3b616cb0beaacffb53884b5ba0453312d2577db598d2a877a3b251125fb281a1

Analysis

max time kernel
510s
max time network
504s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
12-02-2024 18:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SteamSetup.exe
Size

2.2MB
MD5

70f3bc193dfa56b78f3e6e4f800f701f
SHA1

1e5598f2de49fed2e81f3dd8630c7346a2b89487
SHA256

3b616cb0beaacffb53884b5ba0453312d2577db598d2a877a3b251125fb281a1
SHA512

3ffa815fea2fe37c4fde71f70695697d2b21d6d86a53eea31a1bc1256b5777b44ff400954a0cd0653f1179e4b2e63e24e50b70204d2e9a4b8bf3abf8ede040d1
SSDEEP

49152:2DcHcEngZtNm1LQRHH4PTwZX6kg9hsf4lcszpyu7d/TC:rngZtNm1G4Pw6dJzZNTC

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

SteamSetup.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

steam.exesteam.exe

description	ioc	process
File created	C:\Program Files (x86)\Steam\package\tmp\public\steambootstrapper_brazilian.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steamclean_schinese.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_rb_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\CreateTokenDialog.res_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\1928430_library_hero_blur.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\clienttexture4.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\btnDefBottomRight.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_l3_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_lb_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_color_outlined_button_triangle_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_button_capture_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\916840_library_hero_blur.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\radUnselStd.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steambootstrapper_greek.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox360_button_select_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_touchpad_right_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0460.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_button_steam_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_button_x_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_touchpad_down_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\1862840_logo.png	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\265210_header.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\c15.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\vgui_italian.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_l_click_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\templates\controller_switch_pro_wasd.vdf_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\Receipt_Server_Timeout.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\3_star.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_rstick_left_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\steam_splash_fallback.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\ThirdPartyLegalNotices.doc_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_buttons_e.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_rtrackpad_swipe_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\logs\compat_log.txt	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\1059990_header.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0422.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_040_act_0320.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\emailreminder_close.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_outlined_button_x.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_touchpad_right_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_lfn_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\1400500_library_hero_blur.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_050_menu_0304.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_040_act_0100.png_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\570_library_600x900.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_r2_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\ClanEventDialog.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_l_swipe_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\1618540_header.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_color_outlined_button_circle_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_dpad_up_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steamui_pirate.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_button_x_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_color_button_y_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_l_left_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox_rt.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\417860_library_hero_blur.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\24920_icon.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_l3_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\508550_header.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\381690_icon.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\302550_icon.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_lstick_click.svg_	steam.exe

Executes dropped EXE 49 IoCs

Processes:

steamservice.exesteam.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exegldriverquery64.exesteamwebhelper.exegldriverquery.exevulkandriverquery64.exevulkandriverquery.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exe

pid	process
3908	steamservice.exe
1572	steam.exe
11012	steam.exe
11088	steamwebhelper.exe
11124	steamwebhelper.exe
11256	steamwebhelper.exe
11464	steamwebhelper.exe
11648	gldriverquery64.exe
11784	steamwebhelper.exe
12028	gldriverquery.exe
12056	vulkandriverquery64.exe
12152	vulkandriverquery.exe
792	steamwebhelper.exe
5832	steamwebhelper.exe
6332	steamwebhelper.exe
6844	steamwebhelper.exe
7088	steamwebhelper.exe
4440	steamwebhelper.exe
7636	steamwebhelper.exe
8340	steamwebhelper.exe
8364	steamwebhelper.exe
8964	steamwebhelper.exe
9132	steamwebhelper.exe
9548	steamwebhelper.exe
9560	steamwebhelper.exe
9576	steamwebhelper.exe
9600	steamwebhelper.exe
9628	steamwebhelper.exe
9688	steamwebhelper.exe
9864	steamwebhelper.exe
10016	steamwebhelper.exe
10196	steamwebhelper.exe
10636	steamwebhelper.exe
10536	steamwebhelper.exe
12292	steamwebhelper.exe
12352	steamwebhelper.exe
12584	steamwebhelper.exe
12712	steamwebhelper.exe
12784	steamwebhelper.exe
14492	steamwebhelper.exe
14512	steamwebhelper.exe
14752	steamwebhelper.exe
15044	steamwebhelper.exe
15232	steamwebhelper.exe
15240	steamwebhelper.exe
16188	steamwebhelper.exe
16308	steamwebhelper.exe
16652	steamwebhelper.exe
26596	steamwebhelper.exe

Loads dropped DLL 64 IoCs

Processes:

SteamSetup.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exe

pid	process
2972	SteamSetup.exe
2972	SteamSetup.exe
2972	SteamSetup.exe
2972	SteamSetup.exe
2972	SteamSetup.exe
2972	SteamSetup.exe
2972	SteamSetup.exe
2972	SteamSetup.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11124	steamwebhelper.exe
11124	steamwebhelper.exe
11124	steamwebhelper.exe
11012	steam.exe
11012	steam.exe
11256	steamwebhelper.exe
11256	steamwebhelper.exe
11256	steamwebhelper.exe
11256	steamwebhelper.exe
11256	steamwebhelper.exe
11256	steamwebhelper.exe
11464	steamwebhelper.exe
11464	steamwebhelper.exe
11464	steamwebhelper.exe
11012	steam.exe
11784	steamwebhelper.exe
11784	steamwebhelper.exe
11784	steamwebhelper.exe
11784	steamwebhelper.exe
792	steamwebhelper.exe
792	steamwebhelper.exe
792	steamwebhelper.exe
11012	steam.exe
5832	steamwebhelper.exe
5832	steamwebhelper.exe
5832	steamwebhelper.exe
5832	steamwebhelper.exe
6332	steamwebhelper.exe
6332	steamwebhelper.exe
6332	steamwebhelper.exe
6332	steamwebhelper.exe
6844	steamwebhelper.exe
6844	steamwebhelper.exe
6844	steamwebhelper.exe
6844	steamwebhelper.exe
6844	steamwebhelper.exe
6844	steamwebhelper.exe
7088	steamwebhelper.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 9 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

steam.exesteamwebhelper.exesteamwebhelper.exesteam.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

steamwebhelper.exesteamwebhelper.exe

description ioc process

Key created \REGISTRY\USER\ steamwebhelper.exe
Key created \REGISTRY\USER\ steamwebhelper.exe

description	ioc	process
Key created	\REGISTRY\USER\	steamwebhelper.exe
Key created	\REGISTRY\USER\	steamwebhelper.exe

Modifies registry class 64 IoCs

Processes:

steam.exesteamservice.exesteamwebhelper.exesteamwebhelper.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steamlink	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steam\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steam\URL Protocol	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steamlink\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steam\DefaultIcon	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steam\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steam\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steamlink\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\	steamwebhelper.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steamlink\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\	steamwebhelper.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steam\Shell	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steam	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steamlink\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steam\ = "URL:steam protocol"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steamlink\Shell\Open	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steam\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\steamlink\URL Protocol	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steamservice.exe

Modifies system certificate store 2 TTPs 16 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

steam.exesteamwebhelper.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	steamwebhelper.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	steamwebhelper.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	steamwebhelper.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e40f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47419000000010000001000000068cb42b035ea773e52ef50ecf50ec52920000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	steamwebhelper.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 5c00000001000000040000000008000019000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f040000000100000010000000acb694a59c17e0d791529bb19706a6e420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	steamwebhelper.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 5c0000000100000004000000000800001900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d040000000100000010000000410352dc0ff7501b16f0028eba6f45c520000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	steam.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

