Analysis Overview
SHA256
3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd
Threat Level: Known bad
The file 3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd was found to be: Known bad.
Malicious Activity Summary
PurpleFox
Gh0st RAT payload
Gh0strat
Detect PurpleFox Rootkit
Sets service image path in registry
Server Software Component: Terminal Services DLL
Drops file in Drivers directory
Executes dropped EXE
UPX packed file
Loads dropped DLL
Checks computer location settings
Drops file in System32 directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Suspicious behavior: LoadsDriver
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies system certificate store
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Suspicious behavior: GetForegroundWindowSpam
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-25 18:11
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-25 18:11
Reported
2024-06-25 18:14
Platform
win7-20240221-en
Max time kernel
108s
Max time network
150s
Command Line
Signatures
Detect PurpleFox Rootkit
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Gh0st RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Gh0strat
PurpleFox
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\drivers\QAssist.sys | C:\Windows\SysWOW64\TXPlatfor.exe | N/A |
Server Software Component: Terminal Services DLL
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Remote Data\Parameters\ServiceDll = "C:\\Windows\\system32\\259400303.txt" | C:\Users\Admin\AppData\Local\Temp\R.exe | N/A |
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\QAssist\ImagePath = "system32\\DRIVERS\\QAssist.sys" | C:\Windows\SysWOW64\TXPlatfor.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
Executes dropped EXE
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\Remote Data.exe | C:\Windows\SysWOW64\svchost.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Remote Data.exe | C:\Windows\SysWOW64\svchost.exe | N/A |
| File created | C:\Windows\SysWOW64\TXPlatfor.exe | C:\Users\Admin\AppData\Local\Temp\N.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\TXPlatfor.exe | C:\Users\Admin\AppData\Local\Temp\N.exe | N/A |
| File created | C:\Windows\SysWOW64\259400303.txt | C:\Users\Admin\AppData\Local\Temp\R.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ini.ini | C:\Users\Admin\AppData\Local\Temp\R.exe | N/A |
Checks processor information in registry
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\HD_3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\HD_3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\HD_3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Users\Admin\AppData\Local\Temp\HD_3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\HD_3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\HD_3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\TXPlatfor.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe
"C:\Users\Admin\AppData\Local\Temp\3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe"
C:\Users\Admin\AppData\Local\Temp\R.exe
C:\Users\Admin\AppData\Local\Temp\\R.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k "Remote Data"
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k "Remote Data"
C:\Users\Admin\AppData\Local\Temp\N.exe
C:\Users\Admin\AppData\Local\Temp\\N.exe
C:\Windows\SysWOW64\TXPlatfor.exe
C:\Windows\SysWOW64\TXPlatfor.exe -auto
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul
C:\Windows\SysWOW64\TXPlatfor.exe
C:\Windows\SysWOW64\TXPlatfor.exe -acsi
C:\Users\Admin\AppData\Local\Temp\HD_3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe
C:\Users\Admin\AppData\Local\Temp\HD_3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe
C:\Windows\SysWOW64\PING.EXE
ping -n 2 127.0.0.1
C:\Windows\SysWOW64\Remote Data.exe
"C:\Windows\system32\Remote Data.exe" "c:\windows\system32\259400303.txt",MainThread
C:\Users\Admin\AppData\Local\Temp\HD_3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe
C:\Users\Admin\AppData\Local\Temp\HD_3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=1076" "-buildid=1718904662" "-steamid=0" "-logdir=C:\Users\Admin\AppData\Local\Temp\logs" "-uimode=7" "-startcount=0" "-userdatadir=C:\Users\Admin\AppData\Local\Steam\cefdata" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Users\Admin\AppData\Local\Temp\clientui" "-steampath=C:\Users\Admin\AppData\Local\Temp\HD_3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write --disablehighdpi "--force-device-scale-factor=1" "--device-scale-factor=1" "--log-file=C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --disable-quick-menu "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal"
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\dumps "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1718904662 --initial-client-data=0x224,0x228,0x22c,0x1f8,0x230,0x7fef5bcee38,0x7fef5bcee48,0x7fef5bcee58
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1718904662 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1092 --field-trial-handle=1196,i,9795870604263615493,752868378319205173,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe
.\bin\gldriverquery64.exe
C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe
.\bin\gldriverquery.exe
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1718904662 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1216 --field-trial-handle=1196,i,9795870604263615493,752868378319205173,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1718904662 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1636 --field-trial-handle=1196,i,9795870604263615493,752868378319205173,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1718904662 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1652 --field-trial-handle=1196,i,9795870604263615493,752868378319205173,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1718904662 --steamid=0 --first-renderer-process --force-device-scale-factor=1 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2208 --field-trial-handle=1196,i,9795870604263615493,752868378319205173,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery64.exe
.\bin\vulkandriverquery64.exe
C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery.exe
.\bin\vulkandriverquery.exe
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1718904662 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1524 --field-trial-handle=1196,i,9795870604263615493,752868378319205173,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1718904662 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=2596 --field-trial-handle=1196,i,9795870604263615493,752868378319205173,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=1076" "-buildid=1718904662" "-steamid=0" "-logdir=C:\Users\Admin\AppData\Local\Temp\logs" "-uimode=7" "-startcount=1" "-userdatadir=C:\Users\Admin\AppData\Local\Steam\cefdata" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Users\Admin\AppData\Local\Temp\clientui" "-steampath=C:\Users\Admin\AppData\Local\Temp\HD_3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write --disablehighdpi "--force-device-scale-factor=1" "--device-scale-factor=1" "--log-file=C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --disable-quick-menu "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal"
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\dumps "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1718904662 --initial-client-data=0x224,0x228,0x22c,0x1f8,0x230,0x7fef5a8ee38,0x7fef5a8ee48,0x7fef5a8ee58
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1718904662 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1120 --field-trial-handle=1148,i,11763693279071422081,16565502909425471983,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1718904662 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1520 --field-trial-handle=1148,i,11763693279071422081,16565502909425471983,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1718904662 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1236 --field-trial-handle=1148,i,11763693279071422081,16565502909425471983,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1718904662 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1232 --field-trial-handle=1148,i,11763693279071422081,16565502909425471983,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1718904662 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1260 --field-trial-handle=1148,i,11763693279071422081,16565502909425471983,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1718904662 --steamid=0 --first-renderer-process --force-device-scale-factor=1 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2260 --field-trial-handle=1148,i,11763693279071422081,16565502909425471983,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| US | 8.8.8.8:53 | cdn.steamstatic.com | udp |
| BE | 23.14.90.81:443 | cdn.steamstatic.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| BE | 23.14.90.106:80 | r11.o.lencr.org | tcp |
| BE | 23.14.90.81:443 | cdn.steamstatic.com | tcp |
| BE | 23.14.90.81:443 | cdn.steamstatic.com | tcp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| US | 8.8.8.8:53 | test.steampowered.com | udp |
