Malware Analysis Report

2025-01-19 00:41

Sample ID 240505-ltngssee2s
Target IAmFish54.lnk
SHA256 9a04873830044046f8ad246d771427476218a15323dd7b90a4d6a4df3cfc2d3f
Tags
microsoft discovery persistence phishing
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

9a04873830044046f8ad246d771427476218a15323dd7b90a4d6a4df3cfc2d3f

Threat Level: Likely malicious

The file IAmFish54.lnk was found to be: Likely malicious.

Malicious Activity Summary

microsoft discovery persistence phishing

Downloads MZ/PE file

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Adds Run key to start application

Checks installed software on the system

Detected potential entity reuse from brand microsoft.

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-05 09:49

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-05 09:49

Reported

2024-05-05 10:15

Platform

win10v2004-20240226-en

Max time kernel

1497s

Max time network

1507s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\IAmFish54.lnk

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\IAmFish.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\IAmFish.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\IAmFish.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" C:\Users\Admin\Downloads\SteamSetup.exe N/A

Checks installed software on the system

discovery

Detected potential entity reuse from brand microsoft.

phishing microsoft

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_button_r_arrow_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_dpad_click_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_button_capture.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_l_touch.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_l2_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_l5_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_mouse_mid_click_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\tabStdTopRight.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_up.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_rstick_up_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_l2.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_lstick_left_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_l_up_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_button_view_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\ucrtbase.dll_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\friends\icon_speaker_ringing.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\mini_expand.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_dpad.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\SendGuestPassResultSubPanel_success.res_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\accountsettingswebdialog.layout_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\bin\vulkandriverquery.exe_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\logs\controller_ui.txt C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\inbox_async_game_invite.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_l2_soft_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_touchpad_down_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_touchpad_right_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\FileCopyOverwritePrompt.res_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0363.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\icon_status_web_ingame.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_r1_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_rt_soft_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_l2_soft_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_rb_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_l1_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_buttons_e.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_110_social_0130.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_gyro_roll_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\switch_controller_norwegian.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_mouse_l_click_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\layout\friendpanel_compact.layout_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\Receipt_CDKey_Rejected.res_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0400.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\osx_max_def.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\steam_updating.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_r5_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_rg.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_l1_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_mouse_scroll_down_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steampops_latam-json.js_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\offline_korean.html_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_090_media_0301.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\FriendsPanelLeftBG_Down.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\avatar_32blank.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_rtrackpad_swipe_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_mouse_r_click_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_lstick_left.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0526.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\btnStdBottom.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\steamclean_portuguese.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_color_outlined_button_square_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_ltrackpad_left_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\kn.pak_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_080_input_0150.png_ C:\Program Files (x86)\Steam\steam.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Desktop\New folder\IAmFish.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\Desktop\New folder\IAmFish.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133593763050349539" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Users\Admin\Desktop\New folder\IAmFish.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Users\Admin\Desktop\New folder\IAmFish.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4760 wrote to memory of 4804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 3720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 3720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4760 wrote to memory of 4480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\IAmFish54.lnk

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3940 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff983e69758,0x7ff983e69768,0x7ff983e69778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1780 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4680 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4832 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4948 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4092 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4996 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1072 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4588 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1908 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5124 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5592 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5736 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5872 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5388 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3296 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5884 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5632 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5712 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1536 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5632 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Users\Admin\Downloads\IAmFish.exe

"C:\Users\Admin\Downloads\IAmFish.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=3272 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5688 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4644 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3128 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=4676 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5716 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=4040 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:1

C:\Users\Admin\Downloads\IAmFish.exe

"C:\Users\Admin\Downloads\IAmFish.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=968 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5940 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5896 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=4756 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1020 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6104 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6252 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5228 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6428 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Users\Admin\Downloads\IAmFish.exe

"C:\Users\Admin\Downloads\IAmFish.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Users\Admin\Desktop\New folder\IAmFish.exe

"C:\Users\Admin\Desktop\New folder\IAmFish.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Users\Admin\Desktop\New folder\IAmFish.exe

"C:\Users\Admin\Desktop\New folder\IAmFish.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=2248 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=2476 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3804 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4876 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=5404 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=5572 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=4292 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5516 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3112 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6284 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5496 --field-trial-handle=1928,i,13527636092250477408,998761651247550369,131072 /prefetch:8

C:\Users\Admin\Downloads\SteamSetup.exe

"C:\Users\Admin\Downloads\SteamSetup.exe"

C:\Program Files (x86)\Steam\bin\steamservice.exe

"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Users\Admin\Desktop\New folder\IAmFish.exe

"C:\Users\Admin\Desktop\New folder\IAmFish.exe"

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe" steam://run/1472560//

C:\Users\Admin\Desktop\New folder\IAmFish.exe

"C:\Users\Admin\Desktop\New folder\IAmFish.exe"

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe" steam://run/1472560//

C:\Users\Admin\Desktop\New folder\IAmFish.exe

"C:\Users\Admin\Desktop\New folder\IAmFish.exe"

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe" steam://run/1472560//

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=2020" "-buildid=1709846872" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--disable-features=DcheckIsFatal"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1709846872 --initial-client-data=0x368,0x36c,0x370,0x344,0x374,0x7ff98ecbee28,0x7ff98ecbee38,0x7ff98ecbee48

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1592 --field-trial-handle=1720,i,16483277143544769303,7805621029380873963,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2232 --field-trial-handle=1720,i,16483277143544769303,7805621029380873963,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x33c 0x448

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe

.\bin\gldriverquery64.exe

C:\Program Files (x86)\Steam\bin\gldriverquery.exe

.\bin\gldriverquery.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2488 --field-trial-handle=1720,i,16483277143544769303,7805621029380873963,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:8

