.exe" load rsKernelEngine

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\elam\evntdrv.xml

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe" -i

C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe"

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe" -i

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe"

C:\Users\Admin\Downloads\SteamSetup.exe

"C:\Users\Admin\Downloads\SteamSetup.exe"

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe

"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe" -i

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe

"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe"

C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe

"C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe" -i -i

C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe

"C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe"

C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe

"C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe" -i -i

C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe

"C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe"

\??\c:\program files\reasonlabs\epp\rsHelper.exe

"c:\program files\reasonlabs\epp\rsHelper.exe"

\??\c:\program files\reasonlabs\VPN\ui\VPN.exe

"c:\program files\reasonlabs\VPN\ui\VPN.exe" --minimized --focused --first-run

C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe" "c:\program files\reasonlabs\VPN\ui\app.asar" --engine-path="c:\program files\reasonlabs\VPN" --minimized --focused --first-run

C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2328,i,728169015727734700,7582008034076107175,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2320 /prefetch:2

C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN" --field-trial-handle=2712,i,728169015727734700,7582008034076107175,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2708 /prefetch:3

C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN" --app-user-model-id=com.reasonlabs.vpn --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.6.0\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=2880,i,728169015727734700,7582008034076107175,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2868 /prefetch:1

C:\Program Files (x86)\Steam\bin\steamservice.exe

"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install

C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN" --app-user-model-id=com.reasonlabs.vpn --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.6.0\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=4004,i,728169015727734700,7582008034076107175,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4000 /prefetch:1

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

\??\c:\program files\reasonlabs\EPP\ui\EPP.exe

"c:\program files\reasonlabs\EPP\ui\EPP.exe" --minimized --first-run

C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe" "c:\program files\reasonlabs\EPP\ui\app.asar" --engine-path="c:\program files\reasonlabs\EPP" --minimized --first-run

C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1788,i,3243793157054193827,15931791884787582337,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1780 /prefetch:2

C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --field-trial-handle=2240,i,3243793157054193827,15931791884787582337,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.6.0\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=2416,i,3243793157054193827,15931791884787582337,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2412 /prefetch:1

C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.6.0\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3544,i,3243793157054193827,15931791884787582337,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3368 /prefetch:1

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4500,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4736 /prefetch:8

\??\c:\windows\system32\rundll32.exe

"c:\windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\DNS\rsDwf.inf

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Program Files\ReasonLabs\DNS\rsDNSClientSvc.exe

"C:\Program Files\ReasonLabs\DNS\rsDNSClientSvc.exe" -i -i

C:\Program Files\ReasonLabs\DNS\rsDNSClientSvc.exe

"C:\Program Files\ReasonLabs\DNS\rsDNSClientSvc.exe"

C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe

"C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe" -i -service install

C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe

"C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe" -service install

C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe

"C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe"

C:\Program Files\ReasonLabs\DNS\rsDNSSvc.exe

"C:\Program Files\ReasonLabs\DNS\rsDNSSvc.exe" -i -i

C:\Program Files\ReasonLabs\DNS\rsDNSSvc.exe

"C:\Program Files\ReasonLabs\DNS\rsDNSSvc.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\program files\reasonlabs\epp\rsLitmus.A.exe

"C:\program files\reasonlabs\epp\rsLitmus.A.exe"

\??\c:\program files\reasonlabs\DNS\ui\DNS.exe

"c:\program files\reasonlabs\DNS\ui\DNS.exe" --minimized --focused --first-run

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" "c:\program files\reasonlabs\DNS\ui\app.asar" --engine-path="c:\program files\reasonlabs\DNS" --minimized --focused --first-run

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\DNS" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2568 --field-trial-handle=2612,i,11908953372992360364,8124340081228997927,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\DNS" --mojo-platform-channel-handle=2708 --field-trial-handle=2612,i,11908953372992360364,8124340081228997927,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\DNS" --app-user-model-id=com.reasonlabs.dns --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2876 --field-trial-handle=2612,i,11908953372992360364,8124340081228997927,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=5936" "-buildid=1730853027" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1730853027 --initial-client-data=0x28c,0x290,0x294,0x288,0x298,0x7ff8b71daf00,0x7ff8b71daf0c,0x7ff8b71daf18

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1584,i,11587417320502139720,420681089673552085,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1588 --mojo-platform-channel-handle=1576 /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=2252,i,11587417320502139720,420681089673552085,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2260 --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=6396,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5232 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4ec 0x4f8

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe

.\bin\gldriverquery64.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=2836,i,11587417320502139720,420681089673552085,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2840 --mojo-platform-channel-handle=2832 /prefetch:8

C:\Program Files (x86)\Steam\bin\gldriverquery.exe

.\bin\gldriverquery.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,11587417320502139720,420681089673552085,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3104 --mojo-platform-channel-handle=3096 /prefetch:1

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe

.\bin\vulkandriverquery64.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe

.\bin\vulkandriverquery.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1624,i,728169015727734700,7582008034076107175,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1632 /prefetch:8

C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3948,i,3243793157054193827,15931791884787582337,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3944 /prefetch:8

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\DNS" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1352 --field-trial-handle=2612,i,11908953372992360364,8124340081228997927,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=3844,i,11587417320502139720,420681089673552085,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3848 --mojo-platform-channel-handle=3840 /prefetch:8

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3796,i,11587417320502139720,420681089673552085,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3800 --mojo-platform-channel-handle=3792 /prefetch:8

C:\Program Files (x86)\Steam\Steam.exe

"C:\Program Files (x86)\Steam\Steam.exe"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=9012" "-buildid=1730853027" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\Steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1730853027 --initial-client-data=0x288,0x28c,0x290,0x284,0x294,0x7ff8b71daf00,0x7ff8b71daf0c,0x7ff8b71daf18

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1588,i,7245126235418511701,14180172145958385427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1596 --mojo-platform-channel-handle=1580 /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=2324,i,7245126235418511701,14180172145958385427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2328 --mojo-platform-channel-handle=2320 /prefetch:3

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe

.\bin\gldriverquery64.exe

C:\Program Files (x86)\Steam\bin\gldriverquery.exe

.\bin\gldriverquery.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=2192,i,7245126235418511701,14180172145958385427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2368 --mojo-platform-channel-handle=2716 /prefetch:8

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,7245126235418511701,14180172145958385427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3164 --mojo-platform-channel-handle=3156 /prefetch:1

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe

.\bin\vulkandriverquery64.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe

.\bin\vulkandriverquery.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3832,i,7245126235418511701,14180172145958385427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3820 --mojo-platform-channel-handle=628 /prefetch:8

C:\Program Files (x86)\Steam\steamerrorreporter.exe

C:\Program Files (x86)\Steam\steam

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=2032,i,7245126235418511701,14180172145958385427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3656 --mojo-platform-channel-handle=2400 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3980,i,7245126235418511701,14180172145958385427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3588 --mojo-platform-channel-handle=3844 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4428,i,7245126235418511701,14180172145958385427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4360 --mojo-platform-channel-handle=4468 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4040,i,7245126235418511701,14180172145958385427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4120 --mojo-platform-channel-handle=4016 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=1976,i,7245126235418511701,14180172145958385427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4572 --mojo-platform-channel-handle=4108 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4100,i,7245126235418511701,14180172145958385427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4112 --mojo-platform-channel-handle=4368 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=4684,i,7245126235418511701,14180172145958385427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4688 --mojo-platform-channel-handle=4696 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4ec 0x4f8

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4044,i,7245126235418511701,14180172145958385427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4396 --mojo-platform-channel-handle=4128 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4424,i,7245126235418511701,14180172145958385427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4760 --mojo-platform-channel-handle=3952 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4768,i,7245126235418511701,14180172145958385427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4780 --mojo-platform-channel-handle=4008 /prefetch:1

C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe

"C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe"

C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe

"C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4916,i,7245126235418511701,14180172145958385427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4500 --mojo-platform-channel-handle=4944 /prefetch:2

C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe

"C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe"

C:\Program Files (x86)\Steam\bin\x64launcher.exe

"C:\Program Files (x86)\Steam\bin\x64launcher.exe" -hproc 11ec -hthread 1070 -baseoverlayname C:\Program Files (x86)\Steam\gameoverlayrenderer64.dll

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 3408 -s 784

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 8260 -s 3648

C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe

"C:\Program Files (x86)\Steam\steamapps\common\Combat Master\CombatMaster.exe"

C:\Program Files (x86)\Steam\bin\x64launcher.exe

"C:\Program Files (x86)\Steam\bin\x64launcher.exe" -hproc 11cc -hthread 12c8 -baseoverlayname C:\Program Files (x86)\Steam\gameoverlayrenderer64.dll

C:\Program Files (x86)\Steam\GameOverlayUI.exe

"C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 6828 -steampid 9012 -manuallyclearframes 0 -gameid 2281730

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=840,i,9912187475154509014,15130421448575726368,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4884 /prefetch:8

C:\Program Files (x86)\Steam\steamerrorreporter.exe

C:\Program Files (x86)\Steam\steam

C:\Program Files (x86)\Steam\GameOverlayUI.exe

"C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 6828 -steampid 9012 -manuallyclearframes 0 -gameid 2281730

C:\Program Files (x86)\Steam\steamerrorreporter.exe

C:\Program Files (x86)\Steam\steam

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3412,i,7245126235418511701,14180172145958385427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3416 --mojo-platform-channel-handle=1716 /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=5032,i,7245126235418511701,14180172145958385427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3292 --mojo-platform-channel-handle=5048 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4780,i,7245126235418511701,14180172145958385427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1672 --mojo-platform-channel-handle=1788 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4808,i,7245126235418511701,14180172145958385427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4452 --mojo-platform-channel-handle=4968 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3216,i,7245126235418511701,14180172145958385427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=5196 --mojo-platform-channel-handle=5048 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5184,i,7245126235418511701,14180172145958385427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=5204 --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4908,i,7245126235418511701,14180172145958385427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4932 --mojo-platform-channel-handle=5180 /prefetch:1

C:\Program Files (x86)\Steam\steamerrorreporter.exe

C:\Program Files (x86)\Steam\steam

C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2768,i,3243793157054193827,15931791884787582337,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1604 /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=4564,i,7245126235418511701,14180172145958385427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2188 --mojo-platform-channel-handle=3416 /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2240,i,7245126235418511701,14180172145958385427,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2244 --mojo-platform-channel-handle=2236 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=9012" "-buildid=1730853027" "-steamid=76561199801257421" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=1" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\Steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1730853027 --initial-client-data=0x27c,0x280,0x284,0x278,0x288,0x7ff8b71daf00,0x7ff8b71daf0c,0x7ff8b71daf18

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=76561199801257421 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1584,i,15964530036929636416,2606626148683513907,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1588 --mojo-platform-channel-handle=1576 /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=76561199801257421 --field-trial-handle=2236,i,15964530036929636416,2606626148683513907,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1364 --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=76561199801257421 --field-trial-handle=2880,i,15964530036929636416,2606626148683513907,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2884 --mojo-platform-channel-handle=2876 /prefetch:8