| US | 8.8.8.8:53 | ipv6check-udp.steamserver.net | udp |
| US | 8.8.8.8:53 | cdn.steamstatic.com | udp |
| US | 8.8.8.8:53 | ipv6check-http.steamserver.net | udp |
| BE | 23.14.90.73:80 | test.steampowered.com | tcp |
| BE | 23.14.90.81:443 | cdn.steamstatic.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| BE | 104.68.92.92:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | ext4-fra2.steamserver.net | udp |
| US | 8.8.8.8:53 | ext4-fra2.steamserver.net | udp |
| US | 8.8.8.8:53 | ext2-fra1.steamserver.net | udp |
| US | 8.8.8.8:53 | ext1-fra1.steamserver.net | udp |
| DE | 155.133.226.76:27035 | ext4-fra2.steamserver.net | tcp |
| DE | 155.133.226.76:27037 | ext4-fra2.steamserver.net | tcp |
| DE | 162.254.197.54:27023 | ext2-fra1.steamserver.net | tcp |
| DE | 162.254.197.39:27019 | ext1-fra1.steamserver.net | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | ext1-vie1.steamserver.net | udp |
| US | 8.8.8.8:53 | ext1-vie1.steamserver.net | udp |
| AT | 146.66.155.54:27023 | ext2-vie1.steamserver.net | tcp |
| AT | 146.66.155.38:27028 | ext1-vie1.steamserver.net | tcp |
| DE | 155.133.226.76:443 | ext4-fra2.steamserver.net | tcp |
| AT | 146.66.155.38:443 | ext1-vie1.steamserver.net | tcp |
| US | 8.8.8.8:53 | ext3-sto1.steamserver.net | udp |
| DE | 162.254.197.39:443 | ext1-fra1.steamserver.net | tcp |
| SE | 162.254.198.46:27031 | ext3-sto1.steamserver.net | tcp |
| DE | 155.133.226.76:27035 | ext4-fra2.steamserver.net | tcp |
| US | 8.8.8.8:53 | test.steampowered.com | udp |
| BE | 23.14.90.80:80 | test.steampowered.com | tcp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| BR | 155.133.227.34:27018 | udp | |
| BR | 155.133.227.34:27017 | udp | |
| BR | 155.133.227.50:27017 | udp | |
| AR | 155.133.255.164:27018 | udp | |
| AR | 155.133.255.100:27017 | udp | |
| AR | 155.133.255.164:27017 | udp | |
| CL | 155.133.249.164:27018 | udp | |
| PE | 155.133.244.34:27017 | udp | |
| N/A | 127.0.0.1:61725 | tcp | |
| N/A | 127.0.0.1:61726 | tcp | |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 23.200.189.225:80 | www.microsoft.com | tcp |
| N/A | 127.0.0.1:61726 | tcp | |
| N/A | 127.0.0.1:61725 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\R.exe
| MD5 | 8dc3adf1c490211971c1e2325f1424d2 |
| SHA1 | 4eec4a4e7cb97c5efa6c72e0731cd090c0c4adc5 |
| SHA256 | bc29f2022ab3b812e50c8681ff196f090c038b5ab51e37daffac4469a8c2eb2c |
| SHA512 | ae92ea20b359849dcdba4808119b154e3af5ef3687ee09de1797610fe8c4d3eb9065b068074d35adddb4b225d17c619baff3944cb137ad196bcef7a6507f920d |
\Windows\SysWOW64\259400303.txt
| MD5 | 70356d5d51becd8d4f27082b8f876465 |
| SHA1 | 41c1a488680ef6526f5552f0f332357f3fc893a1 |
| SHA256 | ad72d2885bd337150279dc5f57424a353102811d710e31c1f4c054b5009b583f |
| SHA512 | 8e52a0c8df46b243cf06c25dcb30461837db772d6161221ee75f0af21af3748ac026c73c5e45084f7c8e42077ff9164b9f464e28bfaa23e85408611ab2dc9e00 |
\Users\Admin\AppData\Local\Temp\N.exe
| MD5 | 4a36a48e58829c22381572b2040b6fe0 |
| SHA1 | f09d30e44ff7e3f20a5de307720f3ad148c6143b |
| SHA256 | 3de6c02f52a661b8f934f59541d0cf297bb489eb2155e346b63c7338e09aeaf8 |
| SHA512 | 5d0ea398792f6b9eb3f188813c50b7f43929183b5733d2b595b2fd1c78722764fd15f62db1086b5c7edfb157661a6dcd544ddd80907ee7699dddbca1ef4022d0 |
memory/3004-18-0x0000000010000000-0x00000000101B6000-memory.dmp
memory/3004-20-0x0000000010000000-0x00000000101B6000-memory.dmp
memory/3004-21-0x0000000010000000-0x00000000101B6000-memory.dmp
\Users\Admin\AppData\Local\Temp\HD_3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe
| MD5 | 277bea32e72b3f297ba29ea26663646b |
| SHA1 | 00309eace95a503182580296fac27afdf4a10e56 |
| SHA256 | f2d3bed061e1a774b8920932034bf8111a78ce51afa4693046e3c48c7c53a1b4 |
| SHA512 | 38eec3a7a4d81497e02c6f98be72ff9f0019d96f9791ec5f03ea665be1564ad88d0d1c6d67411455a2c777708761cf479997d642b2456c367b684a8bcfc5734b |
memory/2272-43-0x0000000010000000-0x00000000101B6000-memory.dmp
memory/2272-45-0x0000000010000000-0x00000000101B6000-memory.dmp
memory/2272-49-0x0000000010000000-0x00000000101B6000-memory.dmp
\Windows\SysWOW64\Remote Data.exe
| MD5 | 51138beea3e2c21ec44d0932c71762a8 |
| SHA1 | 8939cf35447b22dd2c6e6f443446acc1bf986d58 |
| SHA256 | 5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124 |
| SHA512 | 794f30fe452117ff2a26dc9d7086aaf82b639c2632ac2e381a81f5239caaec7c96922ba5d2d90bfd8d74f0a6cd4f79fbda63e14c6b779e5cf6834c13e4e45e7d |
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_
| MD5 | 577b7286c7b05cecde9bea0a0d39740e |
| SHA1 | 144d97afe83738177a2dbe43994f14ec11e44b53 |
| SHA256 | 983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824 |
| SHA512 | 8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0 |
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\icon_button_news_mousedown.tga_
| MD5 | 00bf35778a90f9dfa68ce0d1a032d9b5 |
| SHA1 | de6a3d102de9a186e1585be14b49390dcb9605d6 |
| SHA256 | cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2 |
| SHA512 | 342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041 |
C:\Users\Admin\AppData\Local\Temp\package\tmp\resource\filter_clean_bulgarian.txt.gz_
| MD5 | 836dd6b25a8902af48cd52738b675e4b |
| SHA1 | 449347c06a872bedf311046bca8d316bfba3830b |
| SHA256 | 6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64 |
| SHA512 | 6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80 |
C:\Users\Admin\AppData\Local\Temp\HD_X.dat
| MD5 | fd8a556711d1e8e92248d05311bdf2d4 |
| SHA1 | 046584b8ad26509e9ca2f8044fb41bbc5d5f9578 |
| SHA256 | e537888b762de7945aa2312ea421e96d3fdd35f87159416be3acbe39fbf9eccb |
| SHA512 | 56c1b4ba0cbbac944d8c91dafe728a82f5513bff3daf0ff27ce287e111d6bce5862d844a0704aa43932b3c76dd1b4092bf58734ac24b353f3d7310117683b317 |
C:\Users\Admin\AppData\Local\Temp\crashhandler.dll
| MD5 | 9734b8f1dbde2e34f012deaad3d0cd54 |
| SHA1 | ab2498ba3976fc5f1b1debf1861a49bb5d31458a |
| SHA256 | b0878682d846a4a3d8b953f237304a43961fda731f063b39c01c95bada04a091 |
| SHA512 | 7deb0cd1192111ae92f2b2c624ba23db4e5821d305b08e9839120a874c83cb2ca6c48bca85ec2b91300dcc0145472dbf54345c6b6457a84fc62ae9f635282f21 |
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.manifest
| MD5 | c1b0eb2527f93eb50c9307c7992a6892 |
| SHA1 | 2b208a9af9e0de3537bef137a7f2bed01c9d814b |
| SHA256 | 919e50219d0d8fcff77805d4029a77b8e71912ab05684dca287545de3835a288 |
| SHA512 | 1c60d3a523d764a74ab35c5e9c4874291288c5570410f8c6e1c4ca8ed9149b001008ee0c361be4160f057bc725447aa94f9e3100ef7ebac9e29152d102190b37 |
C:\Users\Admin\AppData\Local\Temp\public\steambootstrapper_english.txt
| MD5 | da6cd2483ad8a21e8356e63d036df55b |
| SHA1 | 0e808a400facec559e6fbab960a7bdfaab4c6b04 |
| SHA256 | ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6 |
| SHA512 | 06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925 |
C:\Users\Admin\AppData\Local\Temp\logs\bootstrap_log.txt
| MD5 | 9684d12c74e9b7a2af39b9a49adf54ba |
| SHA1 | ebdad65a8f1ba2a050a3e8372621b428c79d014b |
| SHA256 | 0151116cc5c78031c4e5a7c0d80e1404e44a22c029767a5c79de11e6d0d84ec9 |
| SHA512 | b164ae34a0d7ca4cef1f37276e486bfec1e1143d4b479afb604464213b3a0cd0d34c1e27574ce87656fb404f6a8acfbf567cc6c96ef61749d830c2bc4b059a57 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-locale-l1-1-0.dll
| MD5 | 74add032773802678bbfec4d07c2f95a |
| SHA1 | f30cd5da7d9768696d0d57cde1ba7141804ffb0d |
| SHA256 | f55be8b606d5715e54cb795b822aa295c4e0e92170359fedf0f72c1fe07057f1 |
| SHA512 | 7f2e74a2d158588aff68ea5a23237f5a08d75ee1dfc72c2b8ba4c1a172cfa826eb71ed3dafe524dc6ca4eb4d96e2d1fffc6a39e85caff5aeb3925af761623da9 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-heap-l1-1-0.dll
| MD5 | 295a7f69076e8e789860bb3d566caa0c |
| SHA1 | 4d7ee1025ac08ce85f95c620949f9af9a0b8ad3d |
| SHA256 | 516dc0852025a741cf5cfc6be3e4ad791d4a5aa692fa35498ba7b5f146d54a1e |
| SHA512 | 959d1171c77a0c7267d69737c781c0e66cd9f513a6267e8e5c986677aaec4facae8e024bdd0a3a6ed4905df116e5d80f706d51da0a3cf26cafda2b13bcd86c14 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-filesystem-l1-1-0.dll
| MD5 | d2b88081e89aa26e825b04c15ed158e4 |
| SHA1 | 3d6073d8ca42ef7fd671856cbe7eec20bd78da23 |
| SHA256 | 9da16f7fb466e63a5ccc24eb7ee95a80ed4216e925545a59fd6fb5d7236211f3 |
| SHA512 | 4544ee07592758723947b039e7f4712c0658ef40942355e3424838aab6382c110366c9013cbd042a605bfca73b6535cedcd146db8a6e850bdb5a50f4132135a5 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-environment-l1-1-0.dll
| MD5 | c1da1a8ee38c89a989b8a892edf48099 |
| SHA1 | 0a65c36944a2c2e210d96ca394f5065dae34f665 |
| SHA256 | f2d19e04a9fe1a382fe5c492501236a0cadc9f106036af8496a8f24457a3feb2 |
| SHA512 | 085acf718846bed78e73908481aa61b3bc64ff8dd7117baa556a535b5f32d304a2f6d20cae06b0c43ecb5c934bcff4758095a0638aac428a98036e91d3047908 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | 75f7dd0261c0a7e89abe0971a6f7fad1 |
| SHA1 | a657010c0896034178caac01093430a9b550745b |
| SHA256 | d8f04afab237a0177bc3062c6508c57f884c23013985d3c48af26b7c25028949 |
| SHA512 | 07960af507910ed1366feb86487b3eb0d942f638eaeba85e1fb1bcf1dba09359c95ca93488cde969259b7e0b78df8a418e62848f49f40d3cceb8cd5f52bd5760 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-conio-l1-1-0.dll
| MD5 | 09a4172deab1aab62c3eabfe126b2cd1 |
| SHA1 | 5ecfb94c505258be83a471a22979f7f85960bb02 |
