5d8d697707c89466cfe203bde7e242680d020646bd5e49edaabd67fc6a7d6321

Resubmissions

08-05-2024 20:14

240508-y1cebsfh84 5

08-05-2024 20:11

240508-yygw2afg78 6

Analysis

max time kernel
84s
max time network
85s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 20:14

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Steam.exe
Size

4.2MB
MD5

7c2056e7337a5f29d2e5d3c67830745f
SHA1

d502f5c22895a859056930a5489192873cd04673
SHA256

3f321dbbc60371a585d60b17e3f67386bf1792b430d20071ca0e3efd9dbae99d
SHA512

c729dbee4d528d05d2a6d25ea105d8f34bb9087b9151c0b31a59337e444e4bccb1f3e49fce122fb3dd7b65132a15a0c8b5618c853287fecbe5427376200b2495
SSDEEP

98304:+bgwm93udfvBtp0vrjT/KFdGRv/SrbeJo7P0:utm81pjWzEfbe27P0

Score

5^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe

Executes dropped EXE 11 IoCs

pid	Process
5668	Steam.exe
5308	steamwebhelper.exe
1336	steamwebhelper.exe
5692	steamwebhelper.exe
5244	steamwebhelper.exe
5464	gldriverquery64.exe
1148	steamwebhelper.exe
4816	steamwebhelper.exe
5616	gldriverquery.exe
5392	vulkandriverquery64.exe
2916	vulkandriverquery.exe

Loads dropped DLL 41 IoCs

pid	Process
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe
1336	steamwebhelper.exe
1336	steamwebhelper.exe
1336	steamwebhelper.exe
5668	Steam.exe
5692	steamwebhelper.exe
5692	steamwebhelper.exe
5692	steamwebhelper.exe
5692	steamwebhelper.exe
5692	steamwebhelper.exe
5692	steamwebhelper.exe
5692	steamwebhelper.exe
5668	Steam.exe
5244	steamwebhelper.exe
5244	steamwebhelper.exe
5244	steamwebhelper.exe
5668	Steam.exe
1148	steamwebhelper.exe
1148	steamwebhelper.exe
1148	steamwebhelper.exe
4816	steamwebhelper.exe
4816	steamwebhelper.exe
4816	steamwebhelper.exe
4816	steamwebhelper.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "159"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe

Modifies system certificate store 2 TTPs 6 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Steam.exe

Suspicious behavior: EnumeratesProcesses 58 IoCs

pid	Process
1336	msedge.exe
1336	msedge.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe
5668	Steam.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5668	Steam.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3068	Steam.exe

Suspicious use of AdjustPrivilegeToken 22 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5308	steamwebhelper.exe
Token: SeShutdownPrivilege	5308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5308	steamwebhelper.exe
Token: SeShutdownPrivilege	5308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5308	steamwebhelper.exe
Token: SeShutdownPrivilege	5308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5308	steamwebhelper.exe
Token: SeShutdownPrivilege	5308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5308	steamwebhelper.exe
Token: SeShutdownPrivilege	5308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5308	steamwebhelper.exe
Token: SeShutdownPrivilege	5308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5308	steamwebhelper.exe
Token: SeShutdownPrivilege	5308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5308	steamwebhelper.exe
Token: SeShutdownPrivilege	5308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5308	steamwebhelper.exe
Token: SeShutdownPrivilege	5308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5308	steamwebhelper.exe
Token: SeShutdownPrivilege	5308	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	5308	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 18 IoCs

pid	Process
3068	Steam.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe

Suspicious use of SendNotifyMessage 15 IoCs

pid	Process
5308	steamwebhelper.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe
5308	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5668	Steam.exe
2040	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5092 wrote to memory of 3604	5092	msedge.exe	108
PID 5092 wrote to memory of 3604	5092	msedge.exe	108
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 4760	5092	msedge.exe	109
PID 5092 wrote to memory of 1336	5092	msedge.exe	110
PID 5092 wrote to memory of 1336	5092	msedge.exe	110
PID 5092 wrote to memory of 3396	5092	msedge.exe	111
PID 5092 wrote to memory of 3396	5092	msedge.exe	111
PID 5092 wrote to memory of 3396	5092	msedge.exe	111
PID 5092 wrote to memory of 3396	5092	msedge.exe	111
PID 5092 wrote to memory of 3396	5092	msedge.exe	111
PID 5092 wrote to memory of 3396	5092	msedge.exe	111
PID 5092 wrote to memory of 3396	5092	msedge.exe	111
PID 5092 wrote to memory of 3396	5092	msedge.exe	111
PID 5092 wrote to memory of 3396	5092	msedge.exe	111
PID 5092 wrote to memory of 3396	5092	msedge.exe	111
PID 5092 wrote to memory of 3396	5092	msedge.exe	111
PID 5092 wrote to memory of 3396	5092	msedge.exe	111
PID 5092 wrote to memory of 3396	5092	msedge.exe	111
PID 5092 wrote to memory of 3396	5092	msedge.exe	111
PID 5092 wrote to memory of 3396	5092	msedge.exe	111
PID 5092 wrote to memory of 3396	5092	msedge.exe	111
PID 5092 wrote to memory of 3396	5092	msedge.exe	111
PID 5092 wrote to memory of 3396	5092	msedge.exe	111
PID 5092 wrote to memory of 3396	5092	msedge.exe	111
PID 5092 wrote to memory of 3396	5092	msedge.exe	111