SteamSetup.exesteam.exesteamwebhelper.exe

pid	process
2972	SteamSetup.exe
2972	SteamSetup.exe
2972	SteamSetup.exe
2972	SteamSetup.exe
2972	SteamSetup.exe
2972	SteamSetup.exe
2972	SteamSetup.exe
2972	SteamSetup.exe
2972	SteamSetup.exe
2972	SteamSetup.exe
2972	SteamSetup.exe
2972	SteamSetup.exe
2972	SteamSetup.exe
2972	SteamSetup.exe
2972	SteamSetup.exe
2972	SteamSetup.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11464	steamwebhelper.exe
11464	steamwebhelper.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe
11012	steam.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

steam.exe

pid process

11012 steam.exe

pid	process
11012	steam.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

steamservice.exesteam.exe

description	pid	process
Token: SeSecurityPrivilege	3908	steamservice.exe
Token: SeSecurityPrivilege	3908	steamservice.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe
Token: SeDebugPrivilege	11012	steam.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

steamwebhelper.exesteam.exe

pid	process
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11012	steam.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11012	steam.exe
11012	steam.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

steamwebhelper.exesteam.exesteamwebhelper.exe

pid	process
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11012	steam.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11012	steam.exe
11012	steam.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
11088	steamwebhelper.exe
8340	steamwebhelper.exe
8340	steamwebhelper.exe
8340	steamwebhelper.exe
8340	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

steam.exe

pid process

11012 steam.exe

pid	process
11012	steam.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

SteamSetup.exesteam.exesteam.exesteamwebhelper.exe

description	pid	process	target process
PID 2972 wrote to memory of 3908	2972	SteamSetup.exe	steamservice.exe
PID 2972 wrote to memory of 3908	2972	SteamSetup.exe	steamservice.exe
PID 2972 wrote to memory of 3908	2972	SteamSetup.exe	steamservice.exe
PID 1572 wrote to memory of 11012	1572	steam.exe	steam.exe
PID 1572 wrote to memory of 11012	1572	steam.exe	steam.exe
PID 1572 wrote to memory of 11012	1572	steam.exe	steam.exe
PID 11012 wrote to memory of 11088	11012	steam.exe	steamwebhelper.exe
PID 11012 wrote to memory of 11088	11012	steam.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11124	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11124	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11256	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11464	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11464	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11012 wrote to memory of 11648	11012	steam.exe	gldriverquery64.exe
PID 11012 wrote to memory of 11648	11012	steam.exe	gldriverquery64.exe
PID 11088 wrote to memory of 11784	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11784	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11784	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11784	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11784	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11784	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11784	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11784	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11784	11088	steamwebhelper.exe	steamwebhelper.exe
PID 11088 wrote to memory of 11784	11088	steamwebhelper.exe	steamwebhelper.exe

C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe
"C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe"
1⤵
- Adds Run key to start application
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2972

C:\Program Files (x86)\Steam\bin\steamservice.exe
"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
2⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:3908

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:1572

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
2⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:11012

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=11012" "-buildid=1705108172" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --enable-media-stream --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--disable-features=SameSiteByDefaultCookies" "--enable-blink-features=ResizeObserver,Worklet,AudioWorklet" "--disable-blink-features=Badging"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:11088

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1705108172 --initial-client-data=0x35c,0x360,0x364,0x338,0x368,0x7ff94a94f070,0x7ff94a94f080,0x7ff94a94f090
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:11124

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1636,17311108003347635506,9826305500354582513,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1705108172 --steamid=0 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1648 /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:11256

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1636,17311108003347635506,9826305500354582513,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --lang=en-US --service-sandbox-type=network --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1705108172 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1868 /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:11464

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1636,17311108003347635506,9826305500354582513,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1705108172 --steamid=0 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2476 /prefetch:1
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:11784

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1636,17311108003347635506,9826305500354582513,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1705108172 --steamid=0 --gpu-preferences=MAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAIAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2444 /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:792

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1636,17311108003347635506,9826305500354582513,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1705108172 --steamid=0 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1148 /prefetch:1
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5832

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1636,17311108003347635506,9826305500354582513,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1705108172 --steamid=0 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3392 /prefetch:1
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6332

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1636,17311108003347635506,9826305500354582513,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1705108172 --steamid=0 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1648 /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6844

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1636,17311108003347635506,9826305500354582513,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1705108172 --steamid=0 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2996 /prefetch:1
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:7088

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1636,17311108003347635506,9826305500354582513,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1705108172 --steamid=0 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2524 /prefetch:2
4⤵
- Executes dropped EXE
PID:4440

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1636,17311108003347635506,9826305500354582513,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1705108172 --steamid=0 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=3044 /prefetch:2
4⤵
- Executes dropped EXE
PID:7636

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
.\bin\gldriverquery64.exe
3⤵
- Executes dropped EXE
PID:11648

C:\Program Files (x86)\Steam\bin\gldriverquery.exe
.\bin\gldriverquery.exe
3⤵
- Executes dropped EXE
PID:12028

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
.\bin\vulkandriverquery64.exe
3⤵
- Executes dropped EXE
PID:12056

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
.\bin\vulkandriverquery.exe
3⤵
- Executes dropped EXE
PID:12152

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=11012" "-buildid=1705108172" "-steamid=76561199088571760" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=1" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --enable-media-stream --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--disable-features=SameSiteByDefaultCookies" "--enable-blink-features=ResizeObserver,Worklet,AudioWorklet" "--disable-blink-features=Badging"
3⤵
- Executes dropped EXE
- Checks processor information in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of SendNotifyMessage
PID:8340

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1705108172 --initial-client-data=0x350,0x354,0x358,0x32c,0x35c,0x7ff94a94f070,0x7ff94a94f080,0x7ff94a94f090
4⤵
- Executes dropped EXE
PID:8364

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1652,3131905825023073691,17991880272306976303,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1705108172 --steamid=76561199088571760 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1676 /prefetch:2
4⤵
- Executes dropped EXE
PID:8964

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1652,3131905825023073691,17991880272306976303,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --lang=en-US --service-sandbox-type=network --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1705108172 --steamid=76561199088571760 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2172 /prefetch:8
4⤵
- Executes dropped EXE
- Modifies system certificate store
PID:9132

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1652,3131905825023073691,17991880272306976303,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1705108172 --steamid=76561199088571760 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2416 /prefetch:1
4⤵
- Executes dropped EXE
PID:9548

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1652,3131905825023073691,17991880272306976303,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1705108172 --steamid=76561199088571760 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2508 /prefetch:1
4⤵
- Executes dropped EXE
PID:9560

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1652,3131905825023073691,17991880272306976303,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1705108172 --steamid=76561199088571760 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2516 /prefetch:1
4⤵
- Executes dropped EXE
PID:9576

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1652,3131905825023073691,17991880272306976303,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1705108172 --steamid=76561199088571760 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2524 /prefetch:1
4⤵
- Executes dropped EXE
PID:9600

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1652,3131905825023073691,17991880272306976303,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1705108172 --steamid=76561199088571760 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2532 /prefetch:1
4⤵
- Executes dropped EXE
PID:9628

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1652,3131905825023073691,17991880272306976303,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1705108172 --steamid=76561199088571760 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3140 /prefetch:1
4⤵
- Executes dropped EXE
PID:9688

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1652,3131905825023073691,17991880272306976303,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1705108172 --steamid=76561199088571760 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2784 /prefetch:1
4⤵
- Executes dropped EXE
PID:9864

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1652,3131905825023073691,17991880272306976303,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1705108172 --steamid=76561199088571760 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3196 /prefetch:1
4⤵
- Executes dropped EXE
PID:10016

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1652,3131905825023073691,17991880272306976303,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1705108172 --steamid=76561199088571760 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3200 /prefetch:1
4⤵
- Executes dropped EXE
PID:10196

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1652,3131905825023073691,17991880272306976303,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1705108172 --steamid=76561199088571760 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3212 /prefetch:1
4⤵
- Executes dropped EXE
PID:10536

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1652,3131905825023073691,17991880272306976303,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1705108172 --steamid=76561199088571760 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3376 /prefetch:1
4⤵
- Executes dropped EXE
PID:10636

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1652,3131905825023073691,17991880272306976303,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1705108172 --steamid=76561199088571760 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3508 /prefetch:1
4⤵
- Executes dropped EXE
PID:12292

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1652,3131905825023073691,17991880272306976303,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1705108172 --steamid=76561199088571760 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3516 /prefetch:1
4⤵
- Executes dropped EXE
PID:12352

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1652,3131905825023073691,17991880272306976303,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1705108172 --steamid=76561199088571760 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3520 /prefetch:1
4⤵
- Executes dropped EXE
PID:12584

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1652,3131905825023073691,17991880272306976303,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1705108172 --steamid=76561199088571760 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3540 /prefetch:1
4⤵
- Executes dropped EXE
PID:12784

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1652,3131905825023073691,17991880272306976303,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1705108172 --steamid=76561199088571760 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3532 /prefetch:1
4⤵
- Executes dropped EXE
PID:12712

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1652,3131905825023073691,17991880272306976303,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1705108172 --steamid=76561199088571760 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1832 /prefetch:2
4⤵
- Executes dropped EXE
PID:14492

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1652,3131905825023073691,17991880272306976303,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1705108172 --steamid=76561199088571760 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5884 /prefetch:1
4⤵
- Executes dropped EXE
PID:14512

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1652,3131905825023073691,17991880272306976303,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1705108172 --steamid=76561199088571760 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1832 /prefetch:2
4⤵
- Executes dropped EXE
PID:14752

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1652,3131905825023073691,17991880272306976303,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1705108172 --steamid=76561199088571760 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5812 /prefetch:1
4⤵
- Executes dropped EXE
PID:15044

