Malware Analysis Report

2025-01-19 00:03

Sample ID 241107-kewdes1qeq
Target 24.9.3 fix 2 pass is 1.zip
SHA256 4729398f2c65f7c023e78e0b90950a7398e1556f3411e3ad503011c84a57b796
Tags
steam discovery persistence phishing ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

4729398f2c65f7c023e78e0b90950a7398e1556f3411e3ad503011c84a57b796

Threat Level: Likely malicious

The file 24.9.3 fix 2 pass is 1.zip was found to be: Likely malicious.

Malicious Activity Summary

steam discovery persistence phishing ransomware

Renames multiple (51) files with added filename extension

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Detected potential entity reuse from brand STEAM.

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Browser Information Discovery

Enumerates physical storage devices

Modifies system certificate store

Suspicious behavior: LoadsDriver

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Uses Volume Shadow Copy service COM API

Uses Volume Shadow Copy WMI provider

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Modifies registry class

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-07 08:31

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-07 08:31

Reported

2024-11-07 08:49

Platform

win7-20240903-en

Max time kernel

1044s

Max time network

847s

Command Line

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\24.9.3 fix 2 pass is 1.zip"

Signatures

Renames multiple (51) files with added filename extension

ransomware

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\processhacker-2.39-setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FQ22G.tmp\processhacker-2.39-setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FQ22G.tmp\processhacker-2.39-setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FQ22G.tmp\processhacker-2.39-setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FQ22G.tmp\processhacker-2.39-setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FQ22G.tmp\processhacker-2.39-setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FQ22G.tmp\processhacker-2.39-setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FQ22G.tmp\processhacker-2.39-setup.tmp N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" C:\Users\Admin\Downloads\SteamSetup.exe N/A

Checks installed software on the system

discovery

Detected potential entity reuse from brand STEAM.

phishing steam

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_030_inv_0314.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_buttons_w_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_rtrackpad_down_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_r2_soft.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_button_b-1.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\templates\controller_switch_joycon_left_gamepad_joystick.vdf_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\video.dll_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0323.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_050_menu_0020.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_070_setting_0090.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steampops_ukrainian-json.js_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\dualshock_4_german.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_030_inv_0325.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\steambootstrapper_english.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_rb_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_button_menu_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\FriendsPanelLeftBG.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\switch_controller_bulgarian.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_button_home_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_l2_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\friends\broadcastapprovenotification.res_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_ltrackpad_ring_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\icon_collapse_over.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\icon_right_hover.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_button_mute_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_button_select.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\friends\trackerui_swedish.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_color_outlined_button_x_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_button_view_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0412.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0423.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\scrLeft.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\c4.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\xbox_360_thai.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\friends\ClanEventDialog.res_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_portuguese.txt.gz_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\Receipt_Blank.res_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox_lt_soft_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\offline_brazilian.html_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_060_vehicle_0100.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\steam_controller_tchinese.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_r1_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_touch_doubletap_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_outlined_button_triangle_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_r2_half_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_lstick_click_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0316.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\achievementbg_recent.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\dualshock_4_indonesian.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\overlay_koreana.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_dpad_down_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_rstick_left_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\.writable C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_rt.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0337.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_rt_soft_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_rtrackpad_click_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_outlined_button_triangle_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_sr_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\Steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-FQ22G.tmp\processhacker-2.39-setup.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\Steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\Steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\SteamSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\Steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\Steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\Steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\processhacker-2.39-setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\Steam.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\Steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\Steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\Steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\Steam.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\steamlink\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\steam\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d4304000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FQ22G.tmp\processhacker-2.39-setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FQ22G.tmp\processhacker-2.39-setup.tmp N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2732 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 2744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 2744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 2744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2732 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\24.9.3 fix 2 pass is 1.zip"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7849758,0x7fef7849768,0x7fef7849778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=284 --field-trial-handle=1224,i,1360226177768217545,13743440138291044801,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1224,i,1360226177768217545,13743440138291044801,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1580 --field-trial-handle=1224,i,1360226177768217545,13743440138291044801,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2236 --field-trial-handle=1224,i,1360226177768217545,13743440138291044801,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2248 --field-trial-handle=1224,i,1360226177768217545,13743440138291044801,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1176 --field-trial-handle=1224,i,1360226177768217545,13743440138291044801,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2916 --field-trial-handle=1224,i,1360226177768217545,13743440138291044801,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3600 --field-trial-handle=1224,i,1360226177768217545,13743440138291044801,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3636 --field-trial-handle=1224,i,1360226177768217545,13743440138291044801,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3600 --field-trial-handle=1224,i,1360226177768217545,13743440138291044801,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3796 --field-trial-handle=1224,i,1360226177768217545,13743440138291044801,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3848 --field-trial-handle=1224,i,1360226177768217545,13743440138291044801,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2520 --field-trial-handle=1224,i,1360226177768217545,13743440138291044801,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3600 --field-trial-handle=1224,i,1360226177768217545,13743440138291044801,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4140 --field-trial-handle=1224,i,1360226177768217545,13743440138291044801,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4148 --field-trial-handle=1224,i,1360226177768217545,13743440138291044801,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4208 --field-trial-handle=1224,i,1360226177768217545,13743440138291044801,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4220 --field-trial-handle=1224,i,1360226177768217545,13743440138291044801,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4232 --field-trial-handle=1224,i,1360226177768217545,13743440138291044801,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4284 --field-trial-handle=1224,i,1360226177768217545,13743440138291044801,131072 /prefetch:8