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=76561199801257421 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,15964530036929636416,2606626148683513907,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3160 --mojo-platform-channel-handle=2888 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=76561199801257421 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3816,i,15964530036929636416,2606626148683513907,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3792 --mojo-platform-channel-handle=3812 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=76561199801257421 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3980,i,15964530036929636416,2606626148683513907,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3664 --mojo-platform-channel-handle=4032 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=76561199801257421 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4168,i,15964530036929636416,2606626148683513907,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4332 --mojo-platform-channel-handle=4160 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.cheatengine.org udp
US 104.20.95.94:443 www.cheatengine.org tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 94.95.20.104.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 c6.patreon.com udp
US 8.8.8.8:53 bat.bing.com udp
US 104.16.25.14:443 c6.patreon.com tcp
US 150.171.27.10:443 bat.bing.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 www.patreon.com udp
US 104.16.24.14:443 www.patreon.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
GB 142.250.178.14:443 fundingchoicesmessages.google.com tcp
GB 142.250.178.14:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 c5.patreon.com udp
US 104.16.24.14:443 c5.patreon.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.178.14:443 fundingchoicesmessages.google.com udp
GB 216.58.213.1:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 14.25.16.104.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 200.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.24.16.104.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 216.58.212.194:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.179.225:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.225:443 ep2.adtrafficquality.google tcp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 194.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 225.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 d1ob1lqvot5kxa.cloudfront.net udp
FR 52.222.161.50:443 d1ob1lqvot5kxa.cloudfront.net tcp
FR 52.222.161.50:443 d1ob1lqvot5kxa.cloudfront.net tcp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 33.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 50.161.222.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 142.250.179.225:443 ep2.adtrafficquality.google udp
GB 216.58.212.194:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 d34hwk9wxgk5fi.cloudfront.net udp
GB 3.162.19.45:443 d34hwk9wxgk5fi.cloudfront.net tcp
GB 3.162.19.45:443 d34hwk9wxgk5fi.cloudfront.net tcp
US 8.8.8.8:53 45.19.162.3.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
IE 20.223.36.55:443 fd.api.iris.microsoft.com tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 shield.reasonsecurity.com udp
FR 52.222.201.32:443 shield.reasonsecurity.com tcp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 32.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 216.58.201.106:443 ogads-pa.googleapis.com udp
GB 216.58.201.106:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 analytics.apis.mcafee.com udp
US 54.71.162.139:443 analytics.apis.mcafee.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 139.162.71.54.in-addr.arpa udp
US 8.8.8.8:53 sadownload.mcafee.com udp
GB 2.18.190.76:443 sadownload.mcafee.com tcp
FR 52.222.201.32:443 shield.reasonsecurity.com tcp
US 8.8.8.8:53 76.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 autoupdate.opera.com udp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
NL 185.26.182.124:443 autoupdate.opera.com tcp
NL 82.145.216.47:443 autoupdate.geo.opera.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 features.opera-api2.com udp
US 8.8.8.8:53 download.opera.com udp
NL 82.145.216.16:443 features.opera-api2.com tcp
NL 82.145.216.48:443 download.opera.com tcp
GB 2.22.249.213:443 tcp
US 8.8.8.8:53 124.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 47.216.145.82.in-addr.arpa udp
US 8.8.8.8:53 121.217.145.82.in-addr.arpa udp
US 8.8.8.8:53 16.216.145.82.in-addr.arpa udp
US 8.8.8.8:53 48.216.145.82.in-addr.arpa udp
US 8.8.8.8:53 213.249.22.2.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 pac.rlinfraservices.com udp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
US 8.8.8.8:53 update.reasonsecurity.com udp
FR 18.245.199.108:443 update.reasonsecurity.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
US 8.8.8.8:53 40.136.165.3.in-addr.arpa udp
US 8.8.8.8:53 108.199.245.18.in-addr.arpa udp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
US 8.8.8.8:53 electron-shell.reasonsecurity.com udp
FR 3.165.113.87:443 electron-shell.reasonsecurity.com tcp
US 8.8.8.8:53 dns-tunnel-check.googlezip.net udp
US 8.8.8.8:53 tunnel.googlezip.net udp
GB 216.58.201.106:443 ogads-pa.googleapis.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.201.106:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 157.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 87.113.165.3.in-addr.arpa udp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 cheatengine.org udp
US 104.20.95.94:443 cheatengine.org tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.187.227:80 c.pki.goog tcp
US 8.8.8.8:53 sadownload.mcafee.com udp
GB 2.18.190.79:443 sadownload.mcafee.com tcp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 home.mcafee.com udp
GB 104.123.95.26:443 home.mcafee.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
US 8.8.8.8:53 analytics.apis.mcafee.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 54.71.162.139:443 analytics.apis.mcafee.com tcp
US 8.8.8.8:53 26.95.123.104.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 store.fastly.steamstatic.com udp
US 151.101.131.52:443 store.fastly.steamstatic.com tcp
US 151.101.131.52:443 store.fastly.steamstatic.com tcp
US 151.101.131.52:443 store.fastly.steamstatic.com tcp
US 151.101.131.52:443 store.fastly.steamstatic.com tcp
US 151.101.131.52:443 store.fastly.steamstatic.com tcp
US 151.101.131.52:443 store.fastly.steamstatic.com tcp
US 8.8.8.8:53 cdn.fastly.steamstatic.com udp
US 8.8.8.8:53 shared.fastly.steamstatic.com udp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 8.8.8.8:53 52.131.101.151.in-addr.arpa udp
US 8.8.8.8:53 52.3.101.151.in-addr.arpa udp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 8.8.8.8:53 216.21.192.23.in-addr.arpa udp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
US 8.8.8.8:53 cdn.reasonsecurity.com udp
FR 18.244.28.49:443 cdn.reasonsecurity.com tcp
US 8.8.8.8:53 49.28.244.18.in-addr.arpa udp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 23.192.22.93:80 www.microsoft.com tcp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 93.22.192.23.in-addr.arpa udp
GB 2.18.190.79:443 sadownload.mcafee.com tcp
US 54.71.162.139:443 analytics.apis.mcafee.com tcp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 54.71.162.139:443 analytics.apis.mcafee.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
FR 18.245.199.108:443 update.reasonsecurity.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
FR 18.244.28.49:443 cdn.reasonsecurity.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
US 8.8.8.8:53 config.reasonsecurity.com udp
FR 3.164.163.76:443 config.reasonsecurity.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
US 23.192.22.93:80 www.microsoft.com tcp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
FR 3.164.163.76:443 config.reasonsecurity.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
US 8.8.8.8:53 api.reasonsecurity.com udp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 68.9.67.172.in-addr.arpa udp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
FR 18.245.199.108:443 update.reasonsecurity.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
US 8.8.8.8:53 www.microsoft.com udp
FR 3.165.113.87:443 electron-shell.reasonsecurity.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
US 23.192.22.93:80 www.microsoft.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 cdn.steamstatic.com udp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 172.165.69.228:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 mc6.reasonsecurity.com udp
US 52.34.150.127:443 mc6.reasonsecurity.com tcp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 2.23.210.75:80 r11.o.lencr.org tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 32.169.19.2.in-addr.arpa udp
US 8.8.8.8:53 127.150.34.52.in-addr.arpa udp
US 8.8.8.8:53 75.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
US 8.8.8.8:443 dns.google udp
FR 18.155.129.89:443 tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
US 8.8.8.8:53 pac.rlinfraservices.com udp
US 8.8.8.8:53 89.129.155.18.in-addr.arpa udp
FR 3.165.136.74:443 pac.rlinfraservices.com tcp
US 8.8.8.8:53 74.136.165.3.in-addr.arpa udp
US 8.8.8.8:53 logziop.reasonsecurity.com udp
FR 18.155.129.8:443 logziop.reasonsecurity.com tcp
US 8.8.8.8:53 8.129.155.18.in-addr.arpa udp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
FR 18.244.28.49:443 cdn.reasonsecurity.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 store.fastly.steamstatic.com udp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 8.8.8.8:53 login.steampowered.com udp
GB 104.123.95.227:443 login.steampowered.com tcp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.123.95.227:443 api.steampowered.com tcp
GB 172.217.169.74:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 227.95.123.104.in-addr.arpa udp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
FR 3.164.163.76:443 config.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 8.8.8.8:53 ud.reasonsecurity.com udp
FR 52.222.169.93:443 ud.reasonsecurity.com tcp
FR 3.165.136.74:443 pac.rlinfraservices.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.229.21:443 js.hcaptcha.com tcp
US 8.8.8.8:53 93.169.222.52.in-addr.arpa udp
US 8.8.8.8:53 21.229.19.104.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 104.19.229.21:443 newassets.hcaptcha.com tcp
US 8.8.8.8:53 api2.hcaptcha.com udp
US 104.19.229.21:443 api2.hcaptcha.com udp
US 8.8.8.8:53 safer-web.reasonsecurity.com udp
FR 3.165.136.17:443 safer-web.reasonsecurity.com tcp
US 8.8.8.8:53 17.136.165.3.in-addr.arpa udp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
US 8.8.8.8:53 track.analytics-data.io udp
US 54.164.241.33:443 track.analytics-data.io tcp
US 8.8.8.8:53 33.241.164.54.in-addr.arpa udp
FR 3.165.136.40:443 pac.rlinfraservices.com tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 107.116.69.13.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 api.hcaptcha.com udp
US 104.19.230.21:443 api.hcaptcha.com tcp
US 8.8.8.8:53 21.230.19.104.in-addr.arpa udp
US 8.8.8.8:53 imgs3.hcaptcha.com udp
US 104.19.229.21:443 imgs3.hcaptcha.com udp
US 23.192.21.216:443 store.steampowered.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 test.steampowered.com udp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
GB 2.19.117.24:80 test.steampowered.com tcp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 24.117.19.2.in-addr.arpa udp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.123.95.227:443 api.steampowered.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 ext1-bom2.steamserver.net udp
IN 155.133.224.22:27031 ext1-bom2.steamserver.net tcp
IN 155.133.224.22:27035 ext1-bom2.steamserver.net tcp
US 8.8.8.8:53 ext1-maa2.steamserver.net udp
IN 155.133.225.20:27034 ext1-maa2.steamserver.net tcp
US 8.8.8.8:53 ext2-maa2.steamserver.net udp
IN 155.133.225.21:27025 ext2-maa2.steamserver.net tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 22.224.133.155.in-addr.arpa udp
US 8.8.8.8:53 21.225.133.155.in-addr.arpa udp
US 8.8.8.8:53 cmp1-sgp1.steamserver.net udp
US 8.8.8.8:53 cmp3-hkg1.steamserver.net udp
IN 155.133.224.22:443 ext1-bom2.steamserver.net tcp
IN 155.133.225.20:443 ext1-maa2.steamserver.net tcp
SG 103.10.124.4:27018 cmp1-sgp1.steamserver.net tcp
HK 103.28.54.102:27020 cmp3-hkg1.steamserver.net tcp
US 8.8.8.8:53 20.225.133.155.in-addr.arpa udp
SG 103.10.124.4:27020 cmp1-sgp1.steamserver.net tcp
US 8.8.8.8:53 ocsp.thawte.com udp
DE 152.199.19.74:80 ocsp.thawte.com tcp
US 8.8.8.8:53 4.124.10.103.in-addr.arpa udp
US 8.8.8.8:53 102.54.28.103.in-addr.arpa udp
US 8.8.8.8:53 e5.o.lencr.org udp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
GB 2.23.210.75:80 e5.o.lencr.org tcp
US 8.8.8.8:53 cmp2-fra1.steamserver.net udp
US 8.8.8.8:53 ext2-sto1.steamserver.net udp
SG 103.10.124.4:443 cmp1-sgp1.steamserver.net tcp
DE 155.133.250.20:27018 cmp2-fra1.steamserver.net tcp
SE 162.254.198.104:27021 ext2-sto1.steamserver.net tcp
US 8.8.8.8:53 crl.thawte.com udp
SE 192.229.221.95:80 crl.thawte.com tcp
US 8.8.8.8:53 74.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 20.250.133.155.in-addr.arpa udp
US 8.8.8.8:53 104.198.254.162.in-addr.arpa udp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 p2p-fra1.discovery.steamserver.net udp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 23.192.21.216:443 store.steampowered.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 235.1.22.104.in-addr.arpa udp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
GB 172.217.169.35:443 tcp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 p2p-fra1.discovery.steamserver.net udp
N/A 127.0.0.1:49198 tcp
N/A 127.0.0.1:49167 tcp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 23.192.21.216:443 store.steampowered.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.123.95.227:443 api.steampowered.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 cmp2-lax1.steamserver.net udp
US 8.8.8.8:53 cmp1-lax1.steamserver.net udp
US 8.8.8.8:53 cmp2-sea1.steamserver.net udp
US 162.254.195.75:443 cmp2-lax1.steamserver.net tcp
US 162.254.195.75:27018 cmp2-lax1.steamserver.net tcp
US 162.254.195.69:27018 cmp1-lax1.steamserver.net tcp
US 205.196.6.133:443 cmp2-sea1.steamserver.net tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 2.23.210.82:80 e6.o.lencr.org tcp
US 8.8.8.8:53 cmp2-dfw1.steamserver.net udp
US 8.8.8.8:53 cmp1-dfw1.steamserver.net udp
US 155.133.253.52:27018 cmp2-dfw1.steamserver.net tcp
US 155.133.253.36:443 cmp1-dfw1.steamserver.net tcp
US 155.133.253.36:27018 cmp1-dfw1.steamserver.net tcp
US 205.196.6.133:27018 cmp2-sea1.steamserver.net tcp
US 8.8.8.8:53 75.195.254.162.in-addr.arpa udp
US 8.8.8.8:53 133.6.196.205.in-addr.arpa udp
US 8.8.8.8:53 69.195.254.162.in-addr.arpa udp
US 8.8.8.8:53 82.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.23.210.75:80 e5.o.lencr.org tcp
US 8.8.8.8:53 cmp1-sea1.steamserver.net udp
US 8.8.8.8:53 cmp2-ord1.steamserver.net udp
US 8.8.8.8:53 cmp2-sto2.steamserver.net udp
US 8.8.8.8:53 cmp1-ord1.steamserver.net udp
US 205.196.6.132:27018 cmp1-sea1.steamserver.net tcp
US 162.254.193.75:443 cmp2-ord1.steamserver.net tcp
SE 155.133.252.69:27019 cmp2-sto2.steamserver.net tcp
US 162.254.193.103:443 cmp1-ord1.steamserver.net tcp
US 8.8.8.8:53 52.253.133.155.in-addr.arpa udp
US 8.8.8.8:53 36.253.133.155.in-addr.arpa udp
US 8.8.8.8:53 69.252.133.155.in-addr.arpa udp
US 8.8.8.8:53 75.193.254.162.in-addr.arpa udp
US 8.8.8.8:53 103.193.254.162.in-addr.arpa udp
US 8.8.8.8:53 132.6.196.205.in-addr.arpa udp
US 8.8.8.8:53 p2p-ord1.discovery.steamserver.net udp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 csc3-2010-crl.verisign.com udp
SE 192.229.221.95:80 csc3-2010-crl.verisign.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 172.67.9.68:443 api.reasonsecurity.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 23.192.21.216:443 store.steampowered.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
GB 172.217.169.35:443 udp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 client-update.steamstatic.com udp
US 151.101.195.52:443 client-update.steamstatic.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 r10.o.lencr.org udp
GB 2.23.210.82:80 r10.o.lencr.org tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 52.195.101.151.in-addr.arpa udp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 p2p-ord1.discovery.steamserver.net udp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.123.95.227:443 api.steampowered.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 ext2-scl1.steamserver.net udp
US 8.8.8.8:53 ext2-eze1.steamserver.net udp
CL 155.133.249.164:27033 ext2-scl1.steamserver.net tcp
US 8.8.8.8:53 ext1-eze1.steamserver.net udp
CL 155.133.249.164:27036 ext2-scl1.steamserver.net tcp
AR 155.133.255.164:27019 ext2-eze1.steamserver.net tcp
AR 155.133.255.100:27028 ext1-eze1.steamserver.net tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 ext1-lim1.steamserver.net udp
PE 155.133.244.34:27032 ext1-lim1.steamserver.net tcp
PE 155.133.244.34:27021 ext1-lim1.steamserver.net tcp
US 8.8.8.8:53 ext1-gru1.steamserver.net udp
BR 155.133.227.34:27035 ext1-gru1.steamserver.net tcp
BR 155.133.227.34:27029 ext1-gru1.steamserver.net tcp
US 8.8.8.8:53 164.249.133.155.in-addr.arpa udp
US 8.8.8.8:53 100.255.133.155.in-addr.arpa udp
US 8.8.8.8:53 164.255.133.155.in-addr.arpa udp
US 8.8.8.8:53 ext2-lim1.steamserver.net udp
AR 155.133.255.100:443 ext1-eze1.steamserver.net tcp
PE 155.133.244.50:443 ext2-lim1.steamserver.net tcp
US 162.254.195.69:27018 cmp1-lax1.steamserver.net tcp
US 205.196.6.133:443 cmp2-sea1.steamserver.net tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 34.244.133.155.in-addr.arpa udp
US 8.8.8.8:53 34.227.133.155.in-addr.arpa udp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 p2p-sea1.discovery.steamserver.net udp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 50.244.133.155.in-addr.arpa udp
US 8.8.8.8:53 csc3-2009-2-crl.verisign.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
GB 74.125.105.39:443 udp
US 8.8.8.8:53 39.105.125.74.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.123.95.227:443 api.steampowered.com tcp
US 8.8.8.8:53 cmp2-iad1.steamserver.net udp
US 8.8.8.8:53 cmp1-iad1.steamserver.net udp
US 162.254.192.98:27019 cmp1-iad1.steamserver.net tcp
US 8.8.8.8:53 cmp1-atl3.steamserver.net udp
US 162.254.192.99:443 cmp2-iad1.steamserver.net tcp
US 162.254.192.98:27018 cmp1-iad1.steamserver.net tcp
US 162.254.199.165:443 cmp1-atl3.steamserver.net tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.23.210.82:80 e5.o.lencr.org tcp
US 8.8.8.8:53 99.192.254.162.in-addr.arpa udp
US 8.8.8.8:53 165.199.254.162.in-addr.arpa udp
US 8.8.8.8:53 98.192.254.162.in-addr.arpa udp
GB 2.23.210.75:80 e5.o.lencr.org tcp
US 8.8.8.8:53 cmp2-atl3.steamserver.net udp
US 8.8.8.8:53 cmp2-sea1.steamserver.net udp
US 162.254.199.184:27018 cmp2-atl3.steamserver.net tcp
US 162.254.199.165:27018 cmp1-atl3.steamserver.net tcp
US 205.196.6.133:443 cmp2-sea1.steamserver.net tcp
US 205.196.6.133:27018 cmp2-sea1.steamserver.net tcp
US 8.8.8.8:53 184.199.254.162.in-addr.arpa udp
US 155.133.253.36:443 cmp1-dfw1.steamserver.net tcp
US 205.196.6.132:27018 cmp1-sea1.steamserver.net tcp
US 8.8.8.8:53 cmp2-ams1.steamserver.net udp
NL 155.133.248.43:443 cmp2-ams1.steamserver.net tcp
US 8.8.8.8:53 p2p-ams1.discovery.steamserver.net udp
US 8.8.8.8:53 43.248.133.155.in-addr.arpa udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 51.11.108.188:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
US 8.8.8.8:53 test.steampowered.com udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
GB 2.19.117.24:80 test.steampowered.com tcp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
N/A 127.0.0.1:50377 tcp
N/A 127.0.0.1:50376 tcp
US 8.8.8.8:53 api.reasonsecurity.com udp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 cmp1-sto2.steamserver.net udp
US 8.8.8.8:53 ext1-sto1.steamserver.net udp
SE 155.133.252.68:27019 cmp1-sto2.steamserver.net tcp
SE 162.254.198.44:27035 ext1-sto1.steamserver.net tcp
US 8.8.8.8:53 cmp1-fra1.steamserver.net udp
US 8.8.8.8:53 cmp2-fra2.steamserver.net udp
DE 155.133.250.4:27019 cmp1-fra1.steamserver.net tcp
US 155.133.229.20:27018 cmp2-fra2.steamserver.net tcp
US 8.8.8.8:53 109.234.82.104.in-addr.arpa udp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 2.23.210.75:80 e6.o.lencr.org tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.23.210.75:80 e5.o.lencr.org tcp
US 8.8.8.8:53 68.252.133.155.in-addr.arpa udp
US 8.8.8.8:53 44.198.254.162.in-addr.arpa udp
US 8.8.8.8:53 4.250.133.155.in-addr.arpa udp
US 8.8.8.8:53 20.229.133.155.in-addr.arpa udp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
SE 155.133.252.69:27019 cmp2-sto2.steamserver.net tcp
DE 155.133.250.20:27024 cmp2-fra1.steamserver.net tcp
US 8.8.8.8:53 cmp1-fra2.steamserver.net udp
US 155.133.229.4:27021 cmp1-fra2.steamserver.net tcp
SE 162.254.198.44:27032 ext1-sto1.steamserver.net tcp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 4.229.133.155.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
US 23.192.21.216:443 store.steampowered.com tcp
US 8.8.8.8:53 store.fastly.steamstatic.com udp
US 23.192.21.216:443 store.steampowered.com tcp
US 151.101.67.52:443 store.fastly.steamstatic.com tcp
US 8.8.8.8:53 login.steampowered.com udp
GB 104.82.234.109:443 login.steampowered.com tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
US 8.8.8.8:53 52.67.101.151.in-addr.arpa udp
US 8.8.8.8:53 help.steampowered.com udp
GB 104.82.234.109:443 help.steampowered.com tcp
GB 104.82.234.109:443 help.steampowered.com tcp
GB 104.82.234.109:443 help.steampowered.com tcp
GB 104.82.234.109:443 help.steampowered.com tcp
GB 104.82.234.109:443 help.steampowered.com tcp
GB 104.82.234.109:443 help.steampowered.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
GB 216.58.201.99:443 tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
US 8.8.8.8:53 ext2-dxb1.steamserver.net udp
AE 185.25.183.52:27036 ext2-dxb1.steamserver.net tcp
AE 185.25.183.52:27034 ext2-dxb1.steamserver.net tcp
AE 185.25.183.52:443 ext2-dxb1.steamserver.net tcp
IN 155.133.224.22:27029 ext1-bom2.steamserver.net tcp
US 8.8.8.8:53 52.183.25.185.in-addr.arpa udp
IN 155.133.224.22:27030 ext1-bom2.steamserver.net tcp
US 8.8.8.8:53 ext2-bom2.steamserver.net udp
IN 155.133.224.23:443 ext2-bom2.steamserver.net tcp
IN 155.133.225.20:443 ext1-maa2.steamserver.net tcp
IN 155.133.225.20:27019 ext1-maa2.steamserver.net tcp
IN 155.133.225.21:27035 ext2-maa2.steamserver.net tcp
US 8.8.8.8:53 cmp2-sgp1.steamserver.net udp
SG 103.10.124.5:27018 cmp2-sgp1.steamserver.net tcp
US 8.8.8.8:53 ext3-sto1.steamserver.net udp
SE 162.254.198.46:27036 ext3-sto1.steamserver.net tcp
NL 155.133.248.43:443 cmp2-ams1.steamserver.net tcp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 2.23.210.75:80 e6.o.lencr.org tcp
US 8.8.8.8:53 23.224.133.155.in-addr.arpa udp
US 8.8.8.8:53 5.124.10.103.in-addr.arpa udp
US 8.8.8.8:53 46.198.254.162.in-addr.arpa udp
US 8.8.8.8:53 client-update.steamstatic.com udp
US 151.101.131.52:443 client-update.steamstatic.com tcp
US 8.8.8.8:53 help.steampowered.com udp
GB 104.82.234.109:443 help.steampowered.com tcp
US 8.8.8.8:53 p2p-ams1.discovery.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
SG 103.10.124.4:443 cmp1-sgp1.steamserver.net tcp
US 8.8.8.8:53 cmp2-hkg1.steamserver.net udp
HK 103.28.54.101:27020 cmp2-hkg1.steamserver.net tcp
SG 103.10.124.5:27019 cmp2-sgp1.steamserver.net tcp
SG 103.10.124.4:27019 cmp1-sgp1.steamserver.net tcp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 2.23.210.75:80 e6.o.lencr.org tcp
HK 103.28.54.102:27020 cmp3-hkg1.steamserver.net tcp
HK 103.28.54.101:443 cmp2-hkg1.steamserver.net tcp
US 8.8.8.8:53 ext4-tyo3.steamserver.net udp
JP 45.121.184.23:27037 ext4-tyo3.steamserver.net tcp
JP 45.121.184.23:27031 ext4-tyo3.steamserver.net tcp
US 8.8.8.8:53 101.54.28.103.in-addr.arpa udp
US 8.8.8.8:53 ext3-tyo3.steamserver.net udp
JP 45.121.184.22:443 ext3-tyo3.steamserver.net tcp
US 162.254.195.75:443 cmp2-lax1.steamserver.net tcp
US 8.8.8.8:53 ext2-syd1.steamserver.net udp
AU 103.10.125.156:27030 ext2-syd1.steamserver.net tcp
US 162.254.199.184:443 cmp2-atl3.steamserver.net tcp
US 8.8.8.8:53 23.184.121.45.in-addr.arpa udp
US 8.8.8.8:53 p2p-lax1.discovery.steamserver.net udp
US 8.8.8.8:53 22.184.121.45.in-addr.arpa udp
US 8.8.8.8:53 156.125.10.103.in-addr.arpa udp
US 8.8.8.8:53 p2p-lax1.discovery.steamserver.net udp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 crash.steampowered.com udp
US 208.64.203.173:443 crash.steampowered.com tcp
US 8.8.8.8:53 ext2-gru1.steamserver.net udp
US 8.8.8.8:53 ext1-gru1.steamserver.net udp
BR 155.133.227.50:27024 ext2-gru1.steamserver.net tcp
BR 155.133.227.34:27032 ext1-gru1.steamserver.net tcp
AR 155.133.255.100:27034 ext1-eze1.steamserver.net tcp
AR 155.133.255.100:27019 ext1-eze1.steamserver.net tcp
US 8.8.8.8:53 r10.o.lencr.org udp
GB 2.23.210.75:80 r10.o.lencr.org tcp
US 8.8.8.8:53 173.203.64.208.in-addr.arpa udp
US 8.8.8.8:53 50.227.133.155.in-addr.arpa udp
BR 155.133.227.34:443 ext1-gru1.steamserver.net tcp
US 8.8.8.8:53 ext1-scl1.steamserver.net udp
CL 155.133.249.180:27030 ext1-scl1.steamserver.net tcp
CL 155.133.249.180:27029 ext1-scl1.steamserver.net tcp
PE 155.133.244.34:27035 ext1-lim1.steamserver.net tcp
PE 155.133.244.34:27034 ext1-lim1.steamserver.net tcp
US 162.254.199.184:27018 cmp2-atl3.steamserver.net tcp
US 8.8.8.8:53 cmp2-lhr1.steamserver.net udp
GB 162.254.196.80:443 cmp2-lhr1.steamserver.net tcp
US 162.254.193.75:27018 cmp2-ord1.steamserver.net tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.23.210.75:80 e5.o.lencr.org tcp
US 8.8.8.8:53 p2p-lhr1.discovery.steamserver.net udp
US 8.8.8.8:53 180.249.133.155.in-addr.arpa udp
US 8.8.8.8:53 80.196.254.162.in-addr.arpa udp
N/A 10.127.255.255:27036 udp
US 8.8.8.8:53 clientconfig.akamai.steamstatic.com udp
GB 2.19.117.41:80 clientconfig.akamai.steamstatic.com tcp
US 8.8.8.8:53 41.117.19.2.in-addr.arpa udp
GB 2.19.117.41:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.117.41:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.117.41:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.117.41:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.117.41:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.117.41:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.117.41:80 clientconfig.akamai.steamstatic.com tcp
US 8.8.8.8:53 shared.steamstatic.com udp
US 8.8.8.8:53 steamstore-a.akamaihd.net udp
US 151.101.131.52:443 shared.steamstatic.com tcp
GB 2.19.117.27:443 steamstore-a.akamaihd.net tcp
US 151.101.131.52:443 shared.steamstatic.com tcp
US 151.101.131.52:443 shared.steamstatic.com tcp
US 8.8.8.8:53 cdn.steamstatic.com udp
GB 2.19.117.27:443 steamstore-a.akamaihd.net tcp
GB 2.19.117.27:443 steamstore-a.akamaihd.net tcp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 2.23.210.75:80 r11.o.lencr.org tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google udp
US 23.192.21.216:443 store.steampowered.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 27.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
GB 104.82.234.109:443 steamcommunity.com tcp
GB 104.82.234.109:443 steamcommunity.com tcp
GB 2.19.117.23:443 tcp
US 172.64.145.151:443 tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 23.117.19.2.in-addr.arpa udp
GB 104.82.234.109:443 steamcommunity.com tcp
US 8.8.8.8:53 151.145.64.172.in-addr.arpa udp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 172.64.145.151:443 tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
N/A 127.0.0.1:27060 tcp
US 172.64.145.151:443 tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
GB 104.82.234.109:443 steamcommunity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.18.42.105:443 tcp
US 104.18.42.105:443 tcp
US 104.18.42.105:443 tcp
US 104.18.42.105:443 tcp
US 104.18.42.105:443 tcp
US 8.8.8.8:53 105.42.18.104.in-addr.arpa udp
US 8.8.8.8:53 shared.steamstatic.com udp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.18.42.105:443 tcp
US 8.8.8.8:53 steamstore-a.akamaihd.net udp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 8.8.8.8:53 cdn.steamstatic.com udp
US 151.101.67.52:443 cdn.steamstatic.com tcp
US 151.101.67.52:443 cdn.steamstatic.com tcp
US 151.101.67.52:443 cdn.steamstatic.com tcp
GB 104.82.234.109:443 steamcommunity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 clientconfig.akamai.steamstatic.com udp
GB 2.19.117.41:80 clientconfig.akamai.steamstatic.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 lancache.steamcontent.com udp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 cache13-lhr1.steamcontent.com udp
GB 162.254.196.23:443 cache13-lhr1.steamcontent.com tcp
US 8.8.8.8:53 23.196.254.162.in-addr.arpa udp
US 8.8.8.8:53 cache16-lhr1.steamcontent.com udp
GB 162.254.196.26:443 cache16-lhr1.steamcontent.com tcp
US 8.8.8.8:53 cache1-lhr1.steamcontent.com udp
GB 162.254.196.8:443 cache1-lhr1.steamcontent.com tcp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 2.23.210.75:80 e6.o.lencr.org tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 26.196.254.162.in-addr.arpa udp
US 8.8.8.8:53 8.196.254.162.in-addr.arpa udp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 cache11-lhr1.steamcontent.com udp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
GB 162.254.196.18:443 cache11-lhr1.steamcontent.com tcp
US 8.8.8.8:53 p2p-lhr1.discovery.steamserver.net udp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 18.196.254.162.in-addr.arpa udp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 steamcloud-london.storage.googleapis.com udp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 cache7-lhr1.steamcontent.com udp
GB 162.254.196.6:443 cache7-lhr1.steamcontent.com tcp
GB 216.58.201.123:443 steamcloud-london.storage.googleapis.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 6.196.254.162.in-addr.arpa udp
US 8.8.8.8:53 123.201.58.216.in-addr.arpa udp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.187.227:80 c.pki.goog tcp
FR 3.165.136.74:443 pac.rlinfraservices.com tcp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.187.227:80 o.pki.goog tcp
US 8.8.8.8:53 cache14-lhr1.steamcontent.com udp
GB 162.254.196.24:443 cache14-lhr1.steamcontent.com tcp
US 8.8.8.8:53 24.196.254.162.in-addr.arpa udp
US 8.8.8.8:53 lancache.steamcontent.com udp
US 8.8.8.8:53 p2p-lhr1.discovery.steamserver.net udp
US 8.8.8.8:53 lancache.steamcontent.com udp
US 8.8.4.4:443 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 api.reasonsecurity.com udp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 13.87.96.169:443 checkappexec.microsoft.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 lancache.steamcontent.com udp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 config.uca.cloud.unity3d.com udp
US 34.111.113.40:443 config.uca.cloud.unity3d.com tcp
US 8.8.8.8:53 40.113.111.34.in-addr.arpa udp
N/A 127.0.0.1:52331 tcp
N/A 127.0.0.1:52499 tcp
US 34.111.113.40:443 config.uca.cloud.unity3d.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 p2p-lhr1.discovery.steamserver.net udp
US 208.64.203.173:443 crash.steampowered.com tcp
US 208.64.203.173:443 crash.steampowered.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 208.64.203.173:443 crash.steampowered.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 steamcommunity.com udp
GB 104.123.95.227:443 steamcommunity.com tcp
GB 104.123.95.227:443 steamcommunity.com tcp
US 8.8.4.4:443 dns.google udp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
GB 2.19.117.23:443 tcp
GB 104.123.95.227:443 steamcommunity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
GB 104.123.95.227:443 steamcommunity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 208.64.203.173:443 crash.steampowered.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 23.192.21.216:443 store.steampowered.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
GB 104.123.95.227:443 steamcommunity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:443 dns.google udp
US 151.101.3.52:443 cdn.steamstatic.com tcp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8d7ba9cce5933d211441e70c476d8ab2
SHA1 dfbfd645108d474c4a4383c15151215b700aa38e
SHA256 6b7846597907505c2cac65913617e99f218c50b2c7af8ade90b08d135a0c9532
SHA512 d734587184a7bfd04e927932a5accfb075d1dffc75148c2d5db521fb3fdc277662f5f58ea338e1edbe6dfffc60c95f0807ed5beaf135d2759baff8c189190807

\??\pipe\crashpad_3756_XJXUGZKLHEHRSPVS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 72129be1a97c25ef693d808b0ce05ec5
SHA1 8bf4c483abe2dd5d2bba3439f01461e3366c7b2b
SHA256 510599d6ee90d9c73585a145f6ae53ada0e530831f45b13f0a05d93ca60c497b
SHA512 77ae8330447cbde8425fa9361e38fed414d386eb9c3b96224b4b1c6b517fe09ef7120842f2e6d6ef8f4a8b78f8c65acebb9eaee34e1627c859da7365bd8f9a48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 dce258887d8b82c16cfd6d3f78af8a53
SHA1 498beae9a3eb8f863278a11caeaf27803b4802ba
SHA256 71123bbbea0a37ac61ce651c4b5b74b5ca0f94991c165793ff9c6d5d3ac5bfd7
SHA512 4fed4c84c6d1ae3571965111e30825369497c58b2837fb8bdc6a329350b64546b4f5efe0257a72980ddcbc634be2fc08427e0fcb1fd8af61b4e31dcf5b7283c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\88eaf434-8982-421b-b317-5355c8d16365.tmp

MD5 f592a30387218a73425a43ea8f311a8e
SHA1 be89f6f08b47bc3aaa5ca491053ca9cc8b31641a
SHA256 839075f1782a6ab9627788a7a1e7e6aa73aa371ccf1c94407794309fb7ead3b2
SHA512 4edd3a0a404fcd92147361b6d6bd1b92c3ef1baae7c1cdc9a972f0e771a0d906bc71c9752059abb95c6e29bafa092d16902c137996a8be2e08fe185176ca45c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b8aef197f6739704c0398b29ae28a8a2
SHA1 126ee7eba37158792c70707e5160c7d1aa350848
SHA256 a894e15cf67f7f1fc5634f4778d5faadb2a0daf5443d593c82419f63cc13338d
SHA512 697eef67cd6a4da168c6ec9b283de8ee2f875bda6cda58050fcbeba249877fd8e1c4b06f2085e20cb1c745152e5a88c087f1099ae882bc8221eefaecb7d93816

C:\Users\Admin\Downloads\092e62c9-84be-4ead-a59b-2191c571cc20.tmp

MD5 7f2177dbf43e80bdae7cb03237a397fa
SHA1 807d0a525c2e6df2daf864bee7daf8eed300ac7b
SHA256 c714cfe29e53fed280902ac46d1f3898b485bbc797b54f96063695bade88ab45
SHA512 a32f3e47545c4df4e9e06473193b203d861c90bbdfa4f81e1a2daec75cb657719fc2e07f5f7baf1e8910eb352e2819650fd8a59c1b143ff17b5d8804ec62bbef

C:\Users\Admin\Downloads\CheatEngine75 (2).exe

MD5 647a2177841aebe2f1bb1b3767f41287
SHA1 446575615e7fcc9c58fb04cad12909a183a2eb15
SHA256 07c1abb57c4498748c4f1344a786c2c136b82651786ed005d999ecbf6054fb2c
SHA512 f3165aec7a4b7adb7e6ffca56812f769b7b085000d50bf235ca1c7e74d76dfb5549de9561e281623c734c2dec9fc37b54af572c3e97fcb9fb1411102ae3da0c0

memory/4960-188-0x0000000000400000-0x00000000004CC000-memory.dmp

memory/4960-190-0x0000000000401000-0x00000000004B7000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 62ae477c2e7b74cb7f75caa855469a61
SHA1 92e1f0cf9d678fbc2b9998c4bc2f48e52397d099
SHA256 daaf273878ec3575be6d6542cd33441bf6eb7b9553c6d63b54622d00e5a6303e
SHA512 54bf70ec3e633d3dc68d5c3db15fcd177e337c29ce3cb1365ead7e364f036d7c61218841a41779b51abfc07c23bf57960d07fe27237ac2e27261eae9f3a012b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4bce580e851e7e7407b93272e19b75c6
SHA1 4faf88443704ac493f40d5d7836c062a3773aed9
SHA256 7d1a75f8eee2b28b965ebc89e3fb4a3312a81c5401b329c0664d103e239e7624
SHA512 e9be66b18245097a6889fd2865ea1eb542579e24d9d945f682df4d8159c5719000f51d7a8c933f74e3fbd56a261540d4e59c430b3af92669b0eb2403856efa02

C:\Users\Admin\AppData\Local\Temp\is-67O57.tmp\CheatEngine75 (2).tmp

MD5 2c94c19646786c4ee5283b02fd8ce5a5
SHA1 bf3dd30300126ba9b51c343d64da2d8eda23ebea
SHA256 9be09875aa698a85c446fb80e075087d6c0a543a493a7f033f3015fe2f0680d5
SHA512 7c3d5e740340042e34f25047a29add080e89027db2d49775aad529ecb8e13bfb83f73adb3b2999e129a27d85c9b0021e3bf3e110ac93cdf6c6393d121a0f7d4e

memory/1056-213-0x0000000000400000-0x00000000006EE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7a10931d7b7497c1dd258e0a8e381584
SHA1 4a6d9411661aef24317493b94cb91d55e5e42a7c
SHA256 446bab31e457ec3b0175f8f00ffeaab361ddcac3bbc26442843aba5e7c392579
SHA512 92b3c67131747c0e03e0bd57080bcfc95405053f05efe96be09cfdf07045c686070b60e0e8b5693372f386caa954130f72435fedf818adaf4c913d50eebbab26