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --first-renderer-process --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1720,i,16483277143544769303,7805621029380873963,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe

.\bin\vulkandriverquery64.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe

.\bin\vulkandriverquery.exe

C:\Users\Admin\Desktop\New folder\IAmFish.exe

"C:\Users\Admin\Desktop\New folder\IAmFish.exe"

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe" steam://run/1472560//

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 172.217.169.42:443 chromewebstore.googleapis.com tcp
GB 172.217.169.42:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 29.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 142.53.16.96.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 13.173.189.20.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 150.1.37.23.in-addr.arpa udp
US 8.8.8.8:53 rb.gy udp
US 3.89.235.17:443 rb.gy tcp
US 3.89.235.17:443 rb.gy tcp
US 8.8.8.8:53 onedrive.live.com udp
US 13.107.137.11:443 onedrive.live.com tcp
US 8.8.8.8:53 17.235.89.3.in-addr.arpa udp
US 8.8.8.8:53 91.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 192.229.221.185:443 logincdn.msftauth.net tcp
US 13.107.246.64:443 acctcdn.msauth.net tcp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 8.8.8.8:53 acctcdnvzeuno.azureedge.net udp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 lgincdnvzeuno.azureedge.net udp
US 8.8.8.8:53 11.137.107.13.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 185.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 192.229.221.185:443 lgincdnvzeuno.azureedge.net tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.201.106:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.189.173.17:443 browser.events.data.microsoft.com tcp
US 20.189.173.17:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 17.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 rb.gy udp
US 3.89.235.17:443 rb.gy tcp
US 8.8.8.8:53 1drv.ms udp
US 13.107.42.12:443 1drv.ms tcp
US 8.8.8.8:53 res-1.cdn.office.net udp
GB 23.48.165.15:443 res-1.cdn.office.net tcp
GB 23.48.165.15:443 res-1.cdn.office.net tcp
GB 23.48.165.15:443 res-1.cdn.office.net tcp
GB 23.48.165.15:443 res-1.cdn.office.net tcp
GB 23.48.165.15:443 res-1.cdn.office.net tcp
GB 23.48.165.15:443 res-1.cdn.office.net tcp
GB 23.48.165.15:443 res-1.cdn.office.net tcp
US 8.8.8.8:53 p.sfx.ms udp
NL 20.101.246.164:443 p.sfx.ms tcp
GB 23.48.165.15:443 res-1.cdn.office.net udp
US 8.8.8.8:53 api.onedrive.com udp
US 8.8.8.8:53 m365cdn.nel.measure.office.net udp
US 2.18.190.81:443 m365cdn.nel.measure.office.net tcp
US 8.8.8.8:53 12.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 15.165.48.23.in-addr.arpa udp
US 8.8.8.8:53 164.246.101.20.in-addr.arpa udp
US 13.107.42.12:443 api.onedrive.com tcp
US 13.107.42.12:443 api.onedrive.com tcp
US 8.8.8.8:53 shellprod.msocdn.com udp
NL 23.38.24.142:443 shellprod.msocdn.com tcp
US 8.8.8.8:53 81.190.18.2.in-addr.arpa udp
GB 23.48.165.15:443 res-1.cdn.office.net udp
US 8.8.8.8:53 142.24.38.23.in-addr.arpa udp
US 8.8.8.8:53 ecs.office.com udp
US 52.113.194.132:443 ecs.office.com tcp
US 8.8.8.8:53 storage.live.com udp
IE 13.104.208.160:443 storage.live.com tcp
US 8.8.8.8:53 132.194.113.52.in-addr.arpa udp
US 8.8.8.8:53 160.208.104.13.in-addr.arpa udp
US 8.8.8.8:53 hl6hdq.am.files.1drv.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 rb.gy udp
US 52.202.247.134:443 rb.gy tcp
US 8.8.8.8:53 res-1.cdn.office.net udp
GB 23.48.165.15:443 res-1.cdn.office.net udp
US 8.8.8.8:53 134.247.202.52.in-addr.arpa udp
GB 23.48.165.15:443 res-1.cdn.office.net udp
US 8.8.8.8:53 storage.live.com udp
IE 40.90.128.21:443 storage.live.com tcp
US 8.8.8.8:53 21.128.90.40.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
IE 40.90.128.21:443 storage.live.com tcp
US 8.8.8.8:53 res-1.cdn.office.net udp
GB 23.48.165.23:443 res-1.cdn.office.net udp
US 8.8.8.8:53 23.165.48.23.in-addr.arpa udp
US 8.8.8.8:53 api.onedrive.com udp
US 13.107.42.12:443 api.onedrive.com tcp
US 8.8.8.8:53 il6hdq.am.files.1drv.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 13.107.42.12:443 il6hdq.am.files.1drv.com tcp
US 20.42.73.25:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.212.202:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
BE 2.21.16.71:443 store.steampowered.com tcp
BE 2.21.16.71:443 store.steampowered.com tcp
US 8.8.8.8:53 store.cloudflare.steamstatic.com udp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 2.18.190.80:80 apps.identrust.com tcp
US 8.8.8.8:53 cdn.cloudflare.steamstatic.com udp
US 8.8.8.8:53 71.16.21.2.in-addr.arpa udp
US 8.8.8.8:53 151.145.64.172.in-addr.arpa udp
US 8.8.8.8:53 80.190.18.2.in-addr.arpa udp
US 172.64.145.151:443 cdn.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 help.steampowered.com udp
BE 104.68.92.92:443 help.steampowered.com tcp
BE 104.68.92.92:443 help.steampowered.com tcp
US 8.8.8.8:53 92.92.68.104.in-addr.arpa udp
US 8.8.8.8:53 cdn.steamstatic.com udp
US 2.18.190.68:443 cdn.steamstatic.com tcp
US 2.18.190.68:443 cdn.steamstatic.com tcp
US 2.18.190.68:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 68.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 test.steampowered.com udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 2.18.190.79:80 test.steampowered.com tcp
N/A 127.0.0.1:63285 tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
N/A 127.0.0.1:63284 tcp
US 8.8.8.8:53 api.steampowered.com udp
BE 104.68.92.92:443 api.steampowered.com tcp
US 8.8.8.8:53 ext3-lhr1.steamserver.net udp
GB 162.254.196.68:27021 ext3-lhr1.steamserver.net tcp
GB 162.254.196.68:27019 ext3-lhr1.steamserver.net tcp
US 8.8.8.8:53 ext2-par1.steamserver.net udp
GB 162.254.196.68:443 ext3-lhr1.steamserver.net tcp
FR 185.25.182.52:27031 ext2-par1.steamserver.net tcp
US 8.8.8.8:53 68.196.254.162.in-addr.arpa udp
US 8.8.8.8:53 52.182.25.185.in-addr.arpa udp