C:\Users\Admin\Downloads\SteamSetup.exe

"C:\Users\Admin\Downloads\SteamSetup.exe"

C:\Program Files (x86)\Steam\bin\steamservice.exe

"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files (x86)\Steam\Steam.exe

"C:\Program Files (x86)\Steam\Steam.exe"

C:\Program Files (x86)\Steam\Steam.exe

"C:\Program Files (x86)\Steam\Steam.exe"

C:\Program Files (x86)\Steam\Steam.exe

"C:\Program Files (x86)\Steam\Steam.exe"

C:\Program Files (x86)\Steam\Steam.exe

"C:\Program Files (x86)\Steam\Steam.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7849758,0x7fef7849768,0x7fef7849778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1236 --field-trial-handle=1248,i,10574750722965960377,2266783751755839602,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1552 --field-trial-handle=1248,i,10574750722965960377,2266783751755839602,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1248,i,10574750722965960377,2266783751755839602,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2264 --field-trial-handle=1248,i,10574750722965960377,2266783751755839602,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2364 --field-trial-handle=1248,i,10574750722965960377,2266783751755839602,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1524 --field-trial-handle=1248,i,10574750722965960377,2266783751755839602,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3132 --field-trial-handle=1248,i,10574750722965960377,2266783751755839602,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3384 --field-trial-handle=1248,i,10574750722965960377,2266783751755839602,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3512 --field-trial-handle=1248,i,10574750722965960377,2266783751755839602,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3648 --field-trial-handle=1248,i,10574750722965960377,2266783751755839602,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2416 --field-trial-handle=1248,i,10574750722965960377,2266783751755839602,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2108 --field-trial-handle=1248,i,10574750722965960377,2266783751755839602,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3624 --field-trial-handle=1248,i,10574750722965960377,2266783751755839602,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2272 --field-trial-handle=1248,i,10574750722965960377,2266783751755839602,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3988 --field-trial-handle=1248,i,10574750722965960377,2266783751755839602,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4088 --field-trial-handle=1248,i,10574750722965960377,2266783751755839602,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4124 --field-trial-handle=1248,i,10574750722965960377,2266783751755839602,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3860 --field-trial-handle=1248,i,10574750722965960377,2266783751755839602,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2056 --field-trial-handle=1248,i,10574750722965960377,2266783751755839602,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4248 --field-trial-handle=1248,i,10574750722965960377,2266783751755839602,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4232 --field-trial-handle=1248,i,10574750722965960377,2266783751755839602,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4664 --field-trial-handle=1248,i,10574750722965960377,2266783751755839602,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4764 --field-trial-handle=1248,i,10574750722965960377,2266783751755839602,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1248,i,10574750722965960377,2266783751755839602,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4756 --field-trial-handle=1248,i,10574750722965960377,2266783751755839602,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4900 --field-trial-handle=1248,i,10574750722965960377,2266783751755839602,131072 /prefetch:8

C:\Users\Admin\Downloads\processhacker-2.39-setup.exe

"C:\Users\Admin\Downloads\processhacker-2.39-setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-FQ22G.tmp\processhacker-2.39-setup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-FQ22G.tmp\processhacker-2.39-setup.tmp" /SL5="$7018E,1874675,150016,C:\Users\Admin\Downloads\processhacker-2.39-setup.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=2152 --field-trial-handle=1248,i,10574750722965960377,2266783751755839602,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4176 --field-trial-handle=1248,i,10574750722965960377,2266783751755839602,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4348 --field-trial-handle=1248,i,10574750722965960377,2266783751755839602,131072 /prefetch:1

C:\Program Files\Process Hacker 2\ProcessHacker.exe

"C:\Program Files\Process Hacker 2\ProcessHacker.exe"

C:\Program Files (x86)\Steam\Steam.exe

"C:\Program Files (x86)\Steam\Steam.exe"

C:\Program Files (x86)\Steam\Steam.exe

"C:\Program Files (x86)\Steam\Steam.exe"

