3b616cb0beaacffb53884b5ba0453312d2577db598d2a877a3b251125fb281a1

Analysis

max time kernel
152s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 20:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Steam.exe
Size

4.1MB
MD5

b4411620a3551834e4f699cc5a9b27e6
SHA1

5093960cc86613e310d13770b5adef00fe93f3eb
SHA256

3caf4a246169b2d30c6bf18fa0b7a4a01bbe933cfb781f3da4c6b3cb67b59d04
SHA512

47dde07212c2d5eea548d7794fc6bb9d86ced9a0848aaeab81fa8844fc5cab7eac58e386e96a81c663b914c85c0a7116033e2b2cfd18559d40aa6c83f9a6c024
SSDEEP

98304:dDokH1WPirCS6Ijt91p2GWNzSC34g2FiiIk:ttHSiJXGNNiE/k

Score

5^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe

Executes dropped EXE 10 IoCs

pid	Process
4336	Steam.exe
1804	steamwebhelper.exe
2924	steamwebhelper.exe
1576	steamwebhelper.exe
5252	steamwebhelper.exe
4524	gldriverquery64.exe
5108	gldriverquery.exe
5856	steamwebhelper.exe
3696	vulkandriverquery64.exe
1712	vulkandriverquery.exe

Loads dropped DLL 38 IoCs

pid	Process
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
1804	steamwebhelper.exe
1804	steamwebhelper.exe
1804	steamwebhelper.exe
1804	steamwebhelper.exe
2924	steamwebhelper.exe
2924	steamwebhelper.exe
2924	steamwebhelper.exe
4336	Steam.exe
1576	steamwebhelper.exe
1576	steamwebhelper.exe
1576	steamwebhelper.exe
1576	steamwebhelper.exe
1576	steamwebhelper.exe
1576	steamwebhelper.exe
4336	Steam.exe
5252	steamwebhelper.exe
5252	steamwebhelper.exe
5252	steamwebhelper.exe
4336	Steam.exe
5856	steamwebhelper.exe
5856	steamwebhelper.exe
5856	steamwebhelper.exe
5856	steamwebhelper.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\	steamwebhelper.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\	steamwebhelper.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Steam.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
5252	steamwebhelper.exe
5252	steamwebhelper.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe
4336	Steam.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4336	Steam.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2848	Steam.exe

Suspicious use of FindShellTrayWindow 16 IoCs

pid	Process
1804	steamwebhelper.exe
1804	steamwebhelper.exe
1804	steamwebhelper.exe
1804	steamwebhelper.exe
1804	steamwebhelper.exe
1804	steamwebhelper.exe
1804	steamwebhelper.exe
1804	steamwebhelper.exe
1804	steamwebhelper.exe
1804	steamwebhelper.exe
1804	steamwebhelper.exe
1804	steamwebhelper.exe
1804	steamwebhelper.exe
1804	steamwebhelper.exe
1804	steamwebhelper.exe
1804	steamwebhelper.exe

Suspicious use of SendNotifyMessage 15 IoCs

pid	Process
1804	steamwebhelper.exe
1804	steamwebhelper.exe
1804	steamwebhelper.exe
1804	steamwebhelper.exe
1804	steamwebhelper.exe
1804	steamwebhelper.exe
1804	steamwebhelper.exe
1804	steamwebhelper.exe
1804	steamwebhelper.exe
1804	steamwebhelper.exe
1804	steamwebhelper.exe
1804	steamwebhelper.exe
1804	steamwebhelper.exe
1804	steamwebhelper.exe
1804	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4336	Steam.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 4336	2848	Steam.exe	92
PID 2848 wrote to memory of 4336	2848	Steam.exe	92
PID 2848 wrote to memory of 4336	2848	Steam.exe	92
PID 4336 wrote to memory of 1804	4336	Steam.exe	93
PID 4336 wrote to memory of 1804	4336	Steam.exe	93
PID 1804 wrote to memory of 2924	1804	steamwebhelper.exe	94
PID 1804 wrote to memory of 2924	1804	steamwebhelper.exe	94
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 1576	1804	steamwebhelper.exe	95
PID 1804 wrote to memory of 5252	1804	steamwebhelper.exe	97
PID 1804 wrote to memory of 5252	1804	steamwebhelper.exe	97
PID 4336 wrote to memory of 4524	4336	Steam.exe	99
PID 4336 wrote to memory of 4524	4336	Steam.exe	99
PID 4336 wrote to memory of 5108	4336	Steam.exe	100
PID 4336 wrote to memory of 5108	4336	Steam.exe	100
PID 4336 wrote to memory of 5108	4336	Steam.exe	100
PID 1804 wrote to memory of 5856	1804	steamwebhelper.exe	101
PID 1804 wrote to memory of 5856	1804	steamwebhelper.exe	101
PID 1804 wrote to memory of 5856	1804	steamwebhelper.exe	101
PID 1804 wrote to memory of 5856	1804	steamwebhelper.exe	101
PID 1804 wrote to memory of 5856	1804	steamwebhelper.exe	101
PID 1804 wrote to memory of 5856	1804	steamwebhelper.exe	101
PID 1804 wrote to memory of 5856	1804	steamwebhelper.exe	101
PID 1804 wrote to memory of 5856	1804	steamwebhelper.exe	101
PID 1804 wrote to memory of 5856	1804	steamwebhelper.exe	101
PID 1804 wrote to memory of 5856	1804	steamwebhelper.exe	101