C:\Users\Admin\AppData\Local\Temp\Steam.exe
"C:\Users\Admin\AppData\Local\Temp\Steam.exe"
1⤵
- Checks processor information in registry
- Modifies system certificate store
- Suspicious behavior: RenamesItself
- Suspicious use of FindShellTrayWindow
PID:3068
- C:\Users\Admin\AppData\Local\Temp\Steam.exe
  C:\Users\Admin\AppData\Local\Temp\Steam.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5668
- - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
    C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=5668" "-buildid=1714854927" "-steamid=0" "-logdir=C:\Users\Admin\AppData\Local\Temp\logs" "-uimode=7" "-startcount=0" "-userdatadir=C:\Users\Admin\AppData\Local\Steam\cefdata" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Users\Admin\AppData\Local\Temp\clientui" "-steampath=C:\Users\Admin\AppData\Local\Temp\Steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --disable-quick-menu "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:5308
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\dumps "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1714854927 --initial-client-data=0x368,0x36c,0x370,0x340,0x374,0x7ffd8202ee38,0x7ffd8202ee48,0x7ffd8202ee58
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1336
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1714854927 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1668 --field-trial-handle=1704,i,11077699029846202162,9480873278878721246,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5692
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1714854927 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=2224 --field-trial-handle=1704,i,11077699029846202162,9480873278878721246,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1714854927 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=2496 --field-trial-handle=1704,i,11077699029846202162,9480873278878721246,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1148
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1714854927 --steamid=0 --first-renderer-process --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1704,i,11077699029846202162,9480873278878721246,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:4816
- - C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:5464
- - C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    PID:5616
- - C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:5392
- - C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    PID:2916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultf7bb8f4dhab0eh43f2ha40fh9720c14d1486
1⤵
- Suspicious use of WriteProcessMemory
PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd807c46f8,0x7ffd807c4708,0x7ffd807c4718
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,5164330517507884214,6496253787152628004,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,5164330517507884214,6496253787152628004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,5164330517507884214,6496253787152628004,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:3396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5300

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc 0x4d4
1⤵
PID:5324

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa393b055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:2040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e83fcf2d9e9842aeb932e51a848c107a

SHA1
fa53b73fd635f71a101937307402816014ac2602

SHA256
2eebd9471594731561bd5eb2722e81392df011b3db7f8da74512fb92802da683

SHA512
4a1a01f24a543f506046591dacbcacdb84b046571b749b7b266f7d01d3f0fb4af4f46b485795b4d8d6a26470089febbc4bfcc98b331200d2d6c64eb6215d8332

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
68bb5c0f20999dfe50345d0a3f6fbf4a

SHA1
fd25123061c6ae25619d36b28057d91c72ca4913

SHA256
bd8f8e3b5178306d098d57c23eaf4919e687eabc0e40befcce9bc6210d800ca5

SHA512
774a504084a25d9700ffb1580cf3ab8db6aca280ddb936fcc048e9ce21cf291151a3942a9bc8e3baccdda16ebc1a2d639e3f4e9f6f0c769addb13d6b4d39427f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
8ed70841523caf2a57e432f57b389110

SHA1
659cd051ab5f4263f6b4673b95a416f8ed0918c0

SHA256
3356d16bdf9d841612ad1a2b35c6046dc0671ad77b7c9e5a41537bb416079b1b

SHA512
86c1cd536e655ae42bbd1faf8a0caa33484f5311309825870f0a946790b1ea229cfafc9282087c7f685d3b35434edf9193d67b461ff70173a55408285412995c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a5f594ea6074c52d51343a8ae3fe257c

SHA1
1003c7c40437156ed87446b96a7b7a40730aaf1e

SHA256
ea49a18689ebb722276ab67b4878be973a03da9e7e7e9f31bc75ddd00819a541

SHA512
4b165f4232167fde6fd6df85b66d949f9b745411b378b63876c3b6994b5b0b0df85a562867d9903d484d0ea704eafa269f97d1df31515b68f40af37f997dd5d7

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
300B

MD5
ee773496582d5218145aa79d3da89042

SHA1
164f44272caceb9b79a602bc95ba6440ccbffe7f

SHA256
7d20685c5ff1f410580de12a52781cf9ac1b21740abada639d72720bd8cb9ae2

SHA512
febee7e1f0098ec9e98b373e05dd7a644829982d66e38b4e4f22a8800ac1bf60395b6366bbee8e6a227e5c37d650ab51a3c80b57f99d181b7c8bd8bc2c1e171f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe589ecb.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\aom.dll

Filesize
7.1MB

MD5
d764264518e77cc546a5876c3bcebad4

SHA1
ea17d45b396fa193a851bfd345e2b2c20ad60e12

SHA256
e78492de0ab575add50b925bfd44216d224d09904a9b14c17087a92fdcbc15cd

SHA512
7cf132ea5254a55c08186ffcf5e47360ef5ddd57d03d7051171f6753b22e3925304d183c2037bfd320ad56c08e079f9b2c4640db8cb3dbd38ff500c7a39e997f