C:\Program Files (x86)\Steam\Steam.exe

"C:\Program Files (x86)\Steam\Steam.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.179.234:443 ogads-pa.googleapis.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 142.250.179.234:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 ogs.google.com udp
GB 216.58.201.110:443 ogs.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.16.227:443 ssl.gstatic.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 8.8.8.8:53 store.fastly.steamstatic.com udp
US 151.101.67.52:443 store.fastly.steamstatic.com tcp
US 151.101.67.52:443 store.fastly.steamstatic.com tcp
US 151.101.67.52:443 store.fastly.steamstatic.com tcp
US 151.101.67.52:443 store.fastly.steamstatic.com tcp
US 151.101.67.52:443 store.fastly.steamstatic.com tcp
US 151.101.67.52:443 store.fastly.steamstatic.com tcp
US 8.8.8.8:53 cdn.fastly.steamstatic.com udp
US 8.8.8.8:53 shared.fastly.steamstatic.com udp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 8.8.8.8:53 cdn.steamstatic.com udp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 2.23.210.82:80 r11.o.lencr.org tcp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.117.22:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 142.250.187.234:443 ogads-pa.googleapis.com udp
GB 142.250.187.234:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 id.google.com udp
GB 216.58.201.99:443 id.google.com tcp
US 8.8.8.8:53 processhacker.sourceforge.io udp
US 172.64.150.83:443 processhacker.sourceforge.io tcp
US 172.64.150.83:443 processhacker.sourceforge.io tcp
US 8.8.8.8:53 www.microsoft.com udp
US 172.64.150.83:443 processhacker.sourceforge.io udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 sourceforge.net udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 172.64.150.145:443 sourceforge.net tcp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 172.64.150.145:443 sourceforge.net udp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 104.18.95.41:443 challenges.cloudflare.com tcp
US 104.18.95.41:443 challenges.cloudflare.com udp
US 8.8.8.8:53 a.fsdn.com udp
US 172.64.147.47:443 a.fsdn.com tcp
US 172.64.147.47:443 a.fsdn.com tcp
US 172.64.147.47:443 a.fsdn.com tcp
US 172.64.147.47:443 a.fsdn.com tcp
US 172.64.147.47:443 a.fsdn.com tcp
US 172.64.147.47:443 a.fsdn.com tcp
US 172.64.147.47:443 a.fsdn.com tcp
US 172.64.147.47:443 a.fsdn.com tcp
US 172.64.147.47:443 a.fsdn.com udp
US 8.8.8.8:53 d.delivery.consentmanager.net udp
US 8.8.8.8:53 cdn.consentmanager.net udp
US 8.8.8.8:53 c.sf-syn.com udp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
GB 84.17.50.9:443 cdn.consentmanager.net tcp
US 104.18.33.97:443 c.sf-syn.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 ml314.com udp
US 8.8.8.8:53 analytics.slashdotmedia.com udp
US 8.8.8.8:53 j.6sc.co udp
US 104.22.75.216:443 btloader.com tcp
US 34.117.77.79:443 ml314.com tcp
US 216.105.38.9:443 analytics.slashdotmedia.com tcp
GB 2.18.63.43:443 j.6sc.co tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 34.117.77.79:443 ml314.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ps.eyeota.net udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 52.223.40.198:443 match.adsrvr.org tcp
US 35.244.174.68:443 idsync.rlcdn.com tcp
NL 185.89.210.90:443 ib.adnxs.com tcp
DE 52.57.150.20:443 ps.eyeota.net tcp
IE 54.77.102.52:443 dpm.demdex.net tcp
US 8.8.8.8:53 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 86976949f46757af7dd947c8a3feb9e0.safeframe.googlesyndication.com udp
GB 216.58.213.1:443 86976949f46757af7dd947c8a3feb9e0.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 c.6sc.co udp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 ipv6.6sc.co udp
US 8.8.8.8:53 b.6sc.co udp
GB 2.18.63.46:443 c.6sc.co tcp
GB 2.18.63.60:443 b.6sc.co tcp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
GB 216.58.213.1:443 86976949f46757af7dd947c8a3feb9e0.safeframe.googlesyndication.com udp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 downloads.sourceforge.net udp
US 204.68.111.105:443 downloads.sourceforge.net tcp
US 204.68.111.105:443 downloads.sourceforge.net tcp
US 8.8.8.8:53 netix.dl.sourceforge.net udp
BG 87.121.121.2:443 netix.dl.sourceforge.net tcp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 104.18.33.97:443 c.sf-syn.com udp
US 216.105.38.9:443 analytics.slashdotmedia.com tcp
US 8.8.8.8:53 ebcc6d6e82feb91ed4627d9717b8337b.safeframe.googlesyndication.com udp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 8.8.8.8:53 trc.taboola.com udp
DE 52.57.150.20:443 ps.eyeota.net tcp
US 35.244.159.8:443 us-u.openx.net tcp
IE 52.16.238.77:443 sync.crwdcntrl.net tcp
US 151.101.65.44:443 trc.taboola.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
FR 3.164.163.90:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 wj32.org udp
US 162.243.25.33:443 wj32.org tcp
US 8.8.8.8:53 processhacker.sourceforge.net udp
US 172.64.150.145:80 processhacker.sourceforge.net tcp
US 172.64.150.145:443 processhacker.sourceforge.net tcp
US 172.64.150.145:443 processhacker.sourceforge.net tcp
US 8.8.8.8:53 client-update.steamstatic.com udp
US 151.101.131.52:443 client-update.steamstatic.com tcp
US 8.8.8.8:53 r10.o.lencr.org udp
GB 2.23.210.75:80 r10.o.lencr.org tcp
US 8.8.8.8:53 client-update.steamstatic.com udp
US 151.101.67.52:443 client-update.steamstatic.com tcp

Files

\??\pipe\crashpad_2732_VBJSMJHPRPEGDFNP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Temp\CabE542.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarE593.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 80212aea4057a00d763630679378ff05
SHA1 03bdcab56f922dfc14baef8499977b5589d76cde
SHA256 6514dee677471f70ebc6de9c028b10cdc6b3ff44ef249cb0034792f464326c32
SHA512 ae472512e08a5dd960fcdd231fb12345095df3d3ec457e1c9a16ebfa506f41d9326fd7d4354464e12bd41dd08ce7e7a8992831c8bf0d3562838a5f82e5160140