C:\Users\Admin\AppData\Local\Temp\Steam.exe
"C:\Users\Admin\AppData\Local\Temp\Steam.exe"
1⤵
- Checks processor information in registry
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Users\Admin\AppData\Local\Temp\Steam.exe
  C:\Users\Admin\AppData\Local\Temp\Steam.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4336
- - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
    C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=4336" "-buildid=1705108172" "-steamid=0" "-logdir=C:\Users\Admin\AppData\Local\Temp\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Users\Admin\AppData\Local\Temp\clientui" "-steampath=C:\Users\Admin\AppData\Local\Temp\Steam.exe" "-launcher=0" --enable-media-stream --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --disable-quick-menu "--disable-features=SameSiteByDefaultCookies" "--enable-blink-features=ResizeObserver,Worklet,AudioWorklet" "--disable-blink-features=Badging"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1804
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\dumps "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1705108172 --initial-client-data=0x370,0x374,0x378,0x34c,0x37c,0x7fffbdddf070,0x7fffbdddf080,0x7fffbdddf090
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1648,5084187065492493625,3029286210787566061,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1705108172 --steamid=0 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1656 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1648,5084187065492493625,3029286210787566061,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --lang=en-US --service-sandbox-type=network --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1705108172 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=2196 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:5252
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --field-trial-handle=1648,5084187065492493625,3029286210787566061,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1705108172 --steamid=0 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2516 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:5856
- - C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:4524
- - C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    PID:5108
- - C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:3696
- - C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    PID:1712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5312

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x44c 0x338
1⤵
PID:5224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
0afd5a1516f542fd25b09cdec1df6c57

SHA1
7ab76e6f5392984ee5ac0460338054a8714804f4

SHA256
be9ff8ad1832d13759ff469918c4cc61dcadc268f72f4178003c0bac85c86378

SHA512
e84870d913d69caafc1f6d0c76a96b638ac2a52b11bc1266216df11dc2e4597d4e8a72880c088b6a0350df7eed0b3c02ca8426bc57562f870b24869b8a8ad865

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
807a525c3ab2ee61b7be23f3388ae8ee

SHA1
da0e20a3e4d8a534a4ff04aeb84bab38cbbadbf8

SHA256
ca5a49b1f575066803c33ee6679b1a9ede958864e1e224d45aa5d25bbcb46019

SHA512
d69ec8428eb2a859278c2eeaa2d4483fca74fb2e3c23e6e9f1d64558d00e963ff7dd02db8300c1bb02c4d64750f6a75972ab378d7ca070860b2bc3a497c3f3b3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\audio.dll

Filesize
178KB

MD5
65a946210b9b62d36bbfc0eea49e7925

SHA1
7dbbee4062ef5dc987c53a529486b68da6ef7b54

SHA256
c7f60c6e0e54a57ae5b3da313dbf684ae8d0821c9e30947ab490ab44897a26d1

SHA512
45a3d7740f0256a401107dc871d09d0bc4ec3a89a18809dc3f42669890924be2f77869c99338e706b69dd5e088d27cf58fe3eac041db1c769b55cc9a4e7680c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\SDL3.dll

Filesize
1.5MB

MD5
f9da6238b407a064ad6f3b30a16c38a2

SHA1
4bc44980854c26775fbf391c66cbc3f27daa5dd4

SHA256
5448c86bab6e7d49e6cc9fb4cfd0129d463beacde777fd5dcec9783f449ba790

SHA512
80e253dca0fd32b846444e4d79f9c73aed74f423197596d4e87e043736754d65fd634fd69b2b48df1a6321980438f8b253e883eda45162238cec573175b90681

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-console-l1-1-0.dll

Filesize
23KB

MD5
5687e338a8b1864c970ee403619207a7

SHA1
8d1fc0db262b16f453aacd6f04e401b43f2e9a7f

SHA256
57b87f09e8b98647d897f865cf2924c661d25d5e833a1c32b9e131055e910635

SHA512
12a3afe2e38450635ba13b5c1f74a8a1daef1ac2dc56fd4c3e75cbd545c6739951c347f87756ee432788fc7e1e748177afd2ffe4821439b84ae52ce3246c8f8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-console-l1-2-0.dll

Filesize
23KB

MD5
469fd67e2c9c04d0dc5a7851a6f79407

SHA1
e4556cad36804e4258b5822b87446ce7bc2d4c8c

SHA256
5a64723bf2b20c3b2115c15b3aa1cbc0aa2f83447ea222e7a19e9f988ccc3017

SHA512
458958b64bd9e52ae84628cfc9aa346994270ae75ee8307c33836a145594a278cde5626890576b03f3d5f384c966fed8f27dc07b117fbb43987e6e1544ba5a6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-datetime-l1-1-0.dll

Filesize
23KB

MD5
b290ff37e5b7066ebccd32c58ab251ba

SHA1
3d4cd4dfbec4ca7b8a10eac1a26248e4240df602

SHA256
1bb364ffe1f0bceee738da30816918a6f37f6aa70210816bbc2420dbdb006ff8

SHA512
0fb078fba9006f8673e9a69d5a8e6e868c7e593d36a2c4befb81043f35f0d179650f67b1e7988046c214ae163a39021790434ab8fb4ddc1a081a8a702d9f6908

