5d8d697707c89466cfe203bde7e242680d020646bd5e49edaabd67fc6a7d6321

Analysis

max time kernel
1800s
max time network
1164s
platform
windows10-2004_x64
resource
win10v2004-20240419-de
resource tags

arch:x64arch:x86image:win10v2004-20240419-delocale:de-deos:windows10-2004-x64systemwindows
submitted
03-05-2024 16:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Steam.exe
Size

4.2MB
MD5

7c2056e7337a5f29d2e5d3c67830745f
SHA1

d502f5c22895a859056930a5489192873cd04673
SHA256

3f321dbbc60371a585d60b17e3f67386bf1792b430d20071ca0e3efd9dbae99d
SHA512

c729dbee4d528d05d2a6d25ea105d8f34bb9087b9151c0b31a59337e444e4bccb1f3e49fce122fb3dd7b65132a15a0c8b5618c853287fecbe5427376200b2495
SSDEEP

98304:+bgwm93udfvBtp0vrjT/KFdGRv/SrbeJo7P0:utm81pjWzEfbe27P0

Score

5^/10

link pdf

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

steamwebhelper.exesteamwebhelper.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe

Drops file in Program Files directory 6 IoCs

Processes:

steamwebhelper.exe

description	ioc	process
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping12980_1271372197\_platform_specific\win_x64\widevinecdm.dll	steamwebhelper.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping12980_1271372197\LICENSE	steamwebhelper.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping12980_1271372197\manifest.json	steamwebhelper.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping12980_1271372197\_metadata\verified_contents.json	steamwebhelper.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping12980_1271372197\manifest.fingerprint	steamwebhelper.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping12980_1271372197\_platform_specific\win_x64\widevinecdm.dll.sig	steamwebhelper.exe

Drops file in Windows directory 1 IoCs

Processes:

Steam.exe

description ioc process

File opened for modification C:\Windows\INF\msmouse.PNF Steam.exe

description	ioc	process
File opened for modification	C:\Windows\INF\msmouse.PNF	Steam.exe

Executes dropped EXE 13 IoCs

Processes:

Steam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exegldriverquery64.exesteamwebhelper.exesteamwebhelper.exegldriverquery.exevulkandriverquery64.exevulkandriverquery.exesteamwebhelper.exesteamwebhelper.exe

pid	process
14832	Steam.exe
12980	steamwebhelper.exe
6636	steamwebhelper.exe
6488	steamwebhelper.exe
8836	steamwebhelper.exe
6948	gldriverquery64.exe
7004	steamwebhelper.exe
7056	steamwebhelper.exe
2328	gldriverquery.exe
368	vulkandriverquery64.exe
4672	vulkandriverquery.exe
11612	steamwebhelper.exe
4704	steamwebhelper.exe

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\cefclient.exe	pdf_with_link_action

Loads dropped DLL 48 IoCs

Processes:

Steam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exe

pid	process
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
12980	steamwebhelper.exe
12980	steamwebhelper.exe
12980	steamwebhelper.exe
12980	steamwebhelper.exe
6636	steamwebhelper.exe
6636	steamwebhelper.exe
6636	steamwebhelper.exe
14832	Steam.exe
6488	steamwebhelper.exe
6488	steamwebhelper.exe
6488	steamwebhelper.exe
6488	steamwebhelper.exe
6488	steamwebhelper.exe
6488	steamwebhelper.exe
14832	Steam.exe
6488	steamwebhelper.exe
8836	steamwebhelper.exe
8836	steamwebhelper.exe
8836	steamwebhelper.exe
14832	Steam.exe
7004	steamwebhelper.exe
7004	steamwebhelper.exe
7004	steamwebhelper.exe
7056	steamwebhelper.exe
7056	steamwebhelper.exe
7056	steamwebhelper.exe
7056	steamwebhelper.exe
11612	steamwebhelper.exe
11612	steamwebhelper.exe
11612	steamwebhelper.exe
4704	steamwebhelper.exe
4704	steamwebhelper.exe
4704	steamwebhelper.exe
4704	steamwebhelper.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Steam.exesteamwebhelper.exeSteam.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

Steam.exeSteam.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Steam.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

Steam.exe

pid	process
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe
14832	Steam.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Steam.exe

pid process

14832 Steam.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

Steam.exe

pid process

3304 Steam.exe

pid	process
3304	Steam.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

steamwebhelper.exe

description	pid	process
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe
Token: SeShutdownPrivilege	12980	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12980	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 16 IoCs

Processes:

steamwebhelper.exe

pid	process
12980	steamwebhelper.exe
12980	steamwebhelper.exe
12980	steamwebhelper.exe
12980	steamwebhelper.exe
12980	steamwebhelper.exe
12980	steamwebhelper.exe
12980	steamwebhelper.exe
12980	steamwebhelper.exe
12980	steamwebhelper.exe
12980	steamwebhelper.exe
12980	steamwebhelper.exe
12980	steamwebhelper.exe
12980	steamwebhelper.exe
12980	steamwebhelper.exe
12980	steamwebhelper.exe
12980	steamwebhelper.exe

Suspicious use of SendNotifyMessage 15 IoCs

Processes:

steamwebhelper.exe

pid	process
12980	steamwebhelper.exe
12980	steamwebhelper.exe
12980	steamwebhelper.exe
12980	steamwebhelper.exe
12980	steamwebhelper.exe
12980	steamwebhelper.exe
12980	steamwebhelper.exe
12980	steamwebhelper.exe
12980	steamwebhelper.exe
12980	steamwebhelper.exe
12980	steamwebhelper.exe
12980	steamwebhelper.exe
12980	steamwebhelper.exe
12980	steamwebhelper.exe
12980	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