C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\zbShieldUtils.dll

MD5 3037e3d5409fb6a697f12addb01ba99b
SHA1 5d80d1c9811bdf8a6ce8751061e21f4af532f036
SHA256 a860bd74595430802f4e2e7ad8fd1d31d3da3b0c9faf17ad4641035181a5ce9e
SHA512 80a78a5d18afc83ba96264638820d9eed3dae9c7fc596312ac56f7e0ba97976647f27bd86ea586524b16176280bd26daed64a3d126c3454a191b0adc2bc4e35d

memory/1056-238-0x00000000054F0000-0x0000000005630000-memory.dmp

memory/1056-239-0x0000000000400000-0x00000000006EE000-memory.dmp

memory/4960-242-0x0000000000400000-0x00000000004CC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\logo.png

MD5 9cc8a637a7de5c9c101a3047c7fbbb33
SHA1 5e7b92e7ed3ca15d31a48ebe0297539368fff15c
SHA256 8c5c80bbc6b0fdb367eab1253517d8b156c85545a2d37d1ee4b78f3041d9b5db
SHA512 cf60556817dba2d7a39b72018f619b0dbea36fb227526943046b67d1ae501a96c838d6d5e3da64618592ac1e2fa14d4440baa91618aa66256f99ea2100a427b4

C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\WebAdvisor.png

MD5 4cfff8dc30d353cd3d215fd3a5dbac24
SHA1 0f4f73f0dddc75f3506e026ef53c45c6fafbc87e
SHA256 0c430e56d69435d8ab31cbb5916a73a47d11ef65b37d289ee7d11130adf25856
SHA512 9d616f19c2496be6e89b855c41befc0235e3ce949d2b2ae7719c823f10be7fe0809bddfd93e28735b36271083dd802ae349b3ab7b60179b269d4a18c6cef4139

memory/1056-247-0x00000000054F0000-0x0000000005630000-memory.dmp

memory/1056-248-0x0000000000400000-0x00000000006EE000-memory.dmp

memory/1056-249-0x0000000000400000-0x00000000006EE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\Opera_new.png

MD5 b3a9a687108aa8afed729061f8381aba
SHA1 9b415d9c128a08f62c3aa9ba580d39256711519a
SHA256 194b65c682a76dc04ce9b675c5ace45df2586cc5b76664263170b56af51c8aeb
SHA512 14d10df29a3bb575c40581949d7c00312de08bb42578b7335792c057b83ab2878d44c87042bbdb6ec8ceaf763b4fbd8f080a27866fe92a1baf81c4f06705a0c4

memory/1056-253-0x00000000054F0000-0x0000000005630000-memory.dmp

memory/1056-254-0x0000000000400000-0x00000000006EE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\RAV_Cross.png

MD5 cd09f361286d1ad2622ba8a57b7613bd
SHA1 4cd3e5d4063b3517a950b9d030841f51f3c5f1b1
SHA256 b92a31d4853d1b2c4e5b9d9624f40b439856d0c6a517e100978cbde8d3c47dc8
SHA512 f73d60c92644e0478107e0402d1c7b4dfa1674f69b41856f74f937a7b57ceaa2b3be9242f2b59f1fcf71063aac6cbe16c594618d1a8cdd181510de3240f31dff

memory/1056-258-0x00000000054F0000-0x0000000005630000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cc328ece100608b5258b4b5415aa3565
SHA1 7a49934a3c5035b579b45073bd9d955cc2f2c3d9
SHA256 19f1ff66df5ad23a154ab55f4fb354cdfa5e6b28d2c6e63395ec41b8d964d57c
SHA512 28343dac4b9e22c640bd3cb7f2480dcae96656d997f502d20ae9f3e257abdbe480c9efb1d0ae751ab38ccd2e5a26815cb7500397eaf601e62d0f35fad2d95595

C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod0.zip

MD5 f68008b70822bd28c82d13a289deb418
SHA1 06abbe109ba6dfd4153d76cd65bfffae129c41d8
SHA256 cc6f4faf4e8a9f4d2269d1d69a69ea326f789620fb98078cc98597f3cb998589
SHA512 fa482942e32e14011ae3c6762c638ccb0a0e8ec0055d2327c3acc381dddf1400de79e4e9321a39a418800d072e59c36b94b13b7eb62751d3aec990fb38ce9253

memory/1056-301-0x0000000000400000-0x00000000006EE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod0_extract\saBSI.exe

MD5 143255618462a577de27286a272584e1
SHA1 efc032a6822bc57bcd0c9662a6a062be45f11acb
SHA256 f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4
SHA512 c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9

C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod1.zip

MD5 616aafe37345fe9b51c18fd1e6e03d08
SHA1 18cc43c529bcff36907363dfd80fee69b018ff7d
SHA256 f5a65f76eae8684edb4be8f4d7c61c97c9fc7a0f33840ecdd192a43117499dab
SHA512 d7d0e00852d96bd1bcc49cbbe2934b2254f93d59f3e6753f6cf4617740014d1146d0302057189b810b69e42a8f7acf33bd436b9f393791b592a53d6b8d6c7bc1

C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod1_extract\OperaSetup.exe

MD5 b4b3aed36ec93e582f1a1e1682f02d43
SHA1 d360cbbe5b39ba46ec3efc7a8fb094ece7d1f534
SHA256 586fae6a4e39f8bf273ebb29d4d040073d90c72591fa00275cf7be500f49c3d3
SHA512 e0e80aedd8b8fa3d8a91ed9c6c54c103b1b39f7695091d123c302fafe5097b0d858dfbc9b58fbf4989853c73489c950619baf73a642dfa35891605feda4d5d4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 68fa6bcacb1aa9a1a5f9a95347017f3a
SHA1 048201eb29443324e00b53f7bc462f1023c41d74
SHA256 3f5b36a67d9954aa633fadf4f167b185b1e061dceb26b761b3e1c9ddbe9593d3
SHA512 054d436fe63e7ba2819f7f40eb5bd1a1a1f1bd1d7c5b25a333af868c05573554ab29c50866c2a188b791d08aeb53958c93b0d49ef5e03ed229547e569ed9cfe9

C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod2.exe

MD5 45446daffd3460ccfd0634a2404daf0f
SHA1 b4b448e6185ac6f9c1d5aa153931058ce14003a6
SHA256 2043c88104b5e167057ea1ff1e54821ac6054a160caa7671eb8f93f17b48a9f2
SHA512 0970826acd19db305cee355ae59b93527e64206f33fda619f11389144892c0c8cf6629c7a2be8bc313e922b1ae6766a25e6781c2314a6ec9ad7ecea85b7f19a1

memory/2300-388-0x000002246F170000-0x000002246F178000-memory.dmp

memory/2300-389-0x0000022471AD0000-0x0000022471FF8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSC1BBFD58\setup.exe

MD5 ca703b06ef8fd8cc9c95a8aa16a331cd
SHA1 30375ffd59a8bd6ccc0a463f399349351bc3fcc9
SHA256 f9a1df41bf0a4f1615daf6af120449701b1a49970a08c36b1781408c75ee91b2
SHA512 97b17925b6cfcea80f5305dd55e511f482153319273c5ea03cb0155d31b0f678bddd75615175821e4111cb102763b3078de4651dc44fc18ab295acfc3d5c37c2

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2411122237223283916.dll

MD5 9dd3623a796d16de1c7b31d82c0779c1
SHA1 c6bc42643ecc80987d0c501695e1102caa891ec8
SHA256 a766e31ebe83587cb640813cdd7cd2f1131c835458e3064446aa54b8fb90da38
SHA512 87b69320ed66a91bbad6e5392ff998d12f9c4e677da943d0121c7a1803b3d956d4b1a172061b80f87d5993a9421d1e347117248b0f674cea0e01932b98842f8a

C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\CheatEngine75.exe

MD5 e0f666fe4ff537fb8587ccd215e41e5f
SHA1 d283f9b56c1e36b70a74772f7ca927708d1be76f
SHA256 f88b0e5a32a395ab9996452d461820679e55c19952effe991dee8fedea1968af
SHA512 7f6cabd79ca7cdacc20be8f3324ba1fdaaff57cb9933693253e595bfc5af2cb7510aa00522a466666993da26ddc7df4096850a310d7cff44b2807de4e1179d1a

memory/2336-406-0x0000000000400000-0x00000000004D8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-8TLQ7.tmp\CheatEngine75.tmp

MD5 9aa2acd4c96f8ba03bb6c3ea806d806f
SHA1 9752f38cc51314bfd6d9acb9fb773e90f8ea0e15
SHA256 1b81562fdaeaa1bc22cbaa15c92bab90a12080519916cfa30c843796021153bb
SHA512 b0a00082c1e37efbfc2058887db60dabf6e9606713045f53db450f16ebae0296abfd73a025ffa6a8f2dcb730c69dd407f7889037182ce46c68367f54f4b1dc8d

C:\Users\Admin\AppData\Local\Temp\e54ib5ao.exe

MD5 150859a1a955c4ff6f4c4d95b80d17a3
SHA1 90f79396aafc9fcb77cab2f024b0e50789e913dd
SHA256 b73d17c5e1245cbcd57b540478e3e0d753852896b05325c6756d7dfbc74c3310
SHA512 de0613d1bdcce3fbfeb2e83cd327a5562ca4b89cc7b86388658b87d999efc54e1d7bd675145dfe0bb4f917b153f9c74e2ad3f5726eecb2379cb5936d48ab3fc4

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

MD5 f674ece4c0042b6e38251939d823ca7d
SHA1 51f02af82fd5339367f4f6d3ccd098e5c2b24b51
SHA256 5f83e89db752c4f5043d4d9fd178d7f7ecda354464f69a199355fa756a30e2bf
SHA512 d8313ee0ce38326ae36a87d0512963b0eb74d879f8b39ee22a27d207f65bdf2622218be8b93c06c7cc7adef63c76b7ac3969b547c3834b40ebf9363d108a12f6

memory/1056-424-0x0000000000400000-0x00000000006EE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\UnifiedStub-installer.exe

MD5 aa977e4d5c83269768d340fcfa2575d8
SHA1 de3c801faabdef44ab29693cc61dae5dcc42946c
SHA256 15a565c493bccecb35b1300b1f27e5b0ec1dc9a105048320a341ab7c689ef441
SHA512 1993dfc8b5e42502c606d03d6cdc11c01e7790b6a4aa39bd197af3d2f9e357e63ebd3d81915bc31509f15f50ea75b3a421e4e174d934e9b5ca4df6a8b5dea24e

memory/5792-587-0x00000204EAD50000-0x00000204EAD98000-memory.dmp

memory/5792-589-0x00000204E9420000-0x00000204E9450000-memory.dmp

memory/5792-592-0x00000204EB5B0000-0x00000204EB5D2000-memory.dmp

memory/5792-594-0x00000204EB650000-0x00000204EB67E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-OQT60.tmp\_isetup\_setup64.tmp

MD5 e4211d6d009757c078a9fac7ff4f03d4
SHA1 019cd56ba687d39d12d4b13991c9a42ea6ba03da
SHA256 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95
SHA512 17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

memory/5792-599-0x00000204EB810000-0x00000204EB868000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\rsSyncSvc.exe

MD5 f2738d0a3df39a5590c243025d9ecbda
SHA1 2c466f5307909fcb3e62106d99824898c33c7089
SHA256 6d61ac8384128e2cf3dcd451a33abafab4a77ed1dd3b5a313a8a3aaec2b86d21
SHA512 4b5ed5d80d224f9af1599e78b30c943827c947c3dc7ee18d07fe29b22c4e4ecdc87066392a03023a684c4f03adc8951bb5b6fb47de02fb7db380f13e48a7d872

C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\Microsoft.Win32.TaskScheduler.dll

MD5 66d8a1f5d43fd2b5a7887caeb34c29f8
SHA1 2dd496963503ec230f82bbac42277a22d59f36e4
SHA256 91768a331e4901062d217935d187a93e91a166aee1e0c9ffc583febc432d800c
SHA512 9ab3847305c6e07e634ff363597cf32e96f926cac08e6d91d32313db51c636b08b47584d9cba37f5831858d0ffae9af663edfed02ddbc56a18bb043c6535679e

C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\uninstall-epp.exe

MD5 a8ff5dbb5074812113cb0da35abdfe00
SHA1 37c4e8beaa1f6a7d46233c1d29a5387b6927906c
SHA256 d582497b56647aa63a9f9f0a72a49aba000c9ebe40ce18a09af2a16f330ce2d3
SHA512 4b86523c21fb03030bc2ffe3a3cbecc80250957e7b66bc5fc20cc922693cdd1a8047ebacee9e9a457a25fa4007072b88ca8aa08809099a488d7d5eed89ae2df8

C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\Reason.PAC.dll

MD5 55069c806bdebd87542ae9a2f085231d
SHA1 35f013e48667f9554af6c606bd4cd88d62efa721
SHA256 7116383552044b9179698ab45b143f5af21e0e2aa55929820775469984058aaf
SHA512 6cb53af5964be599764ac378aa2fc7885788a13e2c0413e26d1f285737bd84f2eac9e96638645e6e0d7adfb898bd4f43e0b92d7ed5af52bd8015b11c1b5377f0

memory/5792-591-0x00000204EB750000-0x00000204EB802000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\Newtonsoft.Json.dll

MD5 e861c99a49bb5bc9ffb20076b22bd37e
SHA1 e7adb668d547b52ce0bb61ef484333f164389cc3
SHA256 e7d7ed24a4fa5719ec70f02753282d886b1ab299a522b2bd04ab67413ab9aa2a
SHA512 c03c3e730f8d401f39012b8c95935e5dfa1734ba2c591c907868d2abb5d71806670e72e4b5ab1ca886bba212f2cf66f8f13d4d694ed18f214e835d91646472b2

C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\rsLogger.dll

MD5 232412118c77c2285b0bdbae8a53341c
SHA1 e31d454872f487c5f0d1c160d13ed912c817376a
SHA256 85a6fefc48ef53de8db496497f6d9e642bf0c2226773b5547fd64491bdd190c5
SHA512 5f93af8030c33686f1a2ea7e34a690206de970b2377251c1e4acb21ba0941f599e499690dbea36163fea4bc68bf14099a7f4ba4153dd6327da3476ff7c88b112

C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\rsStubLib.dll

MD5 f69575b2f080d2d07137409e79680418
SHA1 fa2cb6bdf0735d10c9b8274e854a6742b8f71408
SHA256 613c278e740adf39c512de371f2614ee09e2645552f6f5b096a2308e74fe7048
SHA512 a7724bd03426a1b0ca86eb862037ec89cb70c9e792751d2ad32a8bbd895be09b575af41d35106249f04a1814a65a66619ad6eccb0d22535e2ca8f02deed20de3

memory/5792-585-0x00000204E8F50000-0x00000204E905A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\prod0_extract\installer.exe

MD5 641e5e233c39542ecd134f39759cd335
SHA1 729b6c82d22729707a24efcf78f56873af0458e6
SHA256 2b6adec48e0ee6c7e17a43d176bb417ec624f441b998b4503e825a7ae91aad56
SHA512 b04c6adc43018d6593c740f4046a6338b17bc66b4d625d551f44f3069d5f5dcab161a57239a58aeed3fb14fa3139263c358d95d2dd17f01197f7f0f732edcb3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 64666716a09c24f72a9f9da39518aeda
SHA1 e54f5b27855e0878795a4ebbb8eac92ec66e53f5
SHA256 cc990254a1350fc43fb651923d0713391ec3a4215eaea49cb1f985c2eb81d200
SHA512 3154fa6de691b61ead55c38610265e54b96ebb32fa150e43a06ac7874205614f23945db370c21e51909520f73404092875b0864b918611080ceb559d5f62afe1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f691a1103b3c6947dfd3c251fc60650e
SHA1 1c09ca3c556e744b4b48fdb8a6ddd576778474cc
SHA256 63d4ff31405e33c20d4c57ea22291006576229f39c14242d5c5f8547f19385c8
SHA512 1250c39278d09e613ab3ccac1fe84ba9dd6279896080e693b3918950c7d5634241131890ce644fc054202d944f2fe4d14736977d8482da8fdc34cbd01be5cc1d

memory/2336-849-0x0000000000400000-0x00000000004D8000-memory.dmp

memory/5532-1025-0x00007FF6B4A00000-0x00007FF6B4A10000-memory.dmp

memory/5532-1090-0x00007FF6B4A00000-0x00007FF6B4A10000-memory.dmp

memory/5532-1092-0x00007FF6B4A00000-0x00007FF6B4A10000-memory.dmp

memory/5532-1091-0x00007FF6B4A00000-0x00007FF6B4A10000-memory.dmp

memory/5532-1089-0x00007FF6B4A00000-0x00007FF6B4A10000-memory.dmp

memory/5532-1088-0x00007FF6B4A00000-0x00007FF6B4A10000-memory.dmp

memory/5532-1024-0x00007FF6B4A00000-0x00007FF6B4A10000-memory.dmp

memory/5532-1023-0x00007FF6B4A00000-0x00007FF6B4A10000-memory.dmp

memory/5532-1022-0x00007FF6B4A00000-0x00007FF6B4A10000-memory.dmp

memory/5532-1094-0x00007FF6B4A00000-0x00007FF6B4A10000-memory.dmp

memory/5532-1095-0x00007FF6B4A00000-0x00007FF6B4A10000-memory.dmp

memory/5532-1096-0x00007FF6B4A00000-0x00007FF6B4A10000-memory.dmp

C:\Program Files\Cheat Engine 7.5\badassets\scoreboard.png

MD5 5cff22e5655d267b559261c37a423871
SHA1 b60ae22dfd7843dd1522663a3f46b3e505744b0f
SHA256 a8d8227b8e97a713e0f1f5db5286b3db786b7148c1c8eb3d4bbfe683dc940db9
SHA512 e00f5b4a7fa1989382df800d168871530917fcd99efcfe4418ef1b7e8473caea015f0b252cac6a982be93b5d873f4e9acdb460c8e03ae1c6eea9c37f84105e50

memory/5164-1388-0x0000000000400000-0x000000000071B000-memory.dmp

memory/2336-1389-0x0000000000400000-0x00000000004D8000-memory.dmp

memory/1056-1400-0x00000000054F0000-0x0000000005630000-memory.dmp

memory/1056-1403-0x0000000000400000-0x00000000006EE000-memory.dmp

memory/5532-1405-0x00007FF6B4A00000-0x00007FF6B4A10000-memory.dmp

memory/5532-1406-0x00007FF6B4A00000-0x00007FF6B4A10000-memory.dmp

memory/5532-1407-0x00007FF6B4A00000-0x00007FF6B4A10000-memory.dmp

memory/5532-1483-0x00007FF6B4A00000-0x00007FF6B4A10000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-61UF1.tmp\finish.png

MD5 b24e872bd8f92295273197602aac8352
SHA1 2a9b0ebe62e21e9993aa5bfaaade14d2dda3b291
SHA256 41031efc4f7e322dc5ffacc94b9296fb28b9b922b1ce3b3da13bf659a5fd2985
SHA512 f08ac681abc4e0f6d7a1d1f2303169004e67c880f9353c0ed11dfab3eb511ddf841fa056f4090da8201c822c66ae55419c48cd87f11b9866feb46a3fe2c2af99

memory/5532-1488-0x00007FF6B4A00000-0x00007FF6B4A10000-memory.dmp

memory/5532-1497-0x00007FF6B4A00000-0x00007FF6B4A10000-memory.dmp

memory/5532-1496-0x00007FF6B4A00000-0x00007FF6B4A10000-memory.dmp

memory/5532-1495-0x00007FF6B4A00000-0x00007FF6B4A10000-memory.dmp

memory/5532-1493-0x00007FF6B4A00000-0x00007FF6B4A10000-memory.dmp

memory/5532-1492-0x00007FF6B4A00000-0x00007FF6B4A10000-memory.dmp

memory/5532-1491-0x00007FF6B4A00000-0x00007FF6B4A10000-memory.dmp

memory/5532-1487-0x00007FF6B4A00000-0x00007FF6B4A10000-memory.dmp

memory/5532-1486-0x00007FF6B4A00000-0x00007FF6B4A10000-memory.dmp

memory/5532-1485-0x00007FF6B4A00000-0x00007FF6B4A10000-memory.dmp

memory/5532-1484-0x00007FF6B4A00000-0x00007FF6B4A10000-memory.dmp

memory/5532-1482-0x00007FF6B4A00000-0x00007FF6B4A10000-memory.dmp

memory/1056-1481-0x0000000000400000-0x00000000006EE000-memory.dmp

memory/5532-1585-0x00007FF6C5BF0000-0x00007FF6C5C00000-memory.dmp

memory/5532-1556-0x00007FF6B38A0000-0x00007FF6B38B0000-memory.dmp

memory/5532-1555-0x00007FF6FCDA0000-0x00007FF6FCDB0000-memory.dmp

memory/5532-1551-0x00007FF6FCDA0000-0x00007FF6FCDB0000-memory.dmp

memory/5532-1548-0x00007FF6FCDA0000-0x00007FF6FCDB0000-memory.dmp

memory/5532-1538-0x00007FF6FCDA0000-0x00007FF6FCDB0000-memory.dmp

memory/5532-1534-0x00007FF6FCDA0000-0x00007FF6FCDB0000-memory.dmp

memory/5532-1532-0x00007FF6FCDA0000-0x00007FF6FCDB0000-memory.dmp

memory/5532-1498-0x00007FF6B4A00000-0x00007FF6B4A10000-memory.dmp

memory/5532-1508-0x00007FF701290000-0x00007FF7012A0000-memory.dmp

memory/5532-1494-0x00007FF6B4A00000-0x00007FF6B4A10000-memory.dmp

memory/5532-1586-0x00007FF6FCDA0000-0x00007FF6FCDB0000-memory.dmp

memory/5532-1584-0x00007FF6C5BF0000-0x00007FF6C5C00000-memory.dmp

memory/5532-1566-0x00007FF6FCDA0000-0x00007FF6FCDB0000-memory.dmp

memory/5532-1530-0x00007FF6FCDA0000-0x00007FF6FCDB0000-memory.dmp

memory/5532-1528-0x00007FF6FCDA0000-0x00007FF6FCDB0000-memory.dmp

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 779299ac0e68357111143fa9ef6b341b
SHA1 d93aa65e62b2bd492fac45e6221ccace789f3dd1
SHA256 e7b590b31400c3bb6ed73bdb7de297aff3692631e6e3dddbf16513750d255889
SHA512 af0774de73e72defb3723a744d46013444c052fdabb93e8f973a8c4b6f661ace52bbfc3d6da027e6acfe0d4ad7cd9725893c9e909b1c958b8e4da50ba5d27504

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 e45e2be65215a79bb8fca7da92d6d610
SHA1 2ba51839b67ad541de8839e245ef93e34c6fba98
SHA256 93735c624d154927fa6feeef27177478c21c17e4be8e57882451b80d1c336aca
SHA512 24a8b84432dfa1850859286b6717d6f4873af16900eaaf4ae4b4ce0c6eaeca8a7f50bfee3331e90f37ab357995efc829d5cbb07aa823e7ca880a8850d0b1b7d4

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 928559eaa0b32290bd46671f72a04712
SHA1 f6f504f7acadd056b7c8194bdba324f23f2a6630
SHA256 61c2158d398b0b11669b3b3bb9bf75ae9301e25026b65e266e7275dbc40b7dc9
SHA512 9051e87a5a2782d33a4a3dbbe992ead60d443e3691a63050efe978619ff8c7b4795bfdcca5ceac739747bfc64db1c5030447232b2035cf5f3f21462e6ac47d03

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 afaa7cce39e5bcb183642b692e7f2f8a
SHA1 04f936ef78d991513a073ed38fada29d110c4102
SHA256 01c6fc2143d7ad1839d9506066e454e519768917e6e2f84a31fc6777f5a0a68f
SHA512 a497fb27fb9d113a49ae46f301cb86dba01d65d1d35f9e296bfb8cb221af4c66e01dac5f93ce31e6c22c831d30dfb5f5959e49ef1b3a14c99825260778e9c348

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 a477cacd8bdd0e568faffd2f70f368a8
SHA1 9d3bf3c8cd67ba2b677297d4fa78b81acf6edbbb
SHA256 94093d0ddc0997fc8f87aefc39d7995ed518c26afa6a07ac8e32f5243aad61b9
SHA512 6415f33e3fe3d58952e10f26768f69d4741c4c2f0b7bf36b532a9d830af177ad81483cc6c74426ce1aa2eeb942cad02a5cb8f265d7c7a8af3ac835c26d871baa

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 e82cd31912c09637385b271ef5261d7d
SHA1 30d9fb19a063968b84bd09625f41af2b676c243e
SHA256 2121df4416eca75fdaad3263d503c6ed15a74e357eebed85a4042bf22c02916b
SHA512 756b1a4c1524917717b4a9a57f725c57f665a8ab91dd83b0dd125993d23942423d668cffad5fe6713f817c68d8a571e2109d5022861466e58a59c9792d287e4e

C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab

MD5 f228d54f9f96d109503d3bc2099be95a
SHA1 792b2e746a60da1421fe382de3b249b5a4e0f261
SHA256 c796fe516023a91228c2f53ad26e3d32424b7fa6f881779f4b95b23773dfccc0
SHA512 e651f9b9e4569429720712f5ee857ac6c97bc6cb133e420fbb92c952f1e8760772e69e0ada243595f9d4fa12a7ccddaedafb30fe4a93be981d7530961de7496e