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1652,3131905825023073691,17991880272306976303,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1705108172 --steamid=76561199088571760 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=5392 /prefetch:2
4⤵
- Executes dropped EXE
PID:15232

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1652,3131905825023073691,17991880272306976303,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1705108172 --steamid=76561199088571760 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5324 /prefetch:1
4⤵
- Executes dropped EXE
PID:15240

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1652,3131905825023073691,17991880272306976303,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1705108172 --steamid=76561199088571760 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5500 /prefetch:1
4⤵
- Executes dropped EXE
PID:16188

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1652,3131905825023073691,17991880272306976303,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1705108172 --steamid=76561199088571760 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6176 /prefetch:1
4⤵
- Executes dropped EXE
PID:16308

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1652,3131905825023073691,17991880272306976303,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1705108172 --steamid=76561199088571760 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5564 /prefetch:1
4⤵
- Executes dropped EXE
PID:16652

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1652,3131905825023073691,17991880272306976303,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1705108172 --steamid=76561199088571760 --gpu-preferences=MAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAIAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=3672 /prefetch:2
4⤵
- Executes dropped EXE
PID:26596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:11356

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004D4
1⤵
PID:11572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:9056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:14568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:14864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:15424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.1MB

MD5
b4411620a3551834e4f699cc5a9b27e6

SHA1
5093960cc86613e310d13770b5adef00fe93f3eb

SHA256
3caf4a246169b2d30c6bf18fa0b7a4a01bbe933cfb781f3da4c6b3cb67b59d04

SHA512
47dde07212c2d5eea548d7794fc6bb9d86ced9a0848aaeab81fa8844fc5cab7eac58e386e96a81c663b914c85c0a7116033e2b2cfd18559d40aa6c83f9a6c024

Download Submit
C:\Program Files (x86)\Steam\appcache\localization.vdf

Filesize
7KB

MD5
c86d5bf4be034164c340d16c47f8b864

SHA1
7f46fcac6d7640f1d69c1d7f8313d485d8295c95

SHA256
797635e65de74877353502d6a0583ee13f628a443a644b2cec7d10fe9c718357

SHA512
170b23ad4044deb63b2adc2392e8826022a8a5b096d8797544b55a08d31ac9e487cadfc29866423065a989e78ae0354dd3d6b42a17bccebaa8d4851a66c5253d

Download Submit
C:\Program Files (x86)\Steam\bin\SteamService.exe

Filesize
2.7MB

MD5
2de3f7cf6020b3bb6bc4199459a63016

SHA1
8a30e5e333a353eb069ab961a4c1918fcbb44623

SHA256
f649f4a1d41cd442d5e3f079b1677442a2123eb494bda58ef866870b25915d7e

SHA512
5d1e016c731dd1bfaaf24fde9da4f453f71773a71db956290809eb82064fa0307874cd412be6ad98c4fdbb36e94cd8ae7aa27341aaa1f9f3f9e696afe0cca56e

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
9KB

MD5
28764cc865bb0ee9015512bdcb70715f

SHA1
4a1f4691e64cb93c02516f2ba2186c6372f6bb66

SHA256
84d635cff08b2d6ed9a7d5b02b569788b2034acee86f4851785aed755556aa91

SHA512
bac74b47d0bb6961ebf72b5fd15db0a3560eaf65a1a6598096ca8b22ed129568ce827dd0e6caaab209eecc95bfacc7da9df4142c8484ec2b507aff9985f604b3

Download Submit
C:\Program Files (x86)\Steam\dumps\metadata

Filesize
334B

MD5
8e7a74e73b4b29aa0bfbd4e54bc11cea

SHA1
16185c80d4c1745c47a6629e5b06f71d20939863

SHA256
9e2c06a85be591c49e8ce2a49c48f45b3b8ad25f6d9adb5e70b536abbd5aae3b

SHA512
1aeb8a353517d44806d47d7ecbfbe00f512b4a7dddd3166665873477d723a926664d59e226522f60ec279429bd52383bd7f4bd4058835fb324ebba6d5fc7959e

Download Submit
C:\Program Files (x86)\Steam\dumps\metadata

Filesize
664B

MD5
39c3f3a539a18fc18adf56cf131fb276

SHA1
52e6e1c3c8285d03d13b38de00adecc4fbff8652

SHA256
f6207afef527058d070d91d2ffebb173323c34ba89cacc037f3d579305df2819

SHA512
375a56078d7a0893908f31212a173c8f8081416773b035c6fc7750fd593404d0dab57b8f4c00f981119f92c6b4103da3b79bcbba55365a8febbf2ffea6484a0a

Download Submit
C:\Program Files (x86)\Steam\dumps\reports\6af99f24-dc2a-4f5f-81bb-68231d2e8832.dmp

Filesize
359KB

MD5
bfff974c57db3f8f2c58b125629ac327

SHA1
8de8c759bbfc4998fb783a415f9af4600738b8de

SHA256
25a9388e8974e3cd5ff17e47cf12658686a8da26ddc3fd16fb62dabf3d36b1d6

SHA512
1e7574c8203008144f440e201442d8b7c1fb7968ac322c34d1420a0ea5e5697ccb9feb5370d4022c6d9e907f358c895f567ca047cce6a15ab298152bf82542cc

Download Submit
C:\Program Files (x86)\Steam\dumps\reports\7d121860-3459-4f53-85c2-6c63619eb405.dmp

Filesize
393KB

MD5
cf68819500fcf6abfa8f72ca7360edb8

SHA1
06104306968ce6ff18e14cf9260186a3b8e60746

SHA256
a3db12d2e1c2e983fd3ef700da612c5fe951a2308af186fabcda41ae4b9b0d16

SHA512
61a981fe73242a34a5c463b58249337a925bbb06786212fd6e93b8db8fe8227fc0b99a2a589ca1ca9f9ca8a2917e70c70cb89e14d570b782defffcb20aaf8d7b

Download Submit
C:\Program Files (x86)\Steam\dumps\reports\95ebc41e-dd3b-4eab-b856-66c8409f4df7.dmp

Filesize
364KB

MD5
1ac0232f0787ead760819e912275cafd

SHA1
d3e5ee0d1ef3a8aa4e5d559a41a2c281437d8dda

SHA256
24039f369430c0f0c58bbf67c4c17e826d94799f0a0124325e72538071c905d3

SHA512
428b170845c8c42b0118ab0f6079ed262da4b1c1b201fcf83dbbeed4275b9c465f79bce8b77861949d9c53f6ccc0f12e1abaea183e58fb965839838803275270

Download Submit
C:\Program Files (x86)\Steam\dumps\reports\a2771605-b85d-41ec-af61-ad63752c792e.dmp

Filesize
502KB

MD5
86c20b2316fad75e7d6f5741b7907510

SHA1
736f5de638ddf2c50e8df6097ad3bd420d670a61

SHA256
11fe8ce1c3ea4ec70d243d2c7d4412d1b608b32813226c9b548774ce67c8ffef

SHA512
147ddcfc8d2caefdbc801e49a7672f14b6225aae9765770abf6eb427f6619442c66f8e203d52d882f682031a606f3c1398b04b97799d19e3c0aff28998c3ef68

Download Submit
C:\Program Files (x86)\Steam\dumps\reports\c4e21916-26ca-448f-b93b-0781c2ff26fb.dmp

Filesize
391KB

MD5
24701012579e4ea4a028eb51b4a3ce1f

SHA1
064a0437a0fb0972d6ee1dca578ad4a869925d69

SHA256
849f52c08e0e61ed5062732c234c742b9404e89622c5d898b4b561111da4aee0

SHA512
28bd2a3e77b679c8eb372771fc9c0a835ee27a89a847ab1aa0f85cb70b4125600289a8b804ea8c4946d950a608ea9137bbf6d8477120f2ab65c4632109ced2fe

Download Submit
C:\Program Files (x86)\Steam\dumps\reports\f55a4a23-6d88-4fdf-b2bc-fa22191cd1db.dmp

Filesize
459KB

MD5
e1ce70386f490216100bbedcde3a3484

SHA1
af287d87086a7ebf5fdddcb45cc7c8393fa1d769

SHA256
d3eed2b24d284ddc9d023c0cb97b3c10228b4d2c8e6e86b31456d769d517c639

SHA512
6932a1c65e52e9836f40cae8c9c2bfe9f713829e7e893010fba5ef80b08191a35a0f6d7b87d59eb4646b456ae6be1f05a46a09a738e3b5019002eabe22103fbc