Download Submit
C:\Users\Admin\AppData\Local\Temp\avif-16.dll

Filesize
226KB

MD5
a09c5fa842fa4456a0b53b46f1050225

SHA1
9e4677f19e77bf55e7d0e2e82d8c27f79dbbd78e

SHA256
3d7ba6fedfdfd6e751693d718a21438304690b754d1c5d13c847a829b2423b8b

SHA512
71c962da6ed6894209891513bf9f0132a5eab6c65a5d9ba334efcaf73463be5625665a060863a106d59fad1949f6191f641aa4c59ddb0e825701bef08ef9b5a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\audio.dll

Filesize
175KB

MD5
11c178694e376daceb091d0321a1ccfb

SHA1
c6526bc64f23d412a3a6eeaed0f5af7eaaea7f5a

SHA256
8feb103a5525f369403ce9460f939b93e3f7bb2a34cb7af53cc24200b1329ed7

SHA512
b735ef070dea53ee8af36e872afdbe66ee5037c31968f6045575f88f9ae9608ee1db87305e02f846ab99eea7616da0c706cf0369c8c9ecc0f7784ab9536eb872

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-console-l1-1-0.dll

Filesize
23KB

MD5
9c2202f9ebd8d2e8c90c93d3b0f433e1

SHA1
3d20c8f8428df16372e7de91a6d4f94b80aefb4c

SHA256
894842053591d4818bac9e1e476601cf39e4191b4bd0748ccb9f3c2711caa946

SHA512
b274b3f3dafd290f72351b36b9937445e78b6a16eb6cfa9a0b6de3cf11d5d809cd5f4095c2c4a05c16bdd1fb1be0b883e4c387ae8f7693eab958a63ce408097e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-console-l1-2-0.dll

Filesize
23KB

MD5
0b2450ac7066b1aa6970cd4763bed6a8

SHA1
9cdc98d8a852c5e66c42e83edec21a1a2ab1d347

SHA256
9e9ee99c5fbe9a2a784d324b4bff06842874dbc33320c1fb02f063060d2d5c7b

SHA512
a1e0b0dee99c5d4ee03f15fa69436f41c965438b289eb244c8bbdec2de4b439e8ea60417ca6a37064b0aff023fbae5debb732e5e69027ca86623514520d6dffd

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-datetime-l1-1-0.dll

Filesize
23KB

MD5
880c1094ab4679600f77012712fcfdcc

SHA1
d92636752ceed77e4eb37967306de746953e375a

SHA256
65e57b5316eee1433c006adc6487c3ad3e17412b1a6d5a35ba518aaefd871bbf

SHA512
de8a622fd97bcd0a429c7a0874fc6dbeacb966e406dc519448ddfb420f584686a7a5ef105b4ac45a3a8de3bf0b7ed5b79ed62a92ebfceea3bceccce7298af652

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-debug-l1-1-0.dll

Filesize
23KB

MD5
df9bc6c6936655ed05180de600916f3c

SHA1
abfd6dc420368aaee7d3ce11cca36af3cb4446f6

SHA256
b34fda7a50b20aaae509d0919ced53d718afb997a2bd9f3b97446c3cebf994d6

SHA512
b6d935a6046a573df8c0a7bafd57c35f333f74fbe754e18de13cdf9a39fd9649449030539b208046651d648eca20e4b5d0e73a8a7d173d6ea37bbfc311b0d6df

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
23KB

MD5
a78aabc0f9a9dc5b9923d2ff67d24f23

SHA1
3a0330b84c7ca674f0710c10eee1e5126d545429

SHA256
39e98dd2cfd15b1687f3a8f8690a80026af0deaba5142c0fe503bbebca46d4c1

SHA512
3efd9fd95ef6aa16172c3d89150d49611c21deaa13fd50c2114e76380de573255ec6bdcfe10665bbe15a17c1d05ba327ca7ea24949ad1a173b3db86bab24adcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-fibers-l1-1-0.dll

Filesize
23KB

MD5
72dbf67f86c95cdef31eaaef5861a00f

SHA1
18134f00734a2255bdf9bbc777045ac2d4f2e2f3

SHA256
5c74808c61ca8b6acb8f74813fb116341b18c27e4a654bbdd383b9fee3f33d36

SHA512
e0bbcdfb658ffa70b047cfd84a0e8a5613530ed0a34cc9ac365f69e253894db4b6fd059ce02627c201c1e9efe0b98aaddb70a641ce297677d3f9162838fdd1f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l1-1-0.dll

Filesize
27KB

MD5
ee9e1e1af17a74d23438fb63f6b66395

SHA1
11f60e073257560f5f3dc8943e854bf2eac36ed2

SHA256
8587505e511503127abb7e5c614853b7848a489d96da0a95bc736dc6c3097a5e

SHA512
aca34604580214291d1ea62765ecb280c6eafad7bf8967af8c268d2daff84f783dafec8ed334ac051ad61a14fc3128dc3f396116b9c6413a288fbe7bb099a202

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l1-2-0.dll

Filesize
23KB

MD5
a5707e6342e22d92ef8df839783d1716

SHA1
642c499b65382d883f6f9381fa204ba8d08f1f10

SHA256
fbf7e43884a1fd8adf167a5cfa4319339e2dba84515ec4487e074decc9afb206

SHA512
33a5255fe6b46d228cc131d27479d272342e88f12d884b841751167000e2c6a9c08a996526580a8466e957f4696d2400baf5d2cc2b3e5f8ea23ae3803d684285