| SHA256 | 56fb8c7b7d12814ab0f5fc2eb69dfe98c3e9d00dc554a5e00f2ffdf9fc8728d8 |
| SHA512 | e31adafece4e16a76e1cb54d92d82edf441e5c5e3a9c8c68d63bda6f9014705b3a9eee4502bb492b09e3384029878ebb28b82e5c9caf95f8fcae8347aba6dadf |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-util-l1-1-0.dll
| MD5 | 27262395d098572d6babe49373d357cf |
| SHA1 | b6c3bcecc99ad8d03a4b8672422a5aa5199eb297 |
| SHA256 | 8b2197d96a4a01465e0062d5854a940232734123536ebd3c4f4116efae772688 |
| SHA512 | 42e1b4ae70cd97a50b6459ba0f9375de0e1586930c8b9cc12884794de1da905fc7d766811785a98f81f13dc77cf8ba6aaa5ad8592cab4a5b873df9027fbccc82 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | b4bfb5cd23ca6f9ef9dfd43f70e8bba7 |
| SHA1 | 2ad09fc7c204d74b4c3c67710a72e10b699d7345 |
| SHA256 | e3d05dd8f99995cb289b3f86eaaadd99a0b1ca2e12f0a0db22feec335a938111 |
| SHA512 | 023d892f449f578c68074a77b46f7fabc4688a276fb0ced6b1eb6c91037f296776e2ddfd81e71c4f8976285b2e1d5d35bad2fe0ee93ff661b78d45fd34cdf476 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-sysinfo-l1-1-0.dll
| MD5 | d2716cd25fd6ac67580982c8efb5629a |
| SHA1 | 199c6b5208331881e9425904e345feaf1af45b82 |
| SHA256 | 329149e3a2360b9e4231ebae9fc3c467d3c560195fc3bc5d2fd31c6a5fd65da5 |
| SHA512 | cfca74a6b909bb7d1e20487c4c3bb8e20e9970b49b14fe9d693c5b75fc4b83d8dcfa4ac085fc8db4ed76382266c934939b4e41a70d4ec5308fd8c7f065ccd95a |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-synch-l1-2-0.dll
| MD5 | 747bedc394cb41b6a0e1b94b6ea8693e |
| SHA1 | e6388ae7dcd0df0396e6cfabe65be85789bf72db |
| SHA256 | ac30c50dc71795c7e0419389f15bf7676718e23f4b786da2ccd4103f24198656 |
| SHA512 | 15814d5a904fd9d8fba2eb451b27c0f15d892afe98edca36e3adf55fd2df5d516012eb104035aaff0885c5dacc784c44a1f2df3f8a59324483bcb86c8b213bf0 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-synch-l1-1-0.dll
| MD5 | 94eb94712d2eca213b446f17c62380f3 |
| SHA1 | 90a32ddb5c5c3e8757670ebc75ffc237de12f2bc |
| SHA256 | 902ae18339560e5142c87f97e9574864b518a0ca4572298b418acadecd8ac6ad |
| SHA512 | a9d68a3f68532f8b3e698ad6aa7303ad9c5fb838bd61444f415e20537c76f463d849d3b458f5fdd8f133e46083a3dff93ec6bf48d77495beea27ce342b1f84dc |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-string-l1-1-0.dll
| MD5 | 6e55ff194d5bc03a8ebe89c7b237e10e |
| SHA1 | fec152c0e14bdcee73ce234be9b5bb1608b85fd1 |
| SHA256 | 9f3a2d40be41b0c47fb03df21c4f7e4120cbb348553b642c5c80b92c64b3b357 |
| SHA512 | 18d8353f171a34e29674dcbff59f4db7e74857c3bb2155215d4179c7c94be7d85d43552f256b002d0e72fcfc3f9d9c4999ae83bf4599c4e68c808419e1618d8a |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-rtlsupport-l1-1-0.dll
| MD5 | 189af34aa567cd8ca0d18c1dededd39a |
| SHA1 | 0f6d013f294b267a0aa082ec3d422cf7eec2ba96 |
| SHA256 | bb2576e861a0c507db9ab2a29577803d7258eff03e52dc5f36faa51249c892d2 |
| SHA512 | e294e462cde5f099f2b3b6ac14b3771ada2ca1ec26ef485712698a98e5f4c4298a4ffed2e8cb99dfb096adf48e368ef50f30d7a5652a67fa16b250c7653d8580 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-profile-l1-1-0.dll
| MD5 | 724d2fe0b0268b30e7db9a7488f2b306 |
| SHA1 | 6cccc9bab72e205f18bb5485619dd3ccfe58202e |
| SHA256 | 074a6052a889456895d4eb8d592088b1d3858d3f6cecb884c528e74400710079 |
| SHA512 | 37e6f1ddb7d57aea23da10d13a3690740babbd3634d2966a3377c59248e75982a7fe2ed5197c1ba97d7d77906235c87d78067a3430c6d45dc8a4e5fa4d7e6409 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | 2da80fbfb025423ba529e0ed5d396caa |
| SHA1 | 94eddff83c93411c0fb48101177b238f2cbabdb6 |
| SHA256 | a074cc02be4cfa314ddd7223c288b1a71fe74143c3229c7cd30fb309419d7aa6 |
| SHA512 | c23e38776c826f1f2c9bec5ba2b0fd0366d1afdb06b805749814472a362f0fffaa5231bd678af17ecd7640333c5af4f2607d976521f649053ea3d24c8e7e9c9d |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processthreads-l1-1-0.dll
| MD5 | fbb8d74d5ca41920f285ed9d4634d501 |
| SHA1 | b1157ff444075b76bc3533b036793bda4afd96e4 |
| SHA256 | 7748f69d1f67fb4afa2ebb9712687d0b9235346d35909fee80dd5cb776ce7638 |
| SHA512 | a7d6ca4666eeedc5c4bb3db07919c4d08efa67638d0cbde7cbaaa5f40a59f2c61745fc129e882d47a39a561ea78aa7ff309286921945d940ef26d121bc865cf1 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processenvironment-l1-1-0.dll
| MD5 | 3d9d3eaad4d1f94fd099877e3c3574ee |
| SHA1 | 3dc985619b35e8d8bda17bbffe3fb9d73c697998 |
| SHA256 | 0986c9945e4db6c7e5bf42556f28ae54afafe5d991573590bffb9c494deaebdb |
| SHA512 | 5fa46bbd7eb1df2f5c233c70f5a4adc316b24e1de7e91c608d52f537a1ffa6d5cc8b1b4c6b4880b33acefb8236d7676ef50527b737ac23be968e5bdbdcd2f368 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-namedpipe-l1-1-0.dll
| MD5 | 38949794f4b5ed88fc604583ae0c9b1a |
| SHA1 | ffe2baaa0dcf56b56a726e314795e70d23149fe5 |
| SHA256 | 2dcec9017298d32b92223c0b9125ecf15cf330973414b3e181a9dbbbd74145d4 |
| SHA512 | 001f460d03b71f52cda97f5305b15c5fc40c1abe8c6deb429ecbd15d06a4ed26f7bc8cc491629cea14492cf13e22c1817312978b6095ee06b1592004a361818f |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-memory-l1-1-0.dll
| MD5 | c5c07cce6b571f4d566fbb2dfcfb009f |
| SHA1 | 4379f23072f145b3c31631faebba76321713e454 |
| SHA256 | dfcea447a3436a3b36287becb215633e73760de7d1df88dd24ce0f998aadf597 |
| SHA512 | d7d53c04459d373659056ed8535982ad6c558cac6239e9fef51074e8479b8777eb2dbdbf63678868f5902b6414a446b46d9d9acb9d70f3bd3dba5cba9512d982 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-localization-l1-2-0.dll
| MD5 | b20db974fdaf13d7a6c518c8cc4d124e |
| SHA1 | 3939b029019a583c3a65ae0e3bc2926f0889cc11 |
| SHA256 | c7253d57e123911ca6a0cdc8c74f103fc048399224393e97bf5a2a993cc13fdc |
| SHA512 | 5dde8bc5f30b69c98eec6d4d279bf1b1747ae119b8ddf8e96515d503c7937154e74bb88d7a01ebcb2b15b0f3fc2e74344c8f0df7add45af944028e3b3cba8245 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-libraryloader-l1-1-0.dll
| MD5 | f51c295b1f6d6845be84a53ac650e0bc |
| SHA1 | edf0d80ea2c7de134af5d1da1f07f7cd33d9d972 |
| SHA256 | 6d85722c07e91050b89692e647c8c9c6fec8c39a998286e0084a4a20619d956e |
| SHA512 | f84224a40bf12cc61ee47607fb3d367135205d7f26667de6ac930e7fda064d8322c0279fe2d67da92d8e017b9ede8a14ff26c050c35347112052e9fa840c5c3e |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-interlocked-l1-1-0.dll
| MD5 | 64350026ead6e66e58759314ab2b2c8d |
| SHA1 | e81696c0cdd81af0af47c696806e745283538c94 |
| SHA256 | f30dff7c389fc5143475a99945eaf9f2e36f2f50709e256c990b10459e32b8be |
| SHA512 | 6f55429adaa2107680c9d67a15b8094346b5bf295603ec7b2cbde7698d1e1f18436b6b2303b08b83f0177c77f877a33c16cd88cad13681616c0f9c3d751eb7bc |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-heap-l1-1-0.dll
| MD5 | 1b292e0f2b2d1a67d2032b5414c280a7 |
| SHA1 | 3f42ab6ad2c6fc52d11d677c1287c58bee3d0a37 |
| SHA256 | 60fa39cc05a21ce16a8651331445da1dd0e5e6c0194de819b4fa6a245f517396 |
| SHA512 | b9f6da412491d9919cb8a33483147c608d30cfa9651f326aceb96c85cf5163dd85a434ed8421cbe9a6d355df650564252cbae46a4b340459bb3d30f616e244ed |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-handle-l1-1-0.dll
| MD5 | a6c34ff1ecc9abc954922c5e569d7912 |
| SHA1 | 910709fc703f559d37ea6d7d75ee13b62cbb4290 |
| SHA256 | b71658e60bfa69f0bbcafbc8df40b118e9fc5df747e2069db0ac18b66aaab818 |
| SHA512 | c0612a7cfe143c22d9945e287a4be0378b808e974a845ba762bbff028080eb6149bf5451d1f7aa0c2cea74499b82007dc730ad51b0b2db4b0f8fc11c03f8e20d |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l2-1-0.dll
| MD5 | b3a3f902a5fe7b70c988aebd0e523d53 |
| SHA1 | 6fb07024c76cd0c4e07c3d0efa088b74998d59b1 |
| SHA256 | 61365671b9fccbc10c06ccc0d4c8875dd98ca51e8d3eb77e91069b1bd11e4a96 |
| SHA512 | 3bc057781870932f9703561bed8f786af9306a6a237582551edd12220e95521b8433a507ce702fa929654e930d0cba976eb0fc72fbe567d44620232e18390ce9 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l1-2-0.dll
| MD5 | 2bfcd1d1b70eef1a10c939a4eeab5403 |
| SHA1 | 12656ee086124eaf205a9eb470a78bc5e3d2512e |
| SHA256 | b0919c80eb88d5d6aeb7a6eb42344f40ebf6bf0914a45045d9606e2469f15132 |
| SHA512 | 9143ffd7e00f4168f78f72e9e08e6a901ffc57a1bdc07531d73f0d4fc59ae2a114d939bf2a60313ac34aa835e6c297168f255685cbd795c748fe9c8906d2215c |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l1-1-0.dll
| MD5 | d218fcedc1bee50c45f4e786c6d60564 |
| SHA1 | c4371579afbfae000e5b9a0ce07472be17badc9f |
| SHA256 | 13266c9674e9c663252ff2dc1a014a86cbaa42801d210f408269bd1dff681440 |
| SHA512 | efc30d116515ee000084db671a4c2d68551035b5512e7117c3c53d6ceb2b0418ee2ccdb5f76fa267be48e37d21a950e20423f95fc4e1c4d2c9e5fb47b692c882 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-fibers-l1-1-0.dll
| MD5 | b72dcda47e269f98aa6998df1b27b3e5 |
| SHA1 | 8a68318787497d2ed4ee6d981de825c874bcb603 |
| SHA256 | b9aefe9709a17fcaf8b85168c68f42e2b57f8214e7456a82c74495b815dc5bfe |
| SHA512 | 17b00481db67db8bf8f07035c760eb7adff65d59c532711d918bb1f2bbdbb6230cd0c583f3418102b80b6a085d45d3e3efe9a641e7dfa821c8a18505e9bb1420 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-errorhandling-l1-1-0.dll
| MD5 | 649e3b7d4b114213383aebd2dda0308d |
| SHA1 | ba1ba5acb362cbab817c5e1a3126d6ebf600740b |
| SHA256 | b15dd0c332b261d62a0b37b8981980a15e47b4682e6985e26f155a85f19e1466 |
| SHA512 | e667462ba457d44982337edda451a5d78eb4b6eab2e6a696ca333bdcd6688873e2c50b45e464e333ecf9f5b07dc35412bc746ff187b99e8139f9b8ef0456849c |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-debug-l1-1-0.dll