Download Submit
C:\Program Files (x86)\Steam\dumps\settings.dat

Filesize
56B

MD5
d57949ab247ee4350476ceaab50f9f34

SHA1
c6a1f398cf261d8cbe2551826bad88d553e24fc8

SHA256
c781ba7ec85c89eca65ceb8f1329f367f18ba53cb5bb404886e2b7988e1ee066

SHA512
e2c7860d81f28ffebe3017f5c1e9846768175b88ec6bd8a5faba10d22074d3cdde87fb64ab2c4a86e09386cec894415bf353b18cd14354a97cee122efc81f1b5

Download Submit
C:\Program Files (x86)\Steam\dumps\settings.dat

Filesize
56B

MD5
6efc4cdbbbd4875d2fd78e16b5cecac9

SHA1
5918cbb391c87551cb2172706b035a5e5b32ce1b

SHA256
dd2f28abf9e101cc6176a4cf07e679d88dd7975064f5c1a5232c9b9451ebf15e

SHA512
4266c056724ba0fd884869d92f7cd4f34509ee53fee9be5d7cca77550dd992475c8b84ed938b825d0cf3bf096b8f72f128afc7558d908b4c26b228f0a6ba75f0

Download Submit
C:\Program Files (x86)\Steam\dumps\settings.dat

Filesize
56B

MD5
0129c1a9e941616b62892659d90c4e55

SHA1
12bf6e6e7a1259999c3b2e43f3de36bc9d4cdca2

SHA256
e13367062ddb4f83e173c8636b1c91e60e4923e86383e56ea62ca482782f6e73

SHA512
f72dc8549181b30793f608f829c7fc944742463434a751d65b7e660923db5728f2d693d866740dda2eb6c84a87e0fa3a11b97ccd0ce1b4029310f010e04922a5

Download Submit
C:\Program Files (x86)\Steam\logs\bootstrap_log.txt

Filesize
10KB

MD5
0afc8200a75664eec6838555500955b8

SHA1
4bf428ad83167f9e5e2d092ccd96241bc6531fcd

SHA256
f20615c450b3e5e99b2a84e2806b21ae188d6a000d8b63734afd4444e9a7685c

SHA512
86231e0ba92218a64ef44f9abd51d6b4a1bd2580b5cd7eb90d9da6005b53f158bd0cd35a6b9c6837c5d4d1bbb02393caa8363794a0ea51f697911dccf8bae46c

Download Submit
C:\Program Files (x86)\Steam\package\steam_client_win32.manifest

Filesize
9KB

MD5
3f03cae38ef6847eccf56c954b1ae3eb

SHA1
04b0f891fd471e19d17a6ac3b93c8dc7419a6baa

SHA256
6778287775f2a7c8b9d5c505e53201a7e518000df65ffb45ce2d93ff99c8ed4c

SHA512
ab895e7a2a05272afba514e66a6030fc65391c11ac472f313aa18eb982a29f7a179c70f9834658171375848fafc72306d6051964922705d621f72a1c27b65c4f

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

Filesize
4KB

MD5
8ebd46495dd3b4ab05431c5c771d5657

SHA1
e426214322a729faddb5bc80053af5750c76683b

SHA256
70c39d5d5b16640165de19cee80da4a391035108cbc5f5009372a86954f0fe92

SHA512
53afd923f583eda4db580935a8cdd62413af8e830c04f2c12d15c55e905c114ec11a5e4483660601504c27e9350e9e47c6432f8f699464e11c5050fe846d7dc4

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

Filesize
6KB

MD5
239c03a3dc1c27993da724736d086cef

SHA1
ff88246f8ea3502873dcbdc622378f006c58a2e6

SHA256
b387e2fb971297d3438acca130c53dfdd202ae2ca5b52d6503333734cda4fbfc

SHA512
656922e8f2dec46ef36efba5c85088c47b02e89f62b27559611fcbe6ef85c6cd8462a4532e2d2d7f4faa977ab24f0de6f5f72e3075f8889db9e6e60baa162a32

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

Filesize
4KB

MD5
6def4d3cf1453d5fb69d22fca29892a4

SHA1
09fe62653e55668de75a9fc5b64949ea81eb4991

SHA256
60c29f3c57c44c58daf69be797bfede31967b1ddfc9bb68cb7ddaa0acda67c8c

SHA512
ee4f3f5dd8a8aadde9cff8f8aca8a45fa419c36fd8a4a7d3af9b71e1f7e5d9e1d01c329c70e6da53238822b536e35224e55004bf2e1af4ec17d5b56ccfc58549

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

Filesize
4KB

MD5
03b664bd98485425c21cdf83bc358703

SHA1
0a31dcfeb1957e0b00b87c2305400d004a9a5bdb

SHA256
fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115

SHA512
4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

Filesize
4KB

MD5
31a29061e51e245f74bb26d103c666ad

SHA1
271e26240db3ba0dcffc10866ccfcfa1c33cf1cc

SHA256
56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192

SHA512
f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

Filesize
4KB

MD5
2fe6613e267857982d7df4368c9827ec

SHA1
d520c7427b283e3ff167b850ab15352e46d328d3

SHA256
2eba5f3f0b0dbcc2cd69c36c220a2355d1ba3cd67b6e25b5846c80e1604bcac0

SHA512
cf2fc8978adf54dce5700eda7d8beb4917c89bf5458131171eab95463e1b3a3315770f4baae07e498e8e36a8478f09e27054ca2d06b4542c86d8459360572be4

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

Filesize
4KB

MD5
594be5b10d9f551e551cf20eae0e6dfc

SHA1
191c20f5cb0c27ecc5a055fa2379694f5e27a610

SHA256
e350ca62e777da4da6d25885be96d48e7ce3acf021a74f2a4902354a1bf03fbb

SHA512
e27bf6593a177c22e16ddf5a44d82b34b02063645a7fd63943b936028d9c433c89628038768a300c296c2d3bcab2ef6b8532a19f7283952d041865c704f62b0b

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

Filesize
4KB

MD5
da69785dfbf494002f108dd73020183d

SHA1
34bb6061cdf120e7dced0402e588c3f712cf2dc0

SHA256
8cce22e7f13486f2bc612dcc8fa31d81038e6084a350fa10299d40c3a7f878c8

SHA512
db773783b63ed1d66a59272e05304c174b69f85d2838ae8049dffed6b6b30c2011fd9042dd652f9a1733a2b6891870b426cf1985d41921e5360c9b1ae1330e20

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

Filesize
4KB

MD5
395286db3e67a59868e2662c326c541a

SHA1
716014d76622612a1bde2d4e1744d024f6d0b830

SHA256
02e48ee4e10354a2b2741d2e57ef565404753779f847906b5ae5c98ede06c01b

SHA512
64cdf1e6701ea57474051e338eee74859fc0ff4acd71ee0718a9b8cd698e94a9793c1901b6791fc0fc268c53fbc1e7e2f94ac1024f3f8765bf713954c194b0fe

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

Filesize
6KB

MD5
b9e30df8cf272813b121133fcf259752

SHA1
16706f982f16d5feb9c808f94b8cfa50c23f5d80

SHA256
88919d7be26fb3e06401fc0254733d92fd743ecc56da4177b41613e1f094c3e8

SHA512
7beb65c0477b02742741a8ce23557f4f15e8cf1b1ef03a6bbadbf594bdf2cd686d7356d93719111d27b309a10ca75846765a13bb3eb4d0411785dfb13a675fc4

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

Filesize
4KB

MD5
18aaaf5ffcdd21b1b34291e812d83063

SHA1
aa9c7ae8d51e947582db493f0fd1d9941880429f

SHA256
1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5

SHA512
4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

Filesize
4KB

MD5
8958371646901eac40807eeb2f346382

SHA1
55fb07b48a3e354f7556d7edb75144635a850903

SHA256
b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585

SHA512
14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

Filesize
5KB

MD5
7e1d15fc9ba66a868c5c6cb1c2822f83

SHA1
bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7

SHA256
fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265

SHA512
0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

Filesize
4KB

MD5
d75580775d67a85353189736222a8878

SHA1
ccb2275c8f5d119640064fd533ca15f30d93f331

SHA256
10720923c1048502c5191d6d1d8580e35e707b24d457941dae94a87371af989a

SHA512
757dd94a1e3debb2520855a3d00e44e3a98b5764caf9c16c8d088fc1a1f1024eed742f1051635721f4bf2c00d1dac11fd975c09a7f5df78d1863de88f9bbf9fe