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l2-1-0.dll

Filesize
23KB

MD5
a2317c5ce4c82910c7f4e97d48af645a

SHA1
67f5034a905cd1ef0c2888fd2cc40c2024d0848c

SHA256
363c1cc60b8cf09f026ffe4d6dabee37021f37d5719fa55ab807d56613e30b90

SHA512
35be28f55fcde4ad140fa089ee86aaeff3e90f174737474dfd502925313225db393a3e27eda0b44d9bee831ead48a24e803c35884842cee2946d558650b6f8f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-handle-l1-1-0.dll

Filesize
23KB

MD5
ae7a8beeed5233404cd32b2befa02077

SHA1
34ea5e1d5ef85bb5af4ac7483b8bc46e9263764c

SHA256
9e0fb5ca77dddd8716fa0c782a11d484756c471c91c35247a4e7e08f55e33b3a

SHA512
a6895c62834bb95622f909be1d85fc9b1796ab108c25b4652ae96517c2eea3df9b7c3ce951ec1283d91e5574e20eb1d6756b45b6d63753d3966bda2d8bf585a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-heap-l1-1-0.dll

Filesize
23KB

MD5
f8716cb27d1ab19ee1a95aca508e1dc9

SHA1
721f225d36302ba8542a0e223994f8339ffda596

SHA256
d9f71e7f76a39ff8b9cef6f931439de3ae62251be62543d16719d78c02cbdc1e

SHA512
dcb2b4ce63363cbc4a49d3b123eb4890634ea1ee25749ddd5cd3880123c3e53ca70c430eaaa9da15c23727cb5b4fde12b4388acd31b4c195377f6ed39dd3703d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
23KB

MD5
4263970ca16f36e941598ba308e537b2

SHA1
fcd26814062ba652898931db3be5dff2968c12f1

SHA256
555db885fe01dbf9078b46e2f2eca4de573d809f261fc38ff9338179de99d983

SHA512
bea8a3cb7cbf36ac011c425202904f981c00c3479f1438bf8ed2430430f37d6b2e84e90857e49c166e81f72dda9e51b96bb78c40292f41c742d0af51069bde1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
23KB

MD5
ccdc8fe8856484c4b9eb2a19270ca069

SHA1
aff62d30be1dcf65a95dd7e5a9fb6d4a29fd95b2

SHA256
c57320b896e75eafbc6c5edc7d5916ec895ac69fd24ad5e59bd3a8f4ca4e7fb6

SHA512
a231a5b7af686cc6f8909193757f999fee0e67880b9f0f956d80e760c3990c70f5b5cdac2fcfbb5aebf8ad43b2d8fe85067e17be2458eaa36dbe594dfa980714

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-localization-l1-2-0.dll

Filesize
23KB

MD5
e6f7c30244cc74b2f9fbe25bc09f1e4a

SHA1
579a395f38de163a6b1118504a3d398b4409119f

SHA256
76fe06b6aee795bd72a52fac180a2e105f09745ebea017017e8025c5a0d3fcdb

SHA512
621a85c7768b3666f4dfcb7d3e1ef6082b348ea60401f654bc2c9d660dfce78f74314e20df98c45644f6af5ca05e765a9fbdce1a7ca04ad3fa57dc67ca165fb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-memory-l1-1-0.dll

Filesize
23KB

MD5
dccc7f052614666443de0dd379f2461e

SHA1
1429be469a6fa1a0a67d28929fa63a807a289b12

SHA256
9aff2ddfa566d25ff6a6930e58c6e041036c222aeafb809f623662897e52ce6e

SHA512
5f1be2c1bdb42159a4c135dd7bc1376f28fe871ac2d11b2ee7733a50b1ad11fb2c1a195ef167be9a262bb24ce5c024eebbb2dd82e44955f6fe6ae623a7ae8784

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
23KB

MD5
773b5cbf74b44f021305fc86accce0b8

SHA1
4e13357b171dad8fd8608f848402553604b6b82c

SHA256
42d22a4c725b707f2ca406b453ea5028032f4b31e3b8d6e2c11b6a3b92ed973c

SHA512
fe2379e5c7707aac8f5aab9febaf7baced61ed6b1e9c7e665fd0c6c46a5434437b9036df6a307a390400278ada7a7e1c6f4c005b3bd7ad2a6ec47e10dde1d7ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
23KB

MD5
b2804dea14ec0a1a8bb2877794024ef6

SHA1
f1f3affb9d90e26ee9b3076033a3360f7e83ad50

SHA256
5412dd07064025ffcf8668da2aa2eaedb93d9f92a4d98e054994356414be5208

SHA512
c1cf4ecf1e34026d2cf6db45e2b0379e6db7f8ee8fee36f65f8f42bea1e61f6bace7b3ef06f6b316c21ef8c9961c425b778716d64557f7b836c366453606940b

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
23KB

MD5
7f5cecf3ee465e4668a9be0fa31674c5

SHA1
00d15773bf1c799195ad14f61531144c2cea5e6d

SHA256
557f29501705c8207995764e1c860f25403b6a967e6c3cf1f1e12ff123b6f636

SHA512
3bcaaf5cd51148e2db5256711c05aaba3650c49396f9b11c30112f805c8c0338bdcafcfe62203851a282920a49def88b6d96da604422465c3cdcd2be0c7e7fcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
23KB