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-debug-l1-1-0.dll

Filesize
23KB

MD5
8a7e67ad6ac149b8f2f91aa1169cb0dc

SHA1
d7d9675b811f4cf80b57d6c71172ca128d0ecb0b

SHA256
8234df20fef3fd0c2891c82c5ff3b54357a9caed98ac63eb9d3d3f52d66516a7

SHA512
840970d68772c4777ad29ff7b9a7869339903f085ef883ff02b0ac2abafd14f65a325b3e6f988c2fcee169e3712512d8718490d5c8f773a66020ed5d066cde8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
23KB

MD5
7b2911f10cb4c9339cbfe21b5a533c35

SHA1
032447649731371425bdb1d53b941c67e1288607

SHA256
1794cdf4fb1f7a455a2d19e8474d7e905107e19121c7e777f0e760f232f73b42

SHA512
8123deefc81fc5eb16573e18c9cab938f8fddd645aa7b8b5ac775d6e6b35ea833548b81f1b051464511dfeb8611c06d35ca6973d474e212d2394737629ade6f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-fibers-l1-1-0.dll

Filesize
23KB

MD5
c5ea95940f668bdb97a9400897c85169

SHA1
9bd7e47aa4f50205b3e3029125dc4d27d807c292

SHA256
9846d545885bb4f0f315d0fdfc1fa8c38f148bc09be621abd66055b6b3e6842d

SHA512
5fd023863e9102c230130f980fd8cfa761eb97bb75fc13e2b1736946c84ef875023b68e301e7a024218ecf7e01b3c94c1dd946b4a78a723969be5349241c2abe

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l1-1-0.dll

Filesize
27KB

MD5
0af9fe5f79904532caa1b26ed257d2da

SHA1
cb449909e738bf8a3e66d503828e0cb3337f6975

SHA256
e49686170536fb8ff392df5aad983c76ebe46a9d76d1a536855f78b37658571e

SHA512
788f9f29800f0a4c2c8a1b7bd2656cf39964b102ae3332d981545ab13be9d33cf8acf9fa58a0b10b643f48777a1d238bfe280525016b358fecaca8e1086bdc75

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l1-2-0.dll

Filesize
23KB

MD5
788457947fdceacfd6e7905777d989d2

SHA1
6a52a065a6aa905bf6dc8c10c7cebc6e616eb902

SHA256
ddc8356eed890bafe69e435bb63d4aae35a5792192a46ce9489c5da29c37d14f

SHA512
a91f7bd64bb2ffa4dc03921dee43b2d0a5cb69b508df17760cf787f667303e9267d6721670ade4d440a200e2a777963d7ad4377928d6aed1862bc44bea428d1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l2-1-0.dll

Filesize
23KB

MD5
21d6f2afc2f534006872b897e5b0a5af

SHA1
0b24bdb543722318550e092a098b57e621b6bae0

SHA256
e0dd6088f58e9661ece1363bfa58e8709383e928e41aebb62a29df52e4bf01a7

SHA512
356b1e8f42d5a184be4c88e83b20580bca6b2cec93c18b3a96117614c8884fdc4fd00e86298a2cb5efcbf9f519e99e7e406cb8444f941e4271a36cc5ee165c2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-handle-l1-1-0.dll

Filesize
23KB

MD5
f58a9a0453b933ef66dfdfc8bb1ac8dd

SHA1
fbe88e55f3857496b34565ce8b07eeb95d3cad4d

SHA256
765de83d4c9ff03035e1c615a2e2584bf5f04b548ded431d3a16bd2085c0d35a

SHA512
ad71d9515e11bd050b1ddbe3980ffa74b678d95fb48d57a3070d9a6586e82b246608b177789ee6be6e828813bdd38b07d8fe737195c9166a6a94fc3623ec66cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-heap-l1-1-0.dll

Filesize
23KB

MD5
cc56d814acadac29b6acbf43bbf5b0b1

SHA1
867ab3b44a2d1ef170dc4bf2c6d63bf0985f38e6

SHA256
95c8e86bd85e0ccb996982adcf7bec10f534cb422e19c9fb102ee37ff8b5aaf8

SHA512
1052aafc18ee23a66fdb6eb05e3b7121485885241ab5c11f5bd5c4932cf20b6199b5775888e13e7e6219dcc41782d63add30a269504678dd42418a6dfa2039f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
23KB

MD5
7c24052cda173924c0bc6a909e9a1ccf

SHA1
d87852afac74fe8dfd129182bc00378792bb555f

SHA256
26d64f4cf2102c87526dac189d02532d34d590129f5845a4b34242885266f6a5

SHA512
46a3c88d1eed9f20ec20c8c1bf885ef216f45388553a332a7f20b947ddfcb08f4b16d733eb6fffb5da9d95fb4dc86bb7221d4ec3feb47e05f55c11fdc7be09b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
23KB

MD5
0e0bb13cd88601fd0fb6ccd073d6a325

SHA1
7aa7f74d165be9b079b5577c4f24ce4bca5f0910

SHA256
3cc1e9ea6a9a8ec1f4ad333c68434d40e7d19f4ed67ecc14e6d8227daf2e8a51

SHA512
66bf9f1697b1859ce0d6e1c18a218da461a5d027261c78ed7978b4fff118b8260dafe116ea4367da1e0ffbc115fcc308e228c9c9fc5a3142efba251f9d1934fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-localization-l1-2-0.dll

Filesize
23KB

MD5
5898a86b94a00a97dad025bf1add6110

SHA1
67b8d4c91a2823cce50101bc058c74790344821b

SHA256
0e07b171857f69ef53035d3acc52630105b18b858a404e97801a7082dcaa5f1e

SHA512
92d81a091df877db3602328a8075a8734fd3201e898498107fb3c75515c511227e0c2b84e4c03dc65d939876608b61505392c086746f9b8591e30c7817c93758