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

Filesize
4KB

MD5
7913f3f33839e3af9e10455df69866c2

SHA1
15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25

SHA256
05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c

SHA512
534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

Filesize
4KB

MD5
5462f47e56b978659ef56f196db013f4

SHA1
4749824d4e909369f59217d4980963ff17353f3f

SHA256
cbfbe91d4a4661df814ea447c03f4ca872ef3e27073a1eb746faccbfe75afc8a

SHA512
5a437968fc06619cf553ced32dba9c7c948f4364f02c8017986e9a4f09e9832b849c7e0567485ca1beba34a258d29b2612ea3ed6045c81777e9a5201139f81a3

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

Filesize
4KB

MD5
9b0b0e82f753cc115d87c7199885ad1b

SHA1
5743a4ab58684c1f154f84895d87f000b4e98021

SHA256
0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32

SHA512
b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt

Filesize
4KB

MD5
eb8926608c5933f05a3f0090e551b15d

SHA1
a1012904d440c0e74dad336eac8793ac110f78f8

SHA256
2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04

SHA512
9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt

Filesize
4KB

MD5
31bd3d4d8de5af4642b21d586d5ee54d

SHA1
552bebb93c71cd8acd72558db1810530909fb276

SHA256
52f256ded29ce22945b5bc0ef7a227189dfa91da69265ec13283a7067c239071

SHA512
cea49fc70b18a1294ec7e564ff7f4d1ff7efeb0db1cf1b088da6adcecc282569380f225e9a150d1666c5c1977ba4de0a5d9d667c72cfb8569a50546b978e9132

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt

Filesize
6KB

MD5
e04ad6c236b6c61fc53e2cb57ced87e8

SHA1
e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4

SHA256
08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e

SHA512
0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt

Filesize
4KB

MD5
56dcf7b68f70826262a6ffaffe6b1c49

SHA1
12e4272ba0e4eabc610670cdc6941f942da1eb6a

SHA256
948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f

SHA512
c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt

Filesize
4KB

MD5
e9b8fccdb78bf9d275b79c75b2ff3e7b

SHA1
4b549411ed4db0f0a3699e76531353c226b06a76

SHA256
41ecfe0ffd6043a66a41bf9ea032712f2d1bbc19b434c6c666a107ee379f21e4

SHA512
4ce905a31f3a410712722271abd7e0a9a6c43646b61a321912b4a8e8f6fab68ab69add1d701c501bb069b8ecb65ecaf3bfa9be983933d0234a8c81c24bc6601f

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt

Filesize
4KB

MD5
b2248784049e1af0c690be2af13a4ef3

SHA1
aec7461fa46b7f6d00ff308aa9d19c39b934c595

SHA256
4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690

SHA512
f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt

Filesize
4KB

MD5
5c7bc92e0d948e3bba3f26f64a22fe7e

SHA1
bd259397a312bee9b8262058c30e0e354eeea93a

SHA256
5e6b0978fe8e2d14905f46e089b06681d6dfe76dd0c1551c168171ac4de75969

SHA512
8a6e18ce3d38a9658172b1871255a9941c572114137e468f130956c73ff13f282a46074a1dda6404dbdbf317ecdaadf01324194b8f8c081f862037784f4946ba

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt

Filesize
7KB

MD5
1a537a1d30fba1d3db449a9207b63835

SHA1
ab6903b4c8d6bd3571960b1218714b8d76b1880d

SHA256
49b6b664d50a1ae0c732bcfbbdd1db1812ddccf00bcf5f40200f0e7cff5542ee

SHA512
1215b0d017a6e3ea207edafe8edd500a91a7a971b2f989d8006fa65e475ae32ec00df3e8ec06b4077f64f5b789c536bfb9d8b9945ca0e0731d68e48876bd8459

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_turkish.txt

Filesize
4KB

MD5
29f9a5ab4adfae371bf980b82de2cb57

SHA1
6f7ef52a09b99868dd7230f513630ffe473eddf8

SHA256
711675edb20b3cb70acf6cf75f2eea8e0d87c8ace3e11c8df362b4517427a34f

SHA512
543fe63f791250e05e8fda24fd2ceadebb4c8925e8927de49ae490895c87eed3e61a9ad50237532649f99fe3165836261de215ee3f66ffbfc6d677ddeea7732a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_ukrainian.txt

Filesize
6KB

MD5
cadd7a2f359b22580bdd6281ea23744d

SHA1
e82e790a7561d0908aee8e3b1af97823e147f88b

SHA256
3dd0edfbe68236e668fb308f92fe7c6493dbb05bfca85a48de93588f479ccc99

SHA512
53672dd13e6ccbe96f6d4a61297c595b6d6cba8de92caa51ccf8ab1d8a82eea5a425eab348f295b9ec27de0026ef849d9230f751a46e040be8863923f91b8519

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_vietnamese.txt

Filesize
4KB

MD5
f8a86b74ce3b446e3111d1480b5feaf7

SHA1
af21c55fd6ac99e65db55af9b8f4ffe790c4382c

SHA256
8a049b6126e904dcb9ba5d8af21cc0ab25ca55221cf2cd48eea45504fe23083b

SHA512
70f8009f5940b10b77a6c152c8c73f3dd425fb9ac917014504e8116ef00032888de686271e0262cbe7a55c6e605e837dcfbeb54ece71e49646b1030195fa0845

Download Submit
C:\Program Files (x86)\Steam\resource\filter_banned_english_cached.txt

Filesize
1KB

MD5
2ab877286ba3ea65e11960beca3238cf

SHA1
7d23d001976f2df5cc5fe738b8bc4c08753b3fdb

SHA256
666e4a7caeabbeab0279b3fc0c4177a844784ac45cebdef946544bebaafab908

SHA512
e443a27548ca5c04135feb31c2ece9b27d8dc09e2659dcc57d26599d332b30e7c6e5d11268a614611ee230faf3bb3303d99c4afadc904bd9e972613c56f13cdf

Download Submit
C:\Program Files (x86)\Steam\resource\filter_banned_english_cached_timestamp.txt

Filesize
29B

MD5
d4844cc074a91d6cc599ee2142f37004

SHA1
f51560f479d903cb68da7368293146c14fdd6afe

SHA256
8d5341570c83f7b639b960a927404cf679f0cc51cab486e74812919568a86d00

SHA512
74de26e71bf0b9e15d35fff4f52f1361ea2b492ce8a6144f567986abfb8534f332d90945d0aa1d4de4cf70343fcd2f08f184f4a48b37f80670fc84eea24b640f

Download Submit
C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached.txt

Filesize
2KB

MD5
61d18907a85f6f263431e335d6ef5504

SHA1
24b135bf8a2e8fed724e0738f823051f87769f54

SHA256
a99f8dae7d1acac74fb32d07cfe0915f38f5bb3bae8b6d8161c3a515c6484070

SHA512
76e327b6cc6e70a8bc3b95e9bfb649eac89616592a8e9f473b574a0584853769f2ad99595de5e9fa85a324d03a5c0f00450a32efc84c5eca0fddff1f079b5ef2

Download Submit
C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached_timestamp.txt

Filesize
29B

MD5
89a8a2de41a799b67f36537b19d31657

SHA1
b219cb9460f686240723a07013c58ebd9d5f734c

SHA256
40e7dce76c19927704f026d07329203827ce1d542f4ce8b3f7894e200fdafc42

SHA512
c5ddf7d26929118fc665650ce4eb7cd97b32b8fef68ffba81d33345d62017b879c4ce4148fee15172d4ea47d11ea31ea499872b9517f69c88f4402cdf49d6285

Download Submit
C:\Program Files (x86)\Steam\steam.exe

Filesize
4.2MB

MD5
802c808569259798e06dcfd4a5e283ae

SHA1
7f8a3c552736f5a6d9eaf9b8d7c36853a80e1dc6

SHA256
617c39e8e5ea59aed52a614cfc71fbe619c2d270e225c303f4a2d70b07d495c3

SHA512
4e606e628da23259a3b5fc24c7519d9510c0a2df934cb6561a90642a593456d5aaa4a01c4a76767ce6625196b1b4c9222522ecaf25eb3b10da4f11dc28e5102c

Download Submit
C:\Program Files (x86)\Steam\userdata\1128306032\7\remote\sharedconfig.vdf

Filesize
164B

MD5
5b8386f7b70c80d4f40590e50bfbc8d5

SHA1
814083599a0a1458e8d45927baaa6b4159989795

SHA256
3369328f811324510cbb40cb11c12a8a137c682473a890ec547c21af8c56d01d

SHA512
2bee2c854cc0e7fb838c2647d6736051af82538fcd4ddfbbd06dc54cc3a28b62f348744bf622ec994a631b3c4613f76c8e06091b8a31add302be371c55d64fbd