Files

\??\pipe\crashpad_4760_ZCTDGUSNNXSRNVYX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8c23c071a28924aef209e23ebb02e9aa
SHA1 b3081652f61ddcf492c48adfd1e77dae4a74d12f
SHA256 7a809aa771b56696061673f166baf2f0a357c7062280db7cf732652fbc277b1e
SHA512 b4c66c7b31728a96a072069b02dd608a3124136c030ef00aec2dbce51861e8c1763d1059194f1d8b7ece94f0049a98dcbad64fa31b4e46937b5ac9ca284c8124

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5b933f593be21fb6483ceb55bf27e4f9
SHA1 7bf5daf616b14d6040d427bafcce900b54643186
SHA256 3cf91c11aea2a72edd0e909836755277ae49be4766bf0f66dba48ec0efad3563
SHA512 27838f127968ca2f4f89af28c82d271f484de147af75f3050e6b7fbb2d3119e8e074c59f521ee1f5eb81829fac2696293a083074e29b636cb9bf40b0e788173b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 94d0b74a8bfffd87a469dd16297ccb7b
SHA1 2752387f2342b4e96c03aba0c1a566eb41fac6fa
SHA256 e70c113e70cde0d0680b951945ee5ff9e3c488bf163d14d399a66d8a1412d805
SHA512 d5b5cfd44bc479209f69bee9c6deb4ae888d79a00c7c41f5904af8a47974505adc0c01192d0a579c55e20d6093abb19125b22cf776f9004f70dd5072f5194a52

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 162df6c5cfe894a65918619aad61d8cc
SHA1 b46c70b2a6b55286b1502db9dd2002c611644401
SHA256 48df6fb67b297f540719feab674984b6458ab2b5fa7c0b89b9c5067b32f03f2d
SHA512 4a4ec4b9ec2646aeb1c54daaa38ebd1d609fbc3739ba2a0869ac1c9465ae03f0ecf5fb2c31225f8ae52f2baf4778b4a72eeb9c45783e31b6dc19e10c62a54b11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3b4c16b9e1048ca497f176bd4bd806b8
SHA1 99d88e11cfaf253bf9ea7f7c96794e5ec18d70a4
SHA256 fad949428d881c17c63885e5a2f55f2f46593d80dd5fc670aa4a844c74543b86
SHA512 370ecb32d834def846cd146c94e228a05a65222905c472d6abecd327bdcbaebf137b50632bd06332ce30c046560d5f47a940da562790acbe12f27c6b2cff2112

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6976a2344ba5c9786198c11b9e591dae
SHA1 4970ad9c87c1f498615012bc2b6fc656387894bd
SHA256 edc65f71a28017a0692b60865fb06c3a0577a40322e9a099e21caf8f31458578
SHA512 1fe62e785c00bc4db4f86ba0a329041e71436061d25f37267ebb285a5c52efbde40dc9c56ca42515f1c9694609c4e91120e91711e14370e8e9db25689df09467

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e14a96d412183a99e592efb3d48fa14a
SHA1 73817d234cd569d4a9151ab1b20e5d94d12b6028
SHA256 818315ef894797ef4974f8b873c68feae4b0c1fd2defedf13873de38f33e3f14
SHA512 94e5479bcc53ecc31fee222ab8620d0fa798c16a0c60150f37290fe5f467236ead660d9f2f1bce4adbe4eb0c1866d2e45aa4a1211a6a21a29e28381f89092a46

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 84550339536496dc9e6e77a7a85d1078
SHA1 82c53ce2f27577c1a493548609c2179041c00d5f
SHA256 2150e813798d1dda5288dec62f2c2ced675f63748afd99db4c0c2ebbc76a70d4
SHA512 c4a2c58e2b29546c2de6e0e78bbb8c886958786be57f7cd8ecc64bad30215b174377bf6ca1f80bd51c46119252156c2115b7390caf4425f4f423809e16356545

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 33302a23dd63890beb704b1039f5ef63
SHA1 da9e09bfc5e2dcfd73c09d7ac2d4a3940457722c
SHA256 461bc4ea3c8c8bdc1df0ef3ff6b7d5d4cd461ac2bd8dc735d60cb5723eb5f7b4
SHA512 c8be4b9bd673d1bc8ddef5d96ca30c84d46a7dce316f68b52652d98e6c509f6ef1234ae9e0d540204279833fef6a812c298e06da2d689077e025142b45b94327