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411122237241\additional_file0.tmp

MD5 be22df47dd4205f088dc18c1f4a308d3
SHA1 72acfd7d2461817450aabf2cf42874ab6019a1f7
SHA256 0eef85bccb5965037a5708216b3550792e46efdfdb99ac2396967d3de7a5e0c8
SHA512 833fc291aacecd3b2187a8cbd8e5be5b4d8884d86bd869d5e5019d727b94035a46bb56d7e7734403e088c2617506553a71a7184010447d1300d81667b99310c7

memory/1056-2721-0x0000000000400000-0x00000000006EE000-memory.dmp

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 151ee3686780af5aa797de0ae4ac6cb6
SHA1 1e53e6db4ffa0c5a39c0d02d8a0dc4e7a47b76bb
SHA256 0ff8bf1d4ad303a6eb376d87cdf3819699092677408eb09ada4979a09566a18a
SHA512 673101a5fdf3084020f79ada86d8d4d3b57c2e050d256cea45ce6448a1c168f5c888e901835ee5395a7ad4f3d5b36fd0838fbf4f1a52a2917ad113cd17541a87

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 6ff4a6d2faaf9cf2b240227dbe873b96
SHA1 4fbd4de525db1f474d60ec94e7551730a27982b4
SHA256 9e5a646308d10c636ac7a53215dcbd5bcb4008e372688f75f55cb5fc10a0affc
SHA512 7842b7d20697254c3901eab90f97941ff19ce6497c28a0bd1e054a4a31b186910bf2860068b712e588db41856ee03fe5bf85d78e1162f3abc2ea0c600a2310f4

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 623e6c51db719554cc3f1294e6fc32e6
SHA1 81a2071664bb86365475b63f873de081de2a51e0
SHA256 b14b40d910443851e9595c83b78f3e39c6cdf8f43f7a2c11a3e559a7151cf20c
SHA512 ce1c55cad7093dd6e4b47a361c8fed1f2bf247f331d9c22caa0753e785d0e378851e9737993f98f8b535801d8677365c6f60e483449e7e6bce19f0103addbc60

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 cb7583244c27875d76dcb2c34a1420c1
SHA1 e36d46c82e3966f933a39efcf7600fa4d179ab89
SHA256 ed34156cb0c255992aa35c1f8f5d8fe1a60694d66321248553fe3178a3d070f5
SHA512 d47668c751a80701d5e681fa1783b8964c21f47e6ac976db8560d7214f9201c6ffecc8cb0c10690f4fa8e3b96a0f6c3bc0cb2277c10844a340202ee8e617711b

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 be0e27110d5b231461dacca295a439d5
SHA1 614dff0479bb9fbd5601e9448135134ba9c73cb5
SHA256 4d8e4debf941cb276a0ac1208fb3a7c6e549348452d8315229b73d83c2fe0931
SHA512 9943e6a816a0011e1d5a79d15e255e603632ba6e1086bebccb09b387dd6b54ee9a32ef4813b0d5383a9534f443881f457ce2a5b43c461bd67ecfc845366f2a2a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 cae79e02fbfe8c9c7ece5714971e5003
SHA1 fdc487fad5f3e326aa9459dd074eb205245d49bb
SHA256 29cc6e6607c3343fe13aab99d751ef883b5ef32733c519a2414e767fe1f4c1a4
SHA512 9b210523b841d1ff056ed14b3ca7c71415febd10d4527567e0f4682edd87654a0d47ac07d4b3f2aadb606c8fa03751f952a48e02cdce5b57fb71f7db365c1d0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b2b216f134a95cb1444126515bc5be17
SHA1 b7419ab633af11dc50ca165f1ef58a4f8bd1e246
SHA256 96542494c75553a861e3f779e399b17af77c9b9bcee4cd21489a864bbd3ece71
SHA512 4182c79d654ea825e6815ccbbdcfe178e2ef7e7642cdc9fec1acfaa87cabf70ae0f25e39115c738bd255714cb9802909287529358252e003e6593d22e8f59c1c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 873180392201380f352d4c2caaab0d3b
SHA1 140ffcf2a72d1ed4a95a2e094f9e12a7a9501a6a
SHA256 5f71c4212df7c25ec357599c0b1275b98c30358519071c98f3481136ef26d2be
SHA512 a36e57fe2d6043160646cdfd28cc2aaded218ff62dd5276f8323c8311e599a35d2bdc72ec0d99aa4f7df52644cf4f564eb4992f8d2554095112a6aa2bc65a99b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c0b698bc94a62d059cb856f357625a40
SHA1 d56c322bb8d2b46f600c98a094bcade9bcebf798
SHA256 123cb6f52d2e10ad2d0d736757b811e2a6b23400412f8d857eb135bbb0aa5633
SHA512 cf86131a8d770c22c80b171bc2629337f6a48db187e297b010d96341b082de551cf9cedc0e6b6837854e2c3f1e1ec0b1f76cf644dd0e40a9ddcddfc567b9954d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bdd69f07dabf987998bb0adabb5e1e8b
SHA1 c5bcd685ae7dc427d6e37d9193f0cdfb240aead2
SHA256 7c219511067156ddc909239a7b5a8f8a0d5d4821d82f115a12e97fc59c1a36b3
SHA512 93be02211ff2f17c7e4c3525ef6ae837ecc61774808f0eacda4b500f2afa310a5018b30e807900c96f4315ebab68c4e509c41d4c924c565f87d3b5be31891299

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000076

MD5 1b54b70beef8eb240db31718e8f7eb5d
SHA1 da5995070737ec655824c92622333c489eb6bce4
SHA256 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
SHA512 fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

C:\Program Files\ReasonLabs\EPP\InstallerLib.dll

MD5 a2b644aeb8e756fcb2a3842efc8e456b
SHA1 4b6e7e659a5629d4e87ccc4efb2796e4ac1ca2b7
SHA256 10f7e681c14b2c1f8309557e26906544bd398d1404de8e8f2c433597c83de0b2
SHA512 729cd99b2fb3f89ea4264afe22879e89093f0546319d5cb74d0389f42569722ba3b5bf39e54c270efc6e0d17ff5cbfc40bfd0055f3918d7dea77f43692348bb1

C:\Program Files\ReasonLabs\EPP\mc.dll

MD5 b24d59c19ab832b7b48ed608348745b2
SHA1 c13b4b8fd67c9bdd9d04e4d4ec9b17ae6ae1c5bc
SHA256 fd1873c1d8b2bf9393f4559d75b834ccdefb5a9e696a20845d5cc0d919cd7720
SHA512 8a00c125e5cf28accd8220306afc9ab613e39c9cef8fc5b02a3caeb40564f7769c8cdad654d81bc6075714b25fa2ae8ebc435c50394b60bc4a799a37e27de33c

C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll

MD5 5018e1fcbf35881307be809ad5783c84
SHA1 38788c26397a2d3411715810f8f7e7a17c08d040
SHA256 7278ff0d2dce5c2cf861154fd4e2bf6650768a7c79b6ad363cec117efe705e94
SHA512 ecfaed1dd1ebb68b931b2c87799c4dba6c9e262b2cb467d3b996341caafd18ddb9d51c659d2fd4e758c93b79aa1779c339b6368e85d8b6e1626c5fa7587974fb

C:\Program Files\ReasonLabs\EPP\ui\EPP.exe

MD5 ac1e94a075241967e440f1d84254666c
SHA1 20558c191c29e27610de4251731dc46023621ecd
SHA256 29fc893dea171964426e3e38d093c063134b8d789b16d3a7917f574afa4a1e63
SHA512 b500c30afb9ea7d640bb99b50410d037082ac882bd97ca7c165bea1bc1ef0fee5fe4b1ffccc612e979ceb89ca797dae80d534be19928b48e33612d87290343f7

memory/5792-3743-0x00000204EC100000-0x00000204EC150000-memory.dmp

memory/5792-3775-0x00000204EC1A0000-0x00000204EC1F8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\b7bb7a04-de30-41f3-b16b-18725d2ef55a\UnifiedStub-installer.exe\assembly\dl3\ec27e269\551a2c86_5335db01\rsJSON.DLL

MD5 f523da1aa04c52fd42d5e94132c7c365
SHA1 66de55fb86cd161dfd3d8086593f1b15da4de7bf
SHA256 58be9281a2c27806220cfa4ffbb5a521dcb13622968e9ce47ee0fc0e09fa903b
SHA512 783b16065bcd7028b29a4cd7708bd3aebd714480c2ff16689703c7a70e6e4281d6c40451304b63d7ce2fbc8e149b1a4bcaea74ff95a8cab64877758836895584

memory/5792-5437-0x00000204EC200000-0x00000204EC23A000-memory.dmp

memory/5792-5458-0x00000204EC200000-0x00000204EC230000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\b7bb7a04-de30-41f3-b16b-18725d2ef55a\UnifiedStub-installer.exe\assembly\dl3\725ffe07\e7d02e86_5335db01\rsLogger.DLL

MD5 eb67ab9f868922739d1824030a7d854c
SHA1 a991f8259f679ff1589608d238108b324f0d1126
SHA256 29ae36d6dfff22c4f8c457b50555423a315034ebf214dd99aa8fc6e413ba86c4
SHA512 bf961531fcfbc18ebf05e9b0205c19409bf1dba7ea67bc5540ade234a58c1a87a29953bc87817b8c30dde16c737fc214fd912361508bb20ef0cbdc2ade630349

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c49dad88327d4d8705ab40c8478d2e16
SHA1 24f1462e4559410f899509295962f53e2365590e
SHA256 c7c29c4874d27126d113718f0be8f863fc7c1d9e8678b3c210fcc4921347ec56
SHA512 1c4c31f4d2b48bdf9c49ef5cfa7ff93ed3e32dff588d472ad5902504bb0feece52eca23cd4b9bec79bad27c71fcaa96511703ec18f167d3f42e85c1c62702375

memory/5792-5537-0x00000204EC200000-0x00000204EC22E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\b7bb7a04-de30-41f3-b16b-18725d2ef55a\UnifiedStub-installer.exe\assembly\dl3\bcf608f5\38502286_5335db01\Reason.PAC.DLL

MD5 0ddd90da144ed03846c8b40ec8e14767
SHA1 378d43cea876f1bd26852c6553c000f1b08a2a95
SHA256 345dff9df44708d051f3acea2bb0ccc8546b9b48b0617d0fb3e651236447cf95
SHA512 3bc252b3272f2006dae4532774fcb1b5a2a7f022a7b6c5ea11ab04be190afe2330a899af590a06adca67a6f1e2a6ecf594f2da9f558e112394d93edb5db7b2b4

memory/5792-5567-0x00000204EC2E0000-0x00000204EC310000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\b7bb7a04-de30-41f3-b16b-18725d2ef55a\UnifiedStub-installer.exe\assembly\dl3\6862c13b\43583086_5335db01\rsServiceController.DLL

MD5 02d646ea6b1e0c33c93f82cabc8d3448
SHA1 7ae81947757e944563e6ecac8be38788f4e83c42
SHA256 9d3bf961fa8fa91619bc8038c3b7041b5c162f6cc86d913b307b609cd6070029
SHA512 5e375123b18b2b28706f879835a971064b589f5998dfb230266cb43f18ca10ea15a604ca54c72fb7508bea179b9556991926acd71ee6ead042b38f52540c3efc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 eeb8c61fab0dff164110430f5934e42d
SHA1 439e2e839522225435901a2dbb25433de3940cad
SHA256 6e0e6cf23f1d63f3072373fc93cca6f8fff4933d3bf180a6354a0a4ab3369dfe
SHA512 66e77b4e057a85ec4974dd85454fc72d86adc16fb447f37c81c92e016fb8cf8bf64748737c070fa429139a6091fbb4083b6f43b9666d40bd8c6d426cf248029b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 65f8e830d27256532344959ada4ffc0b
SHA1 b73ed3cf08d7beec30887e615aa589bc9ae47732
SHA256 b84024127d9feefa5efd02e738c05baa0e3b43077d5fae15bb665b1fdb1433d6
SHA512 3555d8a837ea692e5165ea87018b4ec61a21a346314e192bd07f8add0482f4e9daf45c4ae97407aba9a4735a66b61cfe61e148abb0a27280d8059ee911b78e98

C:\Program Files\ReasonLabs\EPP\x64\elam\rsElam.sys

MD5 8129c96d6ebdaebbe771ee034555bf8f
SHA1 9b41fb541a273086d3eef0ba4149f88022efbaff
SHA256 8bcc210669bc5931a3a69fc63ed288cb74013a92c84ca0aba89e3f4e56e3ae51
SHA512 ccd92987da4bda7a0f6386308611afb7951395158fc6d10a0596b0a0db4a61df202120460e2383d2d2f34cbb4d4e33e4f2e091a717d2fc1859ed7f58db3b7a18

memory/7048-5602-0x000002681FE50000-0x000002681FE7E000-memory.dmp

memory/7048-5603-0x000002681FE50000-0x000002681FE7E000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog

MD5 b2ec2559e28da042f6baa8d4c4822ad5
SHA1 3bda8d045c2f8a6daeb7b59bf52295d5107bf819
SHA256 115a74ccd1f7c937afe3de7fa926fe71868f435f8ab1e213e1306e8d8239eca3
SHA512 11f613205928b546cf06b5aa0702244dace554b6aca42c2a81dd026df38b360895f2895370a7f37d38f219fc0e79acf880762a3cfcb0321d1daa189dfecfbf01

memory/7048-5617-0x0000026821B90000-0x0000026821BCC000-memory.dmp

memory/7048-5616-0x0000026821B30000-0x0000026821B42000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog

MD5 43fbbd79c6a85b1dfb782c199ff1f0e7
SHA1 cad46a3de56cd064e32b79c07ced5abec6bc1543
SHA256 19537ccffeb8552c0d4a8e0f22a859b4465de1723d6db139c73c885c00bd03e0
SHA512 79b4f5dccd4f45d9b42623ebc7ee58f67a8386ce69e804f8f11441a04b941da9395aa791806bbc8b6ce9a9aa04127e93f6e720823445de9740a11a52370a92ea

memory/8208-5640-0x000001EFB59E0000-0x000001EFB5D46000-memory.dmp

memory/8208-5641-0x000001EFB57F0000-0x000001EFB596C000-memory.dmp

memory/8208-5642-0x000001EF9C730000-0x000001EF9C74A000-memory.dmp

memory/8208-5643-0x000001EF9C750000-0x000001EF9C772000-memory.dmp

memory/7824-5770-0x0000027D26580000-0x0000027D265CC000-memory.dmp

memory/7824-5786-0x0000027D26A70000-0x0000027D26AC8000-memory.dmp

memory/7824-5787-0x0000027D269D0000-0x0000027D269F8000-memory.dmp

memory/7824-5788-0x0000027D26580000-0x0000027D265CC000-memory.dmp

memory/7824-5798-0x0000027D26A00000-0x0000027D26A44000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog

MD5 0dd7ab115062ec8b9181580dbd12ff02
SHA1 28a9115deb8d858c2d1e49bec5207597a547ccf0
SHA256 2fe9b5c64e7ef21c1ea477c15eff169189bac30fd2028f84df602f52c8fc6539
SHA512 2c1a4e5ebf7ab056d4510ea56613fec275ca1da8bb15ed8118e9192fc962833e77974a0363538cebf9ab2a1a1ff9486c3078d14b4820c2a8df803f80f94e19f1

memory/7824-5812-0x0000027D41150000-0x0000027D413AA000-memory.dmp

memory/8272-5846-0x000001A4C0370000-0x000001A4C03A2000-memory.dmp

memory/8272-5856-0x000001A4C0480000-0x000001A4C04F6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nspF615.tmp\nsDialogs.dll

MD5 4e5bc4458afa770636f2806ee0a1e999
SHA1 76dcc64af867526f776ab9225e7f4fe076487765
SHA256 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0
SHA512 b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

memory/8272-5864-0x000001A4C0330000-0x000001A4C0356000-memory.dmp

memory/7320-5983-0x00000177260C0000-0x00000177260EA000-memory.dmp

memory/8272-5984-0x000001A4C03E0000-0x000001A4C040A000-memory.dmp

memory/7320-5985-0x00000177408D0000-0x0000017740A90000-memory.dmp

memory/8272-5986-0x000001A4C0500000-0x000001A4C0538000-memory.dmp

memory/8272-5987-0x000001A4C0AC0000-0x000001A4C0B48000-memory.dmp

memory/8272-5988-0x000001A4C0440000-0x000001A4C046E000-memory.dmp

memory/7320-5989-0x00000177260C0000-0x00000177260EA000-memory.dmp

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog

MD5 1068bade1997666697dc1bd5b3481755
SHA1 4e530b9b09d01240d6800714640f45f8ec87a343
SHA256 3e9b9f8ed00c5197cb2c251eb0943013f58dca44e6219a1f9767d596b4aa2a51
SHA512 35dfd91771fd7930889ff466b45731404066c280c94494e1d51127cc60b342c638f333caa901429ad812e7ccee7530af15057e871ed5f1d3730454836337b329

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallState

MD5 362ce475f5d1e84641bad999c16727a0
SHA1 6b613c73acb58d259c6379bd820cca6f785cc812
SHA256 1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899
SHA512 7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b

C:\Program Files\ReasonLabs\EDR\InstallUtil.InstallLog

MD5 789f18acca221d7c91dcb6b0fb1f145f
SHA1 204cc55cd64b6b630746f0d71218ecd8d6ff84ce
SHA256 a5ff0b9a9832b3f5957c9290f83552174b201aeb636964e061273f3a2d502b63
SHA512 eae74f326f7d71a228cae02e4455557ad5ca81e1e28a186bbc4797075d5c79bcb91b5e605ad1d82f3d27e16d0cf172835112ffced2dc84d15281c0185fa4fa62

memory/8272-6014-0x000001A4C0A30000-0x000001A4C0A5E000-memory.dmp

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog

MD5 6895e7ce1a11e92604b53b2f6503564e
SHA1 6a69c00679d2afdaf56fe50d50d6036ccb1e570f
SHA256 3c609771f2c736a7ce540fec633886378426f30f0ef4b51c20b57d46e201f177
SHA512 314d74972ef00635edfc82406b4514d7806e26cec36da9b617036df0e0c2448a9250b0239af33129e11a9a49455aab00407619ba56ea808b4539549fd86715a2

memory/8272-6016-0x000001A4C0A60000-0x000001A4C0A86000-memory.dmp

memory/7480-6017-0x000001B462D50000-0x000001B462D7E000-memory.dmp

memory/8272-6018-0x000001A4A7950000-0x000001A4A797E000-memory.dmp

memory/7480-6019-0x000001B47B9E0000-0x000001B47BA92000-memory.dmp

memory/8272-6021-0x000001A4C1010000-0x000001A4C137C000-memory.dmp

memory/8272-6020-0x000001A4C0BF0000-0x000001A4C0C4E000-memory.dmp

memory/8272-6022-0x000001A4C0B90000-0x000001A4C0BDF000-memory.dmp

memory/8272-6051-0x000001A4C1610000-0x000001A4C1896000-memory.dmp

memory/8272-6052-0x000001A4C0CC0000-0x000001A4C0D26000-memory.dmp

memory/7480-6053-0x000001B47BED0000-0x000001B47C1C0000-memory.dmp

memory/8272-6056-0x000001A4C0D70000-0x000001A4C0DAA000-memory.dmp

memory/8272-6057-0x000001A4C03B0000-0x000001A4C03D6000-memory.dmp

memory/7480-6058-0x000001B47BDE0000-0x000001B47BE3E000-memory.dmp

memory/8272-6060-0x000001A4C0D30000-0x000001A4C0D60000-memory.dmp

memory/8272-6059-0x000001A4C1480000-0x000001A4C1532000-memory.dmp

memory/7480-6062-0x000001B47B810000-0x000001B47B81A000-memory.dmp

memory/7480-6061-0x000001B47BE80000-0x000001B47BE96000-memory.dmp

memory/7480-6064-0x000001B47D000000-0x000001B47D00A000-memory.dmp

memory/7480-6063-0x000001B47CFF0000-0x000001B47CFF8000-memory.dmp

memory/8272-6065-0x000001A4C1540000-0x000001A4C15A6000-memory.dmp

memory/8272-6067-0x000001A4C2DE0000-0x000001A4C3386000-memory.dmp

memory/8272-6087-0x000001A4C1410000-0x000001A4C1452000-memory.dmp

memory/8272-6088-0x000001A4C2AB0000-0x000001A4C2D30000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9a4a64a2e60938b45aea4c0f345a0d78
SHA1 2602e5578cfbbc8f6ce46e1cc3d74c18b9f0e171
SHA256 b36fc8b5903a4bcd6b3abb0131cea3281b1155266418cdc77b7b9d9e9c03a5aa
SHA512 1df8901bf103320f2ed329bf898b00a7554e2326d7901db85e19266d4c9df246113c194147cba6f0e75f4833885b4662c4e69b6eea53c9d1c2e8e3740c83993d

memory/8272-6277-0x000001A4C15B0000-0x000001A4C15E2000-memory.dmp

C:\Program Files\ReasonLabs\VPN\ui\VPN.exe

MD5 2dfdd1c062fc2bec441a56a0a7458c4f
SHA1 3d3af010d6ec91d35b13f749714ffbd158ecfbb3
SHA256 acd07d3ec7a03e961eeab6a44ba499af9d879a321d59479e86e9a5a2496cf73b
SHA512 9cc835ca2c7e15dd0104f9a6c34c3257b043d2a15dea4a0eebc9b017fbc4950d9394803b374ec0855a9d2789bac46b1b813581bca9a66db62ec849c98beb9633

C:\Program Files\ReasonLabs\VPN\InstallerLib.dll

MD5 1e93174e4cc1b39bf3ddad2557fe8158
SHA1 114bcd330725bd7dadc5d8e66c8a1b27d7f19038
SHA256 cc8e3961cddd038a9579c553f0f8e3dcefe4b8538fd1178b36760d4de4967378
SHA512 5a394c025faf6af491a79c506425b147463070245a7149755c0d9763c7a202beffd1f37b65e5da80f31c8f0c1008f22c216c356f495aaa5ccb0e7afa4f169165

C:\Program Files\ReasonLabs\VPN\rsEngine.Core.dll

MD5 ddf9ee9a360d07b60fbc4b851feb65a3
SHA1 1cf91bd007e2f01dbad4a7ead883d7f46df28c87
SHA256 141dd5cda8b1c4be1c2509bc364ad92dd8970399751482a77d8d27f97f874d4f
SHA512 30bff100a8857aed87ef21e2a885c44483576b98b96ea102fb7fdbd2d850acb725def3ed69f7743a5544a91f349e3b4c210c716aba1ed05f9b524a757925228b

memory/8272-6306-0x000001A4C13C0000-0x000001A4C13C8000-memory.dmp

memory/8272-6307-0x000001A4C1A10000-0x000001A4C1A36000-memory.dmp

memory/8272-6311-0x000001A4C2930000-0x000001A4C2958000-memory.dmp

memory/8272-6315-0x000001A4C2990000-0x000001A4C29C2000-memory.dmp

memory/8272-6318-0x000001A4C3490000-0x000001A4C3590000-memory.dmp

memory/5792-6329-0x00000204EC150000-0x00000204EC19E000-memory.dmp

memory/8272-6330-0x000001A4C3840000-0x000001A4C3AE6000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 592c0ec4a1798a92a88d0e5c5bf7b88e
SHA1 933b5978bc7c43656ae40b5b6afac19764bb5a7f
SHA256 d4bbd285b01585f76360e696e3de81dd8721f203b300c8ed8b3ee571a7715f89
SHA512 c3eb3ff01cdcc3f327dc8cf0cac0009c12328b9585366aecb627d210d6b5d0dbf1004a42c26f9ab87cdbeb564752b0201a173bc62cd88161e972adbe70aeaaa7

C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\838b7a3c-fc45-4b6c-959d-79555eb98be8\UnifiedStub-installer.exe\assembly\tmp\I40ABUSG\Newtonsoft.Json.DLL

MD5 b91a440971f3c9b6731ac4e832bcc646
SHA1 17952983caacfbaabbffb142c37fa55a5598474f
SHA256 04fcae680d634c3e4a6c37f5ea2cd9fb30869be1211cead7a2d7407d213fb136
SHA512 b3c6b1ea97dd6fa1cee0d303a459d3592b6300d6304c78033e082cb6136d1d5217911b5b0864a717e5534b1b92bc06335a4aaea62b8cc857a7495dccb1d6532e

memory/5792-7676-0x00000204EC2B0000-0x00000204EC362000-memory.dmp

memory/8272-7680-0x000001A4C2A00000-0x000001A4C2A26000-memory.dmp

memory/8272-7704-0x000001A4C2A30000-0x000001A4C2A5C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\838b7a3c-fc45-4b6c-959d-79555eb98be8\UnifiedStub-installer.exe\assembly\dl3\cef679f7\808f558f_5335db01\rsLogger.DLL