| MD5 | df9e90a38a99d1f609ba721a3d329195 |
| SHA1 | ad8859c5ec7f591800c0d4b6453eb10167ae142d |
| SHA256 | ba17d3a66e3df85fbf8b82b500f1360f8598cd48a814fda3e552cdd995e6f449 |
| SHA512 | e41ba10d2c679754627c348232bd8124a01eceedfe30c88b6f7ed257895a7b59e5149d448a68415c4d2cc1a5c2c32a575f032b764a14a2330d62f08ccb87de85 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-datetime-l1-1-0.dll
| MD5 | e763390e8aebf15cb2b9b5b8c9cc4e9e |
| SHA1 | 0f9f6544903700fa26c8892ff7e4881c56238282 |
| SHA256 | 5963b1cdb894ce297e52844741047f74f8d86fa7e97437e26d9bc8f0094e1003 |
| SHA512 | 4c8089029c0d97ef1a1570dc47a8eda08f2071332521cdb54b5b52786d078c19bf0324fa43b9d1c49b942f8eedf7a6dab606b25a3913a80f6c8d7bb97d28a768 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-console-l1-2-0.dll
| MD5 | f9bf7d30ea5a945b77910a06151ff620 |
| SHA1 | 3158c9ab3fd9b6fed40e77abe39eb53234151977 |
| SHA256 | b4ff5467266a4f8e5d8998525a8948b8b86d51a23c2f4f7023c505c8db341802 |
| SHA512 | 07e01ebde7c80fa3937f2169da9dc496f0a5efbbbc9c305e7772e28e334906054c14747fe10cca0ac1f1f275d95a08801ae7c44ca1cbddae1c1e008bf428d1a4 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-console-l1-1-0.dll
| MD5 | 4cbad862a3ff6e7ac0f33a904d247536 |
| SHA1 | 57ed831d8f3739aee41735fce679641862c36076 |
| SHA256 | 32a70082cf3496745580c0e4b7d1bdbe925013300f0573ccef466e7a1915a51c |
| SHA512 | 355e5f5081588c2460b6c21818172eea17b18f6d94a958902db57a585409c8a2231a2666bc12548316a041bfce8a2eeeef2e4759a9e38900550b6a7c96d7ed2a |
C:\Users\Admin\AppData\Local\Temp\bin\audio.dll
| MD5 | 1f2d6a54ee20a1fc3e421f4617e11fee |
| SHA1 | 8faacf81b34ff7eb54c70520a15b53954ad27565 |
| SHA256 | 8683b6868f2fa1f29aa4d800a11b8cf628cda3b3651575c147b1e51e89a19309 |
| SHA512 | 4f52fa530755fd3dc775861f880729e9ca9a892408707e816d89f25f1ec03b17779945b3ebda228ca83a320c167523a9801afdcb526420b314df6861b9f97f06 |
C:\Users\Admin\AppData\Local\Temp\avif-16.dll
| MD5 | a09c5fa842fa4456a0b53b46f1050225 |
| SHA1 | 9e4677f19e77bf55e7d0e2e82d8c27f79dbbd78e |
| SHA256 | 3d7ba6fedfdfd6e751693d718a21438304690b754d1c5d13c847a829b2423b8b |
| SHA512 | 71c962da6ed6894209891513bf9f0132a5eab6c65a5d9ba334efcaf73463be5625665a060863a106d59fad1949f6191f641aa4c59ddb0e825701bef08ef9b5a5 |
C:\Users\Admin\AppData\Local\Temp\aom.dll
| MD5 | d764264518e77cc546a5876c3bcebad4 |
| SHA1 | ea17d45b396fa193a851bfd345e2b2c20ad60e12 |
| SHA256 | e78492de0ab575add50b925bfd44216d224d09904a9b14c17087a92fdcbc15cd |
| SHA512 | 7cf132ea5254a55c08186ffcf5e47360ef5ddd57d03d7051171f6753b22e3925304d183c2037bfd320ad56c08e079f9b2c4640db8cb3dbd38ff500c7a39e997f |
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.installed
| MD5 | 12bd767a7bc1ce8dce1c97b3e5c2c4dc |
| SHA1 | 8c414f7970e8cfec2e717f6d3e62ed48d9f01205 |
| SHA256 | 745ce549f0836ef10a3c1987be02fe90dbbae8f143888b1927966dc3a3ab1fb9 |
| SHA512 | a3c3d108c0880614b6cd6bcff37bd4186284725a07c6059ec10bed72d358c4211d665d9fd431ed55094e0a18066f1d52bd13d911d2ca8c451f3a43be07d86518 |
C:\Users\Admin\AppData\Local\Temp\package\steam_client_metrics.bin
| MD5 | 8aba70184c31ed5ae25df09959871200 |
| SHA1 | 585daed11aa7ee1e39dca0f212df6eceb3a51d1c |
| SHA256 | 4634c69804cf2b4b87c660d9020d4aed3ef4675dfedb837c4539cecaaa64b9fc |
| SHA512 | c6278c722af7ef2c62060a7123c15a46c423f27447e07756904eb40e1819735812bfd651f4522e9446c3d1abc06aa66229837cb5a285d3ac44a06960d0bec122 |
memory/2164-12498-0x0000000000060000-0x0000000000061000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\CURRENT~RFf7777de.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\000002.dbtmp
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Temp\Cab8F07.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
memory/1076-12817-0x000000006FE60000-0x00000000711D9000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\000004.dbtmp
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Temp\TarAA09.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarAB57.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 8c7fbe111c907b0a5bf25895ea2494e7 |
| SHA1 | ed7b8b1f0bca6d80adfdd6cb9fd597c8a67daf14 |
| SHA256 | c762e2defd5d35c8005f3f347dbf2a48837aafa0e7bcee9defc6f196d52e6684 |
| SHA512 | 5a9419890d1465b4d600d052c932d63244ff6f692fe2685ae3df04cfbbc2f34daee2223d7d167fd57d1ba253f2acf6c2c71ba21a289ac4fd095c9b8a9035ac82 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b017b435f9459d2790e47bc9fe9cc4f |
| SHA1 | f59120e31eeb0b8675e56f8cbe4882dddbd895fc |
| SHA256 | 20139d865e2ce927cf483e715a91877a034ed402a736ab83195a1cf4de168d67 |
| SHA512 | d2d77b1f990546944be153060f097f8f1cdf8e2cd04a346207bbe6434d30711fc25700e27311e9f18a3039265d596bab3a4767bda3984a9456d7c1d382ff764a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 18ad78f9ba7fc0e9f138ebd160365964 |
| SHA1 | cdd7f5f018db087dd90c55b42f4cde0620cd5639 |
| SHA256 | baa312d63c01279e87c08379587264a267c4481d04585b6b5440abb530fd357c |
| SHA512 | 2d62257a89dee1df7d9ee8320e3923624b615e013f238a1a206759cb8bc56f8bfba71c93ee0dbafd2694785d8e25aabffb4d12a34c4a9eec4dbbd716d799a201 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8732601cf290e29c74bcfbe4b7b59b3b |
| SHA1 | 62019ed32c9f8c9d49a514e4624aef57a2f458b1 |
| SHA256 | 7f7fbb7a33812f0a3e16549048c817731624474c5945355ec384655e91dc255f |
| SHA512 | 783cc21c15cabddbc93f0283f522b4c05a091a5f3382345cc26813cd37cd9e5ddc58a0321ecc1772328264128152feda96291d9ad2c4e5df08adc020d2fff83b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f2828391ed3b8f5f09d2f1268268b1b |
| SHA1 | 8652759f3941b238609c7422532ece19dc310bb1 |
| SHA256 | 8342ddebba32ee8353d411c5114647ef1ce157013caf12c8bb04a13b63361e5c |
| SHA512 | ff4288d2d10801d071bdc23a230d409592f358706b1dd462ca70606eb94c118876c16f860963b52c677fdd0412d5ec3bf56cae48507461fb435fb8d1eb8ac175 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d1c61de47d2f60738c5eb30b89329ee |
| SHA1 | c5382987d199fe8a7166a3167f3e503d83198955 |
| SHA256 | 111dd744024317a6bee743eeb16baa8bd4419d3baf24a882b40d12094c30d970 |
| SHA512 | 6de9e99fe5324c093ea36eeaeb602e1902d8b140a03111e89cf7d341aa376b512284e32a35a194d9921158c79864e63ee214922235134dfc0bbd53159693ba73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e550c39490a40882bd09c6ab5125780c |
| SHA1 | 19ab6f742f946855f24b4942d54a2543b68c5746 |
| SHA256 | b33d79cb4cc911089937baf70e8abed6d49504ddbeac1f24c026e6342c8ed9cd |
| SHA512 | dceea96ef29d3637dc5e624dc81b08fa3c2ca8adbe05ce35c4898029ad9158f8f0b79bc7d5e4269fbd457eb3bfc0e2af28395b513e7a53e8e1b07860a7f85813 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 033611ded6a995c045d2388dc5dd2fbc |
| SHA1 | 81b379963d37138a79fbb29e767c4a7ae1adb527 |
| SHA256 | 26853f835da12ae3a8c22fe67492862f35580a6d0561572877e961aa776fd775 |
| SHA512 | a637886541877261db80edffe0cc2929b36c09f1080cfff6f98013f1c3bb1a3433a848c539a9e9dcfc4d09353379cc24e9c06444932ecfdf26d499b0cf08f3ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0cbf54e3222278cb4799366b45ab9e52 |
| SHA1 | f1069a1997b4220d42d832b4338c2c9eea521b43 |
| SHA256 | 9a938dc02fc65a69fa2b4d831db683cfcaba4db0e1bd613873d2ba111aa47b67 |
| SHA512 | 37a1e9783aa91cd9dadd97e53b2dcb30d50feca0175e3f2e47125a1d2d6f43b61b86e794a748206680557dcb165970ecc5839e084e22d74592effee1b40fcb3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be7eb7bfc453be42c55de83d94469908 |
| SHA1 | daaeae0988aef8f93a11f7a87f3f6d2704780467 |
| SHA256 | 28f7b4da602c6a16602309a326e00ec1b92ded81d6ee45b9a983d06c76c8dc44 |
| SHA512 | 0de56065b2697deb85863a952a3697fc51f8861f8cd59a8e1f6526e1f1171c38bffe679b50113406e1fb28498578be1ac37b500bb9af63b89f1c54f711e26432 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e8b9d929da87a68b602cc6e10ee9a3d |
| SHA1 | a2d5945859c6858bdcae2440edc7ef6b7bec85fb |
| SHA256 | c20e937185dc7b1b06c5a58d530b44b04e8a8ac754efbb9ace9383a39b619df5 |
| SHA512 | 6be5a1239c450de1f23598afd17769485a9fa44c5f336a500592342d9b5b10be32cd40c45dc7baa2c0e67236c2111e9ad833c1aaba6dc0a5281dfbbdc1950fc3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff35461c4dbe4447c78c3572b2874f6f |
| SHA1 | 4822f62f636cc854d84bc82089ae771d8b3eec21 |
| SHA256 | 147cb75901d2bc1884d2223e2093b8fe1bc3ccbe3bd9c9bbfbb7c60f28aceb4c |
| SHA512 | e09c9761fa7af1b5e5396076217f444ba2001dd7cd94aaf8943b912c2ed6cca03fd6c052e8b010836b13e5f013c72fc2419dc6ab82ecbc8721f8985db61605f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b4271d36526aec2c55ef2a84be67d3f |
| SHA1 | 761b04895a53dbc93da482030961300c9c8e51c3 |
| SHA256 | c740474cd5cddab772ded736d94dd23f3b04ee832bf1ae0ac4bcd354fa7c2f0b |
| SHA512 | 008f1ae7f582a3585ccc71049045d615a21d90f3a4c95e2d44a4654cc5b45d4236657bb3e1639958cffd3a6e75747fef43d87187ddf1719135209eab7111c2ab |
memory/1076-13716-0x000000006FE60000-0x00000000711D9000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d90896a63c2973ccfed10678de9aa156 |
| SHA1 | 0a71605243577572c3f0459b2fc014810162bc3d |
| SHA256 | 45efc74a4d7d2c2953504e0c97292935c03597544694283015e3da32ee64bd90 |
| SHA512 | 4398e2a235206fd6fd61eba1f893362e0f9dc81e428c044a01e2cdd9d2ec6e497f762b48d68208a35c092cc1e09450dd6e3da75659866db8ad0963da5282270f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4579f754f37e12e63b6060a36a74166a |
| SHA1 | df2a09bda28c8c3921ffa0a460f67d2a0e2aebbe |
| SHA256 | fe9f5887d8f01a1e0fa867ac69711d96d75a42b2140ed528113748b5d394bac6 |