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe622a37.TMP

MD5 763d45256a3877e007e821aac05cf273
SHA1 c8136858f19d92775e880b46687642b86c6ff9af
SHA256 7ae257a0a53967bfcbf6d8e2c7aa155a138a1ee1d651c0f0177c3d5f0cf50e33
SHA512 39c2515ad76040ebc607c71a0fb5a8dd2561d90f8c0f795ecc40881404c0ff2d0e07df4c2f659fc0c2fac080b93cb8f07fcf00b5e7d3b6446661de7b543c3baa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 77f44095e4c7e04fac68436e21aafb0a
SHA1 bf0e424264c2be27acb36aac3bbe451a7f1dde75
SHA256 44ee9fd785510c0ff05767cbe599d28ed4c009bbb13ecb5e6b3f862638842d3a
SHA512 56be6a867634d36340ccce97110a8009464f3de1573b82b5f7c917dc02900ff88d7349bcced7c94e174bc3548d937254fe80dea3df9c176686d4d19d535b0d24

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c19822e2c6d58236540a41a7740b2ea2
SHA1 3f7bc611c55cb31260a8ef9ad663c80b9ad04424
SHA256 62385178e2a9393a4190e51ef95f13d1d7792fd6170dccfeba45c81c9b8f4e06
SHA512 c273715d553f966f54b6d41ae2897d551ee60e73ba86cc2616e120d77568c868c0862da8cc582335cd1cb16e9ebe97b4bf8d08cb7ca0996221f0ba996712bcc9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b908de5bb453c33829cc8249d2a8de2c
SHA1 d54beae1ff93da066f4c93356ec79df1d5cea1e8
SHA256 a87ac422c79a431d8cc6c3e44e10d5c3e178609d7449f8fe658cf7f0f30fe376
SHA512 46be7e9084410af8d824a93bf9d0049c766b61ea5c4f704d55c7c426a7742d56eba4526867fb32fc3ba838b965011994048a4b7cc979ea8de43c6c85293b7728

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 03772901acc92e304cb09642b85c02a0
SHA1 1de6b1fb3c40709661473648d1ef633208a2201b
SHA256 b3c58bce914e729bc13a74f8d20d0673467fc4c1e13f2d1005c7c762ff1a4058
SHA512 1d14ff24b1890f1e6009669a58ec238d1085d4d2e2a040fd1e7bfcb70f95e16b4afd304f87b32fe36ec64c63282a75866bf7b8893685da8b5697e8f64b747c2f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8253106f350eecbe4619e0255255a431
SHA1 4457f773c1835204db531ddb6183f70c557bebc9
SHA256 de2d351240803002ca74634a7a5bf38be1f2154b8c91dfa510a281b3cfb7800f
SHA512 478ee53aad5e6fb1962a207884009a3266dffe1a33927c832364cfb4af479dc0e37b046b4f499b6d24a4ded289f585e146b16950f7910c5f8def849087062417

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 723569d6c6ca0846bebfdeb8f371ca52
SHA1 ac95ba5c4c6cf5fff60e9b40616bfd18250c75a4
SHA256 f0025a536179dea522441c651bebba1eb95a218131d2c07f570d2f00e311e78c
SHA512 fe55b7887db643cc185a50d6c21f7263335f257a5bda0465b0721912bf1d364b2e6fcad037a0332fa2ea00ac483bd50269152d5875883a2edefc3c33f3f86f8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c2954a60787fae80463bfbda13d6ba34
SHA1 49c0b297ba4eee8dab608e216a2c852cde398110
SHA256 18546b14d1c55da8629486799dae1baa1e7357c7bceea9e2f5c50d0100ec1dca
SHA512 21e0aeaa56fec0157b70b867b0b2400ad6a9ad965ada7114f73a6eee311af4ce6d2246670dc3950aadf3e2cb678d95b556291a7f45f5ae41a8f881c6d60a94c8

C:\Users\Admin\Downloads\IAmFish.exe

MD5 87dcdc28f1290dd1e47ca152f252d6e4
SHA1 21ac12bcab6ce96f39e8eb2d120ce080f6335256
SHA256 a39a3c7585b0dfaa69e33904f39a8f39bddc4b49a9ee0889ab81bfeab6927600
SHA512 496497b792ea67416c12fd941e6cc8e0a45249cd3e4d810c3850055403fe028e4a993438f0c9dcee12af44d8aba2c540c6549cd0a9f099cfca00d16a1bb29800

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 48507eaec97a31b09698872c70f604fc
SHA1 abee2acc205def1040845e4637e43092aab720be
SHA256 4685bffde47b0b56d50a07210fa78a5038913943823bb18a5d7ae1da008a1250
SHA512 35a9b15572e75760fc29d0046b67b0240c7bd8e8b09c8af0c014fc0d292e044b81acbabc1f6bc488cf7483415b8754b6add0aa2360f883146a540efea58de4b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 01bffd9def0920b501257ae6a683df17
SHA1 d175c9f3a9fba495e61ba0c4e69b697dbe5c1636
SHA256 b79bbae781cbde0e25bc772fdb25d2f75e624c53c0e0d4990a9071173101e4f3
SHA512 fc36735649b60002158e5409d4a0708ab03b3c35161c48b02806010d55b59d18ae9e3dbc3bc56ef4af462b7f9a4e4cd96d9ecd51482115a3746248f56695657a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 92e25e8afbd98b4eb4c0102017884345
SHA1 e3b86a0f789dc38b4b23e2b322ecfd092844652f
SHA256 d76209ff38e60992d00ae570bd4c1d82da1f2cce9fdf4c2d7dfb6a92500ded1f
SHA512 22b4c7dd55f773fc09c86e0f5b58450516ec791ae1fa85103db661ebe17f1afb9802fb3b698f3928b54bfbef2aa8a5ed36d767912f3de8c9b4f728be99310e14