MD5 cc6bc0d521dab3ad83afd3631756b51e
SHA1 7a5d04946d482e06ffc01703cd55968e1dc285b4
SHA256 7b7dc854442205ee212a7423096ed6fd0e2e4aeb501448beaaf1cbbb098d2ca5
SHA512 856a25832f519e8bbe5306d62443abf66a03a56d74d91423410add9daeb77b4af4732b6a9016ae208e67a8ecdf8824126dc7b18bce396b9d4e30789ea2b865bb

memory/5792-7693-0x00000204EC220000-0x00000204EC250000-memory.dmp

memory/8272-7717-0x000001A4C3390000-0x000001A4C33F8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\838b7a3c-fc45-4b6c-959d-79555eb98be8\UnifiedStub-installer.exe\assembly\dl3\44cf1a0e\91f54c8f_5335db01\Reason.PAC.DLL

MD5 ab5f04321043cbc7f8454dda389c7f6a
SHA1 efb63c9ce2112d5a341196c1aebfe969b4176caa
SHA256 7d8f53999c172889160132c710674522768a792946ddd8e10858489fbdff98f1
SHA512 3469cac287a5d0d99359fb8e9ad267acd97c278033c5df3d0c7d49f17126ca135238ba1fe72995baad8b87a338af781740444621db10e72828845ac46aedaeec

memory/5792-7723-0x00000204EC220000-0x00000204EC24E000-memory.dmp

memory/8272-7734-0x000001A4C2A60000-0x000001A4C2A8A000-memory.dmp

memory/8272-7735-0x000001A4C3400000-0x000001A4C3480000-memory.dmp

memory/8272-7736-0x000001A4C3590000-0x000001A4C3606000-memory.dmp

memory/8272-7752-0x000001A4C2D30000-0x000001A4C2D5A000-memory.dmp

memory/8272-7755-0x000001A4C3670000-0x000001A4C36C4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\838b7a3c-fc45-4b6c-959d-79555eb98be8\UnifiedStub-installer.exe\assembly\dl3\22489e03\43b6558f_5335db01\rsServiceController.DLL

MD5 2c66dd48d4ed60966833c1fb2a6303f1
SHA1 113162868af92263cf30ac9fc48e2c66d1bfc052
SHA256 c1ce03e36099c07e3e556f136a4054e55078284028dc2a7708468166058834e7
SHA512 ec573517d9237d7bc76225a94ad24ddbe8c3bc0b052d76894a5191c35053712112058514a315e47017afda505e3cdfce2e7ad7ae4f8058351c914136a1034e0b

memory/5792-7763-0x00000204EC2B0000-0x00000204EC2E0000-memory.dmp

memory/8272-7771-0x000001A4C3610000-0x000001A4C363C000-memory.dmp

memory/8272-7773-0x000001A4C36D0000-0x000001A4C3702000-memory.dmp

memory/8272-7775-0x000001A4C3C70000-0x000001A4C3DE6000-memory.dmp

memory/8272-7778-0x000001A4C3640000-0x000001A4C366A000-memory.dmp

memory/9928-7780-0x000001ED757E0000-0x000001ED7581C000-memory.dmp

C:\Program Files\ReasonLabs\VPN\rsVPNSvc.InstallLog

MD5 5f2d345efb0c3d39c0fde00cf8c78b55
SHA1 12acf8cc19178ce63ac8628d07c4ff4046b2264c
SHA256 bf5f767443e238cf7c314eae04b4466fb7e19601780791dd649b960765432e97
SHA512 d44b5f9859f4f34123f376254c7ad3ba8e0716973d340d0826520b6f5d391e0b4d2773cc165ef82c385c3922d8e56d2599a75e5dc2b92c10dad9d970dce2a18b

C:\Program Files\ReasonLabs\VPN\rsVPNSvc.InstallLog

MD5 db3e60d6fe6416cd77607c8b156de86d
SHA1 47a2051fda09c6df7c393d1a13ee4804c7cf2477
SHA256 d6cafeaaf75a3d2742cd28f8fc7045f2a703823cdc7acb116fa6df68361efccd
SHA512 aec90d563d8f54ac1dbb9e629a63d65f9df91eadc741e78ba22591ca3f47b7a5ff5a105af584d3a644280ff95074a066781e6a86e3eb7b7507a5532801eb52ee

C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp

MD5 f04f4966c7e48c9b31abe276cf69fb0b
SHA1 fa49ba218dd2e3c1b7f2e82996895d968ee5e7ae
SHA256 53996b97e78c61db51ce4cfd7e07e6a2a618c1418c3c0d58fa5e7a0d441b9aaa
SHA512 7c8bb803cc4d71e659e7e142221be2aea421a6ef6907ff6df75ec18a6e086325478f79e67f1adcc9ce9fd96e913e2a306f5285bc8a7b47f24fb324fe07457547

C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp

MD5 2a69f1e892a6be0114dfdc18aaae4462
SHA1 498899ee7240b21da358d9543f5c4df4c58a2c0d
SHA256 b667f411a38e36cebd06d7ef71fdc5a343c181d310e3af26a039f2106d134464
SHA512 021cc359ba4c59ec6b0ca1ea9394cfe4ce5e5ec0ba963171d07cdc281923fb5b026704eeab8453824854d11b758ac635826eccfa5bb1b4c7b079ad88ab38b346

C:\ProgramData\ReasonLabs\EPP\SignaturesYS.dat.tmp

MD5 8b314905a6a3aa1927f801fd41622e23
SHA1 0e8f9580d916540bda59e0dceb719b26a8055ab8
SHA256 88dfaf386514c73356a2b92c35e41261cd7fe9aa37f0257bb39701c11ae64c99
SHA512 45450ae3f4a906c509998839704efdec8557933a24e4acaddef5a1e593eaf6f99cbfc2f85fb58ff2669d0c20362bb8345f091a43953e9a8a65ddcf1b5d4a7b8e

C:\Users\Admin\AppData\Local\Temp\nspF615.tmp\nsProcess.dll

MD5 08072dc900ca0626e8c079b2c5bcfcf3
SHA1 35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37
SHA256 bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8
SHA512 8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Temp\nspF615.tmp\nsExec.dll

MD5 2095af18c696968208315d4328a2b7fe
SHA1 b1b0e70c03724b2941e92c5098cc1fc0f2b51568
SHA256 3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226
SHA512 60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN\Partitions\plan-picker_2.20.0\Code Cache\wasm\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN\Partitions\plan-picker_2.20.0\Local Storage\leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN\Partitions\plan-picker_2.20.0\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN\Partitions\plan-picker_2.20.0\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN\Partitions\plan-picker_2.20.0\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN\Partitions\plan-picker_2.20.0\GPUCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Temp\nspF615.tmp\modern-wizard.bmp

MD5 3614a4be6b610f1daf6c801574f161fe
SHA1 6edee98c0084a94caa1fe0124b4c19f42b4e7de6
SHA256 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b
SHA512 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94D97B1EC1F43DD6ED4FE7AB95E144BC_4B060B7AC437F3D4D78568D3A1F5E3D1

MD5 196f0b69b350cc6991b286dfcd3c8c45
SHA1 c9e497e6ca6c89e60045a54e342df54841816978
SHA256 9f215867b993a8ebce6cc14dbdce2db8403628f743c3d9b49defcbaeef2e24e5
SHA512 adc0759bffa5af9bbd81eb125c95975e4fb9a813154f16063d3483254066c1339757dc4efa8d8775b9b4a070df37ffa79f0df50551bb8fe0c69542c058bda6f2

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\logs\logzio.txt

MD5 ed86f76143688a18da3b2e748ead7652
SHA1 43159869bc579ec9e5effbf19c4a07a02ec19fe9
SHA256 763f06ee07a07dd79f91b3477246982c8cbc1f3ccf32944d7003bef5a61736d3
SHA512 98016f1330f27b009eb93c73262232a980af07a719b4ce1f2e978f0200ff2fc68bd3cefd8a244cccac7a24c27ba13b4a1537c5c54206b74d445663d0e95b98f2

C:\Users\Admin\AppData\Local\Temp\nspF615.tmp\System.dll

MD5 a36fbe922ffac9cd85a845d7a813f391
SHA1 f656a613a723cc1b449034d73551b4fcdf0dcf1a
SHA256 fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0
SHA512 1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c79359709abbb26cc10e99f2c0de50c2
SHA1 af928188cbed1e4be4d3ca3cd097077b5c7e9325
SHA256 892d9a54ca52aa12ef2d28f0596a5a22533238a469ef47bbd66dfe4a5e9391dd
SHA512 20d15af179f16790b9b4de44471ced662711f12e5e03b0a6a377e9696219edfd20044915b232f74527b909b7c4bdf8e23fa7d6beb4140737aaa47111f9fde179

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\449d4e1e-4add-45c6-93a9-4b2b26f7471d.tmp

MD5 d11dedf80b85d8d9be3fec6bb292f64b
SHA1 aab8783454819cd66ddf7871e887abdba138aef3
SHA256 8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67
SHA512 6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Network\cd88e0d0-ac42-472c-b1e0-8d4b14961497.tmp

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\5f23e9de-9fc7-4929-baf4-b424146d4b54\UnifiedStub-installer.exe\assembly\dl3\0a37c25d\9d949a92_f730db01\__AssemblyInfo__.ini

MD5 b6ad9b6876109453f641c0c37f8de23a
SHA1 b46c9ff8fd30d492d8896c8f81c7fe1a270ff605
SHA256 664091eba13e5f4fb60b03653e088f16ea8efab86f521353ef053dbe13bad782
SHA512 50372d0bf815ac2d90541fcce9615956d62277ed2351c804273465d6d35bb610c4b04620267d00f82f5d8919c080c04e15e8033028037a2e3b218884079e4ffe

C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\5f23e9de-9fc7-4929-baf4-b424146d4b54\UnifiedStub-installer.exe\assembly\dl3\ad099206\3cf129a5_5335db01\rsJSON.DLL

MD5 fc1389953c0615649a6dbd09ebfb5f4f
SHA1 dee3fd5cb018b18b5bdc58c4963d636cfde9b5cc
SHA256 cb817aa3c98f725c01ec58621415df56bb8c699aaed8665929800efb9593fcc0
SHA512 7f5a61dd1f621a539ed99b68da00552e0cda5ad24b61e7dbf223a3697e73e18970e263fda889c08c3c61252c844a49c54c4705e1f3232274cbe787a3dbd34542

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 55043fc2c8d9dc35d9519be330c19172
SHA1 e03c3078f55156d6e4097d2eb76d8b76bb088a21
SHA256 4822948cbf0fd86f35b653ad842dbb140701e416b99b66111a99ec685698b30c
SHA512 9daddc5c2201eeb4e35ec276005a22ae84283be227b6c0bb2bf1a03a05b1e885f28f8e1d01aa2329e3a391881723370b3992fcfe5cf65e5ee2146d018c0e7a42

C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\5f23e9de-9fc7-4929-baf4-b424146d4b54\UnifiedStub-installer.exe\assembly\dl3\1365b3ab\acdb32a5_5335db01\rsLogger.DLL

MD5 dbdd8bcc83aa68150bf39107907349ad
SHA1 6029e3c9964de440555c33776e211508d9138646
SHA256 c43fea57ecd078518639dc2446a857d0c2594e526b5e14ee111a9c95beddf61e
SHA512 508cb9b3834f7da9aa18b4eb48dd931b3526f7419463c1f0c5283b155efbe9c255213ae1074d0dbe2de5b2f89d0dba77f59b729490d47d940b5967969aaf1f19

C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\5f23e9de-9fc7-4929-baf4-b424146d4b54\UnifiedStub-installer.exe\assembly\dl3\968e3c50\a2a4b9a4_5335db01\rsAtom.DLL

MD5 1b29492a6f717d23faaaa049a74e3d6e
SHA1 7d918a8379444f99092fe407d4ddf53f4e58feb5
SHA256 01c8197b9ca584e01e2532fad161c98b5bde7e90c33003c8d8a95128b68929c0
SHA512 25c07f3d66287ff0dfb9a358abb790cadbabe583d591c0976ea7f6d44e135be72605fa911cc4871b1bd26f17e13d366d2b78ce01e004263cbe0e6717f822c4e1

C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN\Network\TransportSecurity

MD5 26e6bd3efb191e46d523c35bbb31b957
SHA1 5d567124c308b1040ab2cab5f3462ea2de7f98c4
SHA256 2278aa72960e76263b1dad1b8f25895906c8aa67a0bbf0341dfa8f0e611f1a6a
SHA512 fddf3200147e09d1f4664bfdd9370de7a542d4bc94b6d744054ab5455648535dbab276d05d6e30d085081babd3cfc1bc4a33b4020a7514f0a38dfe679b351c71

C:\Users\Admin\AppData\Local\Temp\7zS8942AE18\5f23e9de-9fc7-4929-baf4-b424146d4b54\UnifiedStub-installer.exe\assembly\dl3\6c2bf5b6\870233a5_5335db01\rsServiceController.DLL

MD5 860ced15986dbdc0a45faf99543b32f8
SHA1 060f41386085062592aed9c856278096180208de
SHA256 6113bd5364af85fd4251e6fa416a190a7636ac300618af74876200f21249e58a
SHA512 d84a94673a8aa84f35efb1242e20775f6e099f860a8f1fe53ba8d3aebffd842499c7ac4d0088a4cded14bd45dad8534d824c5282668ca4a151ac28617334a823

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

MD5 0de1096411b23f842fc5b77e1a8f583b
SHA1 b925a681867ac101b8441bf6a529d6ac1e3c8acb
SHA256 082e648875ab240bcb7d0120319d7ba61addfa99de84ccfde03d2f81bdda9929
SHA512 282e1fa329824a9383601dc81d5ee4301a4e301e7ab3fb129b106eaaac972a68287d12cf691a967c547a2b5111a372d62794482d8895275ed7a5dc216a852e5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

MD5 a811a3ff668f292e0ffc7c848a09676a
SHA1 4c6a4d94d12482c5c7f1c2403e006206ef947b8a
SHA256 f3a83093a773179dddc431837f36aa374610bb11c0932c36a4924b44c4f98971
SHA512 60a48bb4e787e7c34e1b5a38126d032170fe5c2ddebd272f495fd5fbc7e6b32d8ed752eb86e960f1f338bc99dc9b294c9a22cba1057407055f79173fbf7b20a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

MD5 9fa060a599b0ee1912f2073ed59df3c8
SHA1 eaaeef616747d09506c6ed1d96901d2c8d1ad4e0
SHA256 7924474a8f327264982347dc932997ed49890ea4114925024ba678fba2d4e90c
SHA512 93837c0d1bf848ff603073bce6ac252f770a35fad094b294609682e11b04b463292c74c8440891e89741f28fa67a888ed6fdc1575fda99a3c2b6065ccc4e7b47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

MD5 f222656f7796794674f732c474a033ac
SHA1 cea879731968ace9befe205c55679924f033464e
SHA256 2d9259afe79e20ac65865133ee69f28563201da61bbd8142cd964fd0097170d5
SHA512 9a2b31a325d8030a2aa6b5a932a8c56476a7bf995ac61d419e81477a0c7ecf5e92d5d4884a3d3fd9a67bd33dc619665d5e3bc05c3784c3bc51333abe4332b449

C:\Program Files\ReasonLabs\DNS\rsDNSSvc.InstallLog

MD5 c80d4a697b5eb7632bc25265e35a4807
SHA1 9117401d6830908d82cbf154aa95976de0d31317
SHA256 afe1e50cc967c3bb284847a996181c22963c3c02db9559174e0a1e4ba503cce4
SHA512 8076b64e126d0a15f6cbde31cee3d6ebf570492e36a178fa581aaa50aa0c1e35f294fef135fa3a3462eedd6f1c4eaa49c373b98ee5a833e9f863fbe6495aa036

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000049

MD5 4d9ecc70dde56858a3451017cd7fd8d9
SHA1 88189cff695c454384884888ea46d9c11060c811
SHA256 e10acc2425b736f904ca0ec762a77b516ce7cea7391354841199e55750eee287
SHA512 dccdf161353e3fbd904b63f646ebf616e9eb977d23933575a307336aed6bb044902e11dc5990aa217f7b8cc16e190a968fc9077fe74f335c195c72de46c6f60c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048

MD5 56f52dd9560ee8ba83285a6a1f1fe8c1
SHA1 a4ef79a25f44c3cdd064e81a3bf7cd0ffdb6bda0
SHA256 2396ec52c9324a26c7e9871d5e22b2671b33378563c68e86b84897407a8bb665
SHA512 9cdf26985f66103930c3ac2c913c1019160d1268d7b80272483685ff42196428fa854a019d38da30488c44a4100002b7fec36717bc85d020c0d72771c5a2f429

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004c

MD5 3c056e8e74a88874e293547911ba706f
SHA1 fc8d54feef9863e346fba55d897bd3c44b9cbb48
SHA256 b895edff081369f33e0600ef5e5d3098b7d0f258d0c689802f9165001eda6bdd
SHA512 b3826f0201e9eccea56153a1e82ab49e6a63a0b995a64d69a72e9b0b422f8b37083a0a242f99bb08dc27e29ca4f73f2864b71ad6c9d076add1d4752c62e1b245

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004d

MD5 757750902210ff3c0d12dee4dc5165c6
SHA1 a3599ca4bd5da9fb9c83e26813ef62327c541566
SHA256 72ff7d67ddc7bd23885cbba07f3889be27b50cb597ba41fd546343416676ba67
SHA512 ef5cb66e561d5f208a872c65b6732bdaa082d421f9815c8a5a439d5e749890e032c2309c1d7ec66d93d1f897941bb5e2c5f860fd9cf8e13adfbf1ab60aeca27b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 92312eaea5f24994ba1033e1f1eec305
SHA1 18ca90d64fe263614fbddd1cddf86246653f4778
SHA256 6bb491683bff82e6801a991b5cacb657b939028e5fe8541fc38aff8482f06959
SHA512 79a16fb30a080f348b0f027d123bda2b3c54ac447e2cf5341a9f78705bd529b6d5ffb31c5433be0e1ed1c219f6d34b761c61c84501c244ae7b088d51c92dc318

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7d6fe83d26705b4bd87911db8d2510ee
SHA1 6fc2cd76aa32437a10cf6e2a4933b25eab972bf4
SHA256 a2e1f64091586d16965fe99d87c57ac568017dc65fdb61f4f012a6e6308c24bc
SHA512 abc5ede49dee405fa5f64b4e723e35330d97c7ebcff66af04719083f95214d6ebe8a40b61bbecfbcf11e3962e1b53b1014bda6f8175fee9a224974686e75c4d4

C:\Users\Admin\AppData\Local\Temp\e646aa75-000c-4865-bd14-6fd14b80361b.tmp.ico

MD5 ce47ffa45262e16ea4b64f800985c003
SHA1 cb85f6ddda1e857eff6fda7745bb27b68752fc0e
SHA256 d7c1f9c02798c362f09e66876ab6fc098f59e85b29125f0ef86080c27b56b919
SHA512 49255af3513a582c6b330af4bbe8b00bbda49289935eafa580992c84ecd0dfcfffdfa5ce903e5446c1698c4cffdbb714830d214367169903921840d8ca7ffc30

C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

MD5 577b7286c7b05cecde9bea0a0d39740e
SHA1 144d97afe83738177a2dbe43994f14ec11e44b53
SHA256 983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824
SHA512 8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

MD5 00bf35778a90f9dfa68ce0d1a032d9b5
SHA1 de6a3d102de9a186e1585be14b49390dcb9605d6
SHA256 cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2
SHA512 342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a1d88b7369d2597780847aaa8af5463d
SHA1 5263f49b29b7ac35bb05b9d0ee30fe2d22e0b08f
SHA256 645fbdd00b38d65809651fadcb110bcf96dab6d276781724de895acb3bc7af78
SHA512 d8eb10a69cd90c093c8715240af9662ca0685ee7c75166a058fdb42534afd15c7fd4f57eb5c8e9af0600db70f24ccf84022f313d23db7963df0ad009bfc1e2ea

C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

MD5 836dd6b25a8902af48cd52738b675e4b
SHA1 449347c06a872bedf311046bca8d316bfba3830b
SHA256 6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64
SHA512 6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1a38a92b069b47c40ff4f054b6e01999
SHA1 bf0f453433eeda0af2c2f9045bc172d505554232
SHA256 8d7ee9e56f6fa3923b78ad58dd25f49ef4193ed2ec65a525d7f6241f098ae38d
SHA512 a0837f0f997fdb9c97aaa8b11c72001e0f62824dd1c30728a9ac2bef02d7b0c4ce60c9a2567d1e0088144875e5aa38992828c6ec3ce0c8b81dea2c7b2fa5257d

C:\Program Files (x86)\Steam\config\config.vdf

MD5 3cdebc58a05cdd75f14e64fb0d971370
SHA1 edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe
SHA256 661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7
SHA512 289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

C:\Program Files (x86)\Steam\config\config.vdf

MD5 6e6a2b18264504cc084caa3ad0bfc6ae
SHA1 b177d719bd3c1bc547d5c97937a584b8b7d57196
SHA256 f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53
SHA512 74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4a3a01e090cefd49f46f48242de45ddf
SHA1 47e431d270d49230d5f6dab359d6ec04059fd07c
SHA256 abdd8b4ea63742f3b6fe35d87efeb679603b54896579884c16fefdf11383a9b4
SHA512 18286145455f97635c1a6b8d7116d0aca862da98178ece4207d3f133bdb289b3d3c103e86fbbf2c17275dc98045897ffa42ecb6d9792a00e53ef04c104dbf3e2

C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN\Network\Network Persistent State

MD5 74ced643a7f8efa0a95a2ec7f8ac4b57
SHA1 4098d2aed79e92c760ebb6dd23dfe27816e161bc
SHA256 3423c166428d2ba60c926ffebdb92d7ce21e86d4023aa274fd376818b4e81915
SHA512 4611dd83ed93ef961481245697171d2f67fb1d06f7b7d58a142b11b21993546701547faeabe6ac6afdf565a97dbaebe2a29932ec076661f044e273461fae513a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e437593dd8cddb9abf0e38ff62ee5e7c
SHA1 3a018266d0e3f91b349327355ee56e5f2ee29873
SHA256 d2d23abfcd90af867c02451053e7be87ef639d36b2bfbc3e77a66f4e98d2d82f
SHA512 19c1d4f17ac690ea40987ab16736c037c4b9e2402d3b66a9b72a937d4a4bcde5213681ff2ef91ff9ed5e3bec8f0c55f363f677357dfbdeea6ec22b44791accaf

C:\Program Files (x86)\Steam\config\config.vdf

MD5 a2ec2e91c3ef8c42e22c4887d032b333
SHA1 e2c738a2e9400535b74e2263c7e7d1ecefe575f2
SHA256 8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3
SHA512 b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN\Partitions\plan-picker_2.20.0\Network\Network Persistent State

MD5 9ccb09bf2bc1b5af797a738882925d3b
SHA1 8e84bfbe6fc77fd7c2830df306a18a0f5dd7199f
SHA256 047e7f095552653cd5cb170efaa93a363d27981169e682452039c552f91f06ff
SHA512 24e6dfc832ba8e357ddf29be80063c2061a44e3fbeeba81858b6cc1c78e1f6547917d48b598525444972fb015df1fa78e1975638178b8a3ea246778fd7dbb09e

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D84E548583BE1EE7DB5A935821009D26_5B98B6CD6E69202676965CF5B0E2A7A7

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\Program Files (x86)\Steam\config\config.vdf

MD5 a27a6948c1204e8632b9bd6e0e91891a
SHA1 6c44c860870653e89a8dc82c257687f0ccced307
SHA256 ba7c82ed53da841143992359137b5fc700a52db838fc268064134b10b72226a8
SHA512 6ec92e682e49c1c2d1813ad2e1c58e45fb384f6d837d7dcc1a2197996d419d612a1781cfb9fd96436cb3db60ab09c66b2caeb383b449f3739f8d0e337936e245

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.41.0\Network\b9bb0623-35ac-418e-adf6-e34fa16c448b.tmp

MD5 7c7a1c8d4082166cd8a2ddde7ce00319
SHA1 80cb963d78574a70af808c203dae9167b7eeb113
SHA256 36f7a515cd4f87e1098dedadf9819ab5e69a763f4ca6ee592639ceb43dc9ee45
SHA512 f3bb29dd552bf298577cb9f4f2ad5d6aaa2d7a016007ddf3d7936f4b7ad1fe334b0a0425393f034ce07f168855e8e505eb5b1b300261c93b1fb7527d77b5412e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7ad092245ab60cb69877ef3de9ce22ae
SHA1 5ca70cc32f2314b3d518f2f20d629d959e4f5cbb
SHA256 4d05e8046558501764eee15fcddc5feebe66c3600c74811b140217fd77b48cac
SHA512 650327efa93d030e78dad56f92da65691714082b969c286a7907412e3c678966bc030a905c94fe188a8acdf4e9681e8daa407ab298b6f1bae40f950ce2461103