MD5
ca1098bc9b13f7b5fc6ea115a36de9ba

SHA1
9083f54900f0a6e03ba28ede19fe9ce64b6409d4

SHA256
ec580803a295c18ddf74878fe1637e679cd6267af6d7c3e9d639f433b685813c

SHA512
ce8202578091ff5dd1d4a961bfa4327b33ec422a9fb2d52b8fbab41a663311022e3d1122e6ccdebe613a4339a7221a5841e801d2ad33a424c9153f4b05cceb37

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-profile-l1-1-0.dll

Filesize
23KB

MD5
756153668502de1c25c4123733aad401

SHA1
760238dd09d4579003418e9b9cbc778c122e6aa5

SHA256
e203f4918e3d8c88efe4dd83985a3eeb71d94116eaf9e90cb7d62973c5ccf0b6

SHA512
6839e10fc83bf9d6f1380df221ca1b40d59da745d7c82a4140ecb468debc5f339fbbc510781850ac70696f74e4092c72bf897e9c66f3a7914d4d089aa9531cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
23KB

MD5
578a8869c793d427297d8b27cd6f5bc8

SHA1
7caef315139997a18aa9426e04af6da0fc1c42ad

SHA256
857e523e3d6c0c96d90d9e5b491ce0bb3f514ece422999c2165eec1057fc01b2

SHA512
0494d66b449a05c9de384e3211288f0bc1223483ccd33ac06d1ba30c68d6acd4a37c563e179fd9990c09c7dd37f94a842042d4ced93e1976ba5098c8d0d0f852

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-string-l1-1-0.dll

Filesize
23KB

MD5
a37150945dd638258cadbf19c9721168

SHA1
dbea87d699699ec9cafb88e631cd4db9541d68d5

SHA256
f8eb2fdca2481c2961e90a54620f2189dc7d094cf287536993daf5ce522d274f

SHA512
514d09ac3852f6fa86e79841fd2922819b596804ac166e62578bb4ea38948879b8e8ede6c6fcd368fc29727d0e2def1cdd8f02832d3f8572a98da2739cead01b

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-synch-l1-1-0.dll

Filesize
23KB

MD5
474af6d8555d94f7f7b98ab3c8035ae2

SHA1
3fb45930406dc1f134f336ba57002e991bd8cf2e

SHA256
4d30ff9cf68c9f5dd59f86a2498919bac51cae63382cfba1b4f6cafb67e31948

SHA512
711bdb12802e32a2311fd12022e03745ee1dc0f102c1e19c26fb7181901f350244e3f0978ae87c100aee124d2aa9261faa6a9ea249df76f791deb35919ccfb7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-synch-l1-2-0.dll

Filesize
23KB

MD5
346e63df6c712107c1a43ada1209a690

SHA1
e0ef35ca47c1c3875f6edf22c28aabfafad9b4c7

SHA256
3be68ac33afd101f25b8e214b363b31b3e8a09f4441140fcc1bd5307d6c6c44f

SHA512
a188642478b4d56d7ad632ac82032951f668b12b1721b783a4f8d059bb379edc0346208e6f6b957cf9455798ede6a8a441d9a13beab21e1e166e37783495c780

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
23KB

MD5
859d9676ce764f148803141f8b2614f6

SHA1
c42507a528b7e492d6ef0c99d3946cdc3250b4c9

SHA256
ea01b104994a3c9132d7d58a7f76ced515cc62d24c762a5da3b8039ca2ee60a7

SHA512
1bb5dcead486dba48b337ba2a7590b7ac5e90f85d7f623479c4406b16c0d5ca0fc492713c3c0a31ce0d64053246ee50a6c33ee58f0a3793f101f1af14cbb9f76

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-timezone-l1-1-0.dll

Filesize
23KB

MD5
e1e74e6e90876973063b5c84fdb71294

SHA1
0ebdd9d54d9d6b1b3475b466dfec6f2a121d3a87

SHA256
232fed0561c071fed572b954bb7f0702c74543e6473cb021098a70349e3a93e8

SHA512
d998cddad2f9620803e62e408a77992980b7369b3a0a49f3cb0f9c22c0c4106b71f4ce9e0011c1b7a0541d508e20650d76fc097e9e0633c84f45089b2280dec3

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-util-l1-1-0.dll

Filesize
23KB

MD5
8b958395de9f6614433ea1917ee8f265

SHA1
24d7fa69d09cf19bde347d8411d990759afdd0c8

SHA256
9cb43b9145a69ace87b677d4021c8459891cb0446a2259b793de29335530ccfa

SHA512
2a12e9a8100f0a39622a503d6124e5c1d5a509adb98fb44769c68c366f9a0e24f368e83be6d83a0424b0b15929c8880b5313bcf6484ee920f536b13aa6643644

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-conio-l1-1-0.dll

Filesize
23KB

MD5
8c4a62cafbdb87c2498e11c509300873

SHA1
81b9180ad1194634e12a4f2fe4a52aab6f763b96

SHA256
1d19dc9d51fd5239b0123526de6ccf9407d1c5b76a382e7c5c451706142d9e05

SHA512
440c9dbeae6044d5ed3fae1a7c87378e2156942e0fe3c7ae29edceb622d11cf7effd209ae0d0737238e251a68aec89a04f2072ca5170492e735e367f4f5c7fc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-convert-l1-1-0.dll