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 766a0566ca6b942abe69b294c631a75a
SHA1 98495e4939d25473a34d5b6c839b412b04080d27
SHA256 bda547967b45636cb8e27ad2b035227bbbc2f03dde1565f5d3133de232ce8c79
SHA512 9bb8773d86b615103558e5d92cec1818ff43c65308b0044a38371f34678fa1e7f75264f683def04d714aae6c7df1959b139a224ef883e0798b3c25ee2f089ae8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

MD5 bc8ec6d0e3f746a78c43cf4f98312a02
SHA1 22a3fdaf7f8e3176fbcd24c760214736e78ac8dd
SHA256 bfd346deaeb1162c3c5d895c452e104f3824cc8e4d737ca78a4800d0f1c74b21
SHA512 5598235c508347c310348c3fabed174c39f639e4ba3513f4419332aa5d4fa4e925945eeb0f4b56bed923b84504d3aed5d5f5d70e27406a194fdbdb3f5c10cfc4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

MD5 5ce7bdeeea547dc5e395554f1de0b179
SHA1 3dba53fa4da7c828a468d17abc09b265b664078a
SHA256 675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9
SHA512 0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 269480021f02a90d081f930dcf8416f5
SHA1 dec0435ee223443154e4fc6cee2c0a90d2e3a7eb
SHA256 2a259dc0710736b3eff389928765cc69c688932caece8f563e43c407dfe294e1
SHA512 7ec2496c43ac65ca21d38b6039931760036be2fe5bc4b23daf2d5e956067698d8f64f37a651c98c7360f213599fa7ed8c16fbe521b6dacdbb5c67512370b02ce

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 bceced930ec2fb55c481422627050fc8
SHA1 ee1c98e591e80f7dfbccc64f6b6bcf9e25e93d16
SHA256 6cc33770606c87e5e808bbbee00834416fa6d894a35a00a0615a1f4e15db5777
SHA512 0f682cc7799cc3c6730a7bd9b848d140a0c38487aed481b3bb0afd1571407eabd69dc674b9b655edbc137fc81ab1388b1878f0709644f89ec7060b6fc020942f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a298dbbc16c0e0d650f469062b0418cc
SHA1 eb3697e56ada671f79406191ea670339c73bfabc
SHA256 4e233bdc13f81d3a6ef068e4effd8897afffc5ffea8cf97907d11c26efa724a4
SHA512 77bb384d149729b9b384a672f45ebac07c1e718f62bad15d5be7b419421663292a7182b418b27224bd690190044549523b54fae2aca75c6bd5a849789f1da424

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b88edf29d8afea1e6ac70537a7810298
SHA1 72068915ffb47ecd38644d89c7ae3a4bd2a91728
SHA256 1b0f244255e00277da68f5cf9e496ee1deb34e485fff96962ce2f9bc5377c36c
SHA512 d07891ec5d8fd86fc5420a25b8d8168c11afe894eede35bb40fc5aa6c0658565a3780cc6fa2a57e81202846b1b9074153cb6caafe689fde03ebe2128c458efe3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4b309b26fbfb76ac8f88f4303a0d84f5
SHA1 3283bc47dd769d72b56b84d3bb90e4d3cc6c6cea
SHA256 4fd0b6ea6d1631dfc8773242e5e3d9db78a3f1454efe0369c1208bc20108bb08
SHA512 5214ea13f16b29cf5afbc88389ea4cfd9e8fd0c1ebbc00a853ecbb605fb8105f683fd3009ad4d02564a456775b7a63189821ada0d5a0958d851e0eb26f065fa5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6747a8dd42d6cb3ba9f1d001fbb20e3a
SHA1 1636ee552fb06f9d341c8a8953505016224ee7b5
SHA256 8266c9a9e6503e82352297face233d9d472ab0018e39bd27ae34aebcadfbe90e
SHA512 0104a74bf3ba0f4889e5448c9f2de9159db23d1c55c8a0eb8afad55a2d43b0a9ddffdff4d6211c56888ce6656063163588efbde6c53a6ebec4da79d27d6c5105

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 03ed656312cb7eaac86d13a644c5dc84
SHA1 f5ebeeeea3ab68c9228e6cebc523f19c0727e078
SHA256 ab06fee010aa997f86e38364c703f046d3ea83d8fd37302cb6fe880af45649b7
SHA512 37a0fff48e1504e7351f51b628eb59be0117d4d78284138e8ece6ee3b6b618302f7d5b0b76071dbc945e0b60a9cdde70ddf67bb60fe37f670d85d9dc9f98ab6f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b1da2f8ce9b34997f4be5ab88ae52845
SHA1 db0726b544b0b9253f7e32bb156326263e1354f7
SHA256 79cce8b72f34eb2053cd1e258fbfc534718e3e6087f8ff427658c24a6727d3f1
SHA512 b0d196c3e37231151ec596735fdefa7fcfa343414cadedc43c85d5184f947fb5cfa89457dae183c4bf008bae1849317b17f1ce7b3b84721780b4c4552afb17e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e6b16836aef98a1438134ba871420c5d
SHA1 2de286b6579ca9103bcf8e3d1c1353d0dd3ffcd6
SHA256 b490e8680aeed787eadf4f943b980ea70dc6182df6689b1b502635a3b34fa5f7
SHA512 d0f88f7ff65ad43dcd0f05749fb3534a79598489b72d6a8cdf3898331520087bef12144f2b19ab58022a7d73dd9b0c6efb697e25af068dbb2418dd34f6918460