| SHA512 | e9dc932bd799b71058cf847b73a4476bf9aca4fe7286cfc4e0d6257268c3bfef58db275f010441cc5de4f4565ee9ee1cd926df92fee50559a7cb88f396b238ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84ad26be20aac3dc2dee0f611885ecfd |
| SHA1 | f029630fa3d10393c601ae9c314917de18524a07 |
| SHA256 | abed9b1b8b1392b1ff4db409365f6c2c63514fe4af238cd8b5ebcbb9ecbaa411 |
| SHA512 | 82ffa1b163809715a74ccef3304d41ac406c136763bdb762ed29d68e8a6303af37d63843e27a04969f7e4ff399657b94964d035961d66bad91de8a1d489c03e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a95e6d7184dc04c3a9eb7f0d1baa0a26 |
| SHA1 | 2930242c32fff17222a0fba5253bc116a317bb85 |
| SHA256 | afe542a5fc590c3814be739d4fd9292ee365804126b711432be178b898483559 |
| SHA512 | a0aca5bd5d3db10c3daa27cd42240c9cdd2513fb2ff132cb9d1f330e7944166538dd60359ad19d7fa4aa2c4726cab5f55608ea88297c3bf1600c18e977977c38 |
memory/1076-13947-0x000000006FE60000-0x00000000711D9000-memory.dmp
memory/1076-13953-0x000000006FE60000-0x00000000711D9000-memory.dmp
memory/1076-13954-0x000000006FE60000-0x00000000711D9000-memory.dmp
memory/1076-13956-0x000000006FE60000-0x00000000711D9000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-25 18:11
Reported
2024-06-25 18:14
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detect PurpleFox Rootkit
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Gh0st RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Gh0strat
PurpleFox
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\drivers\QAssist.sys | C:\Windows\SysWOW64\TXPlatfor.exe | N/A |
Server Software Component: Terminal Services DLL
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Remote Data\Parameters\ServiceDll = "C:\\Windows\\system32\\240601765.txt" | C:\Users\Admin\AppData\Local\Temp\R.exe | N/A |
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\QAssist\ImagePath = "system32\\DRIVERS\\QAssist.sys" | C:\Windows\SysWOW64\TXPlatfor.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
Executes dropped EXE
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\TXPlatfor.exe | C:\Users\Admin\AppData\Local\Temp\N.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\TXPlatfor.exe | C:\Users\Admin\AppData\Local\Temp\N.exe | N/A |
| File created | C:\Windows\SysWOW64\240601765.txt | C:\Users\Admin\AppData\Local\Temp\R.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ini.ini | C:\Users\Admin\AppData\Local\Temp\R.exe | N/A |
| File created | C:\Windows\SysWOW64\Remote Data.exe | C:\Windows\SysWOW64\svchost.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Remote Data.exe | C:\Windows\SysWOW64\svchost.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | C:\Users\Admin\AppData\Local\Temp\3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe | N/A |
| File created | C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping13632_1110950427\_platform_specific\win_x64\widevinecdm.dll.sig | C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| File created | C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping13632_1110950427\_platform_specific\win_x64\widevinecdm.dll | C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| File created | C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping13632_1110950427\LICENSE | C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| File created | C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping13632_1110950427\manifest.json | C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| File created | C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping13632_1110950427\_metadata\verified_contents.json | C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| File created | C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping13632_1110950427\manifest.fingerprint | C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\HD_3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\HD_3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\HD_3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\HD_3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\HD_3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Users\Admin\AppData\Local\Temp\HD_3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\HD_3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\TXPlatfor.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe
"C:\Users\Admin\AppData\Local\Temp\3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe"
C:\Users\Admin\AppData\Local\Temp\R.exe
C:\Users\Admin\AppData\Local\Temp\\R.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k "Remote Data"
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k "Remote Data"
C:\Users\Admin\AppData\Local\Temp\N.exe
C:\Users\Admin\AppData\Local\Temp\\N.exe
C:\Windows\SysWOW64\TXPlatfor.exe
C:\Windows\SysWOW64\TXPlatfor.exe -auto
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul
C:\Windows\SysWOW64\TXPlatfor.exe
C:\Windows\SysWOW64\TXPlatfor.exe -acsi
C:\Users\Admin\AppData\Local\Temp\HD_3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe
C:\Users\Admin\AppData\Local\Temp\HD_3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe
C:\Windows\SysWOW64\PING.EXE
ping -n 2 127.0.0.1
C:\Windows\SysWOW64\Remote Data.exe
"C:\Windows\system32\Remote Data.exe" "c:\windows\system32\240601765.txt",MainThread
C:\Users\Admin\AppData\Local\Temp\HD_3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe
C:\Users\Admin\AppData\Local\Temp\HD_3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=13384" "-buildid=1718904662" "-steamid=0" "-logdir=C:\Users\Admin\AppData\Local\Temp\logs" "-uimode=7" "-startcount=0" "-userdatadir=C:\Users\Admin\AppData\Local\Steam\cefdata" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Users\Admin\AppData\Local\Temp\clientui" "-steampath=C:\Users\Admin\AppData\Local\Temp\HD_3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --disable-quick-menu "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal"
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\dumps "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1718904662 --initial-client-data=0x368,0x36c,0x370,0x344,0x374,0x7ffae06eee38,0x7ffae06eee48,0x7ffae06eee58
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1596 --field-trial-handle=1728,i,7280154914657719799,5514960452970361349,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=2192 --field-trial-handle=1728,i,7280154914657719799,5514960452970361349,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x408 0x4b0
C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe
.\bin\gldriverquery64.exe
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=2508 --field-trial-handle=1728,i,7280154914657719799,5514960452970361349,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=0 --first-renderer-process --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2924 --field-trial-handle=1728,i,7280154914657719799,5514960452970361349,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe
.\bin\gldriverquery.exe
C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery64.exe
.\bin\vulkandriverquery64.exe
C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery.exe
.\bin\vulkandriverquery.exe
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1084 --field-trial-handle=1728,i,7280154914657719799,5514960452970361349,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.steamstatic.com | udp |
| BE | 23.14.90.81:443 | cdn.steamstatic.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| BE | 23.14.90.74:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 81.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.90.14.23.in-addr.arpa | udp |
| BE | 23.14.90.81:443 | cdn.steamstatic.com | tcp |
| BE | 23.14.90.81:443 | cdn.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.166.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| US | 8.8.8.8:53 | test.steampowered.com | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| US | 8.8.8.8:53 | ipv6check-udp.steamserver.net | udp |
| BE | 23.14.90.90:80 | test.steampowered.com | tcp |
| US | 8.8.8.8:53 | ipv6check-http.steamserver.net | udp |
| US | 8.8.8.8:53 | 90.90.14.23.in-addr.arpa | udp |
| N/A | 127.0.0.1:50296 | tcp | |
| N/A | 127.0.0.1:50290 | tcp | |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| BE | 104.68.92.92:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| US | 8.8.8.8:53 | 92.92.68.104.in-addr.arpa | udp |
| US | 162.254.199.181:27017 | udp | |
| US | 162.254.199.163:27017 | udp | |
| US | 162.254.192.74:27017 | udp | |
| US | 162.254.192.71:27018 | udp | |
| US | 155.133.253.50:27018 | udp | |
| US | 155.133.253.50:27017 | udp | |
| US | 162.254.193.74:27017 | udp | |
| US | 8.8.8.8:53 | 181.199.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.199.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.192.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.192.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.253.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.193.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| US | 52.111.229.43:443 | tcp | |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 216.58.204.67:443 | tcp | |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| US | 8.8.8.8:53 | 123.35.104.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| US | 8.8.8.8:53 | ipv6check-udp.steamserver.net | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| BE | 104.68.92.92:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | ipv6check-http.steamserver.net | udp |