Steam.exe

pid process

14832 Steam.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Steam.exeSteam.exesteamwebhelper.exe

description	pid	process	target process
PID 3304 wrote to memory of 14832	3304	Steam.exe	Steam.exe
PID 3304 wrote to memory of 14832	3304	Steam.exe	Steam.exe
PID 3304 wrote to memory of 14832	3304	Steam.exe	Steam.exe
PID 14832 wrote to memory of 12980	14832	Steam.exe	steamwebhelper.exe
PID 14832 wrote to memory of 12980	14832	Steam.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6636	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6636	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 6488	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 8836	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 8836	12980	steamwebhelper.exe	steamwebhelper.exe
PID 14832 wrote to memory of 6948	14832	Steam.exe	gldriverquery64.exe
PID 14832 wrote to memory of 6948	14832	Steam.exe	gldriverquery64.exe
PID 12980 wrote to memory of 7004	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 7004	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 7004	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 7004	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 7004	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 7004	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 7004	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 7004	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 7004	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 7004	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 7004	12980	steamwebhelper.exe	steamwebhelper.exe
PID 12980 wrote to memory of 7004	12980	steamwebhelper.exe	steamwebhelper.exe

C:\Users\Admin\AppData\Local\Temp\Steam.exe
"C:\Users\Admin\AppData\Local\Temp\Steam.exe"
1⤵
- Checks processor information in registry
- Modifies system certificate store
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:3304

C:\Users\Admin\AppData\Local\Temp\Steam.exe
C:\Users\Admin\AppData\Local\Temp\Steam.exe
2⤵
- Drops file in Windows directory
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:14832

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=14832" "-buildid=1709846872" "-steamid=0" "-logdir=C:\Users\Admin\AppData\Local\Temp\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Users\Admin\AppData\Local\Temp\clientui" "-steampath=C:\Users\Admin\AppData\Local\Temp\Steam.exe" "-launcher=0" --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --disable-quick-menu "--disable-features=DcheckIsFatal"
3⤵
- Checks computer location settings
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:12980

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\dumps "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1709846872 --initial-client-data=0x368,0x36c,0x370,0x344,0x374,0x7ffd9151ee28,0x7ffd9151ee38,0x7ffd9151ee48
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6636

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=de-DE --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1660 --field-trial-handle=1460,i,16346375969912998382,12465795071405991139,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6488

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=de --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=de-DE --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=2204 --field-trial-handle=1460,i,16346375969912998382,12465795071405991139,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:8836

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=de --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=de-DE --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=2500 --field-trial-handle=1460,i,16346375969912998382,12465795071405991139,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:7004

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --first-renderer-process --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1460,i,16346375969912998382,12465795071405991139,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:7056

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=de --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=de-DE --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=3292 --field-trial-handle=1460,i,16346375969912998382,12465795071405991139,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:11612

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-agent-product="Valve Steam Client" --lang=de-DE --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=2932 --field-trial-handle=1460,i,16346375969912998382,12465795071405991139,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4704

C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe
.\bin\gldriverquery64.exe
3⤵
- Executes dropped EXE
PID:6948

C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe
.\bin\gldriverquery.exe
3⤵
- Executes dropped EXE
PID:2328

C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery64.exe
.\bin\vulkandriverquery64.exe
3⤵
- Executes dropped EXE
PID:368

C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery.exe
.\bin\vulkandriverquery.exe
3⤵
- Executes dropped EXE
PID:4672

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x408 0x150
1⤵
PID:6896

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping12980_1271372197\LICENSE
Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping12980_1271372197\manifest.json
Filesize
1001B

MD5
2648d437c53db54b3ebd00e64852687e

SHA1
66cfe157f4c8e17bfda15325abfef40ec6d49608

SHA256
68a3d7cb10f3001f40bc583b7fff0183895a61d3bd1b7a1c34e602df6f0f8806

SHA512
86d5c3129bec156b17b8ebd5dec5a6258e10cb426b84dd3e4af85c9c2cd7ebf4faea01fd10dd906a18ea1042394c3f41a835eae2d83dc8146dfe4b6d71147828

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
72e39ed43b2e5b9ad5ce01391c912d9f

SHA1
a68f5b3ec8c5cd8c72274137f1df57d14f6fde1f

SHA256
14ae47895242010e49c5804c1b1a145fd6100f60b9f196ad0ea0ff8f440009ef

SHA512
408772d5d9a9da5182e3d2f503ca340dcec23c73d81b4037a8bf738bfaa36d2a4599ea51ca72b30ce1253c30a3d2acfde84d045e37299366ba79bbf24052e9e9

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe582035.TMP
Filesize
48B

MD5
36d36329fe654176c46ed72db03207c7

SHA1
d4a6ded66cf075a88b2df4b82c6adb669b459b52

SHA256
5ff33f6c0ec9ac386c7f6762eb341d817ad18bfde90c53d1db16e7d5764e52b0

SHA512
7cf5997c136994a5cc6e8e248877cd95998b4c24be4eb92421992ed8e71170b1c79f5c9d8ff0a8ecd3a925603551e62c53a1c9df9eb5f4f58420b8fa8b2c4d28

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json
Filesize
693B

MD5
851cc12c25d3ac98ee4fcfbe640cb627

SHA1
038f88ac02668b9cedd9a35498a47464fc19475a

SHA256
36e92a3ac7e30e018a2eefedb9d994c4b921f9f509ee00e680e1df00019154bf

SHA512
bc8907b478d59fdacbbbeee9862f600d5ac3076987efccc7dc81cfb9b8ba0d46bf710979e6d6fc33202b5f3e1127c9eaca85f2afefe0d46774a83f46e70f68bb

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json
Filesize
786B

MD5
dd794aa6fc03cb3d3d61aa350b9bf1a6

SHA1
4b868912fdef6002b8e800c39c9f2774ee4921e7

SHA256
a9a97e7eb63941aa870d5721c903d0e47396d908b4a6735aec6a45d631906534

SHA512
944926b9e9221c7138aac771f2ed95e3a2a0429df3f414b09925c5cb6aa2eed98015af58d54dcc6786fce7db41204e207584ab10057379c551a163b9255e6095

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe58db96.TMP
Filesize
484B

MD5
e124f380a49b279f8f571cc6f3f925e5

SHA1
dc7a7b71e4297f1b4dc7fdb28ac78b4b38250627

SHA256
888bc49acae8193cec8126cb6c2c7cffe2de9cd87bb5cfecc3113e120e10f512

SHA512
2f2a776cda51843393d45f9c2878da86fa928f4aefa47bae80a082b3991011d409a7697debc35023fde101872f52294ce3be4d66ae86006b99f4c2aada4c2c53