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fc17d97a0f36ed57ab97ce5a47bcd938
SHA1 e4473c6dfedb186a5eebbb28476fb5de1c37b3fc
SHA256 e01281e16db454e8c2d9d4081d3899326ce5b00ba968d8b0d2aa02410b457ca2
SHA512 adfa74061e13eed321c426bf3d7a4b3e41f7686481e5e68102d11bc650cede9b8ff06129100d8a2b9649044513fa2481bf84f7d4c170a06c19e4bfc5c92a24dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 baf28c19d00b29a49cf11394c8414d33
SHA1 87e109231f852782fd65e47155bb0451b77f8fe3
SHA256 997de6fbb80baeafb2532e0a125166f06a7bab5c68207196f330cc6e7a96eeae
SHA512 9a0b0c12311fb8c7c607a4585bfaed6e590417f0ba24b2ae9fad25b9f5438c5fb639ef1b42cec8c274aca1f02f91619c2762b96d9e9dc1296c15c8ab0069ead6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 03f482f7eb2c30507596c697a3f9e063
SHA1 0e29b7e05b80d96352f8159a4d067ed4dd7162cd
SHA256 3c1b7dd541bb38b36480efa676b42b199581972bf19c571b73962adb91d11d32
SHA512 1ab8f4b218c3629b7f3819e7351af0de36fc68ea5c8d0f413d97bf7ad236f3a8d3b034026fdfadd8afd3e88d164503f8e57435df17877fdde683dc45a14d30cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6b7dd5d142da31c35bcf1c7327c35cb6
SHA1 8a8a0634252067efae6c2716df865fc2c66f586e
SHA256 47fcf8bf4eda8d1435c35f9c53aae7f86e8510691d1ab9beb60e79083156bd27
SHA512 4ecf00e5b904a561927295d124b0b00567c924c5e5deb7dbb71338f3e5559222c21884494a8d94c2a79263a7db16c0445f62454461df5ee1d83e9750ea84ce22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 31f51727fccc8cb19eedeb7bd0a78b51
SHA1 cb00ad12cb1c7bb182b1d75d318fe14f0ab29277
SHA256 5feb674fb94f9a298a4919e6e236601e75cee3519cc5976d077908bc4e59c248
SHA512 439c4aaaa5bb63e3693418bf1bb1abcf9c42bf7762a2f98533745a92ace4816fb3bedfb17c912f59e1c4de7f2e0cd0cede3a8f5e0e0a4e0dc4f9a752fb380db3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d71068443599dc98218ccd58df23d359
SHA1 d1be56a747e259c9110c657773c42d0b2a0b35ed
SHA256 3346c29c42c1fc204f06ef628ab511d27bfcf0ab959442acb9656fa31703f85b
SHA512 0f1aedf95af19ea1c0cae50a3e51af6bdcfb6d68ec20463a42b4ec0615d5ba47cfb0cb89181f418e328e19bac9e85808666f43f883b41cf5ddbc6a7e24aa0132

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1b8770a93d1d7444c306c2b1f3e72b8d
SHA1 51cae8684113edbf4071a0dafcc6ef5f2e6495b2
SHA256 e4528565eba815403c20adb936374d134a16dd9e054abba93a86024388a39f99
SHA512 e6cb7c6eca40d32308c40b7d474030b37bcc9e1ed8499ae0aa173102c450b57962208a3bcc497e8f48f621e18e6e16830146a96aa9f170a19e42b25106ea4acd

C:\Users\Admin\Downloads\UnityPlayer (1).dll

MD5 41a7936d731c4f9505139d507e67be85
SHA1 5f981ded6856c396f630b9756b0966f6f0f1e459
SHA256 2490202feb107231b5018e050210897e3e6ff89d99bfd47b382c09e98c195ebe
SHA512 ffe07e8b35ce953929a09a085a406383945dd11e155e2db4aae9c517f34ca883ad52534008fc15baf80a8fd1e971da4600744bda7164fab41ca5d9e20719bb58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 809e48c81b2d7825bc24ccbf62e3670a
SHA1 8744fe03466be4cd44606445aff06ccd1fa69458
SHA256 55755dc0b3919a81f4e59f43a31bb677c983ccb90ad1b4a591ed73c854d993d5
SHA512 0a4b283ee2b12f0bc1972dc46b80460faaa4f5c330ab706871df6aba2bef13e7fee882fd3c8f94edd821bce739e80b971a3129d2100f3027ee7533cc9938f7cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 acaf745e1ca7367c1850f62d30d94c15
SHA1 69214a9a0d8ac783313b258e2d76fb73d68992e5
SHA256 387facea886fccfebae1ac3b852ac92838e248f9ec6db5f8297ef2e2913c8c36
SHA512 69e70e084d22b4e2bbd1eb3da247bcde2e485414541d20bb09e3bc1f77715b29cc6da7734317c554328e270cdc6805a68281baa98acd76bc1fcd739a2670e75e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8b225c8137691082d22b7bd9933d6bad
SHA1 082aadbaa1c87f9d7ae084d7dc2c5c7468027a83
SHA256 b0ef718632ae6db14bb395b57a0f8f31104a825e0ad9d0e974319810d772d925
SHA512 9743a1ccb9681f890cd210d172282a5e35b7908db9e79c9ccf72e22059ed51561b596cbd977f2ed8ab1e9eb09634ad1ea1e90dac5277e25d6e956fcd7b6149bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d4beb803447a48cee26fe3dae77b6e36
SHA1 d9fa498db030cdf84c3ba7e3ef20ce2930f06fba
SHA256 4a63ace52397b1290aa8376712093dc80d461756eb413d2d7ea2ca0fa134cea5
SHA512 d5bf63cffd16fb3629703a9bec0c46f6af45c7bd98a5b2258ae4ff81342d307e85ff2fc1291a35bf3ac0126fc04d953da27a508614d2b6e38b78c7b9d2bddd54