| US | 8.8.8.8:53 | ext4-iad1.steamserver.net | udp |
| US | 162.254.192.87:27033 | ext4-iad1.steamserver.net | tcp |
| US | 162.254.192.87:27024 | ext4-iad1.steamserver.net | tcp |
| US | 8.8.8.8:53 | ext2-iad1.steamserver.net | udp |
| US | 162.254.192.75:443 | ext2-iad1.steamserver.net | tcp |
| US | 8.8.8.8:53 | ext1-atl3.steamserver.net | udp |
| US | 162.254.199.163:27033 | ext1-atl3.steamserver.net | tcp |
| US | 8.8.8.8:53 | 87.192.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.192.254.162.in-addr.arpa | udp |
| US | 162.254.199.163:27023 | ext1-atl3.steamserver.net | tcp |
| US | 8.8.8.8:53 | ext2-atl3.steamserver.net | udp |
| US | 162.254.199.181:443 | ext2-atl3.steamserver.net | tcp |
| US | 8.8.8.8:53 | ext2-ord1.steamserver.net | udp |
| US | 162.254.193.74:27035 | ext2-ord1.steamserver.net | tcp |
| US | 162.254.193.74:27022 | ext2-ord1.steamserver.net | tcp |
| US | 8.8.8.8:53 | ext1-sea1.steamserver.net | udp |
| US | 205.196.6.214:27019 | ext1-sea1.steamserver.net | tcp |
| US | 162.254.193.74:443 | ext2-ord1.steamserver.net | tcp |
| US | 8.8.8.8:53 | 214.6.196.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| GB | 216.58.204.67:443 | udp | |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
Files
C:\Users\Admin\AppData\Local\Temp\R.exe
| MD5 | 8dc3adf1c490211971c1e2325f1424d2 |
| SHA1 | 4eec4a4e7cb97c5efa6c72e0731cd090c0c4adc5 |
| SHA256 | bc29f2022ab3b812e50c8681ff196f090c038b5ab51e37daffac4469a8c2eb2c |
| SHA512 | ae92ea20b359849dcdba4808119b154e3af5ef3687ee09de1797610fe8c4d3eb9065b068074d35adddb4b225d17c619baff3944cb137ad196bcef7a6507f920d |
C:\Windows\SysWOW64\240601765.txt
| MD5 | 70356d5d51becd8d4f27082b8f876465 |
| SHA1 | 41c1a488680ef6526f5552f0f332357f3fc893a1 |
| SHA256 | ad72d2885bd337150279dc5f57424a353102811d710e31c1f4c054b5009b583f |
| SHA512 | 8e52a0c8df46b243cf06c25dcb30461837db772d6161221ee75f0af21af3748ac026c73c5e45084f7c8e42077ff9164b9f464e28bfaa23e85408611ab2dc9e00 |
C:\Users\Admin\AppData\Local\Temp\N.exe
| MD5 | 4a36a48e58829c22381572b2040b6fe0 |
| SHA1 | f09d30e44ff7e3f20a5de307720f3ad148c6143b |
| SHA256 | 3de6c02f52a661b8f934f59541d0cf297bb489eb2155e346b63c7338e09aeaf8 |
| SHA512 | 5d0ea398792f6b9eb3f188813c50b7f43929183b5733d2b595b2fd1c78722764fd15f62db1086b5c7edfb157661a6dcd544ddd80907ee7699dddbca1ef4022d0 |
memory/960-19-0x0000000010000000-0x00000000101B6000-memory.dmp
memory/960-17-0x0000000010000000-0x00000000101B6000-memory.dmp
memory/960-23-0x0000000010000000-0x00000000101B6000-memory.dmp
memory/960-20-0x0000000010000000-0x00000000101B6000-memory.dmp
memory/2956-26-0x0000000010000000-0x00000000101B6000-memory.dmp
memory/2956-28-0x0000000010000000-0x00000000101B6000-memory.dmp
memory/2956-29-0x0000000010000000-0x00000000101B6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\HD_3096ebbb0d335913e4dc83b4547bbe5cb63bb392031ae977b49e881330e015dd.exe
| MD5 | 277bea32e72b3f297ba29ea26663646b |
| SHA1 | 00309eace95a503182580296fac27afdf4a10e56 |
| SHA256 | f2d3bed061e1a774b8920932034bf8111a78ce51afa4693046e3c48c7c53a1b4 |
| SHA512 | 38eec3a7a4d81497e02c6f98be72ff9f0019d96f9791ec5f03ea665be1564ad88d0d1c6d67411455a2c777708761cf479997d642b2456c367b684a8bcfc5734b |
memory/4512-39-0x0000000010000000-0x00000000101B6000-memory.dmp
memory/4512-42-0x0000000010000000-0x00000000101B6000-memory.dmp
memory/4512-44-0x0000000010000000-0x00000000101B6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\HD_X.dat
| MD5 | fd8a556711d1e8e92248d05311bdf2d4 |
| SHA1 | 046584b8ad26509e9ca2f8044fb41bbc5d5f9578 |
| SHA256 | e537888b762de7945aa2312ea421e96d3fdd35f87159416be3acbe39fbf9eccb |
| SHA512 | 56c1b4ba0cbbac944d8c91dafe728a82f5513bff3daf0ff27ce287e111d6bce5862d844a0704aa43932b3c76dd1b4092bf58734ac24b353f3d7310117683b317 |
C:\Windows\SysWOW64\Remote Data.exe
| MD5 | 889b99c52a60dd49227c5e485a016679 |
| SHA1 | 8fa889e456aa646a4d0a4349977430ce5fa5e2d7 |
| SHA256 | 6cbe0e1f046b13b29bfa26f8b368281d2dda7eb9b718651d5856f22cc3e02910 |
| SHA512 | 08933106eaf338dd119c45cbf1f83e723aff77cc0f8d3fc84e36253b1eb31557a54211d1d5d1cb58958188e32064d451f6c66a24b3963cccd3de07299ab90641 |
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_
| MD5 | 577b7286c7b05cecde9bea0a0d39740e |
| SHA1 | 144d97afe83738177a2dbe43994f14ec11e44b53 |
| SHA256 | 983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824 |
| SHA512 | 8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0 |
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\icon_button_news_mousedown.tga_
| MD5 | 00bf35778a90f9dfa68ce0d1a032d9b5 |
| SHA1 | de6a3d102de9a186e1585be14b49390dcb9605d6 |
| SHA256 | cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2 |
| SHA512 | 342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041 |
C:\Users\Admin\AppData\Local\Temp\package\tmp\resource\filter_clean_bulgarian.txt.gz_
| MD5 | 836dd6b25a8902af48cd52738b675e4b |
| SHA1 | 449347c06a872bedf311046bca8d316bfba3830b |
| SHA256 | 6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64 |
| SHA512 | 6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80 |
C:\Users\Admin\AppData\Local\Temp\public\steambootstrapper_english.txt
| MD5 | da6cd2483ad8a21e8356e63d036df55b |
| SHA1 | 0e808a400facec559e6fbab960a7bdfaab4c6b04 |
| SHA256 | ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6 |
| SHA512 | 06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925 |
C:\Users\Admin\AppData\Local\Temp\crashhandler.dll
| MD5 | 9734b8f1dbde2e34f012deaad3d0cd54 |
| SHA1 | ab2498ba3976fc5f1b1debf1861a49bb5d31458a |
| SHA256 | b0878682d846a4a3d8b953f237304a43961fda731f063b39c01c95bada04a091 |
| SHA512 | 7deb0cd1192111ae92f2b2c624ba23db4e5821d305b08e9839120a874c83cb2ca6c48bca85ec2b91300dcc0145472dbf54345c6b6457a84fc62ae9f635282f21 |
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.manifest
| MD5 | c1b0eb2527f93eb50c9307c7992a6892 |
| SHA1 | 2b208a9af9e0de3537bef137a7f2bed01c9d814b |
| SHA256 | 919e50219d0d8fcff77805d4029a77b8e71912ab05684dca287545de3835a288 |
| SHA512 | 1c60d3a523d764a74ab35c5e9c4874291288c5570410f8c6e1c4ca8ed9149b001008ee0c361be4160f057bc725447aa94f9e3100ef7ebac9e29152d102190b37 |
C:\Users\Admin\AppData\Local\Temp\logs\bootstrap_log.txt
| MD5 | a1f564c1f20f00efc8329e2c0f9e0611 |
| SHA1 | c716e51eb4117aae4ebe07dae4684797a6579908 |
| SHA256 | ebf11d0d6e13c453e4d63d2ec2ecd96a81e4e6a855b803e95017bf39002d6af6 |
| SHA512 | 818f7bdb1450faa20f4dfbd076d28988abde74d5d10713efd9be3abe763df5963e2c5b729480c4d8a48e20e03b4682886df5532aaa59a879e14a7cd678c49dbd |
C:\Users\Admin\AppData\Local\Temp\aom.dll
| MD5 | d764264518e77cc546a5876c3bcebad4 |
| SHA1 | ea17d45b396fa193a851bfd345e2b2c20ad60e12 |
| SHA256 | e78492de0ab575add50b925bfd44216d224d09904a9b14c17087a92fdcbc15cd |
| SHA512 | 7cf132ea5254a55c08186ffcf5e47360ef5ddd57d03d7051171f6753b22e3925304d183c2037bfd320ad56c08e079f9b2c4640db8cb3dbd38ff500c7a39e997f |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-console-l1-1-0.dll
| MD5 | 4cbad862a3ff6e7ac0f33a904d247536 |
| SHA1 | 57ed831d8f3739aee41735fce679641862c36076 |
| SHA256 | 32a70082cf3496745580c0e4b7d1bdbe925013300f0573ccef466e7a1915a51c |
| SHA512 | 355e5f5081588c2460b6c21818172eea17b18f6d94a958902db57a585409c8a2231a2666bc12548316a041bfce8a2eeeef2e4759a9e38900550b6a7c96d7ed2a |
C:\Users\Admin\AppData\Local\Temp\bin\audio.dll
| MD5 | 1f2d6a54ee20a1fc3e421f4617e11fee |
| SHA1 | 8faacf81b34ff7eb54c70520a15b53954ad27565 |
| SHA256 | 8683b6868f2fa1f29aa4d800a11b8cf628cda3b3651575c147b1e51e89a19309 |
| SHA512 | 4f52fa530755fd3dc775861f880729e9ca9a892408707e816d89f25f1ec03b17779945b3ebda228ca83a320c167523a9801afdcb526420b314df6861b9f97f06 |
C:\Users\Admin\AppData\Local\Temp\avif-16.dll
| MD5 | a09c5fa842fa4456a0b53b46f1050225 |
| SHA1 | 9e4677f19e77bf55e7d0e2e82d8c27f79dbbd78e |
| SHA256 | 3d7ba6fedfdfd6e751693d718a21438304690b754d1c5d13c847a829b2423b8b |
| SHA512 | 71c962da6ed6894209891513bf9f0132a5eab6c65a5d9ba334efcaf73463be5625665a060863a106d59fad1949f6191f641aa4c59ddb0e825701bef08ef9b5a5 |
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.installed
| MD5 | 2e7a43d569c43a958b03da23d0951ad3 |
| SHA1 | 58e257768573074380e479920c9c6dfc8052ea7a |
| SHA256 | 6ebb9c7979384493df39adc7360e623ddddc48fe4bd588a63db256b2e2884800 |
| SHA512 | 9a31b517b251d40c20cda4460fba71b7f327c7931f507b1641d5b20c704d4484575bd4cb83be3bd2dd9f60bc5fbda5b0a8e50701996bff42a41ccea9b6fbc3db |
C:\Users\Admin\AppData\Local\Temp\package\steam_client_metrics.bin
| MD5 | f71cc8a518d1c9bd77d56bbe77c3a632 |
| SHA1 | f1456ed26d3f245e88b6a7ea0254c2f815a38dba |
| SHA256 | abff2786436bb4c9ba8e6d22871b3541da9d7627d0e18d9292887b91056c3df5 |
| SHA512 | 0379ae41363ae245048fe20b10359cc29be023dc20a76ea58c1f1e8f2c23f7b4c6e0954c9e5cecdd2827f02a0dcb82bc385a40e30d51e870bc4d2eea0fe5fb57 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-stdio-l1-1-0.dll
| MD5 | 977d803ac9d935b15fbb8d96f920bf3b |
| SHA1 | 558ae5c0bb4daa27e4e97a0e07a729c379777181 |