Download Submit
C:\Program Files (x86)\Steam\userdata\1128306032\config\localconfig.vdf.async11012.tmp

Filesize
27KB

MD5
43f1a5604aff7eb03bee6243c6c6a91e

SHA1
aa1a1ebd6e59ab42483c17bb958b450af0ecdede

SHA256
c7297e70df37541684b5180ff665e2116c5aac7f7fcae618a32ac9f6ecaf4673

SHA512
523631a203b02fbf65fe7f1602a21363e26b1a67bb7c69d8727224b6b0c8be8700f33e87425ba0817ca038d3285a175d4a3f26c4bcc904db9d8aa85ac08a6c11

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\f_000047

Filesize
30KB

MD5
9a8a24184d5c09f8a9863e615f1792bc

SHA1
ff42fb33482f0765ac2055828a8f7a7b0e978dd9

SHA256
5f7bdb87482b35d0e89a1372d1aa4d0c1c7ef52ad5960dcdd111fd294d9151d3

SHA512
ab72cbc328c32272424edd3f95a9452d97f217f4a3def36ea4a5fde4a1b90bff0b7000b72305d02238aadea01c5d32dd820f383a5d91c3604a2a0f6718f3d5a6

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
ce4f6ed61d35a544855f09584d1d12f4

SHA1
7a2bcedb2da6cc0c7dad74e523d94e15b7efd7e4

SHA256
34725939ded3cb90fc7c7125ab0c91410538f64ec74afa83e8fe0f9fb52773fd

SHA512
99f6dd4f32c325dd5ec22b7b73a8534e7620e53ab766dc37cf3d41b864f8569aeefce4793e2ec361501677623ff1b82b0b19847f657e8a91144b7b8f2a9e2b37

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
bad80a12473a850ef039a189e6c906d2

SHA1
69f6e0cd386f95a9db096ae85bf42ae45acc18f4

SHA256
984136bec9f0a99bf23c2a53187ff86de10ea90e3ae50027e07f9799d301dc7a

SHA512
7e72e89f229395641f436538af1e5665adf76ff1a8fe93e26111a8f2ab63afbdb963544a2771f31010cc0214034f1e97bba87a2b8627f15857eae01462561eef

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
93b4cb38c50dc96dab04e8e61f4edda8

SHA1
2aaced69362d8dd5e8b8b867d61cc37a41375246

SHA256
195ffe8e40f6d8faee948c2d695cdeca668373ae1e4925c90ad04dd47b8ed652

SHA512
4587fbc6460c09fe98f8367e1532613197c19ab52a97db8e71ec37404d5643caeeae092604a2bcf93e70da1ad6b7201a824fafec95af63a1c810dabf5fed376e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe5a2106.TMP

Filesize
48B

MD5
29ad93223d19c811fec03e40829c27ab

SHA1
6cf2a1dfde74d3d277aad1f0b6b3d3c2baca6768

SHA256
8ec222f5a2131621ac6f5d8d58383f014d13d814d51b3892ab7828268919c03b

SHA512
a8219619d1167feda201b4df8c21cf8498f2ab80f70e0c91f509572412175ca2ffd179d0b4fe331ac349cf65d2100557c9bb105a5c60d54283496fd55a97beb0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_1

Filesize
264KB

MD5
3ae75e3e81e77f9ebbedf03f4b873270

SHA1
4071286c970f12003465cb177c421c9f63c843b9

SHA256
db1bda119a2c51f1723bb698af96ac37285271a4568519921c969f4319cacc5d

SHA512
0cbbf13243aa46086129f5b439460420201f7105c5dcede968c8e1555f0a49fd01435877b242d42b2c7cd1b985bbfcd2d5ecccd1bad137161115f8f8b548829c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network Persistent State

Filesize
281B

MD5
4f4fbfb7737e87cfbb80a987874860ff

SHA1
977da277e10611e94392aeb4d5efeeb991dba2ba

SHA256
920ca649d86c9cac8adfc9ce3da56344d15f6a1e2e7fa2b7e49824ebdc7a691c

SHA512
60a9c87360a8d1b256eb342a95e73bde00ffd268fd89b85d37807df8604391a0fcae1511b47d4a7fade76f047bf277ea003e29454546157d12cac993123b40fc

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network Persistent State~RFe5c06ed.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\TransportSecurity

Filesize
372B

MD5
6a6dfc9fc0f1ae8cd89d8a5d3d099a46

SHA1
d694cbc9caeaa96201ec39fde7c7cfc1c82ca37a

SHA256
a621d3c162b6ecd2a60232051f4e03917e180632538ee75f64759c27be7a93b2

SHA512
a26a09e71bb449b70a0b7ae16d01bd94544759144bd088804c1ca574905649eb1a17fd82b63c44bbac5bea491a7bddf6bc3f51d5889aa0cbb321c2ba4f82a3bb

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\TransportSecurity

Filesize
372B

MD5
c5b6265f645801e9924d16edb77c2ee0

SHA1
bc28d281f9222023817fca9ac342c075e0df3294

SHA256
f7bae8c2972c7038e878f1d0819adf3f88f001d2445dd33e02626249b8717b4d

SHA512
79ab601c27b348aa34c43554b6af3d5a7dbb831647940bb213558e76136deae7fbe84507b4d9704bf123a474cca62b552b41e63a5fb25c4448bdd30800bd330a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\TransportSecurity

Filesize
372B

MD5
6f80aecff51830e2f23eec52c4e449b5

SHA1
0868f5da1a05f62c2806a88899f53beda7d30621

SHA256
4c6522fea1ca180f15e78778792f1b5fea1292252c181c12bb56c75572d0fca8

SHA512
aff039e1a0d8867e74a90a41e9e6b5d7bcf212f558f6b238ded45cf594b1b54b6a5fa2a615594848556a86396e373e88e2fa1c65ebfbb9041fb7fb35643436d8

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\a37a31c9-8c32-4237-9a0b-54e06261e41a.tmp

Filesize
1KB

MD5
62e5ec92ba6fee1651e4dd1983eb24b8

SHA1
ad6e7baa1a8e14869be939b46ed4714d84f2836e

SHA256
d56daac5693279e9fdbb4c0a579be454d2593038cec04e14f3b1b65a3e996742

SHA512
7512049600899018ef3d4551da23d22ee848ecde2c7674bbd63f00dfe0fa6ba2226181479639fd791b0c8615f12000ecc5a10944787eda0e613f893d58a6c4ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4CE9.tmp\StdUtils.dll

Filesize
99KB

MD5
98a4efba4e4b566dc3d93d2d9bfcab58

SHA1
8c54ae9fcec30b2beea8b6af4ead0a76d634a536

SHA256
e2ad7736209d62909a356248fce8e554093339b18ef3e6a989a3c278f177ad48

SHA512
2dbc9a71e666ebf782607d3ca108fd47aa6bce1d0ac2a19183cc5187dd342307b64cb88906369784518922a54ac20f408d5a58f77c0ed410e2ccf98e4e9e39a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4CE9.tmp\System.dll

Filesize
11KB

MD5
a4dd044bcd94e9b3370ccf095b31f896

SHA1
17c78201323ab2095bc53184aa8267c9187d5173

SHA256
2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc

SHA512
87335a43b9ca13e1300c7c23e702e87c669e2bcf4f6065f0c684fc53165e9c1f091cc4d79a3eca3910f0518d3b647120ac0be1a68eaade2e75eaa64adfc92c5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4CE9.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4CE9.tmp\nsDialogs.dll

Filesize
9KB

MD5
0d45588070cf728359055f776af16ec4

SHA1
c4375ceb2883dee74632e81addbfa4e8b0c6d84a

SHA256
067c77d51df034b4a614f83803140fbf4cd2f8684b88ea8c8acdf163edad085a

SHA512
751ebf4c43f100b41f799d0fbf8db118ea8751df029c1f4c4b0daeb0fef200ddf2e41c1c9c55c2dc94f2c841cf6acb7df355e98a2e5877a7797f0f1d41a7e415

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4CE9.tmp\nsExec.dll

Filesize
6KB

MD5
c5b9fe538654a5a259cf64c2455c5426

SHA1
db45505fa041af025de53a0580758f3694b9444a

SHA256
7b51372117960e84d6f5eb3a26810cc044ff02283b3d656a0a456b0ab5cb8ea7

SHA512
f0f8a5570c01b16e54f47502e867ffbaf162b44a847c0ffc8062d20e9492114229de5d9d2a836da256fd3f9fb493536bdbf148d5308695b16c0e98d20d8926aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh4CE9.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
9ffad5a3510156608d8da5f9560b4c10