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 17344323302fe7a8f9f5556b23a624b9
SHA1 1af5122286256a0a62e9cf6b986c346ce364a3de
SHA256 3f00bd6080ffe39f9db2d52d95c41b08358f02bcca952fd4df3fdceb4e681759
SHA512 f9c6e461828b30320efd3c707a90c988088dbe3e63f760dcc6c28af14b3386fbe2c9bed263a12be186a855ab684d916bcccfb926c34a85cd3e65abfeea3b69f0

memory/1700-904-0x0000000180000000-0x000000018003A000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 618ff6a3bbb28fbbdb523b422b0a044f
SHA1 af11dc020effc876e2d88ad2b739ff0a117530ac
SHA256 e2afaebe97cbd8b1840e12dee4b664d6e77d1f5e2714c8cab846ae114b51e02a
SHA512 ef69b924bc5f5b890ccf90baa984c1ced2805dc09d68a15c5eac6a87f49a3a1a0506d167429d22b3f2b92f2aaa1b4517015bab04e80578956429981fbd1fc3f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 656de41a756ab7a8af7595a52bd4b217
SHA1 d22491aa663046ee898d593d0a55c07f37fea98d
SHA256 43450282691cf9a4f4e575115c89f056f691e294b35a0aed1f032ab0231995b8
SHA512 72d3d68303260a3da0a1f38140ffbbfd0c33caa424f1a35c993b6255d4807fd3a16b7fd7c885e642d0d24400c3a619731ab79ecc5863d3bac73bd4c08d00453d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 49449b0509390b73e584e7c172901e6c
SHA1 59f0aaec31412e61705de122117b0711bd50b55c
SHA256 4c0240c193e583f25420faafbe172839eaaa3d345493640cdbb1a1a25e652eb2
SHA512 e4965bed98168e65e982610bb84f806a6bf973a9b817f948623334fbbf25e7cd79eee8d34467adf60fe68059258ed09a04379f7ad31bcb733097edb2c876cdac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5eccbb9c71ca9500254ed34ca89e5f97
SHA1 3e9cf423ea468280a93d4f5146f93f408c803a31
SHA256 a871c4bed18e169efd9ac5aecedfabc08836298408bb09d2a994d9838e5f3826
SHA512 0eddd1f85e605fd7844e1aad1c1751807bf0e023c047d74049123951ee633359887285a80f60811a045f6df493c88e84458fe67d3a21794674958e701fb0d3a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9968e34f47c81d234991593f0faae08f
SHA1 89f2d4a295e601cc772889681da7b2b55318ed5f
SHA256 53458bfe9e688fa6aafd350248efac66fd6c1d1952acef5b09ab6828fe84fd6d
SHA512 77d8de692aa26d7d6861ec16869fd67be93227edfe58dd137f4f08edfb9a5aa6ecad6dd8f195c560707dbbd9b7b84163c74ca8278b80d510aed2b95ee05d83ae

C:\Users\Admin\Downloads\Unconfirmed 173762.crdownload

MD5 b1f4bc644f535c745341de0303631d9c
SHA1 8d66e30416004cc2e98334a276c181ae1e67be55
SHA256 5d8d697707c89466cfe203bde7e242680d020646bd5e49edaabd67fc6a7d6321
SHA512 e3fc8eed9061dd8c555a26c29436c7c5218c6409096e37d11b34edcab448d5c3e9f7dff5e5c5ab2a0e3ee96da666b3be7f2b3f028fc122f35f74c51518aa0d44

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a03b09bd4b14d83396206e9548cb4ca5
SHA1 4f38e7eef65222794084d1b506abbc51ec60571f
SHA256 43a70018d8ba8020cc35d755e28202a1db11ff583ac45168a74b65e422c8c670
SHA512 b1cc5d2e5262193f118fdb1387dbe4eda85a4fef56595eb2b30e4fd5139b14862d389ad52caabf6d30b6fff9db2550a790fff5a857378a46f939601a1386d87c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1e0962a2b1944ca5e79190f2f8b9f814
SHA1 4f6e707a7b41c3d11c708d46a86fa4752764f97a
SHA256 3381c5b1130d575249f6c523c32715af4791a8a1df9fbc4918b2cdec2eced065
SHA512 95bfb7aefc1f415ac7bb2bf203b93cee336ff0f4f76bc06b1bf919c70e45b91c7ec12f7e9fef8868bc087bd639efe7b61aae2b9a2f2413ab726fe6f0261b145c

C:\Users\Admin\AppData\Local\Temp\nskBF16.tmp\nsDialogs.dll

MD5 4e5bc4458afa770636f2806ee0a1e999
SHA1 76dcc64af867526f776ab9225e7f4fe076487765
SHA256 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0
SHA512 b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cbf7334551d9c640eb01b4121c65e771
SHA1 9ab10e45dba7a1ccf11b3b615b8e20a09baf4498
SHA256 be4e42b8d312bf5d496a4460993f3abeffc19def9fc9fea343036b1e97bd07d2
SHA512 034feeebd75ff929edb8d520a6b0e1611b8245dac57fa433c38d82b4b4486ec6ee30aabd64e388069d5e54d6a8fbb87b11d676591ef012620074380e45ff1f1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 721c0debe93f14f45c8ac98668f3308e
SHA1 ccc5e370a9af30dfd631999370679f485afd522f
SHA256 444587cf93dd8ca791457db75cd1005bb33e805bb79ae43d0c18d0b944fcca3f
SHA512 1d8095c64ac1f289c0e9f7892330ef5276e476e0d7f325e521168cf37bc36b9b21b7d7a2ba4fbcb134535e797545dddb2d5cfb28006f8f4e15514cd39102aecc

C:\Users\Admin\AppData\Local\Temp\nskBF16.tmp\nsProcess.dll

MD5 08072dc900ca0626e8c079b2c5bcfcf3
SHA1 35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37
SHA256 bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8
SHA512 8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