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 6aa67213d3b4827428c1bf8b176a7058
SHA1 f96d4074513787ef03a3de88a9dff7b4f01422fe
SHA256 7d53ac33227eb92a6203664aaf1caf7b0900dfae0061ba73328416add763a934
SHA512 0966d73bc2b85f913bdd3ce9414e43b6b6a03f2e14e745a04fa2b90ab6359d568505d14bdc60bb3d0552ca1072911a40ac8bffab0ab193e447a1381ecdf3a5ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 74634f2c782171a94fd1fe2e26276573
SHA1 5d41c69e9e91621378bc6036a1db2525adeb23bf
SHA256 a6c3615245102a87acce7f75357af8e5f6d9e71019b3ad49f4726540f73b0710
SHA512 c3b59ac98aaf89720fca7f88ed80b3b393a1e2652ba187e79ca4fd4c9ecaef89b84abaf9c83b3cf6a6819cbf8fd8d5f809029a4ccb6868f66d59143f0b952c99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e854e9c272a3472ef035fc55aaa5960f
SHA1 1e7cb0bf21e2d8c3f641201d3b3778bdb3c64678
SHA256 b1e2fc921933015f4340fc7332fa65044e60ed8bfadbfaa48fe135bae9723b1e
SHA512 db5c15cc5c0351b215cbf6d8e0c60dbea8e1fec396201837da500e59e0cb937deaf221ca9a1459b8a03394e325fd46b7b239a7e87777d4790c80bfb30d00ce0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 185537625e032f8ad7b0fba97c31ae98
SHA1 b016b196d5df3e018cf1ef7ae9d3f09d2217b46b
SHA256 2cf11968dfcf4df67b0ab19ad912b7c545ad0344d72e72f050d09ed677d33d40
SHA512 67db552459319c93c490bc3ba7d1b7787f0be85fb7586a8d4e1522cf3d439ae4eb23ccdd63bd744945d32494c1f9cb7f0b46bca73182635413ebd69f314c1b26

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c9fbfaf4283efdd60a3d97c188bf0344
SHA1 ecf3b402a9a0edc996a6f5b2b0e3fbba601aa5c9
SHA256 14b935f40af2f6860bdfa2ebbad497b662db5d994e00fe9ff24855a9b350dd6f
SHA512 b0b13a0086bad3ab99a395c7a3c222c6373aa181b25b44f50d4b03622c9b5d826b31b200934a207e7fa3fae87f58b965d760b3be808f5aeca3c8730fb6e2838f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f19f45d14a02c355ece144afcbf01292
SHA1 37a09065513c9dbf91e7c57df520d50184699d31
SHA256 a6197ca238e85b7b30bdc3261f4619b0682e3506bb1089be9353c88501adb49f
SHA512 8c3af27faf023e0a279a36d73815d23967ca060a045ba4886b45dda04c007849b25ea3981ec298d2115e612a4cd45e0854c7ba7573854c57e7989834b21a2f0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d1e2085a27be5904b08597647945535d
SHA1 5b977955d0bc39cc85b1cca4c7f3276e627a0226
SHA256 448c6a515f25521375494e0a0fded332283bac4820e50133b905b2a4b02bccc8
SHA512 f2cf862d9e9017832fead6e6e771f68bfe09692cc9aba61c535af6ce21dd0b6c80c788a4691ff184a0c574d4bcbfe27de153105a02eaa00320b6151f969e4526

C:\Users\Admin\AppData\Roaming\ReasonLabs\DNS\Network\Network Persistent State

MD5 e2fd48b1da5df393f1af2b2ca8fdc2c0
SHA1 bd3c81808d07576e63e4a9e8483f43f44c19cf4b
SHA256 5d2904ee012819e44b87638b25d7ab2ef9ccdd668159941d29196e6586cdef75
SHA512 2e7f43456d169424b85acf3dc0805c574dcbce6c8d49a72db4da5e6cfab63efaa1b87bf292ad32be4d7eba9659b38df984df62f34f3bad7f04302304c3749464

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3b7c28a817c4cc7fd75845586f10cbd2
SHA1 95b97271f478089a4ddae68528332bd5535ac016
SHA256 98ceee71588c1dbd29b4d72d8d3b9b1969c1aa74cf90193e848cf0df0a49ef92
SHA512 610c8735a36c6b200a12047f280292d6409560f9c85b99b3d89d9f014b7f29023a93f24c8d06517a9ef63894f7efb4b1ab1a2fbf381329de4ccf284975094889

C:\Users\Admin\AppData\Local\D3DSCache\98af8122c5a5cd8d\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 69fc70131f2b0fe14c8cc19ada7a0de8
SHA1 9512eb50a87aec5c8eb8e9757a435a0d996695ac
SHA256 f5917319c8511658d2b6c020ccca8e74406feba957a15c1d3c28ee57fe5777fa
SHA512 404388138a1e5634346abe463aefcba11cfde8870ffb4d3c94c1c1149bd425281f43bf6f9e080face9718a743bc2eeececdcc750db53b6b3ba9c1996ed3491c0

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

MD5 08333eee55237c7ab6b1e4da95691ba2
SHA1 ec51af8e84c7856132cf03e919fd28a9d33395f3
SHA256 4bd37ba0eca93536c810a038bba0f5734fee8eff7ec03675c558bc60561845ff
SHA512 6e301827b30d26dceaa223d73a8c58a69a29be1ef5bfdcd3022fd3b969d98dfd81083aa6f365f3ba72ebceb9e529f597a7a49b2278bec0ea27380a5585c9513c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b9e3c076c8519ff0faca20221b507fe3
SHA1 ec6a7ea58a5ad4ebd1c829cf6856f5ee6c54332e
SHA256 2a02cd8b0ada422a239f432aa56d8884916742b676b76fcb1e5a2502f4b96a39
SHA512 11f10669ebc2e21a093ef10aca894467ead9e6b1ce2662c0227510ce5fc8ed43a787fc85f49b1ac92b0f269129ee397000d58f6e2a6d175510cf478a47543213

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 5c82ad42f5252203a79e6f7984f9d6f2
SHA1 d535e3767f360a45be574caa392764f5f4e0e383
SHA256 a76d00b75b062a7d8a73b3ab8f3c393d65a524e16c00a856c0cb3a81d76c94fd
SHA512 30e40e9675ed63db083d7b8f089a32d157f29841003f3ebeb312af99e5d00e2455f369aae9016425508f94e93a597d61aa0b3a14e5463c241e6d4c73dc771821

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 93bb7aaa822420f11605a628d89a81d6
SHA1 fbd981be279a73ec1d567cd71bf6f6356a1af178
SHA256 3ff7f944c95920d87d5f35d01a77c4686839daa3145ad10196477329e7d43da2
SHA512 fa1c0b87236a4fa7564a9ef551e128da3f486f0d67570dcaf51fc41c2f56e8db4191cf699446321ac65662cc6bd278a9b7295d9f1676f3bda136939a75a8ac5d

C:\Program Files (x86)\Steam\config\config.vdf

MD5 b232adf2d59d40e389a534ee37a34c44
SHA1 df3d92fa037f2632c5dd20637ee095f377248349
SHA256 e534cddb950ab48f1c520ae02fc75c5f4b6f971a1151a99a74e0c1f66e5ef119
SHA512 ed8e2dfe989975878b276e796d7394cdcd7da38acc6cdbe9900908c8a02f72bf2ed17f7161dead0a86edcc204bdf1c8a5255999c98f7a9049811757dc0265f22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b7cc40323d468792e16dcf62bbfd4452
SHA1 e1aba3cb68d2269f520c5c82162efba5b08fb4a9
SHA256 ddbd89067243cc741b1baef0f776e4cc017225f0afcf3b971d12fd7183b636af
SHA512 cc210a46862559582f3395c4c537ae391c437429192f5a2a11d90055722a950088b50d1fecbd9e8db4bcf61eaedec471bf994043136a684ed352fe4646634cf0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2ccd075cd078aae51978349291caa9e8
SHA1 4a82716cde7e38dddd0b48858c40276a27603fbc
SHA256 9f25d68d04eae6719f954fb254dca9a126285efd879dc4e8f1367cd383b73bea
SHA512 5def8bdb7b9bd0d1bd713396624bff7b85cb257065db712eb7175a77db1a8c2cd44708ea954910b7b55ba92beddb121f59d0fbe09bef29e664dafd6ea1d21a16

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a8ae1f72-9937-4f12-a015-08b4ca01dd54.tmp

MD5 97255f8fff3b45f379605bf5966bbc47
SHA1 8c5c3016e5810377d9f75cc7a49cf33f7f9f283d
SHA256 dc5a9032eb9bddb7021c67752becc6d055818b2d1e0187aab35d5156ce994991
SHA512 cd8b01029179c3edcae63ec462cc91735deb1af572a91658b6c8259e544652b7c328d913aa3bc5d188df3e71736ff91c83ea43e57c0651b320ea8d0b62ba670b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2450a76e9246452844996babb5bbc380
SHA1 6ade9f4936b246b63d4946a5cbcfaefbe5e6347b
SHA256 1b5fe921a5df30d7e7f7d5bcc9b6ce8a02a0143794fba9ba378d3c9fae9697fe
SHA512 6ab32cc531b13db2b9457f0bc8a9fbe56d92538f55bbf906205667de65a7fd7de08a39adb74baf9c3b79104c1f9c48c5c37fd9a39c19641e102083c12a72ca20

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8fa81d305985d2ed04e26962771110ee
SHA1 e0cec0087502cfcfd3c2db3c684e9fad6ea3b8f1
SHA256 10b9c0a0b6b779a48705bba1005e4216a3ceeed21df18af32c63d13ab1b7a642
SHA512 7863f2c4bffe6dfa3c245ba677c5976b7d45b23c406b53d6baf942ac220c71d17b06e1975f8f4394ce6e2e59ef7732ce8d0965c95ab792ce356e2bc7bf4d196c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d2f65285642bfdd69eb72ea5002ae3de
SHA1 ff04286846d1a76c67a56399218d2de601a1b1e6
SHA256 5ab579168e993f7ae10289a75b921306b437af629a7162a73744e05cb4e26dbc
SHA512 71edc9f957c2780c39dbf2d14a0a8948d10a532ba0f513f344e25e6d081ea9afd75316768557005a1ba58a117d40d02f13477dae0de3f6fa4b909c6430b8df2f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b0ab79ce21c11e2b28782c97bd0adf6b
SHA1 719869b3b63a686b13031237bd7a60f705808de3
SHA256 e9d8e6fbb317f74c9a45ccc75ce66f220d0ede098f358b00efb296bec363f9ba
SHA512 b8cd5e83aae84be2dfadc26e49f6b9c6fb3331e608a5ae2100783cb6c505c433e7f768e4b33c47a503eabbcdc41f5bf99d720abc9d2d77b45bab45e1c57e4fc3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1e31100957b8ad0b748e60e4dd63bae6
SHA1 a1936f660ff2dce905e0f7af343cbdb15e6cec6a
SHA256 8cee6660e9fa08f911db6f0c27fc70f4d85881bc09a8ee93e48c5972a9fa9c33
SHA512 502a7b36d7a9f1e6cd7d303360efd837ed0228b437074a5958426e68c2a6b60cd49965727c4dcdb8a9a9e3084d9eda93c143cd220dd7fc63fa216f212d845201

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

MD5 43e48bd513421717681836144c1732a1
SHA1 d950b7097f7786ec49e0e707926fbba9d68faab2
SHA256 d534612f93f8c73a2235861527abf49b22b48d49c3a7c9cc7af38d48cfede8e5
SHA512 b88dd173b63761d8cbd6799ef0fd36c2c0a3edbd0362fee1ed3376a02def88e51a3df77d89dfb697eb8b3685005287fab2c27fa762a1cac7631f7b1302e5346f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fa538228cbbc5683ab00045fb295d01b
SHA1 39a9a1403b615a99eb5686701fdb27af9e7dcf3d
SHA256 e345a624836486f0e58f9c2b1e44f9e8a6196db61619a2c616a0c82650d599a8
SHA512 7adf1d9ca9029289cd7d73e8d1a48ae45889a2da6a0f41317f7ba2552aab62c81613dc4bfd1f1d801e26fb20c169c3ffb9a059fa25f2aa886fc28790d35c8405

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7d1368bc3e96f096c2e7af9b3fd88592
SHA1 48341f210642dee2734ddd3c472283a6bd2247a7
SHA256 96323c701b1d1fce35a90c793fe97734d0ab436010e17c21d3a570e5fe809dd0
SHA512 5fe7725028526bd80bb21e217cb474b587e2a877cc7cb574d5e83d36fc4d1d910a5ba8b1f7388bc89471ff687e4b5985e8c34fc89d41a9e6449e5116a237f597

C:\Program Files (x86)\Steam\config\config.vdf

MD5 5f9283ca3e95f9b152c7f7f28c36f45a
SHA1 2f3e9720ea0ccee499d05b2191024e2b69fdb952
SHA256 ff4f4df15d1db6141367741fc7404bbc4335fbf7bc6f5582c99c42c97a838f5a
SHA512 147668aeb3c9226db7415fdbea3f1018eb2f8426b8529dd52fb3997d6878325b88ec4147a71f5ffda113901a91b443c3ffe217e9e2bedd99c9e17121fab9183c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 81c0c72956ac5c851f8cbca982431217
SHA1 71bd2f57f345ffe4029ab047ffc3f77d3b73d162
SHA256 72affa8e9b4294945f900e855d25e529ebfc6a72b5acff87e76a4e017f4dde49
SHA512 fb754a5d808ab1b51fa7c6a7576f1977568a3f037c86087973305faf3482a917c49c0382b2be0e346a9adfdd05fcd61b5bc18fa8a21c8cb953c0729c256e1256

C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

MD5 602c49f9246967bdcff45b4f43cf2fb0
SHA1 4c5796e0c724bbd7a9244cc8a0fc9e8f40181f2d
SHA256 a3ad9649c1038078038be1abd591cdba73b4b4f5cf30e11bb6cb7a432b746114
SHA512 2f273c0dd0127071f4c768cfe7277c6efff84c1ef4f4271c1326db3658c84261794b106af3198717f349fbaaaf276163700bbb50ae20fe52ed0a88a192d46f77

C:\Program Files (x86)\Steam\config\config.vdf

MD5 9568a093c6a5a6c94e40194a58154e66
SHA1 8a3bd6b482706f3a46650905e40b14a5d1b90220
SHA256 a40e9806462369879b403df63a2aafde293d8960520f5c4a869a1801f5e7c24c
SHA512 25f21b5d2330a36e5fe385e6fc4a6ef3bd3afdaa98dfd0fd2711d2359f5914c6bfbf16ff2f5b7f6953c17ff307c57d3615cda2faedce4d093ce5d30592e5aa01

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 008956ecf493c11e09150e71de440fcc
SHA1 1e55d1a55e4fe033284e4d4a9a840ace53955a47
SHA256 a28313e94b85974d8267cbb93accb297ce23cfa133c6ffbe129d6e304e5b881e
SHA512 c107d4a64287585d75006a74693ebbddf0176f195fe56b7f07ab73e106bfa94ed9c03b359697205b46bfbed215c8c6e71939ee7e6d2a1539f521259a0b4a9eeb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4177c85b609f33a06c3bdc7af1c23c4e
SHA1 c86bc41d5ea774b64e7c60d877a2896790a2543e
SHA256 ad577ff03238fb46d740271a75bcd3ecac4d01725e413149b89e6cd032e02f7d
SHA512 a0c76e94637006bb008a6677550ec75636e3b43b2dadc364b4600910ec5a9186bb4f69355d6fd2f7da39c9b379ca147ea3c6b27c395d557c629c0d4403e66a71

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8608750d-a6e7-4174-aa2e-197004647947.tmp

MD5 3eca942e68da86f67f0d0d0e740527b4
SHA1 a5ab6269a19b75c530f46f0d7d9693b208b00a0d
SHA256 1aceccf9bfca4ea019639537e945fd981a3d72bad2691739a9018c3c83876e13
SHA512 cd18fcf4e506de5fff696bb5add02cbffcd3c1e1a2952f0d4d1e3b9cd0ea49511d84fd597a006effc6ce210421926d6221bf1e7be90d36cbe116bf6279632aaf

C:\Program Files (x86)\Steam\logs\cef_log.previous.txt

MD5 861638bbcdcc744d0f26af372b2e1507
SHA1 e51210d82e066556e338e5c6b84cb81d6b52e231
SHA256 df3983e563d086bb11e1885c1613fc2775c11298381d374c31e1fdd254c20115
SHA512 173ea8f1a185b805403917df8597320ba6edf6086d90217d769a4973dac2da743df1859cb49ce1e0a4fb3e305640ed1e3b87e098fc55e36c94ccaa1f64590482

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 57abfb25f8096b15ea086944e304af53
SHA1 545c517bc9fc86846b8c1e68d2cd4328ed996407
SHA256 23f068e6775c61eba78bc5219f354f51196eb51826ed2502053a8354c28d0331
SHA512 77f7963cf424d64dff69ec679c2ca4717a917c2b7adb54ae4843e84b96c1eab1224a2a15552d6250f15fe7c040f1e8f5c1882f0d3176359a50e1621fb7ef46cc

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 1b309e313b811704d8a85fe78cd23358
SHA1 5e28ac79338f76de9fb284c15feb6ed06cb396f7
SHA256 fd4a91ea31e28156fad94d703898946f7b7fb79f6ac86ce8ad7b445850f391b1
SHA512 fd223e27a806886d1625b128892ac64fbeadc34118f0f5fa60d06613d387e4ec3ea2ae79d9dede5a73096192db800c240787bb12b65ba36790f5af9c3662d787

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 8feeb3c7ceace8253ffd546965daa1d7
SHA1 cd81c1112c6c670d21fa58c9f62fe01ae986b1af
SHA256 da189941df43ceb3aff48ec628d1741561886bf813ed90f78dd76c6ac0a52a6f
SHA512 e99031a4d563a5e994f4fca7184eb540f278926e71815ee0ae8c11236d57c3d73b992efbd8c85d853efb4ffade8cd4e773fd2edfb4000fe815a1d02b97344b27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 135768a2b31bc6f5e66dd05cddb7ad0a
SHA1 58c05f2054608a104256e8a9b2b84a695f032959
SHA256 47b3f8fbb18e63260de73ea793d73d6ac6e1d4267e74882b5dcfaf96c19b3bf2
SHA512 4865b9dde4c87914100009126330c0540de49ad0bcce252d4924d13f65ebc442dfc05ae2f61d16a766e30e7f1e86dde7cf2fc690addb89c93c11716b8207a40e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5539e0d525b44e052e94fc2ed3b727cf
SHA1 56b74913c868899bf3fbfb2110e64db79cec2765
SHA256 71fd989752a4ad60223a3189e70f1304ef30b8159177d6c315095240cfc773c0
SHA512 e13c48d30deeec651ac5da2f0863ee61ba926ea763bf5f68a23dc4a03572793818885ea80a39acce1eb8a9f81bfb76e9426f8880add8601d809327a640906312

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 83da5abd96a5d1ee4db68ed35a9f375d
SHA1 bd4cde10db067e02e8fedeef7f727bc2cef9556f
SHA256 2cfc6e6c76459eecff71d5ea1e35103b7762eb66306435a63257ead5b06a2676
SHA512 8b0eefe3863a8ffd2b5ca1bc99395d3132ef2ad8df85d778170ad32bd8c6de6ca4af5b348e83f88626c1af6d167d9f968961864803c002a86bb3fe8f6a24a1ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 79e6d050fd2d42d3243cd4ddabe56d94
SHA1 19ba2265f2497e1f854ea0fc934017870e727335
SHA256 52f9fe310076c4d8899c32732f7c55f03f9f93095c4021874d0056e3a8a94f2e
SHA512 aae9bb330bbbf5656b4de1c74b5b20f909d2ea2e938afd977a6326ad62a5ae7790af2023c56d2ac48cbcf55b294f5e0653c86aacf4f6903b4d62c310b9801eda

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 99d1ed29656d54ee6a650e95099a1815
SHA1 7c76d1627ef3d42bff09c8580b89040503a7d9c0
SHA256 71cf39f744d4ccf82749fb90a0dd59f756e6c55dd63dce7bc0a4d94b0e45b3d9
SHA512 afeddb629f0169caf37e3e6573c4f915ad69d595cc03821c855da28bdc03f1f2339c9f7e57ece9283cc6a7c02408730afab37020c2c6a239245a2ac4ada873af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1a64c98f35fe3c204ec10304c3a94dc3
SHA1 68db5a2c3c8dfcf4109818817d95040aac55be53
SHA256 0c97734d6476767f700ad6798a5ac419bd84df4330bcb4ac1e23593f58842615
SHA512 5c756f4ff51ed3131977d46edcf3b3584667fb011a3cdc5ab447cf30f1b33e13d7f6fd283c1ff786a648b90f4159f21a0477893512af463b9664dbff99579636

C:\Program Files (x86)\Steam\config\config.vdf

MD5 bc7b93fec37fc19baa99bbca058d54be
SHA1 155013c2b5ca2a1a0dd9ecc89b46d1efbe64c1e2
SHA256 f00648a790ff86e56c759059ee2d14993cda7cdbb81f32a68a0e747cffd498e6
SHA512 1a963c37e27ba9e4e5c243cd27b3f0762f64036a76568517643617e91daba455ba573128bb17863e14480727f8696918cf37ba78631313ce5b77a78e57593264

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 aa2aa3399e35dae3bfa4dfb5eaf8b13f
SHA1 3629a4f1c3f2db4a104b44ad842648c668aa00e2
SHA256 fdf9a4e75b44bc7acf41345255208c966c9466e51ece548a251c3326a8b32a1b
SHA512 055cf813107d54801b15f65f423f10d308808751f5d1fbf1bbf9b18b3e4de1494d8b832acf85d7912ac1f54a353262ec3d29a19d1d725e37aa32803b2e1a6c08

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1ba1d1603328dd511a2d01ef2204b11e
SHA1 87c9f73d8ab1a2432b636ed9697d3a705ba5d01c
SHA256 b875d7d6e6c7c7d6f8af5b61247a065becc670516049bd6f5892d4167b0b001b
SHA512 5b91c41fcef302862826f824bf5e4fd382fb4ef6354e808c62d39dd66bba3c56c383212ca76839220b0706fa6ff43c3f1c562655642fb64a99e2e90bf445a40a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fe1688cc509f5a0c80d4e4fb9bc41c64
SHA1 c69925e80019741327809c43e780f88187188c80
SHA256 1441941afbf11b069308242ce87acc4c51c1c984b04fe4637456d3851b8131cc
SHA512 8d19268848f92cb095d61fe7f423fb9f96efaa7b6e15622d53995570b7eef97cc1e77f0bc5d965c05ff44fd226c3df632100f36af3a8b43975d6438023f97e21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5a92581529c734a6f01f5b7b08d61fc1
SHA1 a1d3e9e8fdf90e5c1fdd8bacf4d001bda1d1b221
SHA256 98d3579d3682ca99dfb70d34de85557e5db01b0a297194428a5e8c927b67fbee
SHA512 3edf810dfb525fc2fa1102c50bf76d0fdb3a1b82f28f6df14e8d399c3c1e8da7d4fa34e42efec1f3b72c21964e0ac57745428e0ada3d941e947ecd3d294b452e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1711de0fe0f4235e25d0f2c0ad6d5a74
SHA1 508818512244fe97ca7a2afee3ae3932967f4d42
SHA256 a7ce35653cb321d86847cd65275342c489d389cea403aa58b9cae2bedeb66e01
SHA512 fef2598629b47b674e8c37b0b7a9df98f5ecfbdbc5c21941c8649972076131cf8369edf3ae91490484737a0d3ae74b4469f6b2ca0e8c53625f5a1ad96b669d92

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 abce2b4cc7665447f9b0a1d12ef26a57
SHA1 6f360072a2eb0f4a1357271bb12f066a561f4542
SHA256 da4d5e8650c5b9d849385c33c70b64b5d0a4f415e6409ac83458a21721584773
SHA512 a2eb646aa27abdbd6fc26b9a22187469a849c930ab8fc4c481bd009b68d74ab1ab7992fa741a3134cdc195e12ee89e2d24531faf3c05bb18d2552c7e52d36af9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9ec9095f704d9110544e3088c5b6d00e
SHA1 f5d3bebe5ad672893ffafe1df9b5239553e9b2e3
SHA256 1dab002bc00153b000ab2ea930e0587449c63ecf4252c6f85c882cb1b4f57e16
SHA512 d09ad9cdf6eaee92c55e1b11d413901b14d5e586846c9a7010e7c05465d7b033a05d0a0e5574c9419ff1dc27229c685a9749f533cd8cfd5cd3a9e0078a76cb41

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 40bcda62a1d19e07e82e03da7a5c789b
SHA1 9ea96cc5dfb59e09b42d986e8212376efe8ffcab
SHA256 7f19435fd6f5a408d6a9adf0b3e1ec3ae084b7fa47b4eecf24f1524dd273aa59
SHA512 78c0a9418ceec4136579c20e2752a6100c9cab91924225fd78cf41f5a93cedcec54c50c853444ad24ca2fff63adb1478563c4bcd940a48a2b4b00b2dda1f1635