C:\Users\Admin\Downloads\Unconfirmed 395921.crdownload

MD5 1b54b70beef8eb240db31718e8f7eb5d
SHA1 da5995070737ec655824c92622333c489eb6bce4
SHA256 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
SHA512 fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cc00962542bdedcb4669cf34c2ddaf8d
SHA1 5ee12c6a37caa87c62a82253a1ebf88c585090ed
SHA256 245d5e6c0112cb4ffac7f1dd0dd7c87d4a948f14c1136e1a98448f5efb49b6d1
SHA512 3c3d99db69f6ecf56987484e800c8404954bba2ba1d1d20c80c462ab1bf0175ef89c01afdfbb79eb2546c5b117904f35b54360d69f85dd0c50a8ed750f7c5328

\Users\Admin\AppData\Local\Temp\nst140F.tmp\System.dll

MD5 a36fbe922ffac9cd85a845d7a813f391
SHA1 f656a613a723cc1b449034d73551b4fcdf0dcf1a
SHA256 fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0
SHA512 1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

\Users\Admin\AppData\Local\Temp\nst140F.tmp\nsDialogs.dll

MD5 4e5bc4458afa770636f2806ee0a1e999
SHA1 76dcc64af867526f776ab9225e7f4fe076487765
SHA256 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0
SHA512 b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ad284e0d88e9cc1c836769eb4a47cf54
SHA1 d2f8d22d5cfde8ec283ce15436455d50820c7ebf
SHA256 8b017227a9c01910cb95d472b4846905a4d5a4f18f711d81d66609afce0d5455
SHA512 0e2cad13162f60541b7712b49cc99d0bea017c39a426e7f99df79b610ed71ad23e3dc827aacc5637a1ee014246373340b07c488167c046e690c0813956be1d73

\Users\Admin\AppData\Local\Temp\nst140F.tmp\nsProcess.dll

MD5 08072dc900ca0626e8c079b2c5bcfcf3
SHA1 35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37
SHA256 bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8
SHA512 8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

\Program Files (x86)\Steam\Steam.exe

MD5 33bcb1c8975a4063a134a72803e0ca16
SHA1 ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA256 12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA512 13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

\Users\Admin\AppData\Local\Temp\nst140F.tmp\nsExec.dll

MD5 2095af18c696968208315d4328a2b7fe
SHA1 b1b0e70c03724b2941e92c5098cc1fc0f2b51568
SHA256 3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226
SHA512 60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

C:\Program Files (x86)\Steam\bin\SteamService.exe

MD5 ba0ea9249da4ab8f62432617489ae5a6
SHA1 d8873c5dcb6e128c39cf0c423b502821343659a7
SHA256 ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d
SHA512 52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

MD5 da6cd2483ad8a21e8356e63d036df55b
SHA1 0e808a400facec559e6fbab960a7bdfaab4c6b04
SHA256 ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6
SHA512 06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

MD5 0340d1a0bbdb8f3017d2326f4e351e0a
SHA1 90d078e9f732794db5b0ffeb781a1f2ed2966139
SHA256 0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544
SHA512 9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

MD5 18aaaf5ffcdd21b1b34291e812d83063
SHA1 aa9c7ae8d51e947582db493f0fd1d9941880429f
SHA256 1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5
SHA512 4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

MD5 1514d082b672b372cdfb8dd85c3437f1
SHA1 336a01192edb76ae6501d6974b3b6f0c05ea223a
SHA256 3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4
SHA512 4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

MD5 8958371646901eac40807eeb2f346382
SHA1 55fb07b48a3e354f7556d7edb75144635a850903
SHA256 b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585
SHA512 14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

MD5 202b825d0ef72096b82db255c4e747fa
SHA1 3a3265e5bbaa1d1b774195a3858f29cea75c9e75
SHA256 3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314
SHA512 e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

MD5 7e1d15fc9ba66a868c5c6cb1c2822f83
SHA1 bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7
SHA256 fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265
SHA512 0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

C:\Program Files (x86)\Steam\public\steambootstrapper_turkish.txt

MD5 29f9a5ab4adfae371bf980b82de2cb57
SHA1 6f7ef52a09b99868dd7230f513630ffe473eddf8
SHA256 711675edb20b3cb70acf6cf75f2eea8e0d87c8ace3e11c8df362b4517427a34f
SHA512 543fe63f791250e05e8fda24fd2ceadebb4c8925e8927de49ae490895c87eed3e61a9ad50237532649f99fe3165836261de215ee3f66ffbfc6d677ddeea7732a

C:\Program Files (x86)\Steam\public\steambootstrapper_ukrainian.txt

MD5 cadd7a2f359b22580bdd6281ea23744d
SHA1 e82e790a7561d0908aee8e3b1af97823e147f88b
SHA256 3dd0edfbe68236e668fb308f92fe7c6493dbb05bfca85a48de93588f479ccc99
SHA512 53672dd13e6ccbe96f6d4a61297c595b6d6cba8de92caa51ccf8ab1d8a82eea5a425eab348f295b9ec27de0026ef849d9230f751a46e040be8863923f91b8519