SHA1
740e6eb3c72b607bf283125cd42ab6b2a7069ab0

SHA256
5fa2a9153be81c7dfb1bb0bc6a5af33241f0332149fe7ef344cdcdac9654a39d

SHA512
dfaf5661a8780fe9fde31e1a8e2e37423ad96d9f6270b3cf952cc139965465ca00a0389272c4c6cd4e6f69a66cc179790245f04e1c6ff7779220c9567ad086c2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
e19eaef9197b0bd9eaee8d0c9e7cdc5f

SHA1
c9781eb50395d20ea597131a943b0cfd1b87be22

SHA256
e0733621077e54cc0745babb735a97300b2b0552b8bbd6ef8a76c4d1877b7ca9

SHA512
51b837fc51a1f920a1a5c9a0d9bd1053d4caaaf01956204910034db26cfce4a4a791f1ebc514bc761352752c436a7977b9aa9834e123f1e675f96d2bf74036ae

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
c258bd74f6f0affa4a68a49e6c862a62

SHA1
b725e436ecffbd1a32b4109c8354c21455b1edf5

SHA256
7df15f431881bf4b87c44f231757f7cdf6b8c53bb064532ee7b321c1b794ec6e

SHA512
2128d60cd46de9ddccdbe718c1d48f379b6bb41e8c3839f877f505790ce47961d8074de21ed16d34b2e4cc26e7f33701bfc526df131bbf1da18ee8efc6f64007

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
69befedea7d8acead74c855302b9f689

SHA1
6c3a520c7decd405ff8d327c84220fe74daff1e1

SHA256
faa7036de4a10de9d9b88faddaf4c475ca759b90d6a88bafed739616e49780e9

SHA512
f108b086a1c052ca3a2b79cf4dca23323aae17c7a0a0559ef4f5aef46ac86e382c012e519b42641923a7ac66066ef6f5a6f680e2890a1eb31edfba997a74d2aa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
69a928be82fc23cb80e4eb7fdb1ebca5

SHA1
43dab6b8bf21ce9a56aeec576d7b2597b613f8e8

SHA256
56335d40baf54585c5ae29d83c347911e44f764e664e1f78b9468d290fc6eb88

SHA512
385180a471689b89d0362fe53191421551f8297ea608dc8f06b5a5ca12d8f2bb6904888e74683e17d186779b348abdbbfcb29c93f6f92e6d2333803c3c35bad9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
5548b9c969415624901409cb0ed43770

SHA1
7da7d6c3df6388b15b3947c1a85f6b7b488efc25

SHA256
6541bdfdb166e5d097b9fd8099ac43242c6488d85f4f8774fa54d9c8616217c6

SHA512
0f2eef615ef4ef1ac96d65001ec59ccda16f03cb76fc5e57c110faf28bb75a9c9cedbbbfb1ec1f293311573d30098d1f2117a44b2945aa04faac07c2a759da8d

Download Submit
C:\Users\Admin\Desktop\ConfirmUpdate.exe

Filesize
729KB

MD5
136029068e2c8cb56cac98de86e5ed42

SHA1
03671044f38e10665cd16f918ca68fb932c3547b

SHA256
c034ffd9cc24bd38e7933764f05508174a9e8473d3843e99f58909826883e53c

SHA512
e87f9ae12fadf91b9f2808619e572336a879d3a2c4d5f75addab67ee9d834ecd7870901a40c130c1cf192fb2844e14b09e7fcf18d92e4a1cc80e2119673286a3

Download Submit
C:\Users\Admin\Desktop\ConvertMount.3g2

Filesize
1021KB

MD5
4c00bd04ffb61b68ea74ba458bd6e8ce

SHA1
ffc627b11143877957150d37049ab9408097b37f

SHA256
bd6a5a6009398e842f67def66b6f31d7028ea637015ba6c20627039088bc24ae

SHA512
54737a206096bfd11ce63551f8bb05a7f9151d1b6bb01f55ada3b441ac706b912712704660e9e08870375e52868c4bc6ccb9d404a47e9dd9e4e4746177799ebf

Download Submit
C:\Users\Admin\Desktop\DisableLimit.odp

Filesize
535KB

MD5
d2cfbfebbe3a4cfffefe5429f63f0c91

SHA1
93852cbd8acf64e48f4d515b8157f2315cb39ad0

SHA256
c4e59487c268be8adc6bed52d90addda6140a9fa327934d19e08121ec202da1e

SHA512
f7147b49f0227a9be04235585f31c871be74d06da82b6f6ef998b98fa99f2f0c44bb125abb37ff4c6b160395f260697c9fa6ed4d0bcf40dc6cd940c2cc982756

Download Submit
C:\Users\Admin\Desktop\DisableStop.bat

Filesize
972KB

MD5
45f0008047e93e2cf073760830d1357d

SHA1
cf600f41e63f31f75c17d190dd5e9c908cd1b24a

SHA256
57169a089319976692637a9369adfa199700ecbb5c098cc71f69c9b96b33f96c

SHA512
19bbe66a0ee2e19701cfac14a7433b1caf3b3a5cbe3c64ceb2d5700e0256cb6878b071442935dae6420d2344d49341d738aef8aad0032cd734762f01c0d3e83d

Download Submit
C:\Users\Admin\Desktop\DismountRead.aiff

Filesize
1.0MB

MD5
99b0fc151392d861588404a47c2102c4

SHA1
18027be24f5c948a1af77d13f32f6a786d1fd2eb

SHA256
625e2d253b0c7171774a25e6134c7b0013983b27ca160ba32f31c29a8641c610

SHA512
fa1a2ab5913497ad99fd231589abdc6ea2e83ab0ebfecea7ea863dcb4d78cc22541cee162ad1f4d85e6ebb99e403fb859f83db8a5940e3f827455e11e42d570a

Download Submit
C:\Users\Admin\Desktop\FindSelect.asf

Filesize
583KB

MD5
369e44d6033490d244c60d627c41c369

SHA1
4c8f08f35c1dc1c17152b0f1235acbf4d4942451

SHA256
0540fcb35e1cd57a25f5b20eb7e2192151e11b2e920382da45a88f7ba2087af4

SHA512
ef8fde90d51fbdf8c1e5c4f74462251cb24d01465b4f9a6f78a30a058b2e832eb61075337b2eefc6bdac095094a8ba707c5134bb41970a557559a52a574cf4a4

Download Submit
C:\Users\Admin\Desktop\InitializeDisable.3gp

Filesize
680KB

MD5
a3986d23ed22b51f3647f6416dcf16ed

SHA1
30c55f81fc521e8d45b3778b1991997ebdb7f3ce

SHA256
9ede3e0f826b5f35d43307c1cb0c918a92526ecbf6b93866b09ad25f106ebee1

SHA512
4c6a731093d23fce2fa373f38fab4d749388283e45e5c96ddb69c353f6d2d12256631278c632a4e1063c564a04ee8e8861b0269cb4229e8d764b545d83548383

Download Submit
C:\Users\Admin\Desktop\InvokeCheckpoint.sys

Filesize
1.9MB

MD5
b76b2ad74b7aa21544cc68888ea04a6e

SHA1
66a16ceb8760723e25988ae61c3b0e8aef4e451d

SHA256
87f226b921e79d23a39fdee58928287d580c8e15738456114c480afb7b3c5de0

SHA512
4e31a91ef8d8a7b65fed91d029da3c38f94a490588a79d1a05c90e22091543bdf80686553ce45ce15cfb995b42f732ac5d894dc8939ac685df7f0a079635ce92

Download Submit
C:\Users\Admin\Desktop\ReceiveEnable.DVR-MS

Filesize
875KB

MD5
3610dd2d0032328224c221a7a7a33150

SHA1
9372e27a97dfdd126d7ebd48ff537e40cbe50092

SHA256
e406fbd217d7e736f78c7d91cf92674d36e0647dc8fc929fed6f29b0488fb227

SHA512
67649c5a3fae7aa2aa33ceaa1f8510a5454c8bdb2dc4f324b3047d6c0f60fcec438351d8fc0a675ba23531770bb50a4f572cae5e041df9a5aa02412022f6de4c

Download Submit
C:\Users\Admin\Desktop\ReceiveReset.search-ms

Filesize
826KB

MD5
c0b16c7f1a2eef2a01c5bec8903325a1

SHA1
6e527684ab8efb5f86de9dce865d2844c3b68d66

SHA256
c44c74a9a88b20b9258c1763367535e3ea4bf4e4ea022ae370a842ce1f238b50

SHA512
05a2f21cf278d684f7e3d2808c99ad8a0a9c859c6eb48f038e87a74499607b0bf0b7ead3dd2e335cd82e8a45d7a9ce7ea7e34f68e898dff6e96a3519247d8afb