C:\Program Files (x86)\Steam\config\config.vdf.async9012.tmp

MD5 053d849151bbbe1e3a14acb70130824c
SHA1 79bba8b0ede72e69de2ad2a631c8354b0c9812e5
SHA256 59359ad6683c7debc6f1533bba75695736d453db71bbcdb41973102b996639d6
SHA512 a6d8823c14284cb1cdbe339fff8ce03117e8dc59c0bac709b614e5fc56fef745c9f86715f20cce751f001c784b2b6b1167c738a8133edb77eb6966f6456d6640

C:\Program Files (x86)\Steam\userdata\1840991693\config\localconfig.vdf

MD5 6535319fc2e37b0e30278c5c294d8882
SHA1 433a97918157fcf4cc9686f1380eebd0f299dc12
SHA256 dc8a8139e130b96eda12a880dd334c724630fb6b26f8758df5e864582ecc8187
SHA512 fb11e14fb3cdcf2eeea09191a9c18d2e21a3aaf1c289ab2bbddd27df8256550ea511261a6893826bfae66e8d398361fac6373a87cefcaed3623e550e51742ada

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 0a0657fbb176056839f92cecfc3c4761
SHA1 036d4aeb8152eda4427f4979b32d389436a82c05
SHA256 9c7215588a2020ddc1ba251110aca643d4bd70a862e7f52ca1b253ec5b33b3fb
SHA512 a9c2dcaf087db80dfeeb45b078d7c1855100213384d50397271e8cbc005ae6bfae5c5115dc300e5158d5dd0d6df0b4defcb17c9b49877b146c74e4d5fceaaf41

C:\Program Files (x86)\Steam\userdata\1840991693\config\localconfig.vdf

MD5 f20a547c8ef8018637f31f08d1206b1e
SHA1 8f202081f5abd04002980bed65aef813abb92616
SHA256 4ffa09a23b7be0815997c7f315f4eee930bf0ca1550a25fe305b5fb21bb4b22f
SHA512 6257f240a497995d0a11eb3d7a0819c88948aa4d5661e510639dc1a4a23d8ff3bb34ad545ebc6ee8b5da79719ba94ab590b8e1eb83d6235fc2b9cd23d50c35cb

C:\Program Files (x86)\Steam\userdata\1840991693\config\localconfig.vdf

MD5 5d99d6c9ab7edeba322f3f7d1bdae22d
SHA1 f5f1bd73cc503806fa7bc20cfe00ac7f882401b0
SHA256 2bd9916c015fb6dabf1af66c11b0089be80f715a565e828bb93b0b95ede92b0b
SHA512 903d335b6ef8b4f568f72036f422b47e4e27f414c485c31b04089e6be6b78c03269d7fd576f03d1ce2e33b2fa9801a3ecc5acf0c4f564eeb9037d3cb0b26c380

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 a559f34a94284b3c1d3513332a3a47ae
SHA1 0dcab7c051541fcd205669f9b68f7c42acd0b39f
SHA256 fd010600374ebeb6110a12a4204d9dec7091274d4eb8fe8496650421bc474611
SHA512 db4d53d2c33636a0ce64d90ac9f84ff0f9aa72b4d12eb84ae0aec9d13c9b3e6e7725656b3e23d94367dcf19154c29041843b23def7a4cc3a31f37954206a73aa

C:\Program Files (x86)\Steam\userdata\1840991693\config\localconfig.vdf

MD5 856cc5e448ae4c808baed1142e45e0f3
SHA1 a390a4e1e7c40c257d6d1646d8cbef17e458cf47
SHA256 5bfc558c94cdb27d2b14799d694d8cb93e196b2a0e0a89ed6e9d2979f6c79ca5
SHA512 a70e987d725d9144de821b47345d6619ceccde1196626c7c7fead1e9341ff8f1b338a22965e29667a4a7d09fbf93ab38e13ec0259d7d9cdeba7c563be33f68ff

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 28f04b71a141ebc815ed8225db87b4c3
SHA1 d90674d35a46ddc8e7e29203a85a750581c2ea6b
SHA256 4fada21ad06ac717170a5ef48f0819e5eded428b099d20b9ae03adda11ffc40f
SHA512 00d6e27769fd3079819c975a17dbd34b3f28caf223ba27422aac4d0dbfbebd3544a6a14bf5737aa4f1e81fe937b7b26d29a13c340c6c4c6cae3639a6daf2ec37

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 57766603f4bac972d225642efdf382f8
SHA1 58dea03d54bd277c6418fe4dc44d2f5e49f1ffbe
SHA256 dfa53803878dc14e70198b9cea4dfb7e6792f8dce5c08656900bd375719f7ab0
SHA512 57ef88eddaba1cfa10645274f4a77bd2c689f9e7a75149b840c6a4b2f4dacb5f8e13043434aabb87428c34550164501db20ada626e21b0ffcd92e067fa03ff66

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000004

MD5 e13edde4a25e96e573f37bdd11e020aa
SHA1 84a0c3cc6cd74b149cc27de2b0fe48bc2acb70d2
SHA256 45b526e6aa5356b278aa37e67593a25d09c9653e8a0e71fb8e155111d3b7a515
SHA512 9ba4cce47994f949731e594538f56f423ee46a8e602fe922ab6e1d173b87831ae5a80d967d695fc45a08b25aef5c494518b43cde6b4709db690e904b2cc1c053

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000006

MD5 ef94e26e09fd6962f86f29c1c30f7447
SHA1 c574353d60b5973522a96fe726b0d26092167386
SHA256 2c3a7f1d3f5524c76c35942871974ee222eb012c65ec7f19d83c392f87b50847
SHA512 77abdad3b1f76fdd8eaa4cb3b2dcb9e5e0c00f46f25b52420e24129c4b178b34103329de52c15b130c3dec214c77e25eecbd2294855c1b3ca39936c8c94a5b26

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fdea698d0f75f6c662eb0b42ca5e895f
SHA1 a393346cfde78c5869462be29e04fe7ad292e20a
SHA256 e0b2e7b5b3db80ffd716cba0285a04932c633272d36d6d62df77ec7cd84e83ee
SHA512 155124e76ef11540a1499509ce74be17b49f3871c7b983f03d302426c5d88c8594ee42850ce5d05561167bcb461bec9f5876fefb862d8370babf1a7cdc37101b

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000025

MD5 2d64caa5ecbf5e42cbb766ca4d85e90e
SHA1 147420abceb4a7fd7e486dddcfe68cda7ebb3a18
SHA256 045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f
SHA512 c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000023

MD5 57613e143ff3dae10f282e84a066de28
SHA1 88756cc8c6db645b5f20aa17b14feefb4411c25f
SHA256 19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14
SHA512 94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000022

MD5 d45f521dba72b19a4096691a165b1990
SHA1 2a08728fbb9229acccbf907efdf4091f9b9a232f
SHA256 6b7a3177485c193a2e80be6269b6b12880e695a8b4349f49fccf87f9205badcc
SHA512 9262847972a50f0cf8fc4225c6e9a72dbf2c55ccbcc2a098b7f1a5bd9ea87502f3c495a0431373a3c20961439d2dae4af1b1da5b9fade670d7fcaed486831d8c

C:\Program Files (x86)\Steam\appcache\librarycache\1113280_icon.jpg

MD5 7ecdaf8a54ec52b20640a88527512903
SHA1 3133a4d748ad3be61fe9db759339cd5de73339b5
SHA256 7bd8b75aec0a4d4a377f3ca3a023fd8b7c5fc7dc6a2a66d17f8cdfe5b731ab0c
SHA512 60ae2031eed0c38264f0d8db22a9b6efeb3f80c791e916e15a1730853162d56e0da014dbd93a5479bae4f3bdd5705ca89be70c90574a524abd1c276ed5c55a2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b555fe21c61644e6cfa4bf49ebe45bcf
SHA1 8bbba5e84b9c842155afd4789e0205b11c0b377d
SHA256 9addb4542f8e2ea557e550f654e36570681e4f5d4f3b821823fd8303e709ef4c
SHA512 b61f225bab642de77c34d93c54015848f9205a8bd63e1559301d145184d474931a59b735f78655c430009f2107d0ba41aedcc05c2405a914a0ac97076771cf02

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 436f97e9999b631a52d8cce1dd569fbb
SHA1 481b691f45f9e4c282891c5d82a547fd5de04b67
SHA256 8bd018cc8668de8c55eb5aec20e8adf92fb7659173e739ded0a55b919f1276cc
SHA512 0b338dd4f0b465ce18f52b45779adb8f30552dca0a43b6fa9166c5199d01043db19381b8c48b437f24fc1f7475e2316441d27844e4140b8a9c744682cb013ba1

C:\Program Files (x86)\Steam\appcache\packageinfo.vdf.async9012.tmp

MD5 c779fa3bcbb9baf6e0187ba93e43b42a
SHA1 1a8db986e6f94f9916a3e8f76d820bb46c4bb06f
SHA256 b37b1d3ba06b7e3e91da74c556a4c14c60134011fcecdf540c6065adb161f3df
SHA512 55b0949662cff95b03ee3cecb1b89e6f0d7730c7dd96ca7912d18089ee07c9315fb7fd40c460c6db1c0a62e6a2bc65f861ef1407160ee97e0f39ad404b6a2922

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 75b29198fed19360781429b4b702b6f5
SHA1 19a8bfb56a1b80b7428c5ccf69a863f762b9b511
SHA256 8203c17e18c18c4232898a8bf89c80342fd25e3f005cc2949ced3b75dc5938e2
SHA512 689b0ea347764e93ed32257ce8684682cb4aa433c944a031a0f1a83f0e90e67fc46e679f74aaf8f2ba207ef13393a6707489423a6b8e90129852f0154e8a0abb

C:\Program Files (x86)\Steam\appcache\librarycache\2281730_header.jpg

MD5 97f3a36ef544d783c021012ea3a7bd5e
SHA1 675b843c7488379cc37e41e58f427a44999a1899
SHA256 573234b842e25794e8a9688ba35eda23610aa451da2ae932af0c08b1699609b1
SHA512 05a47e5553d8ec058f04567c674515e04f3fa618159675f25548538ac9d00484c5a086edf6f1f9c5e61a3af847d59c9f23060f66728b14348f74c31cb8c43bdf

C:\Program Files (x86)\Steam\userdata\1840991693\config\localconfig.vdf

MD5 d0e819b122ced6b8a818b92960d040bb
SHA1 cd3f3413e746b98995c1eea2675c33a217230909
SHA256 828bf10281ff7d7be7e60d2a54af86bfa6d23418877ae957b1c2e06bc052144d
SHA512 219d854beff253e13d76404e1c229907de5d81d9df608a5ae24e3fcf4dbafc5afa00286419a92734cb6c9e4881073bbad0b0baaf67f82292f5212085951fa420

C:\Users\Admin\Desktop\Combat Master.url

MD5 e1cada784fab7f2fce1ad7374059873a
SHA1 eb9489f322050a4518e7efcd7cc5affc07d21dfc
SHA256 9c9bf8e6871e4b8f691597e11ccee29f5200ec9e23f743c3fc46049630f36069
SHA512 df987b7b936156194cdbaf3650e298c488299543583571c7905264bd5a919aefb7d4e9a6d447e8c6c5a327ded2d63a0701d7d618cad807ef43db7aab10f7b389

C:\Program Files (x86)\Steam\userdata\1840991693\7\remote\sharedconfig.vdf

MD5 491d489c3ec7e7493d0f0642d77c7a25
SHA1 acb1ab917f9b3bdc54fe709047aac4d7287a2077
SHA256 032ba425640eb40842269724fe38c8d6a40e8b3163837045283e8347034beec3
SHA512 df1daf766b2f5ba29e65fc08ff93a17462d71686fde08c7cf0ecad7a09c70adbdff9fcbe0c334bcce0745b4fd5da12ae658b6d19ffe57bec36810220cda3882f

C:\Program Files (x86)\Steam\userdata\1840991693\config\localconfig.vdf

MD5 bfd1c384e3b0d3b9b45b7ef2ed530c92
SHA1 9e5c11bea1d34ef74b282ef995e74ed529662246
SHA256 bc04c88130484a19d1042866e50cc4fc9d777b937fc0fb5cd11a79ab5e22764b
SHA512 e3baff10ef8756bf9f4795f941513f72ecf17181592e2eccf91e8a2baf75ec70be47fe22895d43a1281dbf4be165e804c7e4107a0932ae99a8998b445e96b424

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 4878c7c5642d945bec349539023ffa5d
SHA1 db893417f213b19e23c303b6e4f2665c1b5ffe9b
SHA256 11e7d482585d6654531ef33791d9b302cb9c749843d07a5a35a31512ef0f44ff
SHA512 ea2f32ab67432192a14206df1e2acd8cebc5e91386831f74c10e96b7c775ad0a4b588285f5f4dc95dd15d1ca68316ba3663b306b8f2eb1dd6f13701e7359e693

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6d706c8cf9a9b14b8d4b62f84e3811d6
SHA1 ec4c0bff4f3ae2998b4befed8bb9a3822488ff5b
SHA256 5363d9ead65f299843ea1a610cc8f90f5a13c80e2871fa51a3ed73921b56295d
SHA512 fe47a7db964e8690a0a76e101e7f1d1748d339e671513559181fa8cded2de0e9774edbee7c1ef7695ba20b252e16794bac20979d66b30f3dd71c408e0fe7b8dd

C:\Program Files (x86)\Steam\userdata\1840991693\config\librarycache\2281730.json

MD5 5216ef382c2d09e344ae46f2c073acab
SHA1 91040770b2b51d00e6b7c32a37315eef249a55bd
SHA256 2200afe5bd5dccc0cfe9d34b29eedc49014dd673e5b9b2d1797e3f52a14b5617
SHA512 0a5bc2a98fec77d33e0aca0934d547746883d5ce2b6cfe23e36dc9afe5fbd51dfe12d955213cd0123b4ca004e225182bea6722d0870ea65ba5a808756e893f7a

C:\Program Files (x86)\Steam\steamapps\appmanifest_2281730.acf

MD5 3f9e0a90cc48ebc4c80dd239d06a374f
SHA1 52e0c2fddbb31f29a54a42a4296516d8220b8e70
SHA256 dc8f17a3c21fbc5543350d6f6de291aec41009835856c7dc7825bc24857f1979
SHA512 b3b76a8101683f4a5320e2fc631d54388f10c1c07fa1593dfe470f1a8977b2f394a7628be88f2dca26bd1ca06789e7a7865021c9df645c611cad096a8ec8cbe0

C:\Program Files (x86)\Steam\appcache\appinfo.vdf

MD5 63e057cbc817e98e41ff6a02aed4709c
SHA1 b9ac1d6aa070d2a20111a159c3973a8aad32fc93
SHA256 a4fea66d7e88595bde62d0104d5cf9e0b0decbe8114c95cc3bf3eb20e23cf0c3
SHA512 831baabdd2bc4052e892237166d2bb5fc4a8c885e1267ec978e1bdca9a2a3140dd183325a6fd2448397ba59b63175f663d4b91adcc5f65d80a7785c097fc880a

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 40d84d9f89179613569ed984f3429bf8
SHA1 df0831b4d4a25c644703ba7c3d8bce09d0a69fa6
SHA256 b691d3a913a4937e27bc971cd792b628940dc74cf95271488921df96e127b49a
SHA512 97795eecb841a52acf505703d03419b5bcf4fa21822eccf381e7fb7a05dc86a171ef81364e463a2d316cd3008aba3266cba46c7c73364e44f7b3c7a00395d12c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 585cc7ffb755dca98ed057c36a4008a7
SHA1 69a282622d5cc7e553a828024ccc687655b39cce
SHA256 d522077eed8ab373f4e4d3096b32d52c61ebc0947d25b0ff2476d7398881a534
SHA512 5275537bce128236743ab899dd8f34370540f346292144423f0630054b24ee6c1105a79ecb7bc18638e4ffaf366599fb8b32bf992611a4700881e5d2e9458d90

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 2fd453c224685aa287d80bc2db086984
SHA1 98de010f83c443418ddde6bd2f8b9d2d99df81a6
SHA256 3c6324764caf5c8ca73e6c594cae8f156c48158135cf26e95fd4ac06a4fba26f
SHA512 877a1b1971defcc110c7ca9db967600846eff3bad6f99602ac85ed43baadcc458af8a36711a330cc8bb6d34e632de3f24c44a61d64d30cc6666e6a149a41290f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 50df9cb2e22e38ad27562bdd45217c40
SHA1 4afcc9e2cef9b8b5cde2930d05d25f9ed18480cd
SHA256 dde893fa148173bd6c0783076f25830f7e858f7db8d19906202ffeb3a575ae7a
SHA512 d8b9821e2ebbc5ff34ecdc11887c8e9499a319dd14653a1dd9372315c374141f0f42003b62b80030fde414accc8f5f6bc066de8ff9d1ee39026f67d217f3190a

C:\Program Files (x86)\Steam\userdata\1840991693\config\localconfig.vdf

MD5 3329fd27de58277aac66690419b846bf
SHA1 3c233b588a86d4f8f910b86d3f230226addd873f
SHA256 1e8ffd14b601f2f1b4a2ad4b1bbedc525780e81346d8244a6c4e92cd38b5b0ee
SHA512 b9649305c2eadac3d4d90a4a6d88069aeced562e22ec281cc8290a00754865b4681a1aa1e696a3b10aa7491d5e69739b1927b9ead88d9c621d3413a0c6ef4758

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 fce704ba2e92175d6b727fa833c36cad
SHA1 7d0fb2b7eae8034337131a91d0cd5d47fafe71d9
SHA256 5d898301303890ac8289b1c0736b756844c4b2208ca511790ef5c2c9e5995e87
SHA512 4ac9fec0e5496da782207a73580ed005c7f14d33380a8122fe45e7ad8d0c9628e91be1d5d8b0e16cc455d85bbb3e25c57b3c8abc958b6fb49945bbc950269cee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 92ae3a4b0ed1f69b7bb0b1f133eab5df
SHA1 e7a0eb7961b5f612c0bcb3998352e409c1922eb9
SHA256 16b079715ce7ac2257d8146cfabaf6aa6185872bffa8b5ebe6944a8389f6d3c4
SHA512 44e8ac89951137308eb0a01fb4ff22b1d052fbbd65a1fab89a894311d70bf7b1e3596f7cd949fbc45b91a0dc21754a397c00ea4edebcf756fc431be3e0433b9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c15b9be54ba400a7ae65a9820e2418dd
SHA1 36479c90777ca9ad1af42bb68029e9543a66270e
SHA256 0b21271fd9d90fa95cdce6db5f7d9c1465822bea21a919385176eacdce436395
SHA512 cc9534433087b36303a73b533555aeecb38801c3d20288b9a8753931245e2a52b5a45294409ab81e92f25a164e2c5cdf5ce4eea7f877c5f2fdb328e1aeb47f9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 28e03761b924c70a17e9366d8003f376
SHA1 4ddd9d98c9e845406a191366130d9c2a135c97e7
SHA256 42a857ff715399de6b62138630a67fff1a28c10c2bc53df6023c3bbad3a1ccc7
SHA512 4d7fb1627fd7ff31d5e2234f512d849c7253ec88deb5cc0514fc940f782711d7eb2f38edcff9b0ed619992330316910c7d2f4fbb38f8b3031b00233352df2cde

C:\Program Files (x86)\Steam\steamapps\downloading\2281730\Data\StreamingAssets\Bundles\map_farm

MD5 292d870174ac864695593b23e5243582
SHA1 dae7c3525f5e0d3056f5801cbe7a7ba425b561fb
SHA256 14e58a8c6800c203cacadce1bbf86cce025fd0dc6a6f5138c1d598928ab51f25
SHA512 4581933933d1effc6e131a889866b63677e9b59efe19518eb4fcc72891e454251f6c186e2b87b28b2fce824e8d2aba4e679c6c667e6418d1ce235d14bfc456b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8908669751604e347e536cbde5dbb46f
SHA1 d4b12193b58f09cdc7bdba20e8b029044ae93c28
SHA256 32345a91fb2a183c7020e4bb5f9938b7e14efd1c58fd4a5b6d157cc3b9a2f25f
SHA512 2288cfe8a653d1cd69377238c7dd876511445da076353b2b018f70d801719ad58c9c8fa5f69e74e1a550ba132ceb9cd0523a45e6ac0ccd93387e66381ef3f9f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 228c52b5fc99590b936944014b0f937e
SHA1 b1dee0811c8cc8c2ae490e55bcca42560b808051
SHA256 c6d1f5c657c33bea83559db7eee30536d59d20c2c40e3fe94f383e08d1fa1292
SHA512 e40420cdf096f2fad794814c8c61a2afe16024b7133d114e6bb6a528725f4d38dc4388e103694ad84b4194c6e58a3470a2a484d3e2e8c6e151be0dcd7dad82f6

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 a85e007a084bf4ad5ba1a3e4e6d252c7
SHA1 eb50c1a98b258b6039a19ae0cc364386aacea00d
SHA256 646511ddc2dd301a8f77e2c42f1400adaba6fc9cfb7f22c8dda74e6486d0271e
SHA512 5a7f16512d999d7986ae16fb4fa057fe9858be9afb2bd669b46712a93bb3fcbdca674bce8034567aff0caf65310a871344c7fa34c66676eb4557fd1d7b344105

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6322791275a733e7ce180cc05f0402c0
SHA1 3b236bf3d50c4f26c149cad4b54b9f1cc829df09
SHA256 1c705f62eab30966a5f44d15336d5a537f0d4708a645753503481d0f94a4d87b
SHA512 94cf2b699d6a0ecb09cca6d7bb599e8b6ce2963b5ab5972f819a9c2364f6aef3bfe24eedc2afd7d2b99d0ba6ff0538bc01095c773163e4861c89d3118ffb193e

C:\Program Files (x86)\Steam\steamapps\downloading\2281730\Data\StreamingAssets\Bundles\map_farm

MD5 287e3d71be71eb41ba7b971c833efba4
SHA1 58ef6b41d3169922e1889ec4cdb34b4970d19eda
SHA256 0e3aaf41ca59816ab54ef11b49ae23d56dfc52dbe0a766d12621404cc8a60fe4
SHA512 fc6b305c4cd1989ab935ea753ad6533b371703c2458b4a232a081e5e1e6053ae4befd63c17691a17219274a74137fd163471b465e80db957c8d2fd94cf35aeaf

C:\Program Files (x86)\Steam\steamapps\downloading\2281730\Data\StreamingAssets\Bundles\map_forest

MD5 894b62b3d94030bdf7f892c0016da098
SHA1 f66c57dda61a59f700ee76b73ba137f1978758f6
SHA256 4c9a8e7f6857547b4a6f5f28ef5a1a17bd87e89babb76e2d6f4ce4e132e4e426
SHA512 92a22df5c651b089bcd12b6790bfecffdccd5f3bb0758f361b709710b4d4895b3416b662a9c7a17c7fb90d4bb3ac99e556a352ded00e77eb61fbcf4e695f5df9

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 75f79f69980c64f2b74d52011adfacdf
SHA1 5198357697125d4c833e54d843e741808bd3da39
SHA256 6e30601665f450dc7a4b9f0491e952c26e2ed130045e26822eb3674fb998e17a
SHA512 e11dd91b41e30a403c58d9ac988064d91c0ccbf251b2919feb01883b636ef076ab00c7338e31cd99eb990e45c2188085dcab97220cfeba5b09cd1aaaf8464f49

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4e6bbb00396eac5f4aa9ade143854d80
SHA1 d1821a9ac48339a48a83f13a765bc54f336b5a63
SHA256 b96f240e297eb37c61cae3550a1ee0154620597177eb4f2809bb26a6f4ad5e91
SHA512 2efd2d40321a79e3d81de5191e3beacf96969573fcc9674be8fccce9f3d1548107eadbef4775d45b4f9fa4a7323d3341351c643955a15d92dfce7b17693c8bc9

C:\Program Files (x86)\Steam\steamapps\appmanifest_2281730.acf

MD5 ab840faf73f6a0e1043ab631cb83cea6
SHA1 2ca7b25d02f76691abac868f887d3ba7685e94cd
SHA256 fca6e0a1617666fd466ccef7cda9f0fcb71863930ab567ec93e9de1770369eb0
SHA512 c728e92052c008796dcd438aec993a6dcc88d93d7400d7e462b704617d26be56a6ef944930cd5a3c22c0cd7a8f0f8c86565dbd2a33156755e4a7a7f9e889ad0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 896263b0cea49f7cbe698fe5fc96eec0
SHA1 566794404be592a8c00c278e462b38ead6a7926a
SHA256 21c9656a773d016d72fd2112c263ee2e81f74aa4ddf966aa29bf5fa8622b8799
SHA512 be2649c84911b17547a166c579e22e11a074e04913d55525a27870291deaf7037a4c5f56c12f297fe7f00bdb45174a4aede480aefc9c90681063decd5a421b3a