C:\Program Files (x86)\Steam\public\steambootstrapper_vietnamese.txt

MD5 f350c8747d77777f456037184af9212c
SHA1 753d8c260b852a299df76c4f215b0d2215f6a723
SHA256 15b6a564e05857a3d2fd6eec85a5a30c491a7553d15ffc025156b3665b919185
SHA512 efb86809a0b357b4fcd3ba2770c97d225d0f4d9fb7430c515e847c3dd77ee109def4bef11b650b9773c17050e618008fc03377638c1db3393ac780b5b0bc31b2

C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

MD5 4c81277a127e3d65fb5065f518ffe9c2
SHA1 253264b9b56e5bac0714d5be6cade09ae74c2a3a
SHA256 76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9
SHA512 be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

MD5 2158881817b9163bf0fd4724d549aed4
SHA1 c500f2e8f47a11129114ee4f19524aee8fecc502
SHA256 650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7
SHA512 f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

MD5 31a29061e51e245f74bb26d103c666ad
SHA1 271e26240db3ba0dcffc10866ccfcfa1c33cf1cc
SHA256 56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192
SHA512 f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

MD5 03b664bd98485425c21cdf83bc358703
SHA1 0a31dcfeb1957e0b00b87c2305400d004a9a5bdb
SHA256 fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115
SHA512 4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

MD5 10c429eb58b4274af6b6ef08f376d46c
SHA1 af1e049ddb9f875c609b0f9a38651fc1867b50d3
SHA256 a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13
SHA512 d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

MD5 189ba063d1481528cbd6e0c4afc3abaa
SHA1 40bdd169fcc59928c69eea74fd7e057096b33092
SHA256 c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695
SHA512 ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt

MD5 6367f43ea3780c4ee166454f5936b1a8
SHA1 027a2c24c8320458c49cd78053f586cb4d94ee6f
SHA256 f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998
SHA512 31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32

C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt

MD5 53f7e8ac1affb04bf132c2ca818eb01e
SHA1 bffc3e111761e4dc514c6398a07ffce8555697f6
SHA256 488294b7faff720dc3ab5a72e0607761484c678b96d6bcd6aad9ee2388356a83
SHA512 c2e79c2505a6fd075df113ffce92ad42c146424ca39087601daa4ed15a2b5528d478a093921d9d8a738c7b6b963275a0693ebe526b6e2135d14ced03639d0e70

C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt

MD5 194a73f900a3283da4caa6c09fefcb08
SHA1 a7a8005ca77b9f5d9791cb66fcdf6579763b2abb
SHA256 5e4f2de5ee98d5d76f5d76fb925417d6668fba08e89f7240f923f3378e3e66f6
SHA512 25842535c165d48f4cf4fa7fd06818ec5585cc3719eff933f5776a842713d7adb5667c3b9b1a122a1152450e797535fc7a8e97ebdd31c14b4d4900a33ede01f3

C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt

MD5 b2248784049e1af0c690be2af13a4ef3
SHA1 aec7461fa46b7f6d00ff308aa9d19c39b934c595
SHA256 4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690
SHA512 f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c

C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt

MD5 66456d2b1085446a9f2dbd9e4632754b
SHA1 8da6248b57e5c2970d853b8d21373772a34b1c28
SHA256 c4f821a4903c4e7faea2931c7fb1cf261eba06a9840c78fdca689f5c784c06c4
SHA512 196c2282ba13715709ece706c9219fe70c05dd295840082e7d901b9e5592e74b1bb556782181cdbe35bd1ab0d6197fef67258b09491fabc6f27606dbed667d49

C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt

MD5 56dcf7b68f70826262a6ffaffe6b1c49
SHA1 12e4272ba0e4eabc610670cdc6941f942da1eb6a
SHA256 948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f
SHA512 c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2

C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt

MD5 e04ad6c236b6c61fc53e2cb57ced87e8
SHA1 e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4
SHA256 08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e
SHA512 0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt

MD5 eb8926608c5933f05a3f0090e551b15d
SHA1 a1012904d440c0e74dad336eac8793ac110f78f8
SHA256 2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04
SHA512 9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

MD5 9b0b0e82f753cc115d87c7199885ad1b
SHA1 5743a4ab58684c1f154f84895d87f000b4e98021
SHA256 0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32
SHA512 b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

MD5 58e0fcbee3cca4ef61b97928cfe89535
SHA1 1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b
SHA256 c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425
SHA512 99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

MD5 7913f3f33839e3af9e10455df69866c2
SHA1 15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25
SHA256 05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c
SHA512 534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

MD5 5c026fd6072a7c5cf31c75818cddedec
SHA1 341aa1df1d034e6f0a7dff88d37c9f11a716cae6
SHA256 0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382
SHA512 f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

MD5 9e62fc923c65bfc3f40aaf6ec4fd1010
SHA1 8f76faff18bd64696683c2a7a04d16aac1ef7e61
SHA256 8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7
SHA512 c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

C:\Users\Admin\AppData\Local\Temp\nst140F.tmp\modern-wizard.bmp

MD5 3614a4be6b610f1daf6c801574f161fe
SHA1 6edee98c0084a94caa1fe0124b4c19f42b4e7de6
SHA256 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b
SHA512 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