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State
Filesize
300B

MD5
cab5d3feaf1f44a4ec2f031bf51e8251

SHA1
d69659e38d213fc41e3c1a468f1ef3f8e77d63c1

SHA256
032e90c9122fdc574f3b7065cdad9efd991eb27766bae1c624acd91d4309abee

SHA512
f2c05d25af3bfef9573d154354b5e67f6ee4c569718369009f77162b0041f683c706e7d90ef0759adabcc120a2d3181f3f1f048040565a2efa6e9a9d4675ed6a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe58ef6c.TMP
Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\aom.dll
Filesize
7.1MB

MD5
d764264518e77cc546a5876c3bcebad4

SHA1
ea17d45b396fa193a851bfd345e2b2c20ad60e12

SHA256
e78492de0ab575add50b925bfd44216d224d09904a9b14c17087a92fdcbc15cd

SHA512
7cf132ea5254a55c08186ffcf5e47360ef5ddd57d03d7051171f6753b22e3925304d183c2037bfd320ad56c08e079f9b2c4640db8cb3dbd38ff500c7a39e997f

Download Submit
C:\Users\Admin\AppData\Local\Temp\avif-16.dll
Filesize
226KB

MD5
a09c5fa842fa4456a0b53b46f1050225

SHA1
9e4677f19e77bf55e7d0e2e82d8c27f79dbbd78e

SHA256
3d7ba6fedfdfd6e751693d718a21438304690b754d1c5d13c847a829b2423b8b

SHA512
71c962da6ed6894209891513bf9f0132a5eab6c65a5d9ba334efcaf73463be5625665a060863a106d59fad1949f6191f641aa4c59ddb0e825701bef08ef9b5a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\audio.dll
Filesize
175KB

MD5
91389bfcf323f9cbab45c0e652d0eec6

SHA1
030330d7f3e3db4224e441f3bb8fdbc9a87f45c6

SHA256
cf363c45ccf407eb405529ddc0e70569adcb82373fa51f8078660c0cbc78acc1

SHA512
8a963d677185a6b35e9534961d28a501c9021268a0a9980d2947727565a35d3793f97baf90d9d8f5afc6086655e4f7683be7aae274a280555f6632a76648f038

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-console-l1-1-0.dll
Filesize
23KB

MD5
5d341bc73b1e54509a5ad1cf242ee223

SHA1
c99d28dd1bf7df8f7560b39115ea193a0bb3b322

SHA256
e13c9c03c459682822eb5734e1f184e80dbae5fed2421cb5dc3e238946f3edf0

SHA512
39a3cd6c02b3ac42dbbe62b2a08ef1858f368163cd194d9d09fa2097b357e0540e0bf1a93b169dd93cf83bc08aeb6247d8a93a82ae72b418c1af128c9fc7e695

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-console-l1-2-0.dll
Filesize
23KB

MD5
fe49ecd88cb1b0b9a5cf88e01f4075a6

SHA1
4d47900af773a09056157336cd4a0373e9996c5f

SHA256
a82e6229869a90d19310f4247d6b3027309ee4ea49bc9c127e532b46bf95e78b

SHA512
d610e3e17bf2c082f6c52c8a9194e9f1f5d2d1c7bcb30a7fe7cdc0dfad5851b2d2d46368d964753235a892ea716fcb2694584d78580286b28b31393b85dc09b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-datetime-l1-1-0.dll
Filesize
23KB

MD5
587181061a8482dd8eefa8c1cbdd23b1

SHA1
6fdab708bc8b50cb9422b089c240275d478c59b2

SHA256
a4f49dfff349a4f12dc473650a57f52f6d9c2df50a12a7fe21e829ffcb2409e0

SHA512
3ae7c4a29f56dd482c9f442935f527e3bd0b902268f1d39c15fd909a4157e5f67c696136ed69cb14bb85abd08e2bbb14c3fa12e5f0dd6c75c6f4737a0873461d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-debug-l1-1-0.dll
Filesize
23KB

MD5
227e0e0e8f61f433eba82d2b6e388415

SHA1
c76f5c4ca826b4bd63bbd1c75b5549a7b1d8307b

SHA256
872cf90b7f7ae3187e1abe1e60923736d3b85c12db32f413f42dec5b3aaeffbb

SHA512
c355b0e902ff8abbadd8499fe4b075b6045876f8c6f8797a189adeea0437d1dc1df385bd65ae379913dc8cfefc46145c291e74aa8f34cf0949a2cf0d7a615618

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-errorhandling-l1-1-0.dll
Filesize
23KB

MD5
b2ebcf3c67f1722852b1061a7d6fa641

SHA1
02caf1c965f01aacdc0913be07766c6e48c07cc5

SHA256
68d7c802b9fd6f30be824965e61f02982eb43628379511fe46f1b93df0e4a6a5

SHA512
d7350120554855cb1712594e0c5cf25b956b8411a309bc6fd3837aec91364c10f9c98bf67914ee780b223bb3ebae0b41708a5d1993dbb800a544427f58dd2995

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-fibers-l1-1-0.dll
Filesize
23KB

MD5
55b7fde967d55a7de2f3e36179a0c049

SHA1
c0ceffcd7c8a335b44220f4fb9fdad45262fb174

SHA256
a70fa9a015aa316ec0e25ca507114c05a3dbb680e700c6e4c9bf8ddda2abd499

SHA512
ad3ef67b240bc53d8d0a21013b8207b6fecd74f810ff9fbca97a0493f0bfba0c5c60acff9b1bb5b1678cef4ec41f73cc47222c70b991e7dc39ac17e7620c3e83

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l1-1-0.dll
Filesize
27KB

MD5
3fc486b956727fd86b0d94d796b9c5c8

SHA1
779ba40fde8778dddc85b11c1ec492aed6ae2278

SHA256
e81b5784920db490038e1057d821bb5699dd2d2f319294b9939661f4cbfc94f9

SHA512
3c6b11fb4322da667886bdcb0511638fde6a563292f62f1040eb2eb314d1f282bc0efb9c20ce8f7518fc4da90eebb769bfe4b4e30180a7219c6f7e61fad2c3e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l1-2-0.dll
Filesize
23KB