Filesize
27KB

MD5
f10c7d6a424f7c8f175b719b734c7bfb

SHA1
00d62a610931451e240ccffa679e30146840db52

SHA256
52b3c25fd17654c2ef8d51a5361e2257e72d84e495327f4f47e980fe97a12ac8

SHA512
8d0ea30740ed956c5351a5e0d55d55e6343d13caa88b9ecc181ccec3dbc8c09f2fe4db0e7cf588843ae73393f7fc8cfd62e4113bcf3be6896d9e775fea7d4d0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-environment-l1-1-0.dll

Filesize
23KB

MD5
376af3c88806fc781657dd44790fe917

SHA1
3b39874c4e4db575d38d01be4c4f4c673264e156

SHA256
1048b06d6ee6a882b23c2f8e995bfd37bb987d5297df9a7752176ea45be25791

SHA512
7316b597a13511f1e5bed6e5a3cf421bc3d8efdd6785597dc6908de658a6b20a658d09af95d5a4dce7941ab35da0b39f92d0a8f6a3398c37a2b225756c68ef4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
23KB

MD5
c0123097636db5655b905f6c8b4dd3a5

SHA1
dc67706f924b97bcdd141545d37a176ce40fec6a

SHA256
aaa98f62bf9b59f767526a5746d835cac3a1fa24059d4d25229a51b84d90521b

SHA512
43b19efb10e69b79a47ac42589cfe112a4cb42ceb087be27ab535d065243e6ca60baba36cead040aeeaefbae545d412d2b039dcc90f3c1da0d28b528da913140

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-heap-l1-1-0.dll

Filesize
23KB

MD5
343858f28c824a864cf53bc434e045f6

SHA1
c74bd7f49746ef17c9931f8020228396e35d613d

SHA256
e306ad69288a5fc020638bf7218fe5bd343365ab9d1465934e9b1f208f50f3e1

SHA512
325c359ed1caa28dfc64f0dce10923c4aa3490c0ea9a03ab5488bf4f2f8d6e5a6914d5734a5b7723bebe252dc5370d38a205ff40d9f65af356621d82094b08ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-locale-l1-1-0.dll

Filesize
23KB

MD5
4ca2317d970fab725959390d9b4c5b48

SHA1
663a61913997d19fbae639298a360f4c83564896

SHA256
1df30836ea0826d02ac46ecb783257f774ee6bbc073ab1de62fc09a9fdac2eba

SHA512
268dcc422e562f97c1cab81cc7d3a4b9c3e9e44c4679666edeec775ae049511d092fe4c99ff22e1afbc8ad065ead0d6b0fb2484dcb764cae8a3d2181f165c138

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-math-l1-1-0.dll

Filesize
31KB

MD5
c13c4c30c16b3c340f2ab002bcfcecea

SHA1
b27a05c304d98e9eab92eedff6c60d16dfb3eb5c

SHA256
94bd40ccc96f0550d021ebc53b48b844bba0298f2e57c83d07c4f508034ae8dc

SHA512
e86431c1ff89dbc974c3dee8c05aba097669020b6900e06aec54054cb7fa3facd5bb96cb404a218b2562865d24a0bb1f65f098fd079e896ae610b2e2c27770c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
31KB

MD5
374d312dd46238422ee1202c8dc1b3da

SHA1
b93b79504035fae2d776744ab99402a7fa846e7e

SHA256
087d9859304fc2c7c55e3adbe0add2ed3ee438868ba240e45797adeadd7e5762

SHA512
f803683cb92adc72770ef1b86399d48546f1687ff329e6fe8846f3b4bc1b5b0477c84b657adbdd023de5d62ead8d98e651f2631e9ee68df1196d707f0e160aaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-private-l1-1-0.dll

Filesize
75KB

MD5
6723c4a5323fd1ca2230fe0c4a30bf0e

SHA1
36701fdf6814debd0cbfd75ef8a1b1abab610dba

SHA256
e0206cfcd213a0eeff4d5c95127cfb303f15f90a9a6c6ab604e2afdeb421b54b

SHA512
a54e2da6973228b54cdd6ee51b3e541f5e232cc502f4c0889045eb5afbfd81c4b8997fddbfdc66d376f3e0bf989e65001796fe474b20bbde96f78e3ec89cb3fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-process-l1-1-0.dll

Filesize
23KB

MD5
550bbfada29a9637c3e30c04f85fc4ac

SHA1
f5da825a66bd168a1f306350e3437f78be190985

SHA256
2f77ab480cb71f6116cc27253d2fe95f0bc029c91ef2a8ea14b429e50e41efb8

SHA512
a33576a08cd4f24083807b30625f16898c939bc8bcdb94b1742a1fbefab5b1124a5d7b14fcfbbf5689f754dfb03203cc03c0a038fcf920af7999dac85272dfd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
27KB

MD5
42e63c1ba3f2c79b8cc193a24a9611c2

SHA1
7dd2bfaa737f04fad938f8696abd586327f3b4f2

SHA256
0e5827d2ccacfb6893183f2a315e8845db46d5a0f40cd1c317147308b19a112b

SHA512
20dfde8241545c839b01eb297c6a80156fa827b21fff01e18c71e531ec8f0905ecd214f169db44cfbd84f38b0f48e3e165d0423d807af488597ba0b9520129ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
27KB