C:\Program Files (x86)\Steam\steamapps\libraryfolders.vdf

MD5 721e012b9dc3e0c7ff7b6d99bc7be23d
SHA1 93fa5f818be9a43615207091acb32b8c82ea9ccd
SHA256 6987cd0e1eba3a189e7293e57afbecdfae38a57c843c93cf88a06b1cfc749a11
SHA512 28a07d051b53ba042a24a65d6893b2b9b639c7fd3ae8c323081859fe84e109d398d49bc0a652e3c743cb5b12efcb46b8954b85c562c2d290a5775aa686235633

C:\Program Files (x86)\Steam\steamapps\appmanifest_2281730.acf

MD5 f0f648ebbc467a5dd809d0bfba365c1f
SHA1 7c8e80c95a03560a8d1dbd9d41f6768fd8545ad5
SHA256 1a9c6a93ebb9311f0cbcf7cb6b6da4343051312c83a6b59616771218e912d7da
SHA512 94125e8e851befcd344090552c943897c4f729d1c2be08fd45e8c67da702ae1737ffdbf531a93070e4b543ef27ba347399fde1cd5cf0b6153a26f4a072abb297

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 51b448e69783d2e0822c1b4b8efe1939
SHA1 9388019a859ee6ffa608b216bbe39f03aec6091f
SHA256 0e3dae69683b382b1e6a2fd2f7abce84bebb4669c560acdc50f0da1ef58ec515
SHA512 917dd982ae6bd6002259aab6e8dbd91b1e58cb9efacab8c4865b9787687dbde6dc381ad8eee92973273a1e0db528c6d6d2815222afbca267434cea193aaf8e52

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 7132c65e6dfe827ce14be59cea53fb03
SHA1 73c9857e97e34b58a968a244b878516cd641accf
SHA256 3870c4acabdf3232378e375586cd245090116716caa561f09e18900464ee6459
SHA512 52fcd897f69a3d113867f5c7964793cb740e5722160ab2a66f83e74322e3624cf280646e117d52c9bae214c1ac92a3341546684f0648a0f46b906a0d733159bd

C:\Program Files (x86)\Steam\steamapps\appmanifest_2281730.acf

MD5 afa9d5ce5c634193839f4d606c244260
SHA1 01f2033afb3ffd05cc257e36f39d70ed4b0a4b06
SHA256 d9bfa08e9043fa0bdda640090de7ea874f38d4c7744eec9dfc7690ac046eabe0
SHA512 40f2c1ce7946ee358c0c890fc09827e4636a8c42129fa052307d6de9f187e9ee4bd3b788426eb06337775ff0fbda0a3dc38158d89a8c85f8e1319088fa8b919b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 d99b48006dbc3f0af22c1255bc81785d
SHA1 19ef9a00258947fafa8a223697592ff3f25892e5
SHA256 5aec63ff2454e26357cdfb620c4ad855c0b1a528178e8d1ed815ebfdd301a5ab
SHA512 208bf1012494ba62ded31734ffcfd30d74072120deafab993e1bf4907ee05017545fc79b296796b7952da82b454747e967af75d44b383ccd7dcbd8bf759add5d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 63672dbcdfab9644e205577d1e0e5775
SHA1 9b1a4cc6a23592f45f9feec88f9ea9857da068b1
SHA256 52e012a3c1bba02661a475a35d398ee8ab502ca563c362bd0f405f7ac344351c
SHA512 bd823714a3b545657f2bdd6c7188957da873c25d472c7ca203b9ad68126ebf09d7bace0ee159f0521d7151106303f288a61125184f336567829497a766b46d6c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 a87f8bcbbec86a9ba17cb207af809d46
SHA1 f4a29b3e189a2d3a23820c1644851d6a03295d6f
SHA256 aae447db81bb7a6b3563594962e55e3aa99e78a3b8cfdadf48c8bec0c3c06aef
SHA512 a2e0ed04416474e9b33ff49130a8f3ade97c0484846531d7ee1ba20437bcef1ae86e74df797b852a9a619354a19b0534878351adc50e5927a65d87abfccce924

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\cb298183-cd0f-459e-b76c-1d3dc8429374.tmp

MD5 3f2a19dd0ef37acd83a303c27a57b32d
SHA1 49b03906b5be3d5424000cea9f8887fe932dcb6a
SHA256 c54e4d921889301e426ed0a55b8a0f4e946a380b4303f3b32891094b9a8532fb
SHA512 fc67a7253e750edf42efb8b35420b2f8bbbc6c72c43da6be52be0fda17f47d3f7ddec6e6648257b6e739e5cfa82e028d0f26c47ac822f97abc34e56568b66a63

C:\Program Files (x86)\Steam\steamapps\appmanifest_2281730.acf

MD5 df9642bfdead453c6a471b456711a12e
SHA1 4ed6738990d1729d12d2e8873353cc6162b7eb36
SHA256 5e1741b6c9b985ce7eca3948a8447f012071ebf4964f1d9db9626c89e6790fd1
SHA512 b3187f41d7382fa3addc883d3bf18e215248011500d536944d6ee4c9f1c15bb4bdea759d3c6bd7645ba1e77cfb244fa6463a192e25853500ba6351f599e2a32f

C:\Program Files (x86)\Steam\userdata\1840991693\config\librarycache\2281730.json

MD5 1ce0cac7556357f8048d7ab0ef6106ee
SHA1 6092acc93c9b3ce312daee2d0ce707b24d9a0596
SHA256 cb6e438a3e1433988e32fe7c7bcf66b5c0212c5e5ab1c5dc0edea1f161ccb1d9
SHA512 4f041aee63e4f627031b1aa1762abff5fc7be421121cf45ae554e22d8d0dbcb76323df2ad56b79a7ee1ee12e268c863886c6b214b0538364c710c2ec693f6151

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 a9687bccb3617fa6826d87587a24b1b9
SHA1 9f30441e3810a70176240c3f07811d4c018bd821
SHA256 79fe7a64a5abe0abc2f2ee8aec35977b148b981fe923811efeb88528c4f4c382
SHA512 a7d68879d36d27ae23f1f60ce058b652636ff63d47bdc575bbaad9e7f2b9458506e72116b6755a859d10b6b84a5bc23f513201b4d290f2cccad3ab5a042798e0

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 903937cfc60f2ac7b0f9ddda94c991ac
SHA1 79e05373a4541892697f660f486df43e0d4f4213
SHA256 39e84a050ea3bdbea049a173615f22a137974bd1155f444a0869b7c39147c0ec
SHA512 723c9081c85c8e7ccdec5a07b44f413eaf222699671e9ba67b9fa4a9c40f2556166a832c696babb51f7d982205c711fc44b79b438b46cb4af3bd2125d1c73679

C:\Program Files (x86)\Steam\userdata\1840991693\gamerecordings\gamerecording.pb

MD5 b02adbcdd918538cddfa2d341d707cb9
SHA1 9dbbafca3cfefca2602ed225cb795c8b24f43c13
SHA256 46365db0b77736b7b589aa56bee685027c17ee13f7a60bd497d4eb497072aab8
SHA512 af74fdb211fddc2317bb9efa70d21ddc69bc459f454d2a9287c81468934da67343b131595d632d4b2fd42978f1775b252e998c0a5ab6f7f409889db6027be98a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 07712125e7589b1c3f64f228889bd377
SHA1 35a8caa14e753297d69b23142180be60679530b6
SHA256 c6d8762773b98a08a99832a705ae734c0491548cc938ce72ee3a0663a6254030
SHA512 d48dfb3e4bd059611030330a1f906f1814f406a8271a5d7d2bdc5bbb09488981ffb0b73736e7d9e3704408b0d225706580e463723dfa6d786e98b094a0646365

C:\Program Files (x86)\Steam\steamapps\appmanifest_2281730.acf

MD5 e3790eb34ad8dded4a1b41eba5ac826f
SHA1 fa54a46c06ab87f6ff43843b283ee11659ae1458
SHA256 78b41781c491b0e8f83043878f61302fbd6ac3f5f26ccfe9fa680386654fee63
SHA512 d33b9d9543f1dbc43e4802aeff11fe6ab9619c8c9d6b3c12ae422a563697d303906b9fab52f04e56ecce0c520fad86fac9f0c605fc0f99106a3dd09056c35144

C:\Program Files (x86)\Steam\dumps\reports\343fafb0-46b6-4aaf-85f0-3320d6cdc9f2.dmp

MD5 9b2e57a9c38dd14034431e23b259735b
SHA1 43b3c79e659c8269d3881c6a363e11d481eedb8b
SHA256 4d1e05ff6d22b3a8f45b1ae14f48dc6704dd7cd2184754912c297c0fc31eb28c
SHA512 671a27d8fa8c588638f978f3b02cde2a86ca847be106922212c58ec38099f68ee6ea2db79514f07a261fa8688d8f60625839528f54505556d65f3e94c3d72c96

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d5e2987ab6458683703f54d218cbc803
SHA1 4bce67c41359b976ffbb4b72854804db0acc49e6
SHA256 e452224c6c4f78ed17400268649635c988ae44e93a537c3e33e0de8b6c08a723
SHA512 d8a020d2fb8ec4da502b00d67aa8d934f19858ec5c95233ec2eecd911ff346297fea4eeb024023c86f4e5d2416f4a15e2066460a0e51fcca9eb15fb444142bdf

C:\Program Files (x86)\Steam\logs\cef_log.txt

MD5 7cfe7a1e23be04dcd1d70b704978fa53
SHA1 1d1d294564529ec870857caedcb7297490f39772
SHA256 e553338ad178eb2a3f84a9674821b82b2ddf1cec3c87ae204a4b27f3fddd22ca
SHA512 dea904214cc568a2695840621176a7cdb634936e654902f931d63f828f2f611c9911173ac9042ec38a79deb3ab23da804385047434d7765152bf41279dbe138a

C:\Program Files (x86)\Steam\dumps\reports\72d776ff-88bd-4638-8f78-12769833ff9b.dmp

MD5 c1c96ef83562f2866b741ab2a8e19f9c
SHA1 7a7186ffa223e14aea14baa0b9f4c3d210872614
SHA256 a71523ae5421df7b459b48cf231debee3874ec5c8e59e9a2ccf6c3df7192e219
SHA512 060891e403566b4280a4092e903cc99647a68d7ef120be0d0b36b3f20a0a7ff4d9aeeba44204a36661961874eb0ffb315af125faf241a142a82e4fa2d1798ead

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 988dec981ffb05b71a1a8c903a1c8797
SHA1 202863cfa411f356656f52221f4551e402bc8ea3
SHA256 5962190add698204dddd482d03bfe27a634768649258c08e8100e197179452d7
SHA512 2ffab4450dac214fba9a9ba5e6bc295d265548e1152fc4d89d2d5e9594043e583b07e15bd186ac0154bdb1d3970d1f79b880fe9dfd32fc24f4acd40fee1e64f0

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 9a611c4504a97234ccd29d973b9a9732
SHA1 d5c4cc5c421053f35b6662c8afdc76809a198d41
SHA256 e82c371b0011c822413b9964ea7076f9a7d17533126f6a505f0d0044fbd0057d
SHA512 0b9eba1827df5bbfe280e11f46fd4f246f0a791b3bf174514f500b7c8aa98d75f81572c640aba57bd90e932ef9e9192b26c3bd8060e7acaee047f86c29431bfc

C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_0

MD5 4f8b984673bedc43a31a36be5dd8e73d
SHA1 045b5a25a630e76f1ba795b3c6669f872ddfebd5
SHA256 285652df58aa7cccce7f3163e2899d06b74d3bec6f462b8694c94bd1cf3d6a44
SHA512 a1fee19b6c4beba68e7a4238afc17de9902ab93b499162b1690f027450da12248e934186d2528a5548f688a2b3405b5fa16790abb4bf709cbf4e1eea69218da6

C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_1

MD5 aa675f8b492457d12c9506a2418002a5
SHA1 7801f2c9c42525803fefb7a282951df55fc6e0f8
SHA256 b731b0e1b25dbcc291f0a862b50898e33e718d1d1ffcc4669c80b2ab4248676d
SHA512 d5c24662ce6b987290e603e4a963deadeb1ce322e9f39bfa91d8fc84aad5b73aed0ff01b56f86f416f4d45f8b323a5f1952e50d6cd802236aab3218b9c80f5e2

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 4eb181ae393086269b087b8385aad049
SHA1 88609ead7753ba8e6b32c5615decf46764800186
SHA256 d9fb24cb0e9963d3a68623e6f9d04bb9c822fa4f830aab7f822a2fa577dceea7
SHA512 4e32ebf2fe39ca169483d19ec58a373dd658fc1f2d7ea10e05e3b35dbaeba44099b729fbcc76d16a0912d64390593fda02e2582463f86124f868d368c818ad4b

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 e669fcaa70c675b935b0e54d4ca4828e
SHA1 66f1ee3ca555ca43be2b8c1d33eb357a03944dd1
SHA256 d6fb41af783eb07704ba5d16156db96ff43fb3f923fb8b1540ecf0aa87ad4870
SHA512 e58f6e91f8cb1e18897174dded2c00da00ad1270d7b0684bb83d397fa2fa320fd2fca7f483fc29e80a0efef63c0ae30d479873a24ca8320959c420652155baa9

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 6df187ecb15124198d3b00df6dd7f8fd
SHA1 d1a7f6c612e36ff3f89d4029a84a32493888fb9f
SHA256 f8eb5aeb145f4b16d5524b3f3d7c3dcf3d2686f8905f7fb9cd4467368a6d1f35
SHA512 9bc962645469997d9882779487acda272d6ee5ccdede1b0eaf319fe6cee009063b33596711e01c1fd83128b8866f2fb2b04aea977c2fe5d97fc929864bb1b0f0

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 8290fdb19f17b8dd1e0ea0a80c1b7cbe
SHA1 ba4e4b1056e0d485ced1b43fa99741b3b19f2745
SHA256 668714ec6834739f7834ccc71b4d59e472bf9fb9cad20cb159839c98eca55a19
SHA512 9182d2d66b1bf848d23f6ec5d6c74b36999ba4a1418f092517f25245145880403a0df3da46766b31b6cffc4bba831935ee6cc705e961d0cc9473440b302b2269

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 fb68e30308d775652eb48ace04104b32
SHA1 fe37be022bd43262ee53c91f98ab8c6e7b202fd1
SHA256 50f6fa7c397fa4f0ec9053f4b65ffe54a7a464425e285bbb2e69fea3c3efa0d7
SHA512 1ef0cbebe3044da37abe8af1b3f648e8d6505d469199dd68c049df4badbd16ed768699a9cec7e17ec886f1a82938524f58d75909c828d199652d0fdfc26275e3

C:\Program Files (x86)\Steam\steamapps\appmanifest_2281730.acf

MD5 f19917ba562b2d0920e700290c85eadb
SHA1 663febba97de0a9fdb48ebe4f0902c4acaa3db29
SHA256 6fb0668f6021ca46d93d8e0502ff0a8ad5ab5cfb07017f0ebe7132dac9abeafc
SHA512 345f7bd6cbea9efce9fe73a4124cbc5f7e007255c3531dc17933048eaf96655371e14382ecdd7df4caf125bd335f68575a294b9b133ce5ee16aa5807dddfae95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 763f452f8724dc2051fc67d354500506
SHA1 1186c8a30b2b6a12acd1a1c749997031e9ef7ba8
SHA256 9a0f7e7605b50ba7f006ed09d388e7ce3299242c16ce48df4eafa5dcf34e79a1
SHA512 d5f8a559b1e9676e29504827ef92bd36b09a93bdd51d08b394f44adb000b4678b53b550eaa56002f21f08a1cd176c25abfe6ddd97043a731c53884414bcf70b7

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00009e

MD5 8fa8263d94d02e0687d789154b14c8a3
SHA1 2a3541c43fc2099c72c7929c9661b88b89e8f051
SHA256 2fe595a33703619cc7dee3266492d467407d71a49277e7a8db8d7909eba806dc
SHA512 2c6cec6696c211a9f58565189153835cfae472495686be23336fbb5eb1de018f615f174bc8b80296da18e4cb2f4f25937e6fd3100eb7cec6e6368d3aef3cae52

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_0000a6

MD5 b507567f09861406425726176430b282
SHA1 ef31ff9a5a918797c76752018a667e29e415e580
SHA256 4390634070a440bead4ea3dc609984097da973983ac140b094149b4bbed1349f
SHA512 23e8a4e14a2a8608c817b88080fabce226ef7c280f5c87baa27780dc1307d60f75d215a91c3de6651f17e6df71219b3e51f2665ce9553c71f427a38e7c81d65b

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_0000a7

MD5 1d7363064d454b57f9c84df28f566ce7
SHA1 773b8a0f0c6cbda10b0c2ba62fb53d323946e311
SHA256 f2f4d59a808653e110b074ab0dc600b249e7451cc609eeeff3efda1e32ccf7d8
SHA512 f8a9e4c39d6c3e12ad9d01db9c0318fcb82b5dbe97b57ca6576a482ce157f456786752825e397122ea45fbce77e6c3cf62a2671c1973e40dcbf3cf26852cd49c

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_0000a5

MD5 aa3794adfd20428fe34118f03bc93592
SHA1 591db28eb78acf0ee9fc1855a1bc45d038169855
SHA256 141849b5f1fabee6f3612317c0df48485ead9bd6147c26a04668061fcb643530
SHA512 699c10405d2fa42569ce3058e578c54c6da13e68a68484d4988101a55ecc044ec312f5409a5fdb3b33fe2f9cd9d94c20459c0aa4b05482a9273e2dcf405c115c

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_0000af

MD5 2de161cba27080520bd0c0f5985e02d8
SHA1 a7129cf72c4fb54989d32a0bd74298b26abb97ca
SHA256 8dde273d7d700769ab7934d289c541e660c9e77bd9db42a5e4c699b8b1d2d9b6
SHA512 65d9a2ce1b5e85506a8370844a0dfa4bb93b26f4ec74284d62a7cd702096c722e293f4cfa6d83abb904971cf5e4637f87dd44732c8b1e682133c60b26c46456c

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_0000b1

MD5 690ec4bb254ab385effabf63ac431e18
SHA1 1112dcadfcb68e9134549ffbef7d2448b7cf86a5
SHA256 92614830cccbf758e54faf365fd0aa2541585e971139d8a306b0fd2b28d4aa9c
SHA512 d4b7d428239e72b609eb163f5f71f52931162d9ac14301b820805f8d8a80e01e7f51cf0779a689189cf1106c13415ff452025ab2224d08bf8de58619d86ced5e

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_0000b0

MD5 23567acb2b7aa7b83406c9c4fc17e1ed
SHA1 156760a8e5b9413f7e308304b8faff980cfc8332
SHA256 cbb9ff7aae496d8088de9d7a9eee284c0de902a761664ce0e3eff190a6f2a4f3
SHA512 4f602255809bd457418958856d5d609f392530e4ea78de5a107216fbd9f07af38658125bdcf02c7924981d6052f18b45f24da2291ab7d6268b532649fa3897fd

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_0000b2

MD5 efe3f00866669b137696f553942605a4
SHA1 7228cc5837e7acc32c53a7a1650c634b99149b5a
SHA256 16804970a1e61178bb3dbd3d357940c573cfd90774e7624d19351d40528a8d7b
SHA512 7617c3d426c5ceff47c2d5c8434d8d5a274a5fe8060f919797d04d70a45af443c51627391beb877f738757cb2e7fea148ea27ee5354708e400d68712fbc69781

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_0000b6

MD5 9e07c3ba244cd330564a428777c563fd
SHA1 9aebdb33e03d48e3d1a1fff32c168fcd49a80727
SHA256 b3e8354730f477b67716f1250a6c22bae3f97eb20349de927e0629a1ee2eb8c3
SHA512 77c5e45891356fbc4d266596992e7ce990c80527f3fb503f8f372ed2ab2bb88d8bf24c46e0fac78abea8d7c2978f736993da1ff29006b0a33be910dec674c981

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_0000b5

MD5 88883d068376f15ee174b6eb1c526005
SHA1 02daaff553498c7a7f44fee7df175e4e9ab19b30
SHA256 8b00033f825da2378a6f5327ea1e2be4f75fbc001d1c36c5be00db23d0c42052
SHA512 8a5ecf142e73eb9ca61f06caaed39cf12320fe17983c5461fa4ce0ac67aebcd8004f6deda5deb14fe2cef7e2c2bb2f68c969f33532fa9cdb027c3a557ca9c2d9

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_0000b4

MD5 04d354ddf7958533b034f71f89cd5816
SHA1 62620351de5510e052136627643eca719e94c2e7
SHA256 56f175a487760d6b0ce0e908c50d21cf35a31f524a47e18a657106646146b4a8
SHA512 18c7941fd7649b0b2fbdded7b0c70e8bd050e8a3801f90ff79cdedbe5aed9ee61bb35352f97fd41e3b5876c12146968168dee5c3ed72600ff63aee378adb8ec6

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_0000b3

MD5 a83b2cd2dfed25f4dd99c3e86806c7a0
SHA1 70f132cb4e9b016f05cfd1fe48505cbca0935e35
SHA256 2fbfad85a7faf970600a9327a9decba9a86befc1f4dae416d37e89a5f3e44e3d
SHA512 c21ab43db1afd02c7cdcdc8573c5f4ba01cd39173bd13b19e14971bd6520b1f32d81042b9f5fee85b257ba8efc0cf293559b678fc63edd5a2ab853acdd0b9558

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_0000ad

MD5 bc5dccf1e1c48f7c38c9cdc2679f0c98
SHA1 2aeb2551574033e64d06f31bd848095ee2942cc9
SHA256 c0ff7a66bc322b962797ee259922e38ad0bcfe842713b4b77248d11dd5850c39
SHA512 f1d1616f6f1615b000d8709660b4c05febe15feb10bfa5c3342dc36ad537ddbf918e255899d31cc0adea52ebf968ef4452c15d2b00d7a562d014593a30bdcf76

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_0000b8

MD5 05b13748fded75652edff2291ee4a400
SHA1 ff729b2783844c4bcbad5fef95e1704d5c23acd4
SHA256 a80ae2d95c8842612804457866fb26f2f058a7a5805c3c9ab9dc21697b5bb29e
SHA512 3166b1c6f70bb02b0de3a8f781ffc8fe21ab7e1fae0ebaee51790ef8ad3961ac3efb5f6293bacc67ce6108578cf9bb20aec8ff18a8eeeb5dd5334f3113fb99ff

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_0000aa

MD5 ef32c583bc5e880c11640e4e3f3900d1
SHA1 b78149f9b0675255dbac7d9487ef2baba837b5b4
SHA256 e50962cf9d6709d18fd4bd157bd64f7ba41a3671ab6d4d815b7fd2bdecf18e13
SHA512 f336b3175d453f699510e8f0879050e646620b812cdfc8ca065804ac3dee35853e9f78c7eb0689dbecc4c177e0629a8b86f6e2684c119d97cd668adc9cc0932d

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_0000a9

MD5 f3d8791d0b2720419784c3a2b0d179b8
SHA1 53ffcedc1dc7568e53915c681d2c9de33408dc1e
SHA256 3d65c6aabf9a7e74968a62a59f4d5806fe6e39ff4f37ea06f84ede08a9197961
SHA512 8d02b10d0f31515796074bd0e17c118e81e06a66774865f229a914dab254a9ffc896c6aa175c6b45bbe70be47eb7e7d583408d6879dff95489f5728bb21d2a11

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_0000a3

MD5 e0b66abd08331c9af1034ce915a5e1c7
SHA1 3010e55c0566a30cb0c71d6a182e09af7df3cbc1
SHA256 15442d410e832f6d63c620956d87b7c50346fa6b6e6ba233052d2785ecb5212b
SHA512 25f553bda1bd5ddfa028b708260c4b98675fd6f199495374051e74c955c56c80fbfbf2ed40d11e8a136e4aa6c1a3f25895712c03065b539f742c5a031efe54c3

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_0000a2

MD5 d159ab4cbd3b14018b2670f87060a4e5
SHA1 c53dfb41e0cacc2855f0149b28f140c8ab068665
SHA256 0978c6ccecd3dcc05516578397b3484a5bd06377994749a8e785fb7b05fd28cb
SHA512 f5a812199747b2ffb17f9d9b1e0b91f2f7f26722aa078ae8698c5f9a8ffb6a6f6796519a98155abaf7697d4d6f618e887cad7225fc0f2d3a0a3fe3adc24f0f15

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_0000a0

MD5 c9e90bc8ec6a09d8a69f4a4dc6fe8b6a
SHA1 f099ace175891bb8b81eea2595bf8de8027bec6b
SHA256 8fa6b37e750ce1df8e880691ea6dcd4aa922b55a722aa0b1df8ed6302aaf723e
SHA512 c4bda62806935165c94191234b8782408876f1336279a26d58ab3a75f41c51433ad24516c0354a8a047c1e743c4fbb8989938b6a1ff29ae0585b3fd08230a497

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 d22834a108af7a43e5dcc53466a9bba2
SHA1 ddade4ca7d2c2aab60651ab4c59ab5b49606af3a
SHA256 3c461292eb3d63d8f90182a5fa9858ad974b1b8c72f2714496c538ddda8ee61a
SHA512 629f0be324193fe22fa5251fe272a067b945218b30ed813ef45920cc7fee337d66702a4c40edd1961bde4a856c83ae4440d4530338154ddb10ada3ae703961af