MD5
7fad4ed5b9192c9e412da8eb032acdaf

SHA1
2a04c0e7be7e16eb7bd62198e3a868fe0d87a985

SHA256
10b141aaa2abf16276b69ac0773843884a47eb08fae0008ee647a15bcd7deff7

SHA512
fe611d421a53db561f02f484b9441cccfb21a2502b40a4189c5fb339ed828972352a6b0672d758f9641fc37168d9c6b100e478736342531359286918a7be4ea0

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l2-1-0.dll
Filesize
23KB

MD5
7d54304abfe17b8c3bf3451e32a5d0fe

SHA1
203f3143e122f1fa8162b6afcf53aacab90e3299

SHA256
7dcc29037927fcd5dba11ba4aacafd1de4ef643cf0f6b09fbdd0e58816fb7150

SHA512
32b407d65f9d29d21b7671dbed07dc61057a8adef81b4342879255b8a34e3ddf8aaaf80f368c983611ac9eeaa72f7ef801ed421b65433c3c4521fa7171b1bf9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-handle-l1-1-0.dll
Filesize
23KB

MD5
1b9aeb2a9d8b2e3af4ac1b63a0a3b653

SHA1
e308dca394e7598592606c202d85828c51deef38

SHA256
ce35d8a2c907ed6e7c26e4f99e8eff116358f2944026808df00c403a5ee4c939

SHA512
92b6d6560f78b88842d52a809bbbc303b934ea32f20134df1065a5d4ac045401af0c861c2ef176216e915cff2bd3c609b2addf64498da2fbfae66624ed350610

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-heap-l1-1-0.dll
Filesize
23KB

MD5
79ab9c62285491096f023e4a112fcc23

SHA1
52b8527c1c578a19352884b38f1a1e459c8ba798

SHA256
61d5719d2cb625fc7277682d2dadcac77c8f75825049f9e54618f7ec52116fb1

SHA512
29f14e0813a8bd9a3b802e9aca7dfdc733c439812ec9fbcc634197b49dfbe7e74e277417c5fce9dd654952674c20d9db971bc89d04dbe3ca8f9f759da61543c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-interlocked-l1-1-0.dll
Filesize
23KB

MD5
88e70b4aca4a1a4bafd8d1cfb0048bf1

SHA1
e008dcfbcfcf4a510610e9166230824d419ad99d

SHA256
95b0396babcbcb2cac645f921f63e86588c5446eae3db81564c82384d86d5a1d

SHA512
5e8e4756a6eabf7fb5fbc323a807c5fcbb14bb0cf55e23d3194d705448a888d496820b2f22edeb22deaec6e200f667a56acf59ab2fdade94e1de2e5d085e11bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-libraryloader-l1-1-0.dll
Filesize
23KB

MD5
1ea3cc8b9b1a7ac08021f3f12b25ad9c

SHA1
a6b41cb74fc972bd2d7689ce7629926e63fea311

SHA256
af5227c144b0c240259a4dde5c83aac04e2eaee8a67fc29acdccaa39c2d618ad

SHA512
389843ed30d3bb06f91acb0c1fa74c3338b4a3268ad557aaf68a27a54a114f2cfcc8d848d6e27bf5617a9e8a21d6ebf7246225e58029616de12b9397015bf0dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-localization-l1-2-0.dll
Filesize
23KB

MD5
59affe71521b54a4d52fb755b5056b7a

SHA1
eab6b8c42d6bf59fa9e604f4b77b24a73f512397

SHA256
a03af01498056c7717d9646c2f7698b63d1f50acc905417536d8271af7e28faf

SHA512
bdcff842b13bb43ad4c0977b478e93fe09e4fceeea89664d1b735222f020e0f75707b27f92d23c9eca590655f7e9384ee0262008ca8d4bff1cf0a826f6e1209a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-memory-l1-1-0.dll
Filesize
23KB

MD5
2c44d0598556493e198534e7d56197d5

SHA1
d221b8fcdcc12c748ecf100e6b2984ba5f51a268

SHA256
0a57fe27da36afb45cb7d9a30a6bb3f5f211ee15587bee841ae431b7d4ba0c5a

SHA512
a5adf4c17600a268cf717d750193eb3859d8c3d6c0636d7f0970f468584a2b2152ad403042d3a56bc428886ea05cf07a697aba6ca22c9fc558bf9b7e4c302bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-namedpipe-l1-1-0.dll
Filesize
23KB

MD5
67a4640ded799dc414d191b401008e28

SHA1
660526ca3ebe3988d3253b89d3a154645c1bb0a6

SHA256
5b7d01c1f55a3060157aec1af2a2bf6b5f617bd1e595cc64306dd283deb5e1fc

SHA512
d950079d6bbabed71ff024044d964032ecdf7093ad3c78449f571e38f00d638eaa2ef37f2b011a59e6f6c5bf2ec24aa6dd509da04c18159034e4cb8c5aa659eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processenvironment-l1-1-0.dll
Filesize
23KB

MD5
882a9c22fea18ec1bf4fc44c8ede98ec

SHA1
6575e8729222bbd057be6625660084c07d4d64af

SHA256
56e0bb419bfb1f6ed6ce85a7975fc2e7012e72fbf6583032452212204df7b20d

SHA512
de4d3bd4d86863de13ad0f572ef6489f283f6f45623ceccd5fb97a255b389f56e3576859786064d93a1d639794b331a05cfbb16700e19d4e763eb28b3f476fac

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processthreads-l1-1-0.dll
Filesize
23KB

MD5
179ee7baa6696d397bbdca2dd992b9b3

SHA1
27f3378583b3acf7ae4c36e92cb53dee5dc37cfd

SHA256
b6ec56daef7c1bec79996a2db59612dd454eb4401420a507accde0d8257e0c88

SHA512
ec087ef93f68e7c43db906829bf3a68f1bad51d60d83fb6421946a0665ef271603cbebf42f2aa271e4d2af8b5b2d54e3f86cc147832323721ccd0b0dee31c047