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-memory-l1-1-0.dll

Filesize
23KB

MD5
35a76295eba80f4f3450dde0216414cc

SHA1
367f643aa4d2b5b9eaff6de43ea3e1987d571fc7

SHA256
8a4d896622106b73e4767ebcfcdea0faa43f7fa0484ee7b617ea9c482ff80f38

SHA512
d6b8f9e4424b47e8829253074fa085e9891ac1e08a9231228d7e9fcea4687abb2a07362b4b3b27c4b3534eacb7b910b14f1cc933ff03ac1f7cb2f83bf49bba3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
23KB

MD5
673c4ed305d97d1eb2fe0df46b71ec46

SHA1
3973177d432ff4cf9c056329b36e8f5df262a26e

SHA256
835f2eb849901cdeb43f8b8ef7b72c2213f3fab82e283d69203eaf1a085ed3ab

SHA512
797f44b6a838bb44c9e03fe2940bdd9e842e6a637582af3ba0e56cb7cba0044b62add145f54e3c8612c9bc95c9a0995a66b4fa62a69962d2770dbe45e57d7e56

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
23KB

MD5
24cd450204175b6520ca472e63310f5d

SHA1
f45f83c368acaeec24792a31b7aa004d2b9b56da

SHA256
c8f876a63c869d808da214db79eefe481f5b8d06da942b5839b0ca8dbfde55fd

SHA512
bfd2e916f9de51ba43ecbcfb666f1d1f8239c6a26256b7a10bf7622c2a61f91c3e4277841eb924748a73c53b6f582bc152801559ec9d83af443f0d356e4c5c68

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
23KB

MD5
cea1dea58a1f727cc10ea1c1fb09f3d0

SHA1
0e50b9928c8c8b81917c05e6292c8f6c1854c4fb

SHA256
b4049013a29bc354cbbd767f3b62bd10cd92309363f287e5db55495352bbd600

SHA512
df681cbce3b578a10e105f22015ebf856b93c6a6f4f70e08d3e034b36b877bbce88ae09ddedfbd1e9b8bea8b07aa6403c736e1eef9f3725b387e002f662740e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
23KB

MD5
e1324e7c48211998d561c342608b0b58

SHA1
67154d88318380c24c1e4f2da231155bc9f62b22

SHA256
9f5d560975c3a4da908c190442a0d01935eb53f02d12b8d93799b06061fae952

SHA512
50b8977f7df4c643af5907ed5cfb466a3e7b55b987d22f17cf6794f7dc1336b4774987e2c2d360166c2e48a630b96aa01952ef0439248800ac65f2f8a01f8f44

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-profile-l1-1-0.dll

Filesize
23KB

MD5
a8afb328efaf44965104acd3b7344a02

SHA1
88eb9cafd357cea88c81ead8ebc872269ec1467c

SHA256
ea386274edeee4a2a0ce3c4c74f9e30d768c8fac23f6cd22d29fe589bab5e09a

SHA512
275fef5deae96e6d5f039510f6ac76efba75c702b6344d630508c55410ceaed7d5192d9ba851745af70345f74cc779abeda61a63ff092ea3d18a53268a60b932

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
23KB

MD5
8a742bcec7edbd75853ede901f014b15

SHA1
a2b3e5c79db4ba54bd09f20df96b01ce1974d611

SHA256
4e4f9b4e86bd28b833f97ac8436c2343bebef74ab6c6db4b3fd835660feab91b

SHA512
bd34ed17ac91ddf0524cabaea6f5811e00ebf8a48c33c6b6f574faf6bbb7cd6bfde9ff3d1b1045cdbdf14301f38be117c2526a71cf55576585244bbccbc20802

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-string-l1-1-0.dll

Filesize
23KB

MD5
21afaeba7ca1b698c1a46029c15b722f

SHA1
2293143b274749a759e7e0d316e5bf16cc497e69

SHA256
ca3b1e4f45313b4fa022cdd0dc63b731675dcda63e76d915dc03d0c910aabdc8

SHA512
0dd9af6b1f2cac007d2722f5ddfc212abcd3d182bf103861069c7bb6e92387d73f82241a5b5867b39db59a715791b4abb1441a3840a7315983570bdf38c16f9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-synch-l1-1-0.dll

Filesize
23KB

MD5
58c74e58451c43bcd2bf461d4ef1578a

SHA1
559ae55bbf1683266b0d7457cbd8728f3fbd36f2

SHA256
9adca5771effde42ad2c80544ae4905e963f084f6c51ffbbfc11ecf460c6442e

SHA512
8b410053c00f7184aedc0fea604b72049c9b3162faac3fcf68dd74f23f5f5c4e48adab69a0a138ed6fb58afe77112a8d24a7f8018bfb65e04e40fb7f357bffc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-synch-l1-2-0.dll

Filesize
23KB

MD5
cfb139582e5e7fbee3b0cfa402d6d5ef

SHA1
a40ae2fe3e41d2b0a913539befff252080149129

SHA256
3a4ec00bf59eb083a2b23ff1f8c0e44d3447d3f01679d9b925fa9dd87ab56288

SHA512
e50fc8c600618e2c1a2114c061b0a1d5580a5f6c59b05f0e1e34b71f7aba7b217e6d09fe947fda7e78d85e032fc6c3b228685c684d99ef653dca1bcff8db130f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
23KB