| SHA256 | 509e51146b6a3e77b82cb786e17d4d52e398064446c469a45ad0c087ac5df270 |
| SHA512 | 03237327bc1e9534c9d82671938d3f019be7785f8727772d901cf03a3175b0118d6952c32ce49bd2b12160077e997e41ff140b848199bbf24051d5299a6ad74c |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | af184e36ef33584a5af2e23ce8d90c91 |
| SHA1 | 5b518eb0bb17d45e5c7e2cb3ae16d5cf981a54ce |
| SHA256 | b350748aa75d4f06e11c228161e1e94019b38aab9f5b59ca84db27acac00442d |
| SHA512 | 4190753f181c24592839bc52427ef65237ee8ed21c58d04dc9d5d4c52f0f9a00bc98443e1608ea665cf0fbf9dbec5b9be7c1d174c687b0ef8c47541605b2bff0 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-process-l1-1-0.dll
| MD5 | 39cd364433575b3811f032005c229e5c |
| SHA1 | 6f8789d3191cd227375395b3d47837cc21d2baa0 |
| SHA256 | 17394645fbccf060d02902c9aa9522626383437c1dd83554e3ac564e50f62716 |
| SHA512 | 0fc2e80f5656624c2bdd7d847a4eba23cff81e47313d97da09ef76e9287ca96cbc60809232417957cd2c3078b87f8da353ba11c62a37df3a2d17369cd8d7ddec |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-private-l1-1-0.dll
| MD5 | 9a786144e410dfa13579eb73a375d918 |
| SHA1 | 811d783ea1d4b799e6ad51ec5720fa9e9b60f158 |
| SHA256 | c9dd515e999f64af123f396d3deddc49012011060c843e5edb4223345143b0c5 |
| SHA512 | 3877ebbfc62ea741f77ac1ef04e969855af17ccaa2e3df9a18895b794ac6a3dc2bb4ebb8b46aae5cfc5bc032741f3dcb8a6df8631bf169ef7457b13c8b277620 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-multibyte-l1-1-0.dll
| MD5 | d099dba2a0c6e5a6e53bd09c4d09a23d |
| SHA1 | e925991619eefffbef71fef5374cb4f29c0c046f |
| SHA256 | 3b6f668eaa9efcdb8b36d57747666fe76aa4f3b7873ae83bece0099f105bc145 |
| SHA512 | 0c73c00a134895bbc563676f9314ab2190fed2db9b02d5c9500b0f735dcd37b46c262920550eb6959324499dc9d0337fde731e1221f8d1185023737401d51745 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-math-l1-1-0.dll
| MD5 | 8f8dbf4eafbef6a3c488bfca1529e06d |
| SHA1 | a8c916c20326aa6960e46608daaa39fe09fa8138 |
| SHA256 | f1d44a0a83fa84f5fc9a05008f57174930d42db834ddadb3e9df7650042961fc |
| SHA512 | ebcff256e4f9a6035a02b05dd6ba6d1c652151d76a5b553495925b692496c18663677dbf39a7d7827af9d13cdb81c4064d9e21b0fc0123a65e0432736192c3e4 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-locale-l1-1-0.dll
| MD5 | 74add032773802678bbfec4d07c2f95a |
| SHA1 | f30cd5da7d9768696d0d57cde1ba7141804ffb0d |
| SHA256 | f55be8b606d5715e54cb795b822aa295c4e0e92170359fedf0f72c1fe07057f1 |
| SHA512 | 7f2e74a2d158588aff68ea5a23237f5a08d75ee1dfc72c2b8ba4c1a172cfa826eb71ed3dafe524dc6ca4eb4d96e2d1fffc6a39e85caff5aeb3925af761623da9 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-heap-l1-1-0.dll
| MD5 | 295a7f69076e8e789860bb3d566caa0c |
| SHA1 | 4d7ee1025ac08ce85f95c620949f9af9a0b8ad3d |
| SHA256 | 516dc0852025a741cf5cfc6be3e4ad791d4a5aa692fa35498ba7b5f146d54a1e |
| SHA512 | 959d1171c77a0c7267d69737c781c0e66cd9f513a6267e8e5c986677aaec4facae8e024bdd0a3a6ed4905df116e5d80f706d51da0a3cf26cafda2b13bcd86c14 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-filesystem-l1-1-0.dll
| MD5 | d2b88081e89aa26e825b04c15ed158e4 |
| SHA1 | 3d6073d8ca42ef7fd671856cbe7eec20bd78da23 |
| SHA256 | 9da16f7fb466e63a5ccc24eb7ee95a80ed4216e925545a59fd6fb5d7236211f3 |
| SHA512 | 4544ee07592758723947b039e7f4712c0658ef40942355e3424838aab6382c110366c9013cbd042a605bfca73b6535cedcd146db8a6e850bdb5a50f4132135a5 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-environment-l1-1-0.dll
| MD5 | c1da1a8ee38c89a989b8a892edf48099 |
| SHA1 | 0a65c36944a2c2e210d96ca394f5065dae34f665 |
| SHA256 | f2d19e04a9fe1a382fe5c492501236a0cadc9f106036af8496a8f24457a3feb2 |
| SHA512 | 085acf718846bed78e73908481aa61b3bc64ff8dd7117baa556a535b5f32d304a2f6d20cae06b0c43ecb5c934bcff4758095a0638aac428a98036e91d3047908 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | 75f7dd0261c0a7e89abe0971a6f7fad1 |
| SHA1 | a657010c0896034178caac01093430a9b550745b |
| SHA256 | d8f04afab237a0177bc3062c6508c57f884c23013985d3c48af26b7c25028949 |
| SHA512 | 07960af507910ed1366feb86487b3eb0d942f638eaeba85e1fb1bcf1dba09359c95ca93488cde969259b7e0b78df8a418e62848f49f40d3cceb8cd5f52bd5760 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-conio-l1-1-0.dll
| MD5 | 09a4172deab1aab62c3eabfe126b2cd1 |
| SHA1 | 5ecfb94c505258be83a471a22979f7f85960bb02 |
| SHA256 | 56fb8c7b7d12814ab0f5fc2eb69dfe98c3e9d00dc554a5e00f2ffdf9fc8728d8 |
| SHA512 | e31adafece4e16a76e1cb54d92d82edf441e5c5e3a9c8c68d63bda6f9014705b3a9eee4502bb492b09e3384029878ebb28b82e5c9caf95f8fcae8347aba6dadf |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-util-l1-1-0.dll
| MD5 | 27262395d098572d6babe49373d357cf |
| SHA1 | b6c3bcecc99ad8d03a4b8672422a5aa5199eb297 |
| SHA256 | 8b2197d96a4a01465e0062d5854a940232734123536ebd3c4f4116efae772688 |
| SHA512 | 42e1b4ae70cd97a50b6459ba0f9375de0e1586930c8b9cc12884794de1da905fc7d766811785a98f81f13dc77cf8ba6aaa5ad8592cab4a5b873df9027fbccc82 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | b4bfb5cd23ca6f9ef9dfd43f70e8bba7 |
| SHA1 | 2ad09fc7c204d74b4c3c67710a72e10b699d7345 |
| SHA256 | e3d05dd8f99995cb289b3f86eaaadd99a0b1ca2e12f0a0db22feec335a938111 |
| SHA512 | 023d892f449f578c68074a77b46f7fabc4688a276fb0ced6b1eb6c91037f296776e2ddfd81e71c4f8976285b2e1d5d35bad2fe0ee93ff661b78d45fd34cdf476 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-sysinfo-l1-1-0.dll
| MD5 | d2716cd25fd6ac67580982c8efb5629a |
| SHA1 | 199c6b5208331881e9425904e345feaf1af45b82 |
| SHA256 | 329149e3a2360b9e4231ebae9fc3c467d3c560195fc3bc5d2fd31c6a5fd65da5 |
| SHA512 | cfca74a6b909bb7d1e20487c4c3bb8e20e9970b49b14fe9d693c5b75fc4b83d8dcfa4ac085fc8db4ed76382266c934939b4e41a70d4ec5308fd8c7f065ccd95a |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-synch-l1-2-0.dll
| MD5 | 747bedc394cb41b6a0e1b94b6ea8693e |
| SHA1 | e6388ae7dcd0df0396e6cfabe65be85789bf72db |
| SHA256 | ac30c50dc71795c7e0419389f15bf7676718e23f4b786da2ccd4103f24198656 |
| SHA512 | 15814d5a904fd9d8fba2eb451b27c0f15d892afe98edca36e3adf55fd2df5d516012eb104035aaff0885c5dacc784c44a1f2df3f8a59324483bcb86c8b213bf0 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-synch-l1-1-0.dll
| MD5 | 94eb94712d2eca213b446f17c62380f3 |
| SHA1 | 90a32ddb5c5c3e8757670ebc75ffc237de12f2bc |
| SHA256 | 902ae18339560e5142c87f97e9574864b518a0ca4572298b418acadecd8ac6ad |
| SHA512 | a9d68a3f68532f8b3e698ad6aa7303ad9c5fb838bd61444f415e20537c76f463d849d3b458f5fdd8f133e46083a3dff93ec6bf48d77495beea27ce342b1f84dc |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-string-l1-1-0.dll
| MD5 | 6e55ff194d5bc03a8ebe89c7b237e10e |
| SHA1 | fec152c0e14bdcee73ce234be9b5bb1608b85fd1 |
| SHA256 | 9f3a2d40be41b0c47fb03df21c4f7e4120cbb348553b642c5c80b92c64b3b357 |
| SHA512 | 18d8353f171a34e29674dcbff59f4db7e74857c3bb2155215d4179c7c94be7d85d43552f256b002d0e72fcfc3f9d9c4999ae83bf4599c4e68c808419e1618d8a |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-rtlsupport-l1-1-0.dll
| MD5 | 189af34aa567cd8ca0d18c1dededd39a |
| SHA1 | 0f6d013f294b267a0aa082ec3d422cf7eec2ba96 |
| SHA256 | bb2576e861a0c507db9ab2a29577803d7258eff03e52dc5f36faa51249c892d2 |
| SHA512 | e294e462cde5f099f2b3b6ac14b3771ada2ca1ec26ef485712698a98e5f4c4298a4ffed2e8cb99dfb096adf48e368ef50f30d7a5652a67fa16b250c7653d8580 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-profile-l1-1-0.dll
| MD5 | 724d2fe0b0268b30e7db9a7488f2b306 |
| SHA1 | 6cccc9bab72e205f18bb5485619dd3ccfe58202e |
| SHA256 | 074a6052a889456895d4eb8d592088b1d3858d3f6cecb884c528e74400710079 |
| SHA512 | 37e6f1ddb7d57aea23da10d13a3690740babbd3634d2966a3377c59248e75982a7fe2ed5197c1ba97d7d77906235c87d78067a3430c6d45dc8a4e5fa4d7e6409 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | 2da80fbfb025423ba529e0ed5d396caa |
| SHA1 | 94eddff83c93411c0fb48101177b238f2cbabdb6 |
| SHA256 | a074cc02be4cfa314ddd7223c288b1a71fe74143c3229c7cd30fb309419d7aa6 |
| SHA512 | c23e38776c826f1f2c9bec5ba2b0fd0366d1afdb06b805749814472a362f0fffaa5231bd678af17ecd7640333c5af4f2607d976521f649053ea3d24c8e7e9c9d |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processthreads-l1-1-0.dll
| MD5 | fbb8d74d5ca41920f285ed9d4634d501 |
| SHA1 | b1157ff444075b76bc3533b036793bda4afd96e4 |
| SHA256 | 7748f69d1f67fb4afa2ebb9712687d0b9235346d35909fee80dd5cb776ce7638 |
| SHA512 | a7d6ca4666eeedc5c4bb3db07919c4d08efa67638d0cbde7cbaaa5f40a59f2c61745fc129e882d47a39a561ea78aa7ff309286921945d940ef26d121bc865cf1 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processenvironment-l1-1-0.dll
| MD5 | 3d9d3eaad4d1f94fd099877e3c3574ee |
| SHA1 | 3dc985619b35e8d8bda17bbffe3fb9d73c697998 |
| SHA256 | 0986c9945e4db6c7e5bf42556f28ae54afafe5d991573590bffb9c494deaebdb |
| SHA512 | 5fa46bbd7eb1df2f5c233c70f5a4adc316b24e1de7e91c608d52f537a1ffa6d5cc8b1b4c6b4880b33acefb8236d7676ef50527b737ac23be968e5bdbdcd2f368 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-namedpipe-l1-1-0.dll
| MD5 | 38949794f4b5ed88fc604583ae0c9b1a |
| SHA1 | ffe2baaa0dcf56b56a726e314795e70d23149fe5 |
| SHA256 | 2dcec9017298d32b92223c0b9125ecf15cf330973414b3e181a9dbbbd74145d4 |
| SHA512 | 001f460d03b71f52cda97f5305b15c5fc40c1abe8c6deb429ecbd15d06a4ed26f7bc8cc491629cea14492cf13e22c1817312978b6095ee06b1592004a361818f |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-memory-l1-1-0.dll
| MD5 | c5c07cce6b571f4d566fbb2dfcfb009f |
| SHA1 | 4379f23072f145b3c31631faebba76321713e454 |