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
23KB

MD5
034ce0a3113319586d2a69234b210814

SHA1
3d2178572adc8322d79d9d4d040f746f7e2c4117

SHA256
15693f402c0f5c19434affb2129dcc76acaa105b2355d7a3f6c3df080c5da1a7

SHA512
c8053bcd491ec659119046ec9e2cfd36c45d76598c181e361e2904e8af60d44bf45850114dc22b8be5fe5619da8b92ea263bbf0d753325a1f594af0475f66066

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-profile-l1-1-0.dll
Filesize
23KB

MD5
e508d8ee19951842e86320f2861803b0

SHA1
8eaad2192c3e59e19f7285900c1852896d6482a1

SHA256
bb475dcea7621f3ee3b15e83f48d3b0ed42c69df061d1927ea9603714eb55a39

SHA512
bdfb160420166e3cdc6d47c5206f478043412365d382dde7ccd6683560aaa282a8044c2386751520fe03a6bed26fa375471250ce580f31b13403b285cfc565d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-rtlsupport-l1-1-0.dll
Filesize
23KB

MD5
3e21060b7db8bee93a4db62eb7a53b29

SHA1
24b8c741c238f9a0e691068fb0a31244122b7cc5

SHA256
4b6e9a9b8e451ce650cffef63f468a01fe4045f52c90c1fcb9aed3793269de1e

SHA512
b7de86f481819974f9d464b6152c856ac1edce370b7ac6464e94ade7cbfc02f921f782bed365c80f98b39d1610af530194651709d4bc1b2457ecc9e11f7b8b4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-string-l1-1-0.dll
Filesize
23KB

MD5
bc8a681bcc48af2305344054e01d7432

SHA1
8e352a06af35d5be55d76262543d829aa5297a22

SHA256
3a1e74551bbbf9905b40cd6688fa951068ab977e5a5ec5f3fc2c81c3206cd368

SHA512
cde270a6e17935a14d10f135d030e0ce345d84a9a1f700311e5cfa76c812edf274dedd60a8c5a6d588f7f6d52966fe40d8dc50bdfb29a52684e487930dfb5d29

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-synch-l1-1-0.dll
Filesize
23KB

MD5
69442faddca205dfcf64327e656d3fc2

SHA1
c3586c85dc15710e172ab6c87df86a2342335020

SHA256
2e61d309ca312d0eda633e26a1fd55003481ba8bda9957bac8236e3eaf89e0d8

SHA512
d05921fb54aa15dd61f805a9f4eb1521d219099506f1763f6c5c9eeb54da241a624add1cb613a0336d3c682c2d51215384ceaa841403ee885e4e5c93595b3458

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-synch-l1-2-0.dll
Filesize
23KB

MD5
e6fa44c37365da024605d6b3b65409ea

SHA1
aa8d94bf9da7bb95604c43f0841ba0b26277c690

SHA256
43cc3c7d6a72a5aa6930fbb00fd54c7a3a91b18fcfb69a83a89f1265ddf79442

SHA512
e2c54c59d4b83389b2b0a52ceca2d3502869b689ba32d3057ad5ece80ea8cb37013c4407b2312beb473daee59aead4a5baff77aec179f5dd8d35fa5b99774f93

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-sysinfo-l1-1-0.dll
Filesize
23KB

MD5
fb806a9d8727c9b567a4c3bd9a26fc5c

SHA1
a5fbd28b959b1f73d4e002f2ae05c63c2449206b

SHA256
9d6039836f713a2c251ec3c40cea6124173ffd268d3cd88b2cc53c60540447df

SHA512
d9681ba46c77c52e492b4cefabb4007de2cb5ad42f17f1916db7af5b3d00248db1e22cb03871498537c51eca2fc13edcba24a1b48875f403da9e60d9908eca35

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-timezone-l1-1-0.dll
Filesize
23KB

MD5
ac4ae609c8c25e936f62bb0944de4db7

SHA1
7dece98e524664b91f95f68bd3343b10c25881c8

SHA256
43c14254b2a1582bf4a944aba8b8c8670dace6a65e0ca8e7c0ae6e4814a28bcb

SHA512
278dffd62d9912b35596208a6198d2b21b3561c65462a3091047a972c52babdd5144e50b471804fe966d93eced657d15602756680e614a1b32089f49c5c7a23f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-util-l1-1-0.dll
Filesize
23KB

MD5
3567b4186491b8e3698fa151181a604b

SHA1
5ab46f050de88f44b0a04260b46d5eaa78b9ad4e

SHA256
b2bc1b12bf99d6cb38dd4af8cb90f722dd42add2ac9a549f864009dca438f3a2

SHA512
a5ce5e9915d99592ef9617fe3e75902a9a8566aba40aeca3874bf62e04afeafd39f12858de60fe32004f782f9a8220f74bb7ca8b5ead81295f40320fc9dfa16e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-conio-l1-1-0.dll
Filesize
23KB

MD5
25133b8bfab371f3b6cc8eb2dcbdaccb

SHA1
de33f01c32e15e098575c26a4de8071563147d2d

SHA256
01503942b57ce91373c5858a5fc343558d16bc268ac3534bd6e795dba3813507

SHA512
60524c3597e029643d18eccfa5f0bfad3ce242b63b1cdcae77a94a27803c698824502b86575b6f1dcd6c2b0bc47a860583a9e2e963f47b37ae4f21a83cb6f6a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-convert-l1-1-0.dll
Filesize
27KB

MD5
e1480e8dae5281802d6ca0057599958f

SHA1
f5943e624e14b56f5b37ed5a3a5e6faf84f9ccb3

SHA256
72fe8c76ef2c991344f729a216fe2013e37df50332f9bc917c7cf2ad4fded6ac

SHA512
9f1bd5f785771cddba02a69d843f24c29f0667b2974c63d94e6617e1729a6942685419543771aded066530967640d884b21f9baa154a00405d33fd52f630e3c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-environment-l1-1-0.dll
Filesize
23KB

MD5
53378680eeeca54a84e26448b478a793

SHA1
f5d4f2fd617a62d207e41da90c559c299bd09129

SHA256
431f37842153e7a7ed3510da20c1563e00a3ab325d9997b48c6b260b42127298

SHA512
f468414146adb62a21dee6ce9c8830131149fffb07e84bc6aa82d9b629bee2689d641052964f5140bb8ca0a1d974135e8aea8566b861cebf05545d9dcb9ae382