MD5
1d5ea2c042d84e5e0b39937c00c1edae

SHA1
88b64b5a4b44a332ee432d6039fffe021fc2da1e

SHA256
d2c1b284e5908eae9edcdf983dc4ebcdcdab1ff63c6fa3cf25bba068ceb5e9af

SHA512
95514e189d04626a7148469689dfb4e55127ab14a53afe17176364da7659d2c3341b00bc590111946b87404ac04b1fa8ca646bf76dedb58521b7605fe5671893

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-timezone-l1-1-0.dll

Filesize
23KB

MD5
ba9e5eceae6b6e71104428532b8ab9e7

SHA1
46765d3555771ef23e590feabec9784ebe11cb3e

SHA256
4db8f7c644498ab00669652c2ebb7d3feca41ccce1f8af433de2ac4a161fc968

SHA512
9276128fac599be9c71b974f5ddc9aefaa7713aea64419a81d2c67cb95eb8d1637a0b8b6834338d1aa048cc30f348e5e3ddd7e3adbc5ad5c8d5c07657da693bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-util-l1-1-0.dll

Filesize
23KB

MD5
80bea027864fc9d46e93138c8e2101e8

SHA1
6a419a9a2f1cd6b4c175ba777ec67fd5f9eba16e

SHA256
a26b871d384d133a6bbd25e357e30b314b697167204786d535ca1eab4c9b49cb

SHA512
147501e99f6039b547088bd955956b7885d0bdd784f005f4ce50586b7f8a5d00afb3500e850b51af6a7150e49732d137dbf540869db68204c0cd8640f751eac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-conio-l1-1-0.dll

Filesize
23KB

MD5
f7b8705c116c658e42799e01d97a023b

SHA1
a26ed4605981fc894143bad91ca58baa7bcf89f8

SHA256
efc336d4030f42c0de67288b07d686600832d434d6696b15bf39e7a92d9a4e6f

SHA512
590a2eb0eeb62a317bf28a5e940817940b0443cb856b5d65a4e4b0cfb713fe741cbee1409af4a33219b81b3b17467d80523e7d3e76f6ac17ed3d43a77298587f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-convert-l1-1-0.dll

Filesize
27KB

MD5
870aefea41cc5e3750800ffa395a7195

SHA1
60ecd7a8d72760f612f53150ae1cc355cbd3a65a

SHA256
2e2b30e6e8b5b7e735cd512a73e4f36aff623390434e6906b73486bfec295fc0

SHA512
947ead3063964944b7ac039b11aa4f5e43aec47523e361bc3a021d2386b70b6d97b5a79c6bbcbcc4c6d833064b561c1999a0e462adf68fa09a50f01e240b1ac8

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-environment-l1-1-0.dll

Filesize
23KB

MD5
0db854aa3223481d2a945dd34e5a66f4

SHA1
310466342ee4c72b93e8a936b830a4ec5030eccf

SHA256
41465186f30020895b8d397992168d1c308e6084b90a0efa1f5f229f8f9eca49

SHA512
a7bc541c7b645ff4dc1f554dd1779d43ba80c20173b4d72a677904955c37a64f329fbd93964ad822469a84a805d04b8deb765d4f5453423e1386a2a754e58932

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
23KB

MD5
1f2c4c1a1f0af1de78b075b17984f59c

SHA1
2155bfecea56c1e3deab904d5327604755cab263

SHA256
f6bd454dfa8574442020d7b085cf7ee713a78743770daa3fa8ad1a39be4e00e7

SHA512
586b908ddaa19b62d0e8a5a24c90aeb9d9a4ffe44439c5671d4edf3547ba1c37e64332d4e2a9b64c4af3f2c0224ebc2666780d6e925fa92491c214dadcade099

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-heap-l1-1-0.dll

Filesize
23KB

MD5
cee74fcaf88362002d3e4ddd7d550ccd

SHA1
c81fd9578e95a89d6a5b95e794b587aa0795b73c

SHA256
17acd75b31e42e263f8232bd574509bdc865f9d5df7ddc9967df63abf74835ba

SHA512
b7ffca14caa0773ff0cb89f46c0d2f5873bd73fac8eda8248ef5fdf0f59afc55d07acf05988eb67c826cdb11c62e55c2675bc135b870d80ec0be5ed93f915c4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-locale-l1-1-0.dll

Filesize
23KB

MD5
8ec71d82d6555218b41a8b4a00fe9297

SHA1
2f81ad7f9e36ece6ff6b1b7dcfd87181221f3f89

SHA256
a38f508ca30861895967113bfda710389e6cad21ab0a3851b47de173e7985007

SHA512
9c3bfdb895cae4cb726fb304c4880abfa62802a50d68e66f0863a456b3ffe42b507a5f474a39a73d0f220ae69f0dd41443595345841f49c9dbc7189efc41823f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-math-l1-1-0.dll

Filesize
31KB

MD5
d40b952c4326fda6499f75dd2fdae603

SHA1
522be1ef24036c016dcfd6334f90763a58b49052

SHA256
cd5fb316df7500de0a33cec4d08b034e3f075d46d8d1b557d9cf0d8ea7d18897

SHA512
0a37dfddbf1d473aa7bb92d236fa0f0d6449a28e7eb347dfacf506c6c0492a2ec2bfc6dc84f17959c865f0da8c35b8780c77bc94739ca4a63a017261682afe1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
31KB

MD5
441e60962e879f89cd3e7e263e810b9e

SHA1
9b48b7dc62f4a82be6c9fcd9e64760c2577186b6

SHA256
3e61ed0d6098659fd644451748fa104aba6fe356a3010dd44efeb331c7caaf4b

SHA512
1f04242ae4e0f02d759c5b48217c8bd0905d07d6877123053d2e8ae8b0408183749eaa1b28a28885fee240bbcebf363cb2bcf5e2f63b0aaa5990a3bb2660461d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-private-l1-1-0.dll

Filesize
75KB

MD5
58552ada8c28f76f5f7aef6e1bc83449

SHA1
3acdb30cbb8158ca13889c24ba533600d6baaf2c

SHA256
5ca00c7ac35b4e8abc6167c1736584367826d2fb283bb0b0ca496423875fd075

SHA512
297b7abf88783ad4977ac46715dfc2944460fdefce4f354bef5ced28dc1934407387b2c60d372e132d5920a5ef8dcd627b226de8c95dbfedd9e41eb766dea936

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-process-l1-1-0.dll

Filesize
23KB

MD5
778676c3d5cd29844b210149e80be016

SHA1
e686f89c8b3a21b007ec819d12789a88b194c83d

SHA256
4caa8c041d6cfd4d49ff5772775286ae93a08274b371431b31141331c8307898

SHA512
dcd9e844706f5407455a10396556839998af074f25af3eb9fcd81e7e6f8c2fac0c977292c30dba21a3ee8a6e2f0d2a3b7142c3c46f04fbc17e7182c22cae38dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
27KB

MD5
adf6651d9d0be21edeb874f6d299529d

SHA1
854b02ad143c454bda9cdca3932e668a2ef9a4d6

SHA256
dfbbe48eae5ac2bc6058fba98e94b61de7c068bcf701df79d0b6b4e123582d55

SHA512
8aac7dea446b712933c9715602aebb01d41facc58c0b805aaa7b7a7c537871eac199ac8dfe31dc518be19d404460517f6a761ded918cd7fdcd62aaeb9ec9b0bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
27KB

MD5
cb378dbd9542483005fa39c192392b38

SHA1
b9d8bdc8ed6e9c8471503733d9f57fddbcd520cf

SHA256
821e2d8ecf23b4844a82cc632117937e6f5f8c23a214244ceab082007e5ebc75

SHA512
867308b7ac99a2ae1af89e5ce1ca894cdaefa94b2f5676a44de3d7b90b01208686b9d4d6834164a498915fc13fb7fd374f2fc0eb68f29c0347ae3505f42fa896

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-string-l1-1-0.dll

Filesize
27KB

MD5
f0ed73b68ee2bf3a34551740b0ac1cf3

SHA1
46165c41986e5599cc22102baa2b6cc6cb65767f

SHA256
f31a2b7c752dc2f5e7e08a4a5d0d9558aa3be6231010ba4a160bc0804926b950

SHA512
a16480e99d8cc741738ac2dbbcfa80719e1894f92e7e58513799bfca4d910a02e3da40671163704679f440f6b89ffd533f3b7b0b565aeba3605b03d273ffe2f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-time-l1-1-0.dll

Filesize
23KB

MD5
ef22a615d514678adcd7d04982f13eb3

SHA1
a978461429cff20ca970e44b54cb37225b9cb385

SHA256
866a69db162bf5acafcd4dc6a989701e40a2191d596ab6b113bdfecffdfaa5d7

SHA512
9c61bb06830edb81173b4d04764830c48ea3d5db0b342061491427ef5b887f3ac1f1cfd2ed9e91fcbe034be4dff83b8ffa19a092779505812875a6794dcb4422

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-utility-l1-1-0.dll

Filesize
23KB

MD5
bdc4d1c0b6553910cc75edd2fbae7a42

SHA1
25f0411a3b4805bbea683e0aa7702be7817a79a7

SHA256
890f897d65e6b1aa3d9ec590717faf98a4d79332038bf0f73a091e7c2bd639ad

SHA512
3c40fae485e342b5097345dbe9ab9d1633bb9d1e90a5c914cc92ea34c1ffecf211e058bf9161f75c17cd0af584e2c10f518658380675a2d18cf155d66b543145

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-downlevel-kernel32-l2-1-0.dll

Filesize
27KB

MD5
bcde14842ba089679fe4a911277737ac

SHA1
b523f4d02e357b0646543bd77a9f235fe01e5020

SHA256
e5c87411dfff4b10fa341817168d5c83eb99e3d26a97d77e7d0b59aeda251cc3

SHA512
1cd62219141fc41088112d209744567868e95a6fb0659d3f64d70724d9c088716e3c1c411ee788085df69b2c5767498cc65a97191229466d93f78269062160e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-eventing-provider-l1-1-0.dll

Filesize
23KB

MD5
3c84c3f23365810281bf44a861c6faff

SHA1
0f59805ca0bcc6ba4f50251a5c44d1e101212a55

SHA256
3a6d17d143812b50d19122ec095ef880cdfed6a05a4c9e5c4368312536ed5ba1

SHA512
b6aed196304e7810b5177088323ccc058050bc38816eac65c8eba43bec53171d591b9824051edb32fbe4f117f9e7e9df8a1d1af7ebe6241ecbdffbfd2ed5ee33