MD5
97425d9aea0d462042d570587c7e5e51

SHA1
9c013c5c810cb631692ef184098af9ccbe172f78

SHA256
cafe25bba3daa3ecc1984151e2174abca2f669c23d79a166f82e7d3489eeaf3b

SHA512
adea9b32168544918c1b188f4186618f2dd09da8e1ac2b15b9e801241b8bc8f0414d6572ecaf6a4c5026ba142e789744eca04468cd333261251ec8680801f231

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-string-l1-1-0.dll

Filesize
27KB

MD5
e5623db2a54b98d1c69644777eb9cdba

SHA1
7ee9ff896277291cce9953ea6ef58def4fa3e3d0

SHA256
6054ce87cdc6f2edc1240f75c50db5ef02a8372453debbb1f07dd538af1ac638

SHA512
e0d5c51a4d6d225c0158b7fcb2e1ac026b23cf76b42683006c8368482056a9e05141d78e38d378111ac56e92f5610105d5e69a3876f74ea69a9a3cf1e451fea4

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-time-l1-1-0.dll

Filesize
23KB

MD5
ea1711980e463c54a29da0bbf999db55

SHA1
034d567fd6ca548c9c9e254fda01a1e559ef0077

SHA256
3a0e9029ca829380cabbc4a448e47657a01ba668bc7d2da7dc490f0571147b94

SHA512
d766ce1318bafc8866d6a58b14fc6f444ebf1d84f5aebdee77dbb576947c63decbb96f8fc53c279caa2e06264d76e47c167f941da2dcc6ba950318ea67aa52c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-utility-l1-1-0.dll

Filesize
23KB

MD5
4548eac2865691d00f8bbc5c79b880b6

SHA1
2ac1c450daffbb22e62ff60a06409d98c6cf23c8

SHA256
453694608971d4291f52c0d6070698f7d29472a9416b52117e32640a083f683b

SHA512
ee99ee11b7f315f0b21fb27fa93d2aa32ff710862e3a31865f283f4ef521f2504f2c4b23b6b88c615056aef2fc9812aad6787695adc05840561191ec927a29ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-downlevel-kernel32-l2-1-0.dll

Filesize
27KB

MD5
eef810c168ba5114d95c91f1e88f6076

SHA1
7952e727e5556067012544ee066e8902f5576974

SHA256
c91132ebfd1ef5d70526c8a67d7c71223b40ef96369aa301e53d943f3deaf855

SHA512
a1a35a376c5ad19985c0bd22e8418a8c861db6f949107b304e4b2ba976d666f6999d5a564f97bbdae38d486f41909caef99c9eadc0b8f4cc894fbdb01fb975b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-eventing-provider-l1-1-0.dll

Filesize
23KB

MD5
7e1b066d99e92ae3e384a3f2df0f6a10

SHA1
c57609b84d48d6ee67848d60dae93fc7f7cf0224

SHA256
090e87f58f945909481e318a77ff4551af74cbe79c5736c7864507bb76d9ce3a

SHA512
93e0fca3f807b1fde68a44dc02feddd68792a1c2a98913627cf32af603a45869e7be94382055c9ee10c9edc4a8a4f6b22999fd0f9532b52525967bb7fd4d83c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\chrome_elf.dll

Filesize
1.4MB

MD5
80439b12c49898ecdbecb371a294bacf

SHA1
992633f6e84209a6b5cef932c4c3d2c9f0b3e78f

SHA256
2fc98ab775011385ef96af83b13576cbc8b4809f6cfb6b2fc7e321bdedcb370b

SHA512
bdba712217a2cd8612a9ae15104fe97b5fcf990be8306dd6eed8fc29707d23d5b2cc80f596fc3618fa0ec7dc7440f90f55f8d5492c9b1dde6b15b181bf1a76ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\d3dcompiler_47.dll

Filesize
4.7MB

MD5
a9cd65f4e19f82f0b09003bf6bc3932f

SHA1
9c669fba967454169f1c0797f75e599a1d3d07c9

SHA256
71d9fd57f0279e388e2144aed0eb16240e77a8b98dfdf6aa1d8494f47252835c

SHA512
68a3d0b9aae7c7b953f489914bff2a2c82800dc9cfb1db7f14b80fbfc56941d464ecc8083370f566d7c62f9db8ee26685ecb5bb9674873ac4b1eb1431e3c853f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\libEGL.dll

Filesize
469KB

MD5
6fe68d45f9129e49738230493a248281

SHA1
b47f0a056c60fabb771db2deb76af0249ddc4503

SHA256
ea893d84a80b5e6f1b96b4741acb8aacff89937053bedc11c50fa229bed6e905

SHA512
e45d6c2646f190adde5c14a4b03bc9aa4241a1c4e894c14ac84d98e0c7a5c90bc85bc93320b7a218c99539f765745e284233e25bc2ac036b7636dd80ad7b0422

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\libGLESv2.dll

Filesize
7.1MB

MD5
722e4a5213354404ca95c167bc79dbc0

SHA1
631a44277b3ab577ac822d5c1a388f5e8360fa0c

SHA256
2e8e740b950d2dc863d01b8dedf46009122084eb860bb90ba48d882b63ff88d6

SHA512
601f59fcf40718294aee00225ef734913dca92738c7c62735226f2b1dcf7871b34946286af434dd1c41689d202a85500924e68158a5eb9ed115a261278f372f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\msvcp140.dll