| SHA256 | dfcea447a3436a3b36287becb215633e73760de7d1df88dd24ce0f998aadf597 |
| SHA512 | d7d53c04459d373659056ed8535982ad6c558cac6239e9fef51074e8479b8777eb2dbdbf63678868f5902b6414a446b46d9d9acb9d70f3bd3dba5cba9512d982 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-localization-l1-2-0.dll
| MD5 | b20db974fdaf13d7a6c518c8cc4d124e |
| SHA1 | 3939b029019a583c3a65ae0e3bc2926f0889cc11 |
| SHA256 | c7253d57e123911ca6a0cdc8c74f103fc048399224393e97bf5a2a993cc13fdc |
| SHA512 | 5dde8bc5f30b69c98eec6d4d279bf1b1747ae119b8ddf8e96515d503c7937154e74bb88d7a01ebcb2b15b0f3fc2e74344c8f0df7add45af944028e3b3cba8245 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-libraryloader-l1-1-0.dll
| MD5 | f51c295b1f6d6845be84a53ac650e0bc |
| SHA1 | edf0d80ea2c7de134af5d1da1f07f7cd33d9d972 |
| SHA256 | 6d85722c07e91050b89692e647c8c9c6fec8c39a998286e0084a4a20619d956e |
| SHA512 | f84224a40bf12cc61ee47607fb3d367135205d7f26667de6ac930e7fda064d8322c0279fe2d67da92d8e017b9ede8a14ff26c050c35347112052e9fa840c5c3e |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-interlocked-l1-1-0.dll
| MD5 | 64350026ead6e66e58759314ab2b2c8d |
| SHA1 | e81696c0cdd81af0af47c696806e745283538c94 |
| SHA256 | f30dff7c389fc5143475a99945eaf9f2e36f2f50709e256c990b10459e32b8be |
| SHA512 | 6f55429adaa2107680c9d67a15b8094346b5bf295603ec7b2cbde7698d1e1f18436b6b2303b08b83f0177c77f877a33c16cd88cad13681616c0f9c3d751eb7bc |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-heap-l1-1-0.dll
| MD5 | 1b292e0f2b2d1a67d2032b5414c280a7 |
| SHA1 | 3f42ab6ad2c6fc52d11d677c1287c58bee3d0a37 |
| SHA256 | 60fa39cc05a21ce16a8651331445da1dd0e5e6c0194de819b4fa6a245f517396 |
| SHA512 | b9f6da412491d9919cb8a33483147c608d30cfa9651f326aceb96c85cf5163dd85a434ed8421cbe9a6d355df650564252cbae46a4b340459bb3d30f616e244ed |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-handle-l1-1-0.dll
| MD5 | a6c34ff1ecc9abc954922c5e569d7912 |
| SHA1 | 910709fc703f559d37ea6d7d75ee13b62cbb4290 |
| SHA256 | b71658e60bfa69f0bbcafbc8df40b118e9fc5df747e2069db0ac18b66aaab818 |
| SHA512 | c0612a7cfe143c22d9945e287a4be0378b808e974a845ba762bbff028080eb6149bf5451d1f7aa0c2cea74499b82007dc730ad51b0b2db4b0f8fc11c03f8e20d |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l2-1-0.dll
| MD5 | b3a3f902a5fe7b70c988aebd0e523d53 |
| SHA1 | 6fb07024c76cd0c4e07c3d0efa088b74998d59b1 |
| SHA256 | 61365671b9fccbc10c06ccc0d4c8875dd98ca51e8d3eb77e91069b1bd11e4a96 |
| SHA512 | 3bc057781870932f9703561bed8f786af9306a6a237582551edd12220e95521b8433a507ce702fa929654e930d0cba976eb0fc72fbe567d44620232e18390ce9 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l1-2-0.dll
| MD5 | 2bfcd1d1b70eef1a10c939a4eeab5403 |
| SHA1 | 12656ee086124eaf205a9eb470a78bc5e3d2512e |
| SHA256 | b0919c80eb88d5d6aeb7a6eb42344f40ebf6bf0914a45045d9606e2469f15132 |
| SHA512 | 9143ffd7e00f4168f78f72e9e08e6a901ffc57a1bdc07531d73f0d4fc59ae2a114d939bf2a60313ac34aa835e6c297168f255685cbd795c748fe9c8906d2215c |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l1-1-0.dll
| MD5 | d218fcedc1bee50c45f4e786c6d60564 |
| SHA1 | c4371579afbfae000e5b9a0ce07472be17badc9f |
| SHA256 | 13266c9674e9c663252ff2dc1a014a86cbaa42801d210f408269bd1dff681440 |
| SHA512 | efc30d116515ee000084db671a4c2d68551035b5512e7117c3c53d6ceb2b0418ee2ccdb5f76fa267be48e37d21a950e20423f95fc4e1c4d2c9e5fb47b692c882 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-fibers-l1-1-0.dll
| MD5 | b72dcda47e269f98aa6998df1b27b3e5 |
| SHA1 | 8a68318787497d2ed4ee6d981de825c874bcb603 |
| SHA256 | b9aefe9709a17fcaf8b85168c68f42e2b57f8214e7456a82c74495b815dc5bfe |
| SHA512 | 17b00481db67db8bf8f07035c760eb7adff65d59c532711d918bb1f2bbdbb6230cd0c583f3418102b80b6a085d45d3e3efe9a641e7dfa821c8a18505e9bb1420 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-errorhandling-l1-1-0.dll
| MD5 | 649e3b7d4b114213383aebd2dda0308d |
| SHA1 | ba1ba5acb362cbab817c5e1a3126d6ebf600740b |
| SHA256 | b15dd0c332b261d62a0b37b8981980a15e47b4682e6985e26f155a85f19e1466 |
| SHA512 | e667462ba457d44982337edda451a5d78eb4b6eab2e6a696ca333bdcd6688873e2c50b45e464e333ecf9f5b07dc35412bc746ff187b99e8139f9b8ef0456849c |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-debug-l1-1-0.dll
| MD5 | df9e90a38a99d1f609ba721a3d329195 |
| SHA1 | ad8859c5ec7f591800c0d4b6453eb10167ae142d |
| SHA256 | ba17d3a66e3df85fbf8b82b500f1360f8598cd48a814fda3e552cdd995e6f449 |
| SHA512 | e41ba10d2c679754627c348232bd8124a01eceedfe30c88b6f7ed257895a7b59e5149d448a68415c4d2cc1a5c2c32a575f032b764a14a2330d62f08ccb87de85 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-datetime-l1-1-0.dll
| MD5 | e763390e8aebf15cb2b9b5b8c9cc4e9e |
| SHA1 | 0f9f6544903700fa26c8892ff7e4881c56238282 |
| SHA256 | 5963b1cdb894ce297e52844741047f74f8d86fa7e97437e26d9bc8f0094e1003 |
| SHA512 | 4c8089029c0d97ef1a1570dc47a8eda08f2071332521cdb54b5b52786d078c19bf0324fa43b9d1c49b942f8eedf7a6dab606b25a3913a80f6c8d7bb97d28a768 |
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-console-l1-2-0.dll
| MD5 | f9bf7d30ea5a945b77910a06151ff620 |
| SHA1 | 3158c9ab3fd9b6fed40e77abe39eb53234151977 |
| SHA256 | b4ff5467266a4f8e5d8998525a8948b8b86d51a23c2f4f7023c505c8db341802 |
| SHA512 | 07e01ebde7c80fa3937f2169da9dc496f0a5efbbbc9c305e7772e28e334906054c14747fe10cca0ac1f1f275d95a08801ae7c44ca1cbddae1c1e008bf428d1a4 |
memory/14148-12259-0x00007FFAFEA40000-0x00007FFAFEA41000-memory.dmp
memory/14148-12260-0x00007FFAFDA30000-0x00007FFAFDA31000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\000001.dbtmp
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
memory/13384-12314-0x000000006ED40000-0x00000000700B9000-memory.dmp
memory/14148-12323-0x00000258FDB80000-0x00000258FDC2C000-memory.dmp
memory/14148-12324-0x00000258FDC30000-0x00000258FDCDD000-memory.dmp
memory/14236-12326-0x0000015756BC0000-0x0000015756C6D000-memory.dmp
memory/14236-12325-0x0000015756B10000-0x0000015756BBC000-memory.dmp
memory/13384-12329-0x000000006ED40000-0x00000000700B9000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
| MD5 | e554aa0cb643bfec516f60c5649781f5 |
| SHA1 | c3e72ee265351eb1793b89628d431a575921c7e6 |
| SHA256 | 11fb760eee9875d5a89a31ea811a27e441803913ca7f4b2592ddfa29188677b8 |
| SHA512 | baeeb117decc384db88a045207df87758dbbc75c70a8e6d19e44acdc401ca6d84e6030bce732084e1c5fb714fad090b22b90cd239fa6642d7df2ba10d8598788 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe586a7d.TMP
| MD5 | d6c372f8969335a9b348e651b3f240ec |
| SHA1 | d53cc5b5cd8d3123ed089dc20d906e1142d83728 |
| SHA256 | ef9f84004763d78f54f3274db9f4e8f1b234fa201bad11e64dd0e863631ec786 |
| SHA512 | 95933cceede9e85c1c179f639c10ca32fcc9795ac26531c517f16f179bd8022f317c70ec4c5ef0f7e68bb329ca912fe2345e1ac576f903c2ae53a16540bed41a |
memory/13384-12345-0x000000006ED40000-0x00000000700B9000-memory.dmp
memory/14148-12351-0x00000258FDB80000-0x00000258FDC2C000-memory.dmp
memory/13384-12350-0x000000006ED40000-0x00000000700B9000-memory.dmp
memory/13384-12357-0x000000006ED40000-0x00000000700B9000-memory.dmp
memory/13384-12363-0x000000006ED40000-0x00000000700B9000-memory.dmp
memory/13384-12368-0x000000006ED40000-0x00000000700B9000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json
| MD5 | 9ab8fdf3d4043e5c5a1bbe48692303c0 |
| SHA1 | e5f470c94013dc0695c95017314fa10644879fd6 |
| SHA256 | 14d14878ea9f7d8830f4d26bf54acaf66823ca434c34e519668f78e4856c0d2f |
| SHA512 | 0bfdea4f90bc34c07af71c3332f3c1bae0742a854d5ca67e6252d5b9505a0255b58227065caf1d1c749d1c6eb3207f867c11bb92b4f3cb412f767735fba57597 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe592699.TMP
| MD5 | f77f781a89f12f32f4c6549d1c4899fc |
| SHA1 | 2ca86492bab6446e75dbd5032a0be935e9839814 |
| SHA256 | 061e2a69cea459fb718e9733d9dd248d4d25bfa7e0aced7fb7d7d2a321065421 |
| SHA512 | be64b8a1a89fcc163899d38289b259462dedba976bb8826d66fa154e5fb504bb50b8be687c14eb9be923fa5796de1b3384207d523172dbc535492f4b0d55e77b |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State
| MD5 | 46f24bdb07aee373908a1b1b07603196 |
| SHA1 | 8b3423ab3537a0bce78b6e88d45175254b3dbbb2 |
| SHA256 | e67bcd4af6ba5b14211a8122a56065820f7db1890a316ba9562744747f06e530 |
| SHA512 | 2e1daa935d4e38569056142d37f74ce21bfcbb6685cb01ccf6944dd467aa41dac35d96fea59dabf5e9aaf727e2ad6e213128bdfc7eef6eb2a1c2ae75fa490706 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe593965.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
memory/13384-12401-0x000000006ED40000-0x00000000700B9000-memory.dmp
C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping13632_1110950427\manifest.json
| MD5 | 2648d437c53db54b3ebd00e64852687e |
| SHA1 | 66cfe157f4c8e17bfda15325abfef40ec6d49608 |
| SHA256 | 68a3d7cb10f3001f40bc583b7fff0183895a61d3bd1b7a1c34e602df6f0f8806 |
| SHA512 | 86d5c3129bec156b17b8ebd5dec5a6258e10cb426b84dd3e4af85c9c2cd7ebf4faea01fd10dd906a18ea1042394c3f41a835eae2d83dc8146dfe4b6d71147828 |
C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping13632_1110950427\LICENSE
| MD5 | f6719687bed7403612eaed0b191eb4a9 |
| SHA1 | dd03919750e45507743bd089a659e8efcefa7af1 |
| SHA256 | afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59 |
| SHA512 | dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56 |
memory/15516-12441-0x000001445D790000-0x000001445D83C000-memory.dmp