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\chrome_elf.dll

Filesize
256KB

MD5
da3cebce04174ceabd4d545fa71af5fc

SHA1
0bfda53a79cc098dbebb4ca7dcaab4238aef396f

SHA256
634a2c6caa191c4242c5117128491319a6ecdadaf8b42cb1b39559937a5cd0a4

SHA512
8a16f57c2523e1da516492072a0b4631c3753aedb53e265a2cdc1de8ed0e969c6a74b6c064c06366affacf5fd2bed86df15afee5873cd71f42ac2dadd5025d7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\d3dcompiler_47.dll

Filesize
209KB

MD5
306129e84f3bfbc97e08cb337594882d

SHA1
39fcffcb3fb1dd493cc500d211ba7bb2ddabb215

SHA256
1d75debe0a8f5fc06baa370cd20f15041e31cc97df96019b729d273bf67cbe67

SHA512
a7387ac692e44b27f58f7a91052ae655aed81ff79ee5f2558a66230a91de540f94972d33ad3b0491c2b18ea613d6661ca5d7182cc93f95bf5b9790cb36a8e162

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\dbgcore.dll

Filesize
192KB

MD5
c45fe06dddd325eb52ba2678d13e1c2c

SHA1
2684ea6be5e4cb923e5a962c3b7f280000fd50c6

SHA256
ddf84fd73df3135bd273b4e534e6e36139eb48a44b4996ea00335108725ce6b9

SHA512
eccb5aa0d88304df8776c1bde8c9650f979cecc242319124b7994a2e975b1ec2d69fda9bfaf0800cc0c87bb6e34d98fa22439e69bc134613ac7c1b6de4f9f19c

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\libEGL.dll

Filesize
389KB

MD5
6bdaf8f540c8481918b28ffcedb0731e

SHA1
719d38d49f34ce81427916ff6ac5060be49d3d82

SHA256
d97f7cd9748292df35a7e29c18b1ea935e822b03f0c1c591d929dca18ef871d6

SHA512
23cfb42dcb5134c7f0e89c1d0f071df517850a1f8d5a6199701b834a1cfacf65e7646689cf3cc635c27dc162e6a4926c9035c1e08ff955affa922e366a0cd50a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\libGLESv2.dll

Filesize
4.4MB

MD5
bd4651f6a06d92e00d3d62c83f48a3da

SHA1
eae370bdd39bb8d93d84512965f0686a63fbb4b6

SHA256
665ebb1db2b36c60df13c0a8110ec6e52930f1ee7be74f4115be37582bc5a9a5

SHA512
a68110680997ac26fc6bd3a77140c83adfc3d292c3076afb881225973adb6f81c96ced3cc4754c4bfe7115c95d6f85d712695d84ae1558d86ea1928216896c4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\libcef.dll

Filesize
192KB

MD5
e1b6819c728a65863d50f5cbece4e1dc

SHA1
e368204c58ac56dc76fbcad80a11ee252ceb234d

SHA256
b11dc16c8cc213d4e823d67d5126a8a9add0c600e74b395e051b2fc706a81231

SHA512
feaab1ea5b75d022135a0bc2d51f9e18b381ed6a43064b8bc640c1074dd5e9777845db06f4cb79f84a801fa8a28a072862b675d59a093d1b58a52f8e25deb3e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\msvcp140.dll

Filesize
555KB

MD5
64cedab15f2bdc604df211b1452b3fa5

SHA1
59e7390610540928c96f7b3bf8c60735f93279c3

SHA256
13976e186a5ce479399511ede895f7b1de6c35627a64580749a7c58b13ee7186

SHA512
773aad3a434fa2de4614f0f294a62058b12ddddf11eb07dc5ab6054364622a72652de5520e4dde7ab9d78f293ebd6f1d54a4ba64d6f7fff2bbaf07b4a6ebc79b

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\openvr_api.dll

Filesize
806KB

MD5
4398179b668c70f4464ce9448fa0bac3

SHA1
a12848d2488fbd31a2481922664a2875f162bbdd

SHA256
0ba4d3049449403e1966cf8922ac5c2e6130fabe72c0cc6b3218da82f9110ac9

SHA512
98db440b4c220a9e71b60104c819c402bd88b6c10b9ed518660e8550884fa518e165bf20ec2d85a4bb5c379a28e9524d4b69dd25dc599e062498670fe8f28bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

Filesize
4.6MB

MD5
740a2df3fa25769eb7242ef4a916fa18

SHA1
ad14856b00a7f85294295893e3b16ae0cb36469d

SHA256
9d3e37231c61b1c187a07a21616c720732c402b9740cd8f2b1eec8f42a56d287

SHA512
77aa1f62ef72b0e7db2cbf5752bfda24922f783437f0450fa59daf71ddc8e733e04abdb872684ca79e0cf093dd52441a6da02245eef3602779c1ccc0d69e136a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\swiftshader\libEGL.dll

Filesize
408KB

MD5
fd196256d28b9a101cc2bc68429bdfa0

SHA1
8dce645b4489c3c1e278cc13fdb6b2278417cdb4

SHA256
6d8b08633d0b3123286c6fffaee02e1b98aecf1ded4b04bd17fb5969d8c083cb

SHA512
e2ece5383b1b94f1cf4d4d263d09eece8a736f241f3ab0cc5bef5dd2025db6594e5b17d3efb4e26fc60ef89b55a4304a349858071afa205a6d23a13daf3b1b8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashhandler.dll

Filesize
367KB

MD5
141f3c56237020ac0745d57ffb0ac2cd

SHA1
6db84c6092ea3ef15a1f2191f5404b3160da3403

SHA256
4e8aaf591c17c25f0b92b9fd460659db5e5d72d76b02d9663a7a72b7c7ed6305

SHA512
0a0851858c39428cf1cd51ba5228674bbe4bddb34859c6c871357844b28d143552ed0158b79e7be7e4e8a9a3a89372838512ef12e03947bb151fe89c916e9345

Download Submit
C:\Users\Admin\AppData\Local\Temp\logs\bootstrap_log.txt

Filesize
10KB

MD5
e3111f8e4bf212a8273a8443725f617d

SHA1
5b599492fedba3ff0b856872b4b948d87031405f

SHA256
3309f32ae0fe64efbd781473e6a28aa4d451c05f2cc78d0008986ec8f5e8ef10

SHA512
924004e9e2ab06bd2afe6b6c3bcd9a0b7452de8e417f95f63257b6e1b41fe1c43e38edad7657275a28c68e0e934a175d0a36de901c0308dfdf1b9344095f0b08

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_metrics.bin

Filesize
3KB

MD5
a0836e7bf782f44b4ef6e1a04cc0b301

SHA1
c7adb9121a32ffc3a0a6b93398759cc25ed622cb

SHA256
67b0df48e2e79ff6f8c144c535ee25b0876bdfc1b7d54483aec0ad7c86c07482

SHA512
3372289e6da713d04e2edc5888eea512b226d104b045e9b7ad97e7e5a3e06de1462fe650cdc346110f04fcac38bb5e315177c5178fc43f052cc69d4874c209a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.installed

Filesize
469KB

MD5
0e8d1e4e2fdf24bafe979121974e8e5e

SHA1
fc96aab1648d6e10669c6f8e4439df12225b72a3

SHA256
8acf7064f9c8d590b44d71b043571e25d445d0fc4267b06533cdeadac5e5bc33

SHA512
47ce4056ae4db890f5bfa8e084703a16eb494f541f8b401177e7ddeac9568547ad368e81c512ff4d64d17a5acf0adf929b4970ce1e4fd7668c6a568e51193a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.manifest

Filesize
9KB

MD5
3f03cae38ef6847eccf56c954b1ae3eb

SHA1
04b0f891fd471e19d17a6ac3b93c8dc7419a6baa

SHA256
6778287775f2a7c8b9d5c505e53201a7e518000df65ffb45ce2d93ff99c8ed4c

SHA512
ab895e7a2a05272afba514e66a6030fc65391c11ac472f313aa18eb982a29f7a179c70f9834658171375848fafc72306d6051964922705d621f72a1c27b65c4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Users\Admin\AppData\Local\Temp\public\steambootstrapper_english.txt

Filesize
4KB

MD5
2fe6613e267857982d7df4368c9827ec

SHA1
d520c7427b283e3ff167b850ab15352e46d328d3

SHA256
2eba5f3f0b0dbcc2cd69c36c220a2355d1ba3cd67b6e25b5846c80e1604bcac0

SHA512
cf2fc8978adf54dce5700eda7d8beb4917c89bf5458131171eab95463e1b3a3315770f4baae07e498e8e36a8478f09e27054ca2d06b4542c86d8459360572be4

Download Submit
C:\Users\Admin\AppData\Local\Temp\steam.exe

Filesize
1.2MB

MD5
682ff3928a483005a0886a0eb191775f

SHA1
d23588ec76492a795a8f5e553c4b196b8dc2801b

SHA256
d3582d185fc37f8fb0ea13bb060b5a0b1a504ee327db4721ed0dd74b739253f8

SHA512
eb34473916fa430cd6cf98e6e91864f1a3075e03e6b11ae2e8b541d9acd08fe2d737c57f5eb1b1ce97d7f2862c6f9c4be7dd0c504043e27ad6b543d4adc99c67

Download Submit
memory/1576-12382-0x0000018A09FE0000-0x0000018A0A0BA000-memory.dmp

Filesize
872KB

Download
memory/1576-12321-0x00007FFFDB4C0000-0x00007FFFDB4C1000-memory.dmp

Filesize
4KB

Download
memory/2848-12245-0x0000000000FE0000-0x0000000001456000-memory.dmp

Filesize
4.5MB

Download
memory/2848-12252-0x0000000000FE0000-0x0000000001456000-memory.dmp

Filesize
4.5MB

Download
memory/4336-12377-0x000000006FB30000-0x0000000070E27000-memory.dmp

Filesize
19.0MB

Download
memory/4336-12322-0x000000006FB30000-0x0000000070E27000-memory.dmp

Filesize
19.0MB

Download
memory/4336-12401-0x000000006FB30000-0x0000000070E27000-memory.dmp

Filesize
19.0MB

Download
memory/4336-12414-0x000000006FB30000-0x0000000070E27000-memory.dmp

Filesize
19.0MB

Download
memory/4336-12418-0x000000006FB30000-0x0000000070E27000-memory.dmp

Filesize
19.0MB

Download
memory/4336-12422-0x000000006FB30000-0x0000000070E27000-memory.dmp

Filesize
19.0MB

Download
memory/5856-12342-0x00007FFFDBC90000-0x00007FFFDBC91000-memory.dmp

Filesize
4KB

Download
memory/5856-12399-0x000002BCA6F20000-0x000002BCA6FFA000-memory.dmp

Filesize
872KB

Download
memory/5856-12400-0x000002BCA7000000-0x000002BCA7055000-memory.dmp

Filesize
340KB

Download
memory/5856-12343-0x00007FFFDBA80000-0x00007FFFDBA81000-memory.dmp

Filesize
4KB

Download