C:\Program Files (x86)\Steam\Steam.exe

MD5 7c2056e7337a5f29d2e5d3c67830745f
SHA1 d502f5c22895a859056930a5489192873cd04673
SHA256 3f321dbbc60371a585d60b17e3f67386bf1792b430d20071ca0e3efd9dbae99d
SHA512 c729dbee4d528d05d2a6d25ea105d8f34bb9087b9151c0b31a59337e444e4bccb1f3e49fce122fb3dd7b65132a15a0c8b5618c853287fecbe5427376200b2495

C:\Users\Admin\AppData\Local\Temp\nskBF16.tmp\nsExec.dll

MD5 2095af18c696968208315d4328a2b7fe
SHA1 b1b0e70c03724b2941e92c5098cc1fc0f2b51568
SHA256 3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226
SHA512 60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 990083ebd2c239c82f4669cb08790fc1
SHA1 105434dda1df99c9392a50f386fe3f8a3b289811
SHA256 dd732126cd55a1cb1dc179b7e54adc96d4426bf08f0426a4d79818c38e557f09
SHA512 c7528922e01546ed23ba0fdb2ebf30ec88b779d4661acc59fe4573a3f62b0d063c8b728957876b349b7f80fb59ea0136bc493ab3150a70cbb97c3a2bcd875a4a

C:\Users\Admin\AppData\Local\Temp\nskBF16.tmp\modern-wizard.bmp

MD5 3614a4be6b610f1daf6c801574f161fe
SHA1 6edee98c0084a94caa1fe0124b4c19f42b4e7de6
SHA256 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b
SHA512 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

C:\Users\Admin\AppData\Local\Temp\nskBF16.tmp\System.dll

MD5 a36fbe922ffac9cd85a845d7a813f391
SHA1 f656a613a723cc1b449034d73551b4fcdf0dcf1a
SHA256 fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0
SHA512 1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

C:\Users\Admin\AppData\Local\Temp\nskBF16.tmp\StdUtils.dll

MD5 db11ab4828b429a987e7682e495c1810
SHA1 29c2c2069c4975c90789dc6d3677b4b650196561
SHA256 c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376
SHA512 460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

MD5 577b7286c7b05cecde9bea0a0d39740e
SHA1 144d97afe83738177a2dbe43994f14ec11e44b53
SHA256 983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824
SHA512 8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

MD5 00bf35778a90f9dfa68ce0d1a032d9b5
SHA1 de6a3d102de9a186e1585be14b49390dcb9605d6
SHA256 cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2
SHA512 342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2b68a761c9cfa9dae20438f312c6aefd
SHA1 3e67a64bbea5319f8347aaed0a1ad851640215b6
SHA256 7adff5161dc26732c68591356eb472d46482e6497d1033e4bd602e78fbe1e3a9
SHA512 544e9e96930ea230d9baa6cd481da8f6164f57c8f436da4bdfc86bd51d8f9655ab6368a24d3aa0d0ac937f8b2d6f39394143ec1d0b74ee9e20292b6b44cacd87

C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

MD5 836dd6b25a8902af48cd52738b675e4b
SHA1 449347c06a872bedf311046bca8d316bfba3830b
SHA256 6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64
SHA512 6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

memory/432-13291-0x0000000000F90000-0x0000000001444000-memory.dmp

memory/432-13297-0x0000000000F90000-0x0000000001444000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/5756-13320-0x00007FF9A3510000-0x00007FF9A3511000-memory.dmp

memory/5756-13319-0x00007FF9A3930000-0x00007FF9A3931000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

memory/2020-13362-0x000000006F410000-0x000000007070E000-memory.dmp

memory/6040-13385-0x00000181FCB80000-0x00000181FCC5A000-memory.dmp

memory/5756-13383-0x000001F0FB3B0000-0x000001F0FB48A000-memory.dmp

memory/5756-13382-0x000001F0FAC70000-0x000001F0FB3AF000-memory.dmp

memory/6040-13384-0x00000181FC400000-0x00000181FCB3F000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

memory/2020-13415-0x000000006F410000-0x000000007070E000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 fc81d3ba4fc1390224e7441d1626220e
SHA1 c240c6a19c50c31d3c988361868261affe2f2551
SHA256 d7134d2ca33b4e0e8ef9bba2b828d3f4cd7420758cd3abf9555455c73e94f8c2
SHA512 6e464052b55e49b416f6cec57b94839da47540cd7059866685ce44c30f4fdc72dfcb6c2cdf2905efe2d09de38ffc550aa2fbc63fbfd2d82ea8ff7edd8012254a

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 95e4b2895ef83b84ff4ea2ba215eabc5
SHA1 856b2b2f1fc2a838d3d398626bb09ea0f45176dd
SHA256 e7d28b23698dccda02f80ab330f5769f63eca87829becff5ab3a075613923460
SHA512 be29cb35d25029a39eaa78814a0824e0bf617b97a4f8e4fd66c805ce3f92e63248afc60bce59befecd5bb034c0ab44f1bd37ea4d9c73129813f29dabeae57010

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe6e6b4d.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe6e6b2d.TMP

MD5 a11530233bc50190bdb245db666cd4cc
SHA1 fc6ecb98091fcae08a92c0e232ad9393a1b9204d
SHA256 a8547312477ca3f6dee4684fa8ea76321d6c775d1ae6d375bcf767a449f1a7a4
SHA512 0fcf88086450c6c3ecec3e573a66a0e986e7024362c5ae4868b7577913dd3637b6bd3836c39759c5f197826b634c13fdf099d1c4ec84a8c72e60c125a18b3fc5