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-filesystem-l1-1-0.dll
Filesize
23KB

MD5
d80e7eaf820e57fe4278780fa77ff9a5

SHA1
fb57431a72c2a77910b69a6b3852705e2cb9581e

SHA256
314c7dbf32a2dec298921d61e20ef7ab499ca06cd6ac7992a43a529c541dfe74

SHA512
c029530fc73126a87fd4e2d39817a26de2859bcf42e705b96a7dad24b8d1050e2ea6cf74719a0a2ed376e1752abdf5ef196fdb399e62aa2f9a553faadf7e4eb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-heap-l1-1-0.dll
Filesize
23KB

MD5
c950affe6dae79c9f388a8e79f03bb2b

SHA1
ea58a57f93b44e65f6fd4a767e5295566312228d

SHA256
5de5fc83ba8237302cdd1fa3ece915b56af9bc7c5fe29a4c2f31bf4791ad7b80

SHA512
0e369f596e168ffd256098f013d441b4afaafba105f6d1494267c486783d0e85c8b86bf30db3a99e479a7ed57bdb90a77b69830bb3b52aa0cc2dd02474c5605f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-locale-l1-1-0.dll
Filesize
23KB

MD5
6c1f20bebd4e573e52b04d59531eb81c

SHA1
13759a634accd090a76f881f97b3b30794df6bfa

SHA256
8e26ab3319ba3b0ec76f16102ead04c312a95e161f7bfae1f960312cbd809315

SHA512
6f999f7705bed28d9b18b6b21c4b84c07e985986f458938015c818c75249ab073da704cb4dc22cb15746d8161632b3413c1e44e20df9c05e45ba873ef98ccddd

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-math-l1-1-0.dll
Filesize
31KB

MD5
967d1b7eba99ec51f97780a5662bbd0f

SHA1
38738c8cd0efeaa41720e0db209762a33f8ef3ec

SHA256
8bb34c2df43deaf158edcd2d592f57d901db33ef3f6bbdc1e4dfd65d70bbb56a

SHA512
ce9d72d6830bb01576fa27d534908af862431eeec80b1b0c300852b499f8f48fa5ff51ccf4e8d18076fcbb5d1646a9c8b74c050cc35b0179977843b182acf541

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-multibyte-l1-1-0.dll
Filesize
31KB

MD5
d8eea515e283bf3cdb56081d83a067ff

SHA1
74b41385a51a89308782039f208f548b483755bf

SHA256
80d432a4a1f1ed8212895871285f79b927676e4fc4db4bfd2f05366785559361

SHA512
dd940f457c83199041cc636f975a398f986497fd9260a40f65067969172cfd55a1ced153916876b612c9cca43c1fbb83f68092fd61c4def72d1ac13fcb0545a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-private-l1-1-0.dll
Filesize
75KB

MD5
958dd3f1efb3aeffeadbec338e050efa

SHA1
f649b6b2ee0909c0e0f48e1ff5ab91dcf6dd662e

SHA256
528b11540742d429d93c05182515dc540f66e0e9c0183c752aa2ad71d79cb3ac

SHA512
c6a1cb301736577ad4f724bfa944d6257e3c6175a0e5bc041df14731e0df9bb224e4864e3db167b1d2a97cbb3b6960c3fb8284d463e6d75c413067c1ec865f73

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-process-l1-1-0.dll
Filesize
23KB

MD5
3e36dd84fbbe37d1c523e77fa01696b3

SHA1
8850d6982678bce42c146082c036746bbffcc165

SHA256
3976dfdcb9f0276d04fa829aaddf6f6e6c059e0e7547b8e67a2c7d35bf5a0a56

SHA512
09b966f04236b4f34bcaab9147da797c84b498d580927cfbe81fc233be00f8e580a7247dda8916c16b18a68bd00552fb49719a912ea3ec0fff1d201e122dfa57

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-runtime-l1-1-0.dll
Filesize
27KB

MD5
bcaded934eb35aaea1d03b9913ab301d

SHA1
17823d09cca054e5cb8df67c915a3c7461c9348c

SHA256
687a2d38d18023d0a05cf4f3435ea5219c2f7c58f8c0b1dfe3de26a798fa67b4

SHA512
ab17f680b48ab56dba478a6178485471825a7ffb229968ead873a8ea3bf72b83fb617bc209e8d34648a200fc8f15bc09917414e98a7a5d651f5e8f5b26b9100a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-stdio-l1-1-0.dll
Filesize
27KB

MD5
3c0b236f2e033272a08f335b951f9866

SHA1
898b57ecde207e0a4082a8be341ede44e5efc81b

SHA256
f052e329d831b9e25678c947e61e9ba23739843f1a3c1f61393d0bfdc1fa1fef

SHA512
eff9b21f78a635cbe879229c92cfaedf520b382f2f3165e4cba20754632a8f5d95048e652acc399e3f3d7719dcb759d8972abc1019a63571a2c979abb4d9eb2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-string-l1-1-0.dll
Filesize
27KB

MD5
5fd48a16f6a750d0cdc7ef00af30d80d

SHA1
e8d2016433622d20bd5c4a79239136144696bab5

SHA256
45afb6ecf5928737d26ff610108c2d5110116bce37c4468697fce1a3612aa46c

SHA512
3d13bf58fd693322c61aec6ff99fb77d5e9274007dab501e885c7a7fe319a88ad89d3e2c5d3f73e3a0a47f298d4fbdd523e5c0fd103a3398efacfb7832f7b64a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-time-l1-1-0.dll
Filesize
23KB

MD5
a6a46f0c5ad078dc5fad23cc925bf255

SHA1
9b44f4796410f2269b7469b54446b2104a20f8f7

SHA256
1b2b49723795ed67a9766b76f358b8ff2f5b533b15df50514b9a316ec46f6fff

SHA512
04e25eaab0e1435004b4915ff8ebb38f41fa25d98f76d1fd01d33dd18c357ec297bbf4ab62e1233dd3ebf0f8849dff44337004dd10b91b77350a501bb713e80b

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-utility-l1-1-0.dll
Filesize
23KB

MD5
0f97ac507089a85e4d33352a3f55d6f7

SHA1
58b0d96ca4e502ef03849037e8159445bf20abf9

SHA256
d496c7c69f47ea24ea530a2eae126742751a31cf59882b8a72507ac68aca992b

SHA512
1dde4f5cada0be9967a38b1b630097b7e8ce5649c4753b1dc2e3ab6f046fee23ddb1c4f3f1f85e2167873cd57aa6b60dc77d3d063a8f0a2c8aafe8f7e205324c

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-downlevel-kernel32-l2-1-0.dll
Filesize
27KB

MD5
380b2b3b27e9c65d2622d6888375e3fd

SHA1
91bb52a5f6f5a5949e6d185b325732d5d6efff0f

SHA256
086269248808f50b7df48ac1b3ba7ddde5884ed18e55d7cd14e0e2c526f466c2

SHA512
57ada11db33d5022b68b0a736e16203ba3a9428be092fa4afc6a5825af1867236abadcfe100f1a7d88445f1925ea65cd0fbfb56edc875fe4d6fd9a587cce591c

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-eventing-provider-l1-1-0.dll
Filesize
23KB

MD5
e64deadd171f30ed516ba959438fdd5f

SHA1
9a81bfc150e566eec45748eeb373ee03fd53eb96

SHA256
860949fd53cbb3e3b29f1625165a676c307df19e382452f54db18df433b6ee49

SHA512
9b302fa598d1191d80a1af5aa24fe5a2c6bd56faa29a55bc810e8ec1d793f6c029aae0612e10bcd09629e8cb93e25f14e785e5902c60a59996aae75de9baae03

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\cefclient.exe
Filesize
2.3MB

MD5
28f891295fc7cb405ea6b75cd65e872e

SHA1
b98c6ea4c87f7418ceb80b9f6c26d7e46eecf183

SHA256
74624c0bda724e3924263eafa55082f7a8627914bf2ebeec4e45172ec5ac75a4

SHA512
d52a4cde06435f1542e0d6adff49dad3934b80abdc81ee898949eb0bda18ddf4f7bee6267e5496c5320c8b70365546672136040aaca2eb1bb106911820a34086

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\cefsimple.exe
Filesize
1.6MB

MD5
b0435aeca51ebe80ee0af5da221242db

SHA1
c7760fad33a4851640523b91ab1d88f39c6d9bb9

SHA256
5b796e3efe9f4a0c13f0e53d01c8094608163d840c8db3f2882822bca426a6e1

SHA512
15c84c5b6ddf361f895ecbcb8ff3265c8d63c2e228e6cde0d293b9db6a55a1767bfd0938ca93dec89b82f063a5959b779176a7022f9aa3b94bac7746f2d3bf78

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\chrome_elf.dll
Filesize
1.4MB

MD5
0787b24906e42a887f6ea7c514360b11

SHA1
bce748c8385935229f5f6d1232e18d65545ec8a7

SHA256
59af3ef52eaf33fc053e363227d8496410671ddf3e9a2ec63a5dddb3522b2098

SHA512
e88a57339c00facd4805e35e6cdb9de2d4081d7c00e0eb657dc3333a3d74f637a6538238242eae4033f317e45d01a6c1a767dae5b11ef0fefcc6470046ab5839

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\d3dcompiler_47.dll
Filesize
4.7MB

MD5
5ba2b9e83dc4d7761e29f17f5aea3b27

SHA1
3b0ff84363a9b87b57f6820453124dfe367376ed

SHA256
3e2e7e944e9f35101c05c23ed952c25ed9d0cae5eb5a0d71d205dc8e90956285

SHA512
c75265906d3f3c0046e4f9a0e6859ca6a8f3effd85ec9bef321304487cc77b7b3302863c97c046477cae12a70dacab30a92f5b8641dfd7286ffc58a97dfe252e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\libEGL.dll
Filesize
469KB

MD5
ddde79e39296679a9f427057e741b123

SHA1
4315a0a72821432cc5165eddc93d1271a61d0ad4

SHA256
a90042472d53d78cdefb8b441538f41145e398291b26c46ce0c686dd6cd3b73c

SHA512
392b9a0e0477bc948aad829c23934079160b7fab39637d6e7b6f79c3356b8c20a2558fd4fc8a8c6871923b5d5f58c287a60310fb3131cef3983b9fde5c83032f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\libGLESv2.dll
Filesize
7.1MB

MD5
c6f403e5ab424b2ffbff5d27d0b8006b

SHA1
a69d842dca508c4970e6ecbd0a8745d83a70cfeb

SHA256
ffd9b73ee4ca25d870013e747fb7763dfbb7977256467284c763d451fe8cb2a4

SHA512
4994502265e54eb0891b41ca9d356cbe448836703ca70d1edde82c7342ddaac72cd433c1c366b689cb2f9757db3a04bcaebf62618902517e7337fe21204fe4d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\msvcp140.dll
Filesize
555KB

MD5
39542f200fd39402d26cab2f022537ec

SHA1
d10ff22111acf7bbec2a381101ed55800b9478a4

SHA256
c61148424978300e99ec07284f875901e92be69394c8625099ec772da474f709

SHA512
29e43f361931f8c16df77df078b3197450842f15d1df0650a07a6af5a152ebe021aeeaefe606599107c78021b3320d69626b335987c8bb2dae17ac71409ffc3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\openvr_api.dll
Filesize
806KB

MD5
4398179b668c70f4464ce9448fa0bac3

SHA1
a12848d2488fbd31a2481922664a2875f162bbdd

SHA256
0ba4d3049449403e1966cf8922ac5c2e6130fabe72c0cc6b3218da82f9110ac9

SHA512
98db440b4c220a9e71b60104c819c402bd88b6c10b9ed518660e8550884fa518e165bf20ec2d85a4bb5c379a28e9524d4b69dd25dc599e062498670fe8f28bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashhandler.dll
Filesize
361KB