\Users\Admin\AppData\Local\Temp\nst140F.tmp\StdUtils.dll

MD5 db11ab4828b429a987e7682e495c1810
SHA1 29c2c2069c4975c90789dc6d3677b4b650196561
SHA256 c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376
SHA512 460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

memory/1276-493-0x0000000003E50000-0x0000000003E52000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 562536949afc0766593268b197bbb95c
SHA1 94b2299c7cdcd544ee1ef0787fc994be1d80c534
SHA256 11d727d3a104b19b3b49fec5592b1f1229188be519b92bbbc76d6e962e61d02b
SHA512 461d6acf3ab71bd94ab3c5faf3ba479e8e24e0aa9d723e9a33ea20371ac26228c6a10b3c05c89c56c93391209e902a4b867b9de30bf4612db12eb31da0d5f665

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\59d308a5-e149-44a6-b86d-4edf83c1e47b.tmp

MD5 095bc12da421c309af7015d6858a69fb
SHA1 12bfa58438b541dd1a11e291a242f279a4050e18
SHA256 97be24a68385dadc3e9142181955e8c9dc2bd20490f9e324256b8d8350a570be
SHA512 754088f2aba4bc87ead57be52f6c65c8cfa1071bcf62bd34e5e268d9a2bfafc653cb68f35e27844171f7083f3551a3211910b6a497264b4b0788f12136c76140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6a44a33412eeefe051087d0a790faa3b
SHA1 3ab2c322e036a1a9ac3546f4b367cdfb211fe66c
SHA256 8652df21ec57122539d73d090c660bf124248e98cf1fc2608c0fc6aad5bab037
SHA512 4426cdb14646945129be96dd34fcefbc3bbd57f93937cdeb0e2c9e7cd33a19293e8fbd7d24aaa0df38f1e649d9f30447a300130fdb707d2929308510af8d1f73

C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

MD5 577b7286c7b05cecde9bea0a0d39740e
SHA1 144d97afe83738177a2dbe43994f14ec11e44b53
SHA256 983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824
SHA512 8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

MD5 00bf35778a90f9dfa68ce0d1a032d9b5
SHA1 de6a3d102de9a186e1585be14b49390dcb9605d6
SHA256 cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2
SHA512 342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

MD5 836dd6b25a8902af48cd52738b675e4b
SHA1 449347c06a872bedf311046bca8d316bfba3830b
SHA256 6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64
SHA512 6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

memory/1684-12826-0x0000000000D90000-0x0000000001242000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 9ca337524816226bf5da651706d62f51
SHA1 6f8a551c620e75e45b2340aac6720452d2886a26
SHA256 ba3dc56f607d63a68f065d56b69cefc8ab6dd4991fa972d80a1ff4ee388f4877
SHA512 97d45a79a646fe20a2ac9ef7aa142fe9483d95a6d2d9d007e7043f1b0776fbdf10616ba3fc93acd15404549bdd8c6e58706a76774fba18958dc8c1e76acc6e88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp

MD5 60e3f691077715586b918375dd23c6b0
SHA1 476d3eab15649c40c6aebfb6ac2366db50283d1b
SHA256 e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee
SHA512 d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

MD5 979c29c2917bed63ccf520ece1d18cda
SHA1 65cd81cdce0be04c74222b54d0881d3fdfe4736c
SHA256 b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53
SHA512 e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\50f33ad1-edee-4643-b141-741812106f1c.tmp

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000008.dbtmp

MD5 589c49f8a8e18ec6998a7a30b4958ebc
SHA1 cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA256 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512 e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 01870d6920c1ceecacd4949060f8ffe9
SHA1 1d830fcecdb2632b6e42c2036b0bb721bfe3a830
SHA256 b0406955606d0c413287e71b4da717d14736bd4f004ded0581c2d224eea9efe7
SHA512 babf1ce9607cfd21ccbbcc247e1f17ec9cd612b9adfcd869f80c99a6f02082f70b9f37f20b51ef6c78920158879c39e7b18b01773750ee969f597f42722df176

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 71a965777815ef2619cd72a223290e69
SHA1 e2279df81d3c2a9b6dabf2bc29d74ad7a6642196
SHA256 a2fd48121f737be8d3abc2d0c8af1409564296f25598c67e8c0b0931f233963e
SHA512 2752611c2265ac51b7c12d6d5d2b7a32a98bb22505b873016134dd6f8009aeec137d752f9bbafaba379bb75696f25600c2465573bee1d64a8e33a1f730b80852

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fe4e4a8bf97a3f11913fcd63805a9845
SHA1 5588829724d9c845288c68ffd62c6c72d8bb8487
SHA256 299eb93663abadecea00eca4de10c240443776c7ddc21215f8cb401e772946a9
SHA512 510159b4df18f93f240e9432adc68a00d755929c55813eca03c041edb185109a2fdceca6272ba1a1a90a27bb277006628c6a164090572f6b2f857994e7fcf403

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ace0844de50f02f642077a3854491301
SHA1 06fa2747c7f7c54343e243dc318360f58ac7c09a
SHA256 ee43cd94a09109243c024097d0b840e98d643fdd7c75e48ac130dc7122a3750c
SHA512 a07a96266851f7ad75b437ca961063d9f47d4735a83a3114bda31b6d0e10e82c8468fbbeed4335345fde14261b6816b5b61621c404a6a7274c4893e4f1aff667

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 46426dea9723555f89c4a865ea2d83a3
SHA1 18536e7cf8db4bf443464add954d7420079ce4b3
SHA256 c551e691b3ed5ec6d09f2e4aee98e22a87f56ffb5e91add6ebf3a8d8c200e5bf
SHA512 3b32bb97ca22ee757f2f6bf1bfb51d5248d3c66c7ce139a5b8a48667008f82b132a5bf34636763d787df1e4cdfa946e6d133a73622cc2bc7ebd91afb21f9f289

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc0d6e135b0b14798ae00f4069acb6a0
SHA1 ff5775e3edcc74809288a386cc3b037a3e9d9de7
SHA256 be1b6947d95b38810913bc734e6e6b0d298da24b2f586b7d92b85e3eb54c57ed
SHA512 e28e6d8628c68269e2119e303a56c0454279ad41125a90ec9ea202351bc23cba245eb7d01656ee3da14353232c6ba4d895d4c209914161472f877948297e3c5e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc93ec207757a6ef5783326a1a37f2ad
SHA1 d588d09879550d54c7cf3e15f8706b465ee662f8
SHA256 648359703ccde5e6d6102b23466056339c134a5520aa039bd7cb68151c3d4be5
SHA512 5e87387b2a0315b625bd9d355e9c32ca1e18b0128fd5b7e7635564e87249a8af4e0d9294b5e77eaf2b30117e58faf5ccef77ec56d4003162f59e948cd51077a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 41160bd0794cdb25a9da1a1fbd275d0c
SHA1 baed3208b47a6dd618177e426228275bd7720969
SHA256 da5abaf0bc86b7ef90179e309aa17260cbc397b369d14fa63b87e46e6d85c3d1
SHA512 1b768220c8b42740289e2bc6ca527445221c2469cecd1b27e295410c2e6598e246e23634ab4daaf0b92f1235640bad866304258fb56f9ad106594ae86886c0ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be56463d06061a824005b884362f223b
SHA1 9250baa60e7bf29907210b4bf0d0773e20cb0761
SHA256 cc23a78cbed35a847c4b917a08622ef3fcf19a79420c26605b9fa5cc437b8960
SHA512 9a04ca35d445bb68dc5b59e85ec9598ca5b0f81264228787aba4a41c14220c3d236071a530a501a2a03170b9893df175a3ba23b6e666ceb8e6d5edd7099e054b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5628a677ca47cdbdac081d8643269f41
SHA1 d2458dace22c76a5c06c28cba85ca285f897c57b
SHA256 c42cf28b3ced9a0b721d97841af21d5da7c290a2eb0fbe468c299cdb54502af4
SHA512 b330a277bd666ea8fd4d42625345b5a2ac8ea74b2a038f06b179b15698fbbafafed60aa3897eafd53d20b67e93c608e3a0758b01478a859211ca01f9b76bae6d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\085f7680-5c14-47cd-b017-b1a07ac6c30d.tmp

MD5 c4a53c4f0be7af2ec22933f0130cb16d
SHA1 77c91a4f03dc5d4dbd389c1f0551514ddc470719
SHA256 ea79fa0e1071de61f6981086698ce63cb0b62800259fa8a81ddede8836bf20e1
SHA512 033b6805a3f1702ecabdb11b63d122751a73cbd90f34e649d1814a26a54fd3153f2a05fc0322d498b8bebed7501c3157d3c4bd100ee0903156c178007dee4303

C:\Users\Admin\Downloads\Unconfirmed 275298.crdownload

MD5 54daad58cce5003bee58b28a4f465f49
SHA1 162b08b0b11827cc024e6b2eed5887ec86339baa
SHA256 28042dd4a92a0033b8f1d419b9e989c5b8e32d1d2d881f5c8251d58ce35b9063
SHA512 8330de722c8800ff64c6b9ea16a4ff7416915cd883e128650c47e5cb446dd3aaa2a9ba5c4ecda781d243be7fb437b054bbcf942ea714479e6cc3cef932390829

memory/2424-13516-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000065

MD5 7ef7e84645499079b87e3953e2e5fe23
SHA1 96e12adc65c6b1b4e2a2a8bea9722666e88af494
SHA256 c805c9df1ad44b1ed4ba3e5b671a214b0f3f8ea4009bcb0d57dc8c10b261896d
SHA512 8533c0e1828de433ca6c35c7449309a3083a36504b65e965e5aab854fe9f8623c2b9e8f75aa27133474d3014ea28659084a851b50ae1c2eb3d19b66eebf1b03a

memory/2424-13577-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c4a8f4a5632c8620fe42210994665e42
SHA1 c0e450a539d1667c4f7b52c1e490eb4a7070b38b
SHA256 7d885d3ba97bf5aa81613b54c7ecaa3a553d77fd25a7befdc0ad798a4989064c
SHA512 8c343691e033a6524e612bcd45311a5ba90de63ffff2d8a606b07835143d1078416f94d533bb2f807f1bf406397a72bd27ad46dbbe240e63af3ac1aee732f07d

memory/1748-13631-0x0000000000400000-0x00000000004D4000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59cfc56ad4ac97abedc99e98f4d2de9f
SHA1 25ccf9c7b263252af1a171c834746f79e38bad86
SHA256 e90a0c5a1719d06439df41a588e8e1110aad3b48975d02401dc51c1279b94514
SHA512 e74f02ea8a5753a6b4f0a93f3f2e9a1fbe57ed20f6d23b3823cbce9b2c293789919a9a2b5d2413aa587f927873507b3b6105a0ced43e1ee9ed14a7942f39d04f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e6934eaa2f91a966da8a61eb01bf5dac
SHA1 7ab6bce5a731258d0feda565d21db4bbd6506d50
SHA256 6b341d3ae40ae724a8e1d6501149cd934354a33c3afe0ea11fdf3e487c394fbb
SHA512 5cd32ecdebf8a3314c46820cf4d6ae3f3271019621b5f8ef75549b19d2240548a000f2f6f77910683388ad11f00dc086624f1c7a0d047b8818d223999d3464f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b10d403371e7e611cf7b8fc09ad1bb9
SHA1 0c079348d2e53c41a4deb0bd4e2ed379108d1dd0
SHA256 4481381bd4ead7bd340e6f5f5fad774b8507f33b7f0f7ee6fb323e1126325894
SHA512 6c04e7c2bb4bc4862c6952a0ec0356e769c3e79b5b7dec1df0cfef4a7947f5733b2c6d29be989760795558c9352e3f94ff9e25297460b817f983c6008e064b02

C:\Program Files\Process Hacker 2\ProcessHacker.exe

MD5 b365af317ae730a67c936f21432b9c71
SHA1 a0bdfac3ce1880b32ff9b696458327ce352e3b1d
SHA256 bd2c2cf0631d881ed382817afcce2b093f4e412ffb170a719e2762f250abfea4
SHA512 cc3359e16c6fe905a9e176a87acf4c4ed5e22c29bfca11949799caf8442e00ec0d1679b3d8754dbc3e313528d3e8e82c0ec1941e2c3530b48229c1cb337f6b8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1edf57927a67097f5a2a2cc3fe81cdb6
SHA1 d7b960073f383ccf83ba4df95aafb672eceec994
SHA256 cb052e99e4332b03e3fddba5436d994791eed53a3f2cd13d5d3f236fe3ceeebe
SHA512 2cf6b89c1a05c0009c9c6f2e8e6fb80567aea2dd655f075ec04b48fdf07f24d24a16d6363f2c8879a091a473e2cd8a9b34ae56a696507c718c6eb6e12a1722c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02d060a57a5ae48e35dbdf403432c91e
SHA1 4610475b72f09be1650255fb663e267e8b15196a
SHA256 455525e206e07b6a7812bd102440d9e25a6f189ee7bfabcc40e9a282ffa15138
SHA512 611031f9a5616133579b5fd1faac8afba9b329439d8bac32f1458d4c4fdc335f8e3c078dc4cc1550ae008d0eaf8ba622393828411821eeb7b45ba5c55ef3cd8d

memory/1132-13983-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/1748-13984-0x0000000000400000-0x00000000004D4000-memory.dmp

memory/1132-13985-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/1132-13986-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/2424-13987-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2850fca93d788591639585300d28c94f
SHA1 02bd94111fbffed8a12cfd65de83d69cc25af34a
SHA256 db5d562e356cebf9ff403615ef3eb6eeca0b9e45c8d18092f88acbab8a50c003
SHA512 dfe5f885ebb56b40507d2efa6b1d967a456851398a6a9f9fad3eeb82be76d957ed74468ea58fc0a65a146ebbc5d37ba52462def97a1a49d41e9f7a3cd1ae2077

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 15def7ae0cb010ec4e5bb7a05102320b
SHA1 b852358df4f517f30973707517a43a4f02e60f3a
SHA256 d9a715b4afc165e0721695e2dfb0a75b2c1d627babb79731293dd65c01d9e0f8
SHA512 798eee1f5c42a26063c445b28d578e2f36484bcad4df37c8e820dd95357c69491a90eb1b17ab91f293080efeecc7feab890993e1ba854289f1968823662d971b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c07aa8a0-d1e8-4bcb-ab88-576e066c0fc0.tmp

MD5 3562d6140f501d28c7fd13eed31d3f23
SHA1 d34523dce27207e462a84962f5974a37dc0f3f3a
SHA256 e309210c4ad784ec7c19cbba0cac32c8bd5f44f1b5cf8b1ef272aef1650b1b77
SHA512 860de34f3e93bed81da874284e31f654f0048afaa99a951f3d11a74c75f19b2d662775401e51f17cd45b844685e5ced95bafd40d26f31b6f1c27f1cdccedc018

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9e70577d8b117c94399aa944a1754056
SHA1 0d1a386dafdc4acd10a6bf3a431afdf30f963713
SHA256 b549981f274f8b46a427592e985abd9d88f599253c0dd145dce7b3f774303ea7
SHA512 f95ac5958d428512d3b670e0361f4f402fe456af32e54b6c22d09469d0f2b9954fb1bf9fe41ca24b6e91ae9d0484b0313e460f9f552e43018f93b4b22f1aa324

memory/1132-14176-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/1132-14177-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/1132-14178-0x0000000140000000-0x00000001405E8000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-07 08:31

Reported

2024-11-07 08:34

Platform

win10v2004-20241007-en

Max time kernel

147s

Max time network

154s

Command Line

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\24.9.3 fix 2 pass is 1.zip"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Processes

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\24.9.3 fix 2 pass is 1.zip"

Network

Country Destination Domain Proto
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp

Files

N/A