Download Submit
C:\Users\Admin\Desktop\RepairDismount.wps

Filesize
924KB

MD5
15a47e2244fbbeb3ddb541b3598c43f9

SHA1
7a98a422499faea6ee0b88a201cb348304624a69

SHA256
5d03f3c5e89485d3708492057c7cf6d88a695b5d2681e152bb845d3e8367309c

SHA512
f48dbb7cc7acf52cafd7a3b439b38ef6ffcf083fce85fd78f4d31e632d3c71e56b2a32539e6dbce3583f29ca8bb8a81f35cb4bcc49bc2fce1bf58faba630565e

Download Submit
C:\Users\Admin\Desktop\StartApprove.jtx

Filesize
1.2MB

MD5
9db28efd4070e146f25bfea1a84d2dba

SHA1
13baa3515c440406cbfce2414e0e4c899e207e44

SHA256
4857ce635b42a9a06d615881bba34f582638310324395a68819c61ed8d0fc626

SHA512
a00b999d650222c8d41853761964ca61fe2e724319f6cd1992dc95e2f698b4e1e516eea40f4b479b93943f5ecc853c8d1678ef099bf97e70cea8863aaa7d53b6

Download Submit
C:\Users\Admin\Desktop\StopBackup.jpg

Filesize
1.3MB

MD5
f9e38a9b4379b8c04a3f322f4e3cea9c

SHA1
01778225ccda9497dad349062a6a37f62ba73d87

SHA256
636abe89fbb3ae57863a4a0e4b58ebbc6c43069cbbf5aec53eab81607d3a45e6

SHA512
291838e4584087aa440219d5e9b36dbfc765d736e17381ea2be8a97caccf9d482542256601ee79aebdf054485cf07fa58bed042281475a23f1fe859bc421ea5d

Download Submit
C:\Users\Admin\Desktop\StopSearch.m4v

Filesize
632KB

MD5
a6c776ef26b9d05ad5d41817d98cefc8

SHA1
7786c5a8c35ca5ff2c864cd2b93092585ad39261

SHA256
7439c58dd197d85e884d3463d11d6bae06e459acd00b19290239a8168bda9904

SHA512
3afd7933801addf38666326560120b8d659841dea79b259c8243511696cb1ffe87a1062e481d6821e0218233932cf985879ddee30e67829f135d7c97877ee302

Download Submit
C:\Users\Admin\Desktop\SubmitRestore.wmf

Filesize
486KB

MD5
3ac5a02727c48caf0b3c8d143174355a

SHA1
0284c8b60660250fd71ec35c685814ea49f11ee0

SHA256
150d4125b851b5aca465785255728164194af29116b9ad715960bcd54fe3c9b0

SHA512
a79364701ddd64d7b7b6881002e3aa7d6ec1c610c3456438bc251f2b73f902afb76b4630bb95a9c8706cc8f6283386a7dd9a2fb8b64cc709f56384f919d08efa

Download Submit
C:\Users\Admin\Desktop\SyncUninstall.xhtml

Filesize
1.1MB

MD5
0470195d4516ea2be6d3f3befbb089d9

SHA1
05d74552a535c32c255fe9aa27fdf06455483474

SHA256
50d0866d91cec3ab7479003da39d810268319f8f3808807a0ef281fe9a493bb5

SHA512
8d40f349c986afc60361d89fc411b16a4c9aead1f2831ef8b71e7a10310c4c1cf2515076629795192d4deb4c8e5718d5a49e23a6cfe1e6f3e6f60772fb4f6e87

Download Submit
C:\Users\Admin\Desktop\TraceRevoke.i64

Filesize
1.2MB

MD5
83cb4602e500214acf77d38f67d39dea

SHA1
20ae33355aafb4f10bb28be17e050a360b91f9ab

SHA256
7b98805c8e221c41168d9d67d8693ac4bc7853600e41d31b8325557073ae1d6e

SHA512
d5d239bbe8a0d2461c04d100cff42bfd015246085f4459a373dbb8f327b7a7db3692daa094e2195dd63ec9324d5616d4245e4a248e9ff092d67636da7744f780

Download Submit
C:\Users\Admin\Desktop\UnblockOut.xls

Filesize
1.3MB

MD5
3edc984bf10e0df0166b6420437eddcc

SHA1
88ccbb4f065db7bddcde4c753efebbf8ec9f3ed4

SHA256
b426f04773949851db7d76b3ef6ca8bc23050fa92870eee39eab1833710021c0

SHA512
cbbe4d3b988229fd4eab67fe1888b6160c128ce2f203d2d19f5bf737ad1e553696404cc05f6aad58b7c28c46b1660bc496d65cd8eb21e1c36aaeaece0c5161ed

Download Submit
C:\Users\Admin\Desktop\UnblockUnpublish.css

Filesize
778KB

MD5
2906ec4ebe0ff0a972776cf6c7c3f3a3

SHA1
c238d6623078fa8d0b826134bc2f5d9237986aec

SHA256
2b0b418b887cdd22c01341ad9f7851813903c0a87303b4f7e4ac7b4172370203

SHA512
93894fae451431fd67ab32955cd0ec7c0f82b26bb46534010db0aa3628a227198842f78f5b2c5b86a7fe2918d9a591651f0b85e4020ef95c2338105c911a2b1e

Download Submit
C:\Users\Admin\Desktop\UnlockMove.cmd

Filesize
1.1MB

MD5
c2d9085ac95435cdc91b2e3b8415b5aa

SHA1
23e408774396406aa86bdf20aa004584c5b5ac95

SHA256
41ff59a73ed61d9b3aeead4b232c6768c3f2df7970db1d4ee46c4d6be27f0530

SHA512
22a52d068de246ec8ab5d17f4d93afc6dfd8fc51660cb8fca783096f7e02010dd38799cdc8a125727d27a0bc92322c4e2a91bc146074e696a7d3f8995c3d807a

Download Submit
memory/1572-12395-0x0000000000730000-0x0000000000BA6000-memory.dmp

Filesize
4.5MB

Download
memory/11012-12524-0x000000006FB50000-0x0000000070E47000-memory.dmp

Filesize
19.0MB

Download
memory/11012-12497-0x000000006FB50000-0x0000000070E47000-memory.dmp

Filesize
19.0MB

Download
memory/11012-12542-0x000000006FB50000-0x0000000070E47000-memory.dmp

Filesize
19.0MB

Download
memory/11012-12528-0x000000006FB50000-0x0000000070E47000-memory.dmp

Filesize
19.0MB

Download
memory/11012-12520-0x000000006FB50000-0x0000000070E47000-memory.dmp

Filesize
19.0MB

Download
memory/11012-12516-0x000000006FB50000-0x0000000070E47000-memory.dmp

Filesize
19.0MB

Download
memory/11012-12512-0x000000006FB50000-0x0000000070E47000-memory.dmp

Filesize
19.0MB

Download
memory/11012-12506-0x000000006FB50000-0x0000000070E47000-memory.dmp

Filesize
19.0MB

Download
memory/11012-12502-0x000000006FB50000-0x0000000070E47000-memory.dmp

Filesize
19.0MB

Download
memory/11012-12616-0x000000006FB50000-0x0000000070E47000-memory.dmp

Filesize
19.0MB

Download
memory/11012-12493-0x000000006FB50000-0x0000000070E47000-memory.dmp

Filesize
19.0MB

Download
memory/11012-12489-0x000000006FB50000-0x0000000070E47000-memory.dmp

Filesize
19.0MB

Download
memory/11012-12476-0x000000006FB50000-0x0000000070E47000-memory.dmp

Filesize
19.0MB

Download
memory/11012-12472-0x000000006FB50000-0x0000000070E47000-memory.dmp

Filesize
19.0MB

Download
memory/11256-12473-0x0000020171290000-0x0000020171A3E000-memory.dmp

Filesize
7.7MB

Download
memory/11256-12403-0x00007FF94F770000-0x00007FF94F771000-memory.dmp

Filesize
4KB

Download
memory/11784-12474-0x000002085BD00000-0x000002085C4AE000-memory.dmp

Filesize
7.7MB

Download
memory/11784-12475-0x000002085BAB0000-0x000002085BB0D000-memory.dmp

Filesize
372KB

Download
memory/11784-12418-0x00007FF9513E0000-0x00007FF9513E1000-memory.dmp

Filesize
4KB

Download
memory/11784-12417-0x00007FF950560000-0x00007FF950561000-memory.dmp

Filesize
4KB

Download