MD5
921ecaa849aa3eebea83cc117f057bbc

SHA1
b7eac57ca1e82b1011379893c88c76906b8c6833

SHA256
956264d928cc41776196b6a8162bf5895e0f093cc8049842fc90ad55e8c2f198

SHA512
2ea60ab1c5119254c38e136c3f1a88450fc0256fe5dcc621dd42235c72f50ef5ae2cf8fd481ee0cd663ee8173c09522fc7e11d72101072617d40ad193af9b3a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\logs\bootstrap_log.txt
Filesize
10KB

MD5
b9c1ef626c9f1fc21c92356472996c69

SHA1
09931eac892fe8dfbefb5128842ecf60c869a809

SHA256
6bc95c080f7a82d95a66135219a0efdbe8de75e10ffe264740228d85141199b9

SHA512
c40345270abc0172e46137d09a65f69be7714ee81cd6d3acd8ddff0badddfcade9a54500ed60800e89c89d81b4efc0d827fd946a73a9c39b1c1e46d029e20adf

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_metrics.bin
Filesize
2KB

MD5
dbfb33711692919283e486f3c8c614a3

SHA1
0e70bae3fc3ce6cdaa12825279199a034f50124b

SHA256
0ffb879893a8310cdea29703f1af3340cbc23ae1bdc2aa9636fde538c5ceb507

SHA512
924696f2cf3c441d7ecc8cf21adfd7183f5d0d3039ae06ecbd45a275e1b9e18a67e87e357f14e39dcd5cf47b7ffbd9f9c890d882969cef535789116c056b970b

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.installed
Filesize
460KB

MD5
5e21102fe5ae32653cfa3445539d23b0

SHA1
01feccac0e15f4fa21dbd0d1de5702c8a934d60d

SHA256
de521055b9e6d487bcbd91ec06428dee35384cc8a0d00d2b738760187b3c390a

SHA512
773e8198f3da8ba49beff3750416377d311877c54fe7c0a8324c4748d62b43745ecbeab6acdaec76af66d76a95a395f10339b61fe792026463012ad582ae4d3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.manifest
Filesize
9KB

MD5
efb6e815a83a9222a7263e78209285f1

SHA1
e178c8468d4e2ac9e66e7cd597813e6d85b30044

SHA256
9d0a3df457493d2ac1dba90a89ad6b35d309951142c793bef247ce462a631a2a

SHA512
36b1ec5f4b045b026f80983f769fa20d9e301c6ed92a036629f768c13515393522123d6436f438fe4f24f9116c0c7908c4d8093fcca36972e12ec763a06e3c72

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\icon_button_forward@2x.tga_
Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\icon_button_news_mousedown.tga_
Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\resource\filter_clean_bulgarian.txt.gz_
Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Users\Admin\AppData\Local\Temp\public\steambootstrapper_english.txt
Filesize
4KB

MD5
da6cd2483ad8a21e8356e63d036df55b

SHA1
0e808a400facec559e6fbab960a7bdfaab4c6b04

SHA256
ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6

SHA512
06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

Download Submit
C:\Users\Admin\AppData\Local\Temp\steam.exe
Filesize
4.2MB

MD5
0f433ee9a006400416679cf6e5a510c5

SHA1
558403043f0288aba3d9a43e9dfa7e109bc0b31a

SHA256
88eb0e145502e84cfb242b4733eeecbda53f78e33fe748f3c0e1fb14edbd7cd4

SHA512
82048118e7b816ffe9dd0ce114b0fda049345e9d27ab64b1c7a2efb4edb2d08775379ad6678c5a6a77fbfa91d8969e8642460f62b5cded32a704ab238a010ba3

Download Submit
memory/3304-12007-0x0000000000630000-0x0000000000AE4000-memory.dmp

Filesize
4.7MB

Download
memory/7004-12158-0x000002B1BA700000-0x000002B1BA79B000-memory.dmp

Filesize
620KB

Download
memory/7004-12092-0x00007FFDAEC10000-0x00007FFDAEC11000-memory.dmp

Filesize
4KB

Download
memory/7004-12159-0x000002B1BA950000-0x000002B1BAA2A000-memory.dmp

Filesize
872KB

Download
memory/7004-12093-0x00007FFDAFA70000-0x00007FFDAFA71000-memory.dmp

Filesize
4KB

Download
memory/7056-12160-0x00000283E8C90000-0x00000283E8D2B000-memory.dmp

Filesize
620KB

Download
memory/7056-12161-0x00000283E8D30000-0x00000283E8E0A000-memory.dmp

Filesize
872KB

Download
memory/11612-12249-0x00000213C3CA0000-0x00000213C3D3B000-memory.dmp

Filesize
620KB

Download
memory/11612-12251-0x00000213C3D80000-0x00000213C3E5A000-memory.dmp

Filesize
872KB

Download
memory/14832-12199-0x000000006FCB0000-0x0000000070FAE000-memory.dmp

Filesize
19.0MB

Download
memory/14832-12193-0x000000006FCB0000-0x0000000070FAE000-memory.dmp

Filesize
19.0MB

Download
memory/14832-12188-0x000000006FCB0000-0x0000000070FAE000-memory.dmp

Filesize
19.0MB

Download
memory/14832-12224-0x000000006FCB0000-0x0000000070FAE000-memory.dmp

Filesize
19.0MB

Download
memory/14832-12183-0x000000006FCB0000-0x0000000070FAE000-memory.dmp

Filesize
19.0MB

Download
memory/14832-12178-0x000000006FCB0000-0x0000000070FAE000-memory.dmp

Filesize
19.0MB

Download
memory/14832-12164-0x000000006FCB0000-0x0000000070FAE000-memory.dmp

Filesize
19.0MB

Download
memory/14832-12268-0x000000006FCB0000-0x0000000070FAE000-memory.dmp

Filesize
19.0MB

Download
memory/14832-12151-0x000000006FCB0000-0x0000000070FAE000-memory.dmp

Filesize
19.0MB

Download
memory/14832-12282-0x000000006FCB0000-0x0000000070FAE000-memory.dmp

Filesize
19.0MB

Download
memory/14832-12287-0x000000006FCB0000-0x0000000070FAE000-memory.dmp

Filesize
19.0MB

Download