Filesize
555KB

MD5
8fdcc5cea7d960965a427dd76d174872

SHA1
9dfa5a755ce36069c142882a2ef5c456290f3984

SHA256
bef8fb98b6e255c145121b6c1a61ace8fa0b2ec3887deec6816bddb867a06606

SHA512
d8909fded13630e6c5c7f0573aa73f982edbbbd178f80871f184f4a974e87d87b4a0ee23fc8310b6f1a69dbf323d841c1e7d2d053b065304d30647c13815ad17

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashhandler.dll

Filesize
363KB

MD5
af7888ebe56010f3bf70574f71853cd9

SHA1
bbc3c2729bc2765ed346930450b42bcc1acdb4e8

SHA256
31c63ccc814699a5d46328c651db344d28635474f5c0531f9aaaf184d80fe976

SHA512
946874f68e932c242389062f696551d9bd5faff1b3732a18d61448c54d0c57e3fd00d75fcc27e5365ee641e4d70e35a987787cf9b670400fd11d3808f9870996

Download Submit
C:\Users\Admin\AppData\Local\Temp\logs\bootstrap_log.txt

Filesize
11KB

MD5
508c1da1bef89dfc871526eeb1a3052b

SHA1
a16f944b2385cc3b978383c28f2727e6e9eddd3c

SHA256
23c569d85cfeb877eb9dff4e41c85c254afa01273d37f62dc309f574bfc45981

SHA512
7d3d0b25052dc4386cb72109d6bed4858c49a4e0073043c8772d3b57eae5a8065dea4527fa9dfe8a3530327491d91092aa70532a99830d881035818b0606b619

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_metrics.bin

Filesize
2KB

MD5
8fda2aa782556e9af2d42e9a9eff50a8

SHA1
2947a0f0ccf5ef821a6ec2efde166c32f060acc0

SHA256
e88ef823eda724a85174d787da693e4f415d7dfa6b026685cde7d9c31d030e8d

SHA512
0d447b11e7dc150a235fef0690eac4fa02a3a1e9b9c9ddd89f9fb4561088a345ecf36eff9c146fff95f8812e3efa25ab5b2c2d7e679d90d60ef1d2f7b86f0bee

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.installed

Filesize
464KB

MD5
db435a2bacd2bad2a25d05898cf3cc5a

SHA1
316f21c6d8aa264a1d0b07144df4cefab6022741

SHA256
77d1202f4971162b15c362575eb82992eabd0e61baab4ffc575919bacb46eb5a

SHA512
94efb3af4f16d9e4e23134a06cba72770719032a38b36c208de6134960def8743d4f1b6f4588529282ded76b315ab33764b39bbbb79b4dbff4302477c650bbb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.manifest

Filesize
9KB

MD5
523923fca32f03ad1cdfcbc709ad58ae

SHA1
4d75494feed080fe3220bcac3b5adf6a147cca1b

SHA256
0cd3dbfcbb72d6157e1ae67ae235282a19235bfd5175c2a911162cc6ee90c184

SHA512
19a5532211e3d10f0ac76ff137c425c16f92e72277c5b1fcbc76a0a7cc1ba9592317835d448b2d1cf331f6677a9937288ef755efdf4a8c67d372f46cc7e50b46

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Users\Admin\AppData\Local\Temp\public\steambootstrapper_english.txt

Filesize
4KB

MD5
da6cd2483ad8a21e8356e63d036df55b

SHA1
0e808a400facec559e6fbab960a7bdfaab4c6b04

SHA256
ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6

SHA512
06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

Download Submit
C:\Users\Admin\AppData\Local\Temp\steam.exe

Filesize
4.2MB

MD5
359feb3b9136f83a261e0f260b568136

SHA1
055c32421bbb3dc8714d4f0405b2786e89e8ae6b

SHA256
7f79252afdb9402e0b4a5ac3dac1b19cc8689fd5192b69ecd7974458ef600984

SHA512
09400c3df422ee1293a8904ba4f368a792c672204370918b18266fda73c5e624229e21c32afba17fef43a01594841aeb990d56eced8ff2ebaebf4b6fd9c62cef

Download Submit
memory/1148-12321-0x0000023873C80000-0x0000023873C88000-memory.dmp

Filesize
32KB

Download
memory/1148-12232-0x00007FFD9F760000-0x00007FFD9F761000-memory.dmp

Filesize
4KB

Download
memory/1148-12231-0x00007FFDA0470000-0x00007FFDA0471000-memory.dmp

Filesize
4KB

Download
memory/1148-12320-0x0000023873FD0000-0x000002387470F000-memory.dmp

Filesize
7.2MB

Download
memory/3068-12151-0x0000000000950000-0x0000000000E04000-memory.dmp

Filesize
4.7MB

Download
memory/3068-12147-0x0000000000950000-0x0000000000E04000-memory.dmp

Filesize
4.7MB

Download
memory/4816-12311-0x0000027D824C0000-0x0000027D82BFF000-memory.dmp

Filesize
7.2MB

Download
memory/4816-12312-0x0000027D821D0000-0x0000027D821D8000-memory.dmp

Filesize
32KB

Download
memory/5668-12317-0x000000006F6C0000-0x00000000709D1000-memory.dmp

Filesize
